Ethical hacking: interview with a Jimber employee

What is ethical hacking?

Ethical hacking is a legitimate practice of hacking into a system to find possible data threats and breaches in a network, application or data. Cyber security professionals do this with consent of the company to try the network’s wards. Therefore this procedure is fully prepared, approved and also legal. The intention for ethical hacking is investigating the system or network for feeble points regular hackers could abuse or damage. Ethical hackers gather and interpret the information to find ways to enhance the system’s security. By improving the security footprint the system can better stand tall against attacks. Companies hire these ethical hackers, also known as “white hats”, to examine the vulnerabilities of their networks and systems. Then they develop solutions to help avoid future hacks. Oftentimes the organisations will ask the white hats to do a retest to confirm the vulnerabilities are completely worked out.

An insight into ethical hacking

To delve into this subject a little deeper, we sat down with Ken De Moor, one of our employees. He’s the QA Engineer and also works in Functional Analysis. On top of that he also follows up projects from time to time, but not as a full-blown project manager. Ken has been working for Jimber for almost two years now. Previously he worked together with one of the co-founders and several colleagues.On the Jimber website it states that employees have been able to hack companies like Kinepolis, Itsme, TomTom and various others. “Hacking, however, doesn’t necessarily mean that full access to all data was granted”, Ken says. There are many forms of hacking with many different levels of impact. Some could be minor things, while others have a larger impact. The website specifically lists that vulnerabilities were disclosed. Which also means that in some cases there wasn’t an actual hack. We just disclosed how it could possibly be done. Without actually accessing any data ourselves, to protect people's privacy.

Ken participated in the WebKnight and Kinepolis hacks. “My specialty is mostly Denial Of Service attacks. Where I attempt to find a bug in a system that could bring down the entire system, or cause issues on a large scale.”, he adds. “I’ve always liked to find the weaknesses in software. It’s why I eventually became a QA Engineer, knowing how to find weak spots in software helps you make quality software! When I was a kid I used to love finding glitches and bugs in games.”, Ken expresses.One of the hacks was in function of one of Ken’s school projects. Each group of students had to secure a website, while every group attempted to hack each other. There was one challenge level mode where the group had to attempt to hack actual security software that the teacher uses on a B2B level. Ken found a vulnerability and it was listed in the patch notes for the software.The other one was during an event organized by Kinepolis and Intigriti where they brought a ton of ethical hackers together. Companies were able to ask the services of ethical hackers for an afternoon and we were allowed to attempt a hack within a certain set of rules. Ken can’t disclose too much about the specifics of these two for obvious NDA reasons.He recommends not to be overconfident, nothing is unhackable. There are so many ways that things can go wrong and a hacker would only need to break your weakest link. Being aware of which data is stored/shared in the first place is very important. Assume any and all data can be stolen or manipulated.However there are many easy targets out there, hackers rarely focus on one specific target and that target only. Make sure you are more secure than the average company, and hackers will likely put their sights on other companies instead. The effort and knowledge needed to breach your company just becomes too much. Invest in your security, don’t ignore it until you become one of those easy targets!

Jimber solution

Of course as a company specializing in cyber security we find this subject extremely important. Are you, as a business owner, concerned about network, data or application breaches? Make an appointment. Our Jimber team of ethical hackers will gladly try to hack into your systems. If they find vulnerabilities, our team can also develop solutions to prevent future hacks. On our contact page, you can easily contact us to make an appointment.Read more about ethical hacking: https://www.synopsys.com/glossary/what-is-ethical-hacking.html