The word hacker comes with some pretty negative undertones. Not all hackers are created equal, though, and not all of them are inherently bad. Hackers generally fall into one of three types of “hats”: black, white and grey.
Mainstream media has successfully demonized the word, connecting it exclusively to cyber criminals. Hackers, though, can actually be anyone with enough knowledge and skill to use it to circumvent a device or network’s security measures. Hacking itself is not illegal. It is actually necessary in order to understand and protect against would-be-malicious hackers. It is illegal, however, whenever a hacker compromises a system without the owner’s permission.
Keep in mind that companies of all shapes and sizes, including regulated industries and government agencies, actually employ ethical hackers to help them secure their systems.
In the information security industry, hackers generally fall into one of three categories, defined by their idealogy (ie what kind of use they put their skills to): “white hat”, “grey hat” and “black hat.” Two things generally help define this: their motivations and whether or not they break the law.
These distinctions are influenced by old spaghetti westerns where bad guys wore black cowboy hats, good guys wore white ones and well, sometimes mysterious third parties wore grey ones.
Like all hackers, black hats have extensive knowledge to compromise networks and bypass security protocols. They also write malware, another method used to circumvent the security of protected systems.
Primary motivation for black hats is typically personal/financial gain, but other lucrative and risky endeavors are also attractive to them, such as espionage, protest and the simple thrill of cybercrime. Black hats range from amateurs simply unleashing nasty code onto systems without enough understanding to anticipate outcomes, to experienced hackers aiming to steal valuable data. While harvesting valuable assets, they commonly modify or destroy things along the way.
White hats use their powers for good, often championing education of the masses in order to make the Web safer for business and other activities. Also known as “ethical hackers,” white hats are often paid employees or contractors working for companies as security specialists that attempt to identify, isolate and resolve vulnerabilities via hacking.
White hats employ the same methods as black hats, with one important exception- they do it with permission from owners of systems first, which makes their processes completely legal. White hats perform penetration testing, test stateful and stateless security systems and complete vulnerability assessments for companies. There are even courses, training, conferences and certifications for ethical hacking, which require vast knowledge and experience as they are very difficult to pass.
There are grey areas in life that are neither black nor white. Grey hats are a blend of black and white hat ideology. Grey hats have been known to look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers will post the newly found exploit online for the world to see.
Grey hats are not inherently malicious, rather just looking to get something for their trouble. Grey hats are not known to exploit found vulnerabilities, however, this type of hacking is still considered illegal because the hacker did not receive permission from the owner prior to infiltrating it.
If we didn’t have white hats diligently learning to understand the black hats, developing strategies to counter newly emerging attack methods, seeking out vulnerabilities before black hats can find them and generally staying abreast of how the bad guys think, the tools they use and the company they keep, then there would probably be a lot more negative stories in the news illustrating their dirty work.
Next time you are tempted to scowl at the word, keep this in mind. Sure there are many black hats out there waiting to prey on vulnerable systems. There are just as many, if not more, white and grey hat hackers out there, though, working to make the Web a safer place for work and play.
Thanks for reading.
Questions? There are no silly ones. Comments? Your feedback is always welcome.