Ethical Hacking: A Security Measure Against
Cyber Attacks on Organizations
Tricia Angela P. Pastrano
BSCS – CC10 A1
Xavier University Ateneo de Cagayan
14b, blk 18, PN Roa subd., Calaanan, CDO
(+63)995 398 1742
200632698@my.xu.edu.ph
ABSTRACT
Information technology is increasingly becoming a hacking
industry. Hacking is not only done by criminals it is also done by
some government agencies and bigger companies. In this study,
we will be exploring what is Ethical Hacking, also referred to as
white hat hackers. Many people considered hacking as a negative
thing, but in this paper, we will give the readers more knowledge
about what are the types of hacking and who are the bad and good
hackers. Various tools are used to carry out hacking. Since there is
a rapid growth in the number of attacks, there is a need for people
to learn ethical hacking concepts to secure themselves.
CCS Concepts
• Security and privacy ➝ Systems ➝ Vulnerability
management ➝ Penetration testing
Keywords
Cybersecurity, Cyber-attacks, Cybercrime, Cybersecurity, Ethical
Hackers, White Hat Hacker, Black Hat Hacker, Gray Hat Hacker,
Penetration Testing,
1. INTRODUCTION
The rapid development of the Internet has contributed to a lot of
solutions in our daily lives, making it easier and faster to do
things. These include e-commerce, electronic communication, and
information sharing. While these advancements have advantages,
there are also concerning dangers that should be addressed. These
threats include penetration into web servers, identity theft, and the
leaking of information. There has been an increasing number of
criminal hackers that will try to take advantage of your situation
to make a profit or earn recognition from it. Fortunately,
organizations are aware of these problems and are taking extreme
measures to fight against these threats.
Ethical hacking, often known as “Penetration Testing” or “Red
Teaming”, is defined as the act of hacking with the lack of
malicious intent. It is the practice of intruding into networks or
systems to discover threats and vulnerabilities which may be used
by malicious hackers to take advantage of. These hackers are
referred to as "black hat" and are considered as criminals whose
ill-disposed intent is to exploit any personal information they can
find on the internet. To counter these criminals, "white hat
hackers" came into existence. They use the same methods and
tools as the black hat hackers but with authorization to target the
system’s security to discover loopholes during testing. Its purpose
is to improve security by fixing faults to defend attacks from other
users.
Erick C. Asas
BSCS - CC10 A1
Xavier University Ateneo de Cagayan
158 Zone10C Zayas St. Carmen, CDO
(+63)977 732 8709
20200019937@my.xu.edu.ph
2. TYPES OF HACKERS
Hackers have greatly impacted the Internet in many ways and
their attacks have resulted in a great deal of interest in
understanding the motivation behind these perpetrators. They are
often programmers who have advanced knowledge in
programming and operating systems to locate errors and to find
out the reason why there are. They can be categorized based on
the intentions of their activity.
2.1 White Hat Hackers
White hat hackers or also known as Ethical Hackers, do not have
any malicious intention, rather they try to discover vulnerabilities
in a computer or network system. They are often paid employees
who work for companies as security specialists to protect and
support them against cyber threats. They work to ensure the safety
and protection from malicious cybercrimes. They use the same
tools and methods of hacking as malicious hackers, but they have
permission and are given the authority to perform penetration
testing and vulnerability assessments while following the rules
and regulations provided by the government, making it legal and
one of the most demanded jobs available in Information
Technology industry.
2.2 Black Hat Hackers
Black hat hackers, also called crackers, usually have a deep
understanding when it comes to infiltrating computer networks
and bypassing security protocols. Their purpose is to harm the
computer systems and networks for personal or financial gain.
They can break into the network by bypassing the security to
harm the data. They can also invade unauthorized networks by
cracking the programs and passwords. They can range from
amateurs who spread malware to professionals aiming to steal
data and information they can take advantage of. They are
considered criminals because this type of hacking is illegal due to
its malicious intent.
