Who are black and white hat hackers, and how do they differ?
The image that is created in the public’s mind is that hacking is inevitably a crime. Poorly socialized hackers lurk in basements across the globe and itch to access a bank account or steal identities. People that are more familiar with computer culture know that hacking like so many other things exists on a continuum.
Not all hackers are inherently bad. Usually, when used in mainstream media, the word, “hacker“, is about cybercriminals, but a hacker can be anyone, regardless of their intentions, he or she utilizes their knowledge of computer software and hardware to break down and bypass security measures on a computer, a device or network. Noteworthy is the fact that hacking itself is not an illegal activity unless a hacker is compromising a system without the owner’s permission. Nowadays many companies and government agencies employ hackers to help them secure their systems.
Hackers are categorized by type of metaphorical “hat” they don: “white hat”, “grey hat”, “black hat”. The terms come from old spaghetti westerns, where the bad guy wears a black cowboy hat, and the good guy wears a white hat. Two main factors determine the type of hacker that somebody’s dealing with: their motivations, and also the fact of whether or not they are breaking the law.
Black hat hackers
Black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. They are also responsible for writing malware, which is a method used to gain access to the systems.
Usually, their primary motivation is financial or personal gain. However, they can also be involved in cyber espionage or they could be just addicted to the thrill of cybercrime. The black hat hackers range from amateurs that are just getting their feet wet by spreading malware, to the most experienced hackers that aim to steal data – financial information, personal information, or login credentials. They do not only seek to steal those data they seek to modify them or destroy them as well. When they want a personal gain they steal credit card numbers or harvest personal data for sale to identity thieves. When they hack for pure maliciousness they create for example a botnet and use that botnet to perform DDOS attacks against websites that they don’t like. They are so-called computer criminals. A black hat hacker who finds a new, “zero-day” security vulnerability would sell it to criminal organizations on the black market or use it to compromise computer systems.
Some hackers will take any information they can get – whether it’s your private health care data or even the notes they make in your app. These hackers have two goals:
- Personal vendetta – they want information on a specific person or entity so that they can use that information later. These hackers may be ex-boyfriends and girlfriends (or people they hire), or others with a personal ax to grind. Sometimes a black hat hacker seeks information about a user or group of users to harm an entity, for example, to harm a company’s reputation.
- Money – the most straightforward but also one of the most difficult hacks is the one that allows a user to transfer money or credit from one’s person’s account to another’s. Black hat hackers target consumer, government, and corporate financial data in myriad ways. They may even hack a completely unrelated app to gain access to information that can help them access another app.
There are also other reasons they may attract black hat hackers and some of them are: to support crime in the physical world; blackmail; ransom; identity theft; or even pure curiosity.
White hat hackers
Those are the good guys – they choose to use their powers for good rather than evil. They are also known as “ethical hackers”, so they can sometimes be paid employees or contractors working for companies as various security specialists that attempt to find security holes via hacking.
White hat hackers also employ the same methods as black hat hackers, however, with one exception – they do it with permission from the owner of the system first, which makes the whole process completely legal. White hat hackers perform penetration testing, test in-place security systems, and perform vulnerability assessments for companies. There could be courses, training, conferences, and certifications for ethical hacking. When white hackers use penetration testing, that activity allows the organization to improve its defenses. It could also help an organization if the security vulnerability is found, allowing them to patch their product and to improve its security before it’s compromised. Various organizations pay “bounties” or award prizes for revealing such discovered vulnerabilities, which compensate white-hats for their work.
White hat hackers can provide a company the following:
- An executive summary describing the potential risks on their IT system.
- A prioritized list of recommended steps that should be taken to eliminate the risks and strengthen the system.
- A technical summary of existing security gaps.
- A detailed report on the assessment.
Some white hat hackers are academic. These are computer artisans who are less interested in protecting systems and more interested in creating clever programs and beautiful interfaces. Their motivation is to improve a system through alterations and additions. Academic hackers can be casual hobbyists, or they can be serious computer engineers working on their graduate-level degrees.
Inside the Hacker World
The world of hacking is complex, with its own culture, lexicon, and social norms. There’s a continuum from ethical and legal to unethical and illegal, and many hackers occupy many spots on this continuum in their careers.