What Is an Ethical Hacker? 9
Contracts are an important detail to get right; if you get them wrong it
could easily mean legal problems later. The problem with contracts is that
most people find the amount of legalese and preparation nearly impos-
sible to understand and intimidating to say the least. I strongly recommend
that you consider getting a lawyer experienced in the field to help you with
contracts.A contract is important for another extremely important reason as well:
proof. Without a contract you have no real proof that you have permission
from the system owner to perform any tests.Once ethical hackers have the necessary permissions and contracts in place, they
can engage in penetration testing, also known as pen testing. This is the structured and
methodical means of investigating, uncovering, attacking, and reporting on the strengths
and vulnerabilities of a target system. Under the right circumstances, pen testing can pro-
vide a wealth of information that the owner of a system can use to adjust defenses.
Bad Guys and Good Guys, or Hackers and Ethical Hackers
The difference between an ethical hacker and a hacker is something that can easily get
you into an argument. Just saying the word hacker in the wrong place can get you into an
hours-long conversation of the history of hacking and how hackers are all good guys who
mean nothing but the best for the world. Others will tell you that hackers are all evil and
have nothing but bad intentions. In one case I was even told that hackers were originally
model-train enthusiasts who happened to like computers.
You must understand that for us, hackers are separated by intentions. In our worldview
hackers who intend to cause harm or who do not have permission for their activities are
considered black hats, whereas those who do have permission and whose activities are
benign are white hats. Calling one side good and the other bad may be controversial, but
in this book we will adhere to these terms:
Black Hats They do not have permission or authorization for their activities; typically
their actions fall outside the law.
White Hats They have permission to perform their tasks. White hats never share infor-
mation about a client with anyone other than that client.
Gray Hats These hackers cross into both offensive and defensive actions at different times.
Suicide Hackers This relatively new class of hacker performs their actions without
regard to being stealthy or otherwise covering up their assaults. These individuals are
more concerned with carrying out their attack successfully than the prison time that may
ensue if they are caught.
Another type of hacker is the hacktivist. Hacktivism is any action that an attacker uses
to push or promote a political agenda. Targets of hacktivists have included government
agencies and large corporations.