Ethical hackers are extremely valuable today as organisations face an unprecedented level of danger as they take on an increasingly treacherous threat landscape. New attack surfaces have opened up as data and services are used and created differently.
Sophisticated hackers are leveraging the new vulnerabilities and innovating at a fast pace, meaning that at present no one can guarantee impregnable cybersecurity. This situation means that penetration testing provides more valuable insights than ever, giving organisations understanding of what they have to do to plug major and unexpected gaps.
CBR has compiled a list of some of the greatest names in ethical hacking, including individuals who have been on the dark side of cyber and subsequently served their time for the crimes they have committed before using their incredible skills for good. This list may serve to inspire skilled individuals to use their capabilities for good, providing services that are quickly becoming priceless as the skills gap widens.
Kevin Mitnick has become one of, if not the most, famous ethical hackers to have ever lived, and perhaps his skills and insight come from the fact that his hat has not always been white.
In 1995 the law caught up with Mitnick in what became a high-profile arrest; he had been pursued and tracked down due to a two and a half year spree of criminal cyber activity. His black hat escapades included breaching the security of the Digital Equipment Corporation, where once inside he copied the software he found.
For this crime he received jail time in 1988 that was followed by a stint of supervised release. Before he had completed his punishment Mitnick was hacking again, gaining entry to Pacific Bell voice mail computers. It is thought that he breached a number of other networks and used tactics including the interception of passwords.
Mitnick ended up receiving 46 months with an added 22 for violating his period of supervised release in 1989, an event that marked the conclusion to his time on the dark side.
Having proven his skills to the world, in the year 2000 Mitnick donned the white hat instead, becoming a paid consultant. Not only did Fortune 500 companies and the FBI itself want to leverage his talents, many have flocked over the years to learn from his experience, knowledge and ideas, making him a popular author and public speaker.
He has also taught his skills directly, having led social engineering classes; vital skills that world is crying out for today. Acting as a true ethical hacker, Mitnick also conducts penetration testing for some of the world’s biggest organisations.
Joanna Rutkowska is a cybersecurity researcher; she is originally from Poland and is the founder of the desktop operating system Qubes OS, a system created with a focus on security.
A key area of Rutkowska’s expertise is stealth malware, perhaps better known as rootkits. A rootkit is a set of malicious software that is capable of disguising or hiding itself. This form of attack tends to be used to exploit a vulnerability exposed by a phishing attack, for example.
Rutkowska became well known for her ethical hacking capabilities in 2006 when presenting at the Black Hat Briefings conference. In the demonstration she highlighted vulnerabilities in the Vista kernel.
The following year her fame as a white hat hacker grew when she exposed weaknesses in the process of some hardware-based memory acquisitions. In 2009 she presented another attack targeting Intel systems including the Trusted Execution Technology.
An indication of her skills and influence is gained by the invitations she has received to feature in some of the industry’s most prominent conferences. Included in the list are the RSA conference, RISK, Black Hat and the Gartner IT Security Summit, badges of honour among ethical hackers.
Charlie Miller is also a computer security researcher, and in terms of his work he is best known for exposing vulnerabilities in Apple products. His most high-profile white hat achievement was secured at the Pwn2Own contest in Vancouver in 2008, where he was the first to locate a critical MacBook Air bug. For this achievement the American pocketed a $10,000 prize. This achievment alone makes him one of the most formidable ethical hackers the world has ever known.
Safari also fell to Miller’s white hat capabilities, beating the browser’s security and again coming away wealthier from the experience, this time winning $5,000 in 2009.
In 2011 Miller continued to prove his specialism in tracking down flaws in the famed security of Apple devices, discovering a weak point in both the iPhone and iPad. Throughout his ethical hacking career Miller has presented numerous other attacks to display dangerous vulnerabilities.
Now he is working as a computer security researcher for Cruise Automation, an American company working on driverless cars, an space that is currently an ongoing top tech trend around the world.
Greg Hoglund is a specialist in computer forensics who has gifted a great deal to the world in its mission to combat malicious threat actors. Hoglund is a crucial feature in our list of ethical hackers.
Some of the areas he is best known for working in include physical memory forensics, attribution of hackers and malware detection. His skill in ethical hacking really comes to light when his creative genius is considered.
Hoglund has patented methods for fault injection, these are used for software testing, a valuable creation for white hat purposes. Like others on this list, Hoglund has also worked with the U.S. Government and the Intelligence Community, providing his skills to the pursuit of justice. Exploit material and rootkits have been the primary area he has worked on in this capacity.
He has also founded a number of companies, including HBGary, a company centred on technology security. In 2008 the company joined the McAfee Security Innovation Alliance. In its time the company has been involved in conferences including RSA Conference, where it has provided presentations.
Standing out among ethical hackers, not only is Tsutomu Shimomura a brilliant cybersecurity expert and physicist, his place in our list provides a cyclical effect because he was heavily involved in tracking down Kevin Mitnick, another prominent member of our list.
Shimomura’s genius may have been expected by some as he is son to the 2008 Nobel Prize Winner in Chemistry, Osamu Shimomura. His abilities in physics led him to be taught by the great physicist, Richard Feynman.
In 1989 at the University of California he became a computational physics research scientist, a path that led him to work for the National Security Agency. By testifying in Congress he raised awareness to the lacking security and privacy of cellular phones.
His activity in bringing Kevin Mitnick to justice has been the most high-profile action in terms of using his security skills for ethical purposes. The event led to a feature film called Track Down, inspired by the book Takedown written by Shimomura and journalist, John Markoff.
This article is from the CBROnline archive: some formatting and images may not be present.