2.3 Gray Hat Hackers 4. METHODS USED BY ATTACKERS
Gray hat hackers are the blend of both white and black hat Bait and Switch: A common one is a scam by cyber-criminals on
hackers, these hackers discover the vulnerability in the system and websites that offers advertising space to third parties. Site visitors
report it to the system's owner. But these hackers will sneak into may be sent to a page that has been infected by malware by
the system without the owner’s approval. In exchange, they will clicking one of the links
ask for money from the system's owner for the spotted
vulnerabilities. Cookie Theft: Cookies holds a lot of information about you and
once this is stolen, these data might be exploited
3. IMPACT OF HACKING ON Denial of Service/Distributed Denial of Service (DoS/DDoS): A
BUSINESSES AND GOVERNMENTS method used to take down systems or networks by overloading
The largest data breach in history happened in February 2014 them with login attempts, data requests, repetitive tasks, etc.
when a cache of personal data with credentials for 360 million
accounts and 1.25 billion email addresses went up in the black Eavesdropping: Hackers listen in in on a network connection and
market for sale. This data was obtained through cyber-attacks on gathering as much information they can for their own personal
Google, Yahoo, and Microsoft. This breach is a representation of gain.
the alarming cyber-attacks that cause damages to organizations Keylogging: This allows hackers with standard software to collect
and threaten national and economic security. a log file with the strokes made on a keyboard.
Cyber-attacks can result in a major loss of business intelligence
Malware: Viruses, Trojans, worms, are the most common
and intellectual property by damaging the company’s reputation
designed to cause a great amount of damage to systems and data.
leading to a drop in stock value. Investigations about the impact of
cyber-attacks to stock price show that targeted firms suffer from Phishing: Email messages are used to trap a recipient into
losses of 1% to 5% in the days after the attack has been made. The revealing personal information.
immensity of this price drop can be translated to shareholder
losses of $50 million and $200 million if it was based on the “Man in the Middle” Attack: The attacker establishes two
average New York Stock Exchange corporation. connections, one within themselves and a server, the other within
themselves and the client. This allows them to have access of the
Virus and worm attacks cost worldwide losses to several data being passed through their proxy connection.
computer security firms. The 2003 loss estimates from $13 billion
to $226 billion, ranging from just virus and worm attacks to all
forms of malicious attacks done to these firms. A report by
Ponemon Institute on October 13 discovered that over 6 countries
and 234 multinational companies almost became a victim of a
malware attack. 57% of them experienced Distributed Denial of
Service (DDoS) attacks. In the report, it cost then approximately
$7.2 million annually due to the companies being breached 1.3
times a week.
The rapid growth in these malicious attacks proves that it is
something organizations cannot keep away from and they should
probably expect significant loss due to this. Cyber-attacks are the
medium used by hacking groups and organizations to level the
field with competitors. Financial loss threats, information theft,
and destruction to sectors are the reasons that made cybersecurity
a top priority around the globe. Companies are turning to
insurance for financial protection against these inevitable attacks.
The insurance industry’s response to has been doubled. At first, In recent years, the most dangerous and destructive virus in
most insurance companies excluded cyber-attacks from their history was created in the Philippines. This was called the
standard business insurance coverage but as the demand grew ILOVEYOU virus, an example of phishing and worm. This
from attacks, insurers began selling specialized cyber-risk contains a VBS programming code that enables attackers to
policies. Cyber insurance usually covers the repairs of the systems acquire information from the victim’s computer that can
when security breaches happen. command the Operating System to do a task. Once the computer
is connected to the internet with weak security, the attacker can
US National Security (NSA) Director Keith Alexander refers
easily break into the system and steal all the user's information
cyber espionage as “the greatest transfer of wealth in history.”
including private data and passwords.
Cybercrime would cost with an estimate of $385 billion on a
global scale. In 2013, 54% of total cyber-attacks were targeted to
the US, followed by Russia, then India. Almost half of the attacks
were from China, followed by the US at 19%, then Canada at
10%. Canadian telecom giant Nortel Network Ltd. Was a victim
of cybercrime by being infiltrated by Chinese hackers for almost
10 years before filing for bankruptcy in 2009. This concludes that
cyber espionage may be the greatest threat organizations may
face.

