The term “white hat” in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems. Ethical hacking is a term coined by IBM meant to imply a broader category than just penetration testing.Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively.
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking may include other things. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering, without the knowledge and consent of the targets. Only the owners, CEOs and Board Members (stake holders) who asked for such a security review of this magnitude are aware. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical. In most recent cases these hacks perpetuate for the long term con (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.