Ethical hackers, people who hack into computer networks in order to test its security, are often misunderstood in the cybersecurity industry, with some cases even culminating into arrests due to the nature of their job. In order to differentiate between types of hackers, Rep. Nancy Mace introduced the Federal Cybersecurity Vulnerability Reduction Act, which invited ethical hackers to report vulnerabilities in government systems in October of 2023.
This is likely to aid the increase in demand of ethical hackers. According to the U.S. Bureau of Labor Statistics, the employment of information security analysts — which includes ethical hackers — is expected to increase by 32% from 2021 to 2031. Headspace Applications Security Engineer Michael Blake says the more positive change in the mindset of those who are not affiliated with ethical hackers leads to an increased demand for them. Blake specifically noticed the increase in bug bounty programs, which are deals offered by organizations in which individuals can receive recognition and compensation for reporting bugs.
“I would say before 2012, there weren’t really many bug bounty programs at all and hacking in general was definitely seen as a negative,” Blake said. “Ethical hacking wasn’t really something that was on the minds of many people or many companies. Nowadays, it’s almost more frowned upon to not have a bug bounty program, from a security perspective. The scene changed quite a bit just in the last 10 years.”
Junior Brian Deng says many computer scientists are now hacking for ideological purposes rather than the typical monetary reasons. For instance, Deng talked about the organization Anonymous, whose purpose is to protest online by illegally hacking into and exposing government institutions. On the other hand, many independent contractors are hackers who simply work for altruistic causes.
“One of the Reddit co-founders, Aaron Swartz, hacked MIT and stole a bunch of research papers from Journal Storage (JSTOR),” Deng said. “He released it for free, which is not a bad thing, especially because the research papers are created using government grants which are paid by the people, which means that the people should be able to get this research for free.”
Blake says the exploitation of companies gives more incentive for unethical hackers to hack for money, stating it becomes easier for unethical hackers, as they can use the same methods to hack more efficiently with more advanced technology.
“It’s easier today to launch ransomware, just because there’s so much software out there to ransom a computer,” Blake said. “And then on top of that, it’s easier today to transfer money anonymously through something like cryptocurrency.”
Deng says recent improvements in technology are making companies more aware of the importance that ethical hacking holds. He says as computers become faster and AI becomes more knowledgeable, it will be easier for black hat hackers, people who hack illegally, to access confidential information from major company databases.
“Most of the time they use almost irreversible math for encryption and because both sides have keys to decrypt, this allows for privacy between two parties,” Deng said. “However, when math that’s usually irreversible by human means is cracked, the system has privacy concerns.”
Freshman at UT Dallas Siddharth Narayan says that the battle between ethical and unethical hackers is on equal ground, as both sides use similar technology. However, Narayan notes that Personal Identifiable Information (PII) will be more susceptible to hacking as advanced technology in the future, such as quantum computing, will be able to break the current encryption methods used to guard that information.
PII, such as banking details or social security numbers, which are being sent across the Internet right now is really important and if you store that information, someone can decrypt it 20 years later,” Narayan said. “If a bad person decides, ‘I want all this information, so I’m going to store the encrypted version. Twenty years from now, I’ll have access to a quantum computer and get through to the information then.’”
Narayan says no matter how much effort ethical hackers put into guarding encryption methods, unethical hackers will find a way to match their effort. Although, one aspect of online security that Narayan states will not be affected by advanced technology is social engineering, techniques aimed at talking a target into revealing specific information for illegitimate reasons.
“Social engineering is really difficult to guard against, because it’s humans that are usually the most valuable part of any system.” Narayan said. “Calling the phone company and convincing the person on the other side they are ‘you’ is easy. What’s a lot more difficult is hacking into that telephone company’s systems. Educating people about security is the most difficult part of ethical hacking.”