4.1 Hacking Phases
Phase 1: Reconnaissance: This can either be passive or active.
Passive reconnaissance is also called “information gathering”. It is
the gathering of information without the target’s knowledge
without attacking the system. Meanwhile, active reconnaissance
involves breaking into networks to discover individual hosts, IP
addresses, and network services. It is also called as “ratting the
doorknob”
Phase 2: Scanning: In this phase, Tools are used by hackers to
examine the network they gathered earlier to enter the company’s
system.
Phase 3: Gaining Access: The hacker then uses the information
they have discovered and collected to breach into the Local Area
Network.
Phase 4: Maintaining Access: When the hacker has successfully
breached the system, he maintains having that access by messing
up or changing up the system so that others cannot enter the
attacked system.
Phase 5: Covering Tracks: The hacker then removes all the
pieces of evidence that would be used to trace him/her.
5. CONCLUSION
Hacking plays an important part in the world of computers, but it
also comes with risks and benefits. It deals with the good side, the
bad side, and somewhere in between, it all depends on the
intention of the hacker since they can be very diverse in many
ways. They can bankrupt and destroy a company by attacking it,
or they can protect it by securing the data and increasing the
revenues for the company. The conflict between ethical or white
hat hackers and the malicious or black hat hackers has existed for
a while and is still ongoing. Ethical hackers help companies
secure the company from the malicious hackers who might
illegally harm their system for their personal gain. Ethical hacking
is a powerful tool that can provide deep understanding on the
vulnerabilities of a network and how they can be exploited, if not
properly used, it can cause a lot of harm.
6. REFERENCES
[1] Snyder, R. (2006). Ethical hacking and password cracking.
Proceedings of the 3rd Annual Conference on Information
Security Curriculum Development - InfoSecCD ’06.
doi:10.1145/1231047.1231051.
[2] Trabelsi, Z., & McCoey, M. (2016). Ethical Hacking in
Information Security Curricula. International Journal of
Information and Communication Technology Education,
12(1), 1–10. doi:10.4018/ijicte.2016010101
[3] Palmer, C. C. (2001). Ethical hacking. IBM Systems Journal,
40(3), 769–780. doi:10.1147/sj.403.0769
[4] Kwon, K. H., & Shakarian, J. (2018). Chapter 7 Black-
Hat Hackers’ Crisis Information Processing in the Darknet:
A Case Study of Cyber Underground Market Shutdowns.
Studies in Media and Communications Networks, Hacking,
and Media – CITA MS@30: Now and Then and Tomorrow,
113-135. doi:10.1108/s2050-206020180000017007
[5] Neeraj, R. (2016). Ethical Hacking and Security Against
Cyber Crime. I-manager's Journal on Information
Technology, 5(1), 7. doi:10.26634/jit.5.1.4796
[6] Sahare, B., Naik, A., & Shashikala Khandey, S. (2014).
Study of Ethical Hacking. International Journal of Computer
Science Trends and Technology, 2(4). doi: 10.1.1.680.4610
[7] Watkins, B. (2014). The Impact of Cyber Attacks on the
Private Sector [Scholarly project]. Retrieved from
https://sgongora.com/wp-content/uploads/2020/05/The-
Impact-of-Cyber-Attacks-on-the-private-sector.pdf
[8] Cashell, B., Jackson, W. D., Jickling, M., & Webel, B.
(2004, April 1). The Economic Impact of Cyber-Attacks
[Scholarly project]. Retrieved from
https://archive.nyu.edu/bitstream/2451/14999/2/Infosec_ISR
_Congress.pdf
[9] Hartley, R. (2015). Ethical Hacking: Rationale for a Hacking
Methodological Approach to Network Security.
doi:10.13140/RG.2.1.3056.5206
[10] Gupta, S. (2019). Ethical Hacking Terminologies. Ethical
Hacking – Learning the Basics. doi:10.1007/978-1-4842-
4348-0_1
 RUBRIC
Documentation
Content
Professional Furnish
Grammar
Oral Presentation
Delivery and Presentation
Content
Question and Answer
Peer Evaluation
TOTAL