In this paper I will be discussing what an Ethical Hacker’s roles are, what they have to watch out for, and how they require and depend on social science research and social science principles.
Ethical hackers must try and play the role of a “black hat” hacker, whether it is trying to remotely get information through the company’s servers, tricking an employee to give out sensitive information, or checking whether mobile devices are being properly stored and protected. They try to see how much damage they can do to a company and report the bugs and exploits they find to the company itself.
In terms of how social sciences play a role in ethical hacking, hackers must play the role of being a “black hat” hacker. They must identify bugs and exploits, but also what motivates these “black hat hackers”. There are different motivations for “black hat” hackers with some examples like, entertainment, political, revenge, boredom, recognition, money, or multiple reasons. Through this ethical hackers can see what motivation they would want to exploit and try to get information to complete said motivation.
If a “black hat” hacker’s motivation is entertainment or boredom an ethical hacker might try and find as many exploits he can find no matter how small or insignificant it is. These smaller exploits could lead to potentially bigger exploits. The ethical hacker would then tell the company the bugs and exploits he found and how to patch them.
However if a “black hat” hacker’s motivation is recognition, the ethical hacker would probably go for more difficult information. Because the “black hat” hacker is looking for recognition of how good his skills are, ethical hackers will try and find deep rooted exploits that are very difficult to get to.
And if the “black hat” hacker’s motivation is money, an ethical hacker would try to find as much sensitive data as he could. This means information on users and maybe even their credit card information if it is accessible or sensitive data that could be sold for a lot of money on the black market or could be held for a ransom.
The reason why these motivations are so important to know is because if you just try and find bugs you would find random bugs but might not see how they could be exploited to find even bigger bugs. By playing these motivations you could find a bug and potentially better see how that bug could help you to move forward and complete your goal of for example finding sensitive information for money.
As you can see, ethical hackers would have to play the role of a “black hat” hacker to try and find as many bugs and exploits as he can. Again this means an ethical hacker would not only need to know how to hack, but also the motivations that would drive a “black hat” hacker.
Sources:
https://www.synopsys.com/glossary/what-is-ethical-hacking.html