Editing White hat (computer security) (section)

==History==
One of the first instances of an ethical hack being used was a "security evaluation" conducted by the [[United States Air Force]], in which the [[Multics]] operating systems were tested for "potential use as a two-level (secret/top secret) system." The evaluation determined that while Multics was "significantly better than other conventional systems," it also had "... [[vulnerabilities]] in hardware security, [[software security]] and procedural security" that could be uncovered with "a relatively low level of effort."<ref>{{cite report |author=Paul A. Karger |author2=Roger R. Scherr |date=June 1974 |title=MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS |url=https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf |access-date=12 Nov 2017 |archive-date=13 November 2017 |archive-url=https://web.archive.org/web/20171113060242/https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf |url-status=live }}</ref> The authors performed their tests under a guideline of realism, so their results would accurately represent the kinds of access an intruder could potentially achieve. They performed tests involving simple information-gathering exercises, as well as outright attacks upon the system that might damage its integrity; both results were of interest to the target audience. There are several other now unclassified reports describing ethical hacking activities within the [[United States Armed Forces|US military]].

By 1981 ''[[The New York Times]]'' described white-hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a [[National CSS]] employee revealed the existence of his [[password cracker]], which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated "The Company realizes the benefit to NCSS and encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".<ref name="mclellan19810726">{{cite news | url=https://www.nytimes.com/1981/07/26/business/case-of-the-purloined-password.html?pagewanted=3&pagewanted=all | title=Case of the Purloined Password | work=The New York Times | date=1981-07-26 | access-date=11 August 2015 | author=McLellan, Vin | archive-date=2016-03-07 | archive-url=https://web.archive.org/web/20160307215920/http://www.nytimes.com/1981/07/26/business/case-of-the-purloined-password.html?pagewanted=3&pagewanted=all | url-status=live }}</ref>

On October 20, 2016, the [[United States Department of Defense|Department of Defense]] (DOD) announced "[[Hack The Pentagon]]."<ref>{{Cite web |title=DoD Announces 'Hack the Pentagon' Follow-Up Initiative |url=https://www.defense.gov/News/News-Stories/Article/Article/981160/dod-announces-hack-the-pentagon-follow-up-initiative/platform/dod-announces-hack-the-pentagon-follow-up-initiative/https://www.defense.gov/News/News-Stories/Article/Article/981160/dod-announces-hack-the-pentagon-follow-up-initiative/ |access-date=2023-12-15 |website=U.S. Department of Defense |language=en-US}}{{dead link|date=April 2025|bot=medic}}{{cbignore|bot=medic}}</ref><ref>{{Cite web |last=Perez |first=Natasha Bertrand, Zachary Cohen, Alex Marquardt, Evan |date=2023-04-13 |title=Pentagon leak leads to limits on who gets access to military's top secrets {{!}} CNN Politics |url=https://www.cnn.com/2023/04/13/politics/pentagon-leaks-limit-access-military-secrets/index.html |access-date=2023-12-15 |website=CNN |language=en |archive-date=2023-12-15 |archive-url=https://web.archive.org/web/20231215184601/https://www.cnn.com/2023/04/13/politics/pentagon-leaks-limit-access-military-secrets/index.html |url-status=live }}</ref>

The idea to bring this tactic of ethical hacking to assess the security of systems and point out vulnerabilities was formulated by [[Dan Farmer]] and [[Wietse Venema]]. To raise the overall level of security on the [[Internet]] and [[intranets]], they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program called [[Security Administrator Tool for Analyzing Networks]], or SATAN, was met with a great amount of media attention around the world in 1992.<ref name= Palmer />