Different Types of Hackers: White, Grey and Black Hats
The term hackers is one of those that I particularly don’t like. Anything that goes awry in technology; non-technical people just automatically think ‘it’s hackers’ or I’ve been ‘hacked’. I think that my love/hate relationship with this term stems from my early days in IT working residential internet help desk while I was studying.
Even though the word is overused; it is still an interesting part of IT. There are also different intentions; which forms the basis for the following categories of hacker.
What actually is a hacker?
A hacker is someone who uses computer systems to gain access to another system which they shouldn’t have access to. Public belief is that this is criminal or illegal.
What they try to accomplish by doing this can vary. Some do it for money, some for fame and notoriety, or to disrupt (and possibly even destroy) the system or network. Others might do it for employment and the challenge it brings.
The goal may not be the same for everyone; and therefore there are recognised catagories of hackers.
Different types of hackers…
Typically there are three different types of hackers. They’re differentiated by ‘hat’ color; which are white, grey and black. Each one hacks for a different motive, cause or reason. The terms came from the old western movies; where the cowboy with the white hat was the good guy while the ‘baddie’ was the black hat. We’ll touch on each on below.
The White Hats
Also known as ‘ethical hackers’; White Hats are the good guys in the hacking space. Often quite skilled and knowledgeable around computer security and data protection. They’re employed or given permission to seek out and make sure that any vulnerabilities in software, hardware or networks are unable to be exploited by unauthorised users.
To even be considered a white hat, a fundamental value that must be adhered to is that you disclose all vulnerabilities you find to whoever is responsible for them. Thus allowing the vulnerability to be closed off before anything malicious can be performed. Penetration testers are typically considered white hats.
The Black Hats
The most publicly recognisable group or catagory of hackers. Black hat hackers usually engage in illegal technology crimes; such as accessing computer systems and networks without any permission. The best way to put it is that they deliberately intend malicious damage through their activities.
Bringing down networks; writing malicious software (such as malware and ransomware) to even using non-technical based methods to gain unauthorised access to information. A common technique is calling pretending to be someone else.
There are a number of high profile (or infamous) black hat hackers that have committed various crimes including credit card fraud, infiltration of US military systems to bringing down large companies websites with DDOS attacks.
The Grey Hats
As with most things in life; they’re not always black and white. There is a grey area. Hacking is no different at all. As is standard with grey area – a grey hat hacker falls somewhere between the white and black.
A grey hat doesn’t really mean to cause any malicious harm; but will try to benefit off their work. This may mean infiltrating a computer system or network illegally without permission (as a black hat would); but then report the vulnerability to the responsible party (as a white hat would do) and offer (for financial gain) to patch or fix the vulnerability.
Kevin Mitnick is classified as a Grey hat; as he previously had black hat intentions before being arrested and sent to prison in the 1990’s. However; he now uses these black hat techniques for white hat purposes as a paid security consultant. Included in his list of clients are Fortune 500 companies as well as a FBI!