How I hate the term «Ethical Hacker» !

Coer illustration

_Be nice to me please, that's my first post and I don't have extraordinary English skills so feel free to correct me !_😁

Nowadays, security has become an essential issue in the world. Whether in the real world or in the virtual world.

Today, we only talk about cyber-crime, cyber-war, data theft, ... Hacking has become a sad reality from which no one can escape. Whether it is a person, a small or large company like Facebook or Google. We are all susceptible to be attacked by a malicious hacker, whether it is to get money, data, for fun, etc...

The demand for IT Security analysts, ethical hackers, … has exploded. And that's a good thing because security and privacy take priority over everything else. (and that's also a good thing for me when I will finally leave school 😆)

But if there is one thing that bothers me, it is the term "Ethical hacker" used every time because it implies that the hacker is unethical by nature. Once again, we will have to go back to the real definition of the hacker (at least my definition).

For me, a hacker is a person who is curious, a person who instead of just using his toaster will use it, but also open it, understand how it works and finally customize it (for example, add a little voice that wishes us a good day). A great idea and very useful, in my opinion 😂.

A computer hacker, therefore, will follow the same principle.

In this case, there are different types.

There are the:

  • Black hats who are motivated by money and the pleasure of entering other people's systems without authorization. ← the real unethical person

  • grey hats who acts more or less in an "ethical" way. These are usually the kind of people who enter a system, without authorization again but without damaging it, for the pleasure of doing so or later inform the company that they have just hacked, so that they can fix the flaw.

  • white hats who are the "good guys" of the story. I think the definition of Wikipedia is very good, so I'll put it as it is: A white hat is a computer security expert who performs intrusion tests and other test methods to ensure the security of an organization's information systems.

So I prefer the terms "IT security expert", "pentester", etc...

That's all for today, I hope you enjoyed this little article and you'll fight against the expansion of the The thing that should not be named 😂.

And of course, don't hesitate to give your opinion on the subject !

  • Ben Halpern
    6 years ago

    So I prefer the terms "IT security expert", "pentester", ...

    Same. You can't really control what the mainstream does with technical terms and titles, but it's worth trying to use good descriptive vocabulary where possible.

    2 Replies
    Phil Ashby
    6 years ago

    Yep - it's enshrined in the Certified Ethical Hacker qualification, which was a bit naff in practice (I did V7 of this back in '09 I think) - my colleagues & I spent most of the week long course messing with the instructor's router, which was frankly rather more fun!

    6 years ago

    I agree with you too, thanks for the feedback! 😃

  • Max Ong Zong Bao
    6 years ago

    To me, it just branding or marketing which it's newsworthy whenever it comes out in the news or when you're selling a security certificate.

    The various hats that you had mentioned are just the difference in mindset, intent and circumstances on applying your skills for the good or the bad guys.

    Which you can easily get tons of autobiographies of ex-hackers who turn into "ethical hackers" or WWII spies turning into double agents due to circumstances decided to use their skills to work for the good guys.

    Here's a list of biographies of those "ethical hackers" and WWII double agents

    1) Art of Deception: Controlling the Human Element of Security -

    2) Agent Zigzag: A True Story of Nazi Espionage, Love, and Betrayal -

    2 Replies
    6 years ago

    I agree, thank you for these precious resources! 😇

    6 years ago

    Haven't read the second one, thanks for tip!

  • Younes
    6 years ago

    They swapped their hoodie for a shirt and a tie 😢😆

  • Nathanael Demacon
    6 years ago

    "IT security expert" or "pentester" are very good terms, "Ethical Hacker" seems to be used by beginners or peoples who don't really know what an hacker do, which is very common and isn't a problem. Peoples who does head hunting doesn't necessarily know a lot about the domain they are recruiting for.

    However, the deeper I go in IT security the more I find that the peoples who works in this domain are too much sensible about terms used to define a hacker, sometimes even the word "hacker" can be argued, which is literally a good term.

    It's the same thing about the dark web, peoples who knows a little about security think that it's a "noob" term and must not be used, instead they use terms like the "Tor network", which is not really the dark net but a darknet, literally a private network.

    1 Reply
    6 years ago

    I think that, for someone who doesn't know anything about IT security, the term "ethical hacker" may sound more "cool".😄

    I must admit that people like to show that they know their stuff by preaching to people to name something in the right way. (in their point of view)

  • Ali Sabri Sır
    6 years ago

    I agree ...