Hacker Hat Colors Explained: Black Hats, White Hats, and Gray Hats
Hackers are not inherently bad: the word “hacker” does not mean “criminal” or “bad guy”. Tech geeks and writers often refer to “black hat”, “white hat” and “grey hat” hackers. These terms define different groups of hackers based on their behavior.
The definition of the word “hacker” is controversial and could refer to someone who compromises computer security or a developer who is an expert in free software or open source movements.
Black hat hackers, or simply “black hats,” are the type of hackers that the popular media seems to focus on. Black hat hackers violate computer security for personal gain (such as stealing credit card numbers or collecting personal data to sell to identity thieves) or out of sheer malice (such as creating a botnet and using that botnet to conduct DDOS attacks against websites they do not use). You eat.)
Black hats fit the widespread stereotype that hackers are criminals who carry out illegal activities for personal gain and attack others. They are computer criminals.
A black hat hacker who finds a new “zero-day” security vulnerability would sell it to criminal organizations on the black market or use it to compromise computer systems.
Portrayals of black hat hackers in the media may be accompanied by goofy stock photos like the one below, which is intended as a parody.
White hat hackers are the opposite of black hat hackers. They are the “ethical hackers,” experts at compromising computer security systems who use their skills for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
For example, many white hat hackers are employed to test an organization’s computer security systems. The organization authorizes the white hat hacker to attempt to compromise their systems. The white hat hacker uses his knowledge of computer security systems to compromise the organization’s systems, just like a black hat hacker would. However, instead of using his access to steal from the organization or wreck their systems, the white hat hacker informs the organization and tells them how they gained access, allowing the organization to improve their defenses. This is known as “penetration testing” and is an example of an activity carried out by white hat hackers.
A white hat hacker who finds a security vulnerability would disclose it to the developer, allowing them to patch their product and improve its security before it is compromised. Various organizations pay “bounties” or award prizes for disclosing such discovered vulnerabilities, compensating white hats for their work.
Very few things in life are clear black and white categories. In reality, there is usually a gray area. A gray hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn’t work for their own personal benefit or to cause carnage, but they can technically commit crimes and do possibly unethical things.
For example, a black hat hacker would compromise a computer system without permission, stealing the data it contains for his or her gain, or otherwise wrecking the system. A white hat hacker would ask for permission before testing the security of the system and would alert the organization after it was compromised. A gray hat hacker could attempt to compromise a computer system without permission, informing the organization after the fact and allowing them to fix the problem. Although the gray hat hacker did not use his access for bad purposes, he did compromise a security system without permission, which is illegal.
If a gray hat hacker discovers a security flaw in a piece of software or on a website, they can disclose the flaw publicly instead of disclosing it privately to the organization and give them time to fix it. They would not exploit the flaw for their gain, that would be black hat behavior, but public disclosure could cause carnage as black hat hackers tried to exploit the flaw before it was fixed.
Black hat”, “white hat”, and “gray hat” can also refer to behavior. For example, if someone says “that looks like a black hat”, that means the action in question seems unethical.