Most Innovative Company, South Africa, 2016, African Business Awards
Best Forensic Investigation Company, Africa, 2016, African Corporate Excellence Awards
Best in Security, Forensics & Investigations – 2016 – International Business Awards

Penetration Testing

Ethical hacking is term that describes a range of activites undertaken to evaluate the security of an information system by attempting to gain surreptitious access to that system using the same techniques and resources that a criminal hacker might employ.

Can you hack my spouse’s Gmail account?

Yes, we probably can, but we won’t. Why? Because that would be a crime, and we are not criminals. Ethical hacking differs from criminal hacking in two respects:

Ethical HackingCriminal Hacking
Role The ethical hacker acts in support of the information security efforts of the target system. The criminal hacker acts to circumvent or subvert the information security efforts of the target system.
Beneficiary The beneficiaries of an ethical hack are first, the client, and second, the community, who can develop more effective security systems from lessons learned. The beneficiaries of a criminal hack are first, the financial gain and perhaps fame of the hacker, and all else is second.
Motivation Although an ethical hacker is paid a fee for services rendered, the financial reward is seldom the ethical hacker’s primary motivation. In general they’re motivated by the challenge and a desire to discover new vulnerabilities and exploits that can be fixed to the benefit of everyone. A criminal hacker is almost always financially motivated. In other words, their hope is that the target system will contain data of value which can be resold or used to generate revenue (for example, personal identification data, credit card and bank details, source code, trade secrets or other valuable data)
Intention The ethical hacker intends to test the security of a system. When a vulnerability is discovered an ethical hacker will notify the client and await further instructions before attempting to exploit that vulnerability or putting the client’s system at greater risk.A criminal hacker has no regard for the impact that their activities might have on the target system. Their intention is to gain unauthorized access by any means possible – even if their actions could cause system failure or data destruction.
Authority An ethical hacker gains authorized access to a target system. The owner or their authorized representative will give the ethical hacker permission to conduct a penetration test. Strict guidelines (rules of engagement) are usually stipulated so that the target system and its data is never damaged or placed at risk of compromise. A criminal hacker gains unauthorized access to the target system, and in so doing are engaged in criminal activity. They are not confined or limited by the wishes of the target system’s owners and have no regard for the financial and other losses that the target client may suffer.
Assignment His or her assignment is to probe a target network in the same manner a criminal hacker would so that any vulnerabilities in the target systems can be addressed. He or she intends to gain unauthorized access to systems and data for any number of malicious, criminal or destructive purposes.
Methodology There is little or no difference in the methodologies, tools and techniques used by ethical hackers and criminal hackers. There would be significant differences in how certain tools were used or how techniques and methodologies were applied – with the ethical hacker constantly aware of the risk that their actions might pose to the target system’s integrity or availability, and a criminal hacker constantly aware of the risk of their actions being exposed and their access terminated before they’ve completed their mission.
Secrecy An ethical hacker will sign a non-disclosure agreement which prohibits him or her from disclosing any information related to client, the target system, the assignment or the outcome. A criminal hacker is not bound by any non-disclosure agreement, and will often publish details of the hack online (including dumping stolen data in the public domain).
The owner of the target system or network has What makes ethical hacking legal is not that legal techniques and tactics are employed. An ethical hacker will attack the target information system with the same toolset a criminal would. It is legal because it has been authorized. Ethical hacking is only done at the request of the owner of the information system in question (or by an authorized representative of the owner) and it is conducted in terms of a contractual agreement that sets out the scope, boundaries, limitations and other specifics of the assignment. The other difference between ethical and criminal hacking relates to the hacker’s intentions. In the case of ethical hacking, the objective is to improve security by identifying vulnerabilities and exploiting the systems susceptability to specific attack vectors. An ethical hacker will take extraordinary precautions to ensure that any system breaches do not leave the target system vulnerable to attack by criminal hackers, that confidential data is protected from accidental or unauthorized disclosure, and that the hacking assignment is undertaken with the minimal disruption or damage to the target infrastructure as possible.