With the recent undeniable growth of IT knowledge and cyber-based specialty in the last decade, the number of individuals gaining interest in learning and using cyber skills as a way to make a living is increasing every day. From an introverted teenager living in their basement in southern Europe who’s in love with hacking and mesmerized by the broad opportunities of the internet to a college graduate of Harvard with years of training and specialties as an ethical hacker, many people are choosing the cyber network as their workplace.
But in this specific field, there is an open opportunity to use these codes and data as one pleases; and the only limit for one’s adventures is solely his/her skills and knowledge. This results in the borders of ethics, legitimacy, and legality in the cyber world getting very thin and creates terms such as white-hat, black-hat, and grey-hat hackers.
In the first part of this read on “A Comprehensive Guide To Hacking”, we talked about the history and essence of hacking as well as different types of hackers. In this read, we will look into the comparison of the situation of White vs. Black-hat hackers as well as the ups and downs of being a white-hat hacker, whether you are already an unethical hack specialist looking to find legitimacy or you just started to use your cyber skills for making money.
What are the dangers of being a black-hat hacker?
The world of hacking is thriving every day. This could be good and bad news at the same time, depending on how this skill is used. Being a black-hat hacker may be seductive and lead to some gaining at first but in the long run, the narrative of some of the greatest black-hats of history may clue you in on what black-hat hacking inevitably leads to at the end of the day.
Kevin Mitnick was one of these people. Once a black-hat hacker, he was charged two times with crimes such as wire fraud, unauthorized access to a federal computer, and causing damage to a computer. He was later sentenced to 5 years in prison as a result of his attacks on Pacific Bell’s voicemail. After being released, he turned white-hat, established his own security consultation group called Mitnick Security, and is also currently working as a Chief Hacking Officer at KnowBe4 anti-phishing platform.
Albert Gonzalez aka Segvec, the infamous leader of the Shadowcrew hacking group was another big-time black-hat taking part in theft and sale of credit card info from a variety of retailers. Gonzalez too was later sentenced to 20 years in prison for stealing more than 170 million credentials and had to pay back hundreds of million dollars in restitution alongside his co-defendants. Later, Gonzalez joined the White-hat hacker community as well.
Hector Xavier Monsegur, mostly known as Sabu, a former part of the widely known hacking group, Anonymous, is another example. He was responsible for many of the greatest hacking attacks of U.S history against companies like Sony, Visa, and MasterCard as well as some international governmental attacks. Eventually, he was also arrested in 2011 and was sentenced to over 120 years in prison! He finally became an FBI informant after serving several months in jail.
Legal challenges of black-hat hack
Cybercrime is mostly categorized as class B felonies in the United States, carrying a punishment of up to 20 years of prison and/or $15,000 fine. A black-hat hacker is consistently at risk of going under the terms of accusations like conspiracy, wire fraud, computer fraud, unauthorized access device fraud, and aggravated identity theft. The punitive laws against malicious hacking as a thriving crime are as strict in almost every other country in the world as well.
The hackers mentioned above were amongst the biggest and best black-hats in history. But no matter how much prolonging the inevitable; they were finally caught and faced their crimes. But this talent and skill can be used differently.
Many companies are in need of these skills these days and are more than willing to pay remarkable amounts of money to experts who can help them strengthen their cyber-security perimeter. Many former black-hats, aware of the vast danger and risk of malicious hacking, are working these days under the terms of the law. They are occupied in fields such as consulting cyber-security teams, working as bug bounties or threat hunters, and are helping businesses to have a safer platform online. Furthermore, they can work safer without the risk of getting arrested and still use their expertise and passion for hacking to make great money.
Life as a white-hat hacker
The interest in becoming a white-hat hacker is rising every day. On an average basis, around 850 hackers are joining the 600,000-strong community of ethical hack specialists each day. Aside from former black-hats facing the grave danger of malicious hacking and turning into clean white-hat hackers, many new forces are joining the cyber-security community every day considering the opportunities of this field as a flexible part-time or even full-time job.
Pros and cons of a white-hat hacker
Working as a white-hat security specialist includes taking part in the bug/ threat hunting programs as well as being employed by companies as a part of their cyber-security team. This field of work may bring many advantages to you as a cyber-expert.
A white-hat hacking career can provide you with the flexibility that almost no full-time employer can offer you. You can work on the days and hours you like and take whatever day you want off. You set your own schedule which gives you the independence you could not experience with an employer as you are your own boss now.
The Bug Bounty community is another benefit of being a white-hat. A broad range of talented hackers you can learn many things from and keep your knowledge up to date with their help. Other than that, you can work on many different platforms or even with different companies at a time and have the variability you desire.
On the other hand, there are some inevitable set of challenges you may face as a cyber-security specialist such as isolation and remote work. Also, there might be some bad weeks you may not be able to find any bug or valid threat. But like any other job, with the right amount of skill and patience you can have a noticeable income at the end of the day.
How much can a white-hat hacker make a year?
One common criticism of the cyber-security field is the uncertainty in the financial aspect. But the reality is that money is as good as you are! The broader set of skills a specialist acquires and the more hours he/she puts into bug or threat hunting, the more amount of money is earned. In fact, according to surveys, seven hackers have reached more than $1 million of earnings in their lifetime using bug bounties only; while thirteen others hit $500,000.
The good active hackers with the required skills and sufficient time put into the job, marked as the top one percent, are making an average salary of around $35,000. This goes with a potential earning power higher than any other average IT salary.
Santiago Lopez, the first bug hunter to reach $1 million in bug bounty platforms is a good example. As a formerly convicted black-hat with 4 years in prison, Lopez is now using his skills on the right path. As a do-good hacker, he can make remarkable money legally by pursuing his hacking passion without the risk of conviction.
Field growth in ethical hacking
The good news is that the growth potential is very promising in this field. Considering the rapid speed of cyber development and the increase of cybercrime in recent years, the need for new cyber-security specialists is rising.
According to New York Times, By 2021, around 3.5 million cybersecurity jobs will be available worldwide and the giant market of companies in need of specialists will thrive constantly with new technologies, software, and websites developed every day.
In conclusion, we can say that ethical white hat hacking is the best way to legally use your hacking skills and pursue your love for de-coding and breach, only this time for a good purpose and without the fear of legal repercussions.
White-hat hacker as a part-time/ full-time job
As a full-time job, a skillful white-hat can achieve more than an average salary in the IT field using bug bounties and other VRPs (Vulnerability reward programs). In addition to that, for those who have recently started this career and are experiencing in the world of cybersecurity, white-hat hacking is a safe and trustable part-time job or hobby to gain skill and specialty as well as making an acceptable income.
After all, these platforms are a great opportunity for both businesses to strengthen their cybersecurity perimeter and hackers to continue their hacking career. All taking place in a safe platform and contributing to a safer cyber world for everyone.