Hacking tools have been covered frequently on this blog because, when it comes to security, it’s important to know what you’re up against. However, while we’ve spoken of the methods, we haven’t gone into depth when it comes to who is actually on the other side of those tools; the hackers themselves. As such, you may subscribe to the common notion that a hacker is just a criminal who deals in the theft of digital information and associated digital havoc, but that’s not quite all there is to it. In the hacker communities, there is actually a code of ethics that separates hackers into three separate “hats”; the black hat, the white hat, and the grey hat.
When the word “hacker” comes up, what most people picture is someone who is hellbent on breaking through security and stealing important information. In films, even hackers who are depicted as good guys usually have a background in infiltrating corporate mainframes and making off with all their internets. By the loosely defined hacker code of ethics, anyone who breaks into private systems with the only objective being personal gain is considered a black hat, regardless of who their victim is.
Black hats are the hackers who are associated in illegal activity. They break into secure networks and steal, destroy, or hold ransom whatever they can get their hands on. They do it all for personal gain. They’re the ones who steal credit card information and harness systems for botnets. They send spam, create viruses, and bring down networks. They’re the bad guys, pure and simple.
On the other end of the hacker spectrum are the white hats or “ethical hackers”. White hats are experts in compromising computer security, but they harness their abilities for constructive reasons, rather than with malicious intent. They use the same tools as black hats, but their goals are completely the opposite.
How does one use hacking for good? Believe it or not, large companies are always looking for people to breach their security so they know where all the holes and flaws are. Various organizations pay bounties to anyone who can reveal vulnerabilities in their security, all for the purpose of preventing the wrong people from doing the same. This is called “penetration testing” and it’s how the white hats satisfy their cravings for outsmarting software.
By the loose code of ethics that hackers follow, a white hat will never breach the security on a computer that they aren’t permitted to. This means that the only time a white hat hacker will break into your system is if you invite them. If they’re not invited but still well intentioned, they may be considered a grey hat.
The grey hats sit between these two polar moralities. A grey hat may not necessarily be out for personal gain, but that won’t stop them from getting into places that they aren’t supposed to be.
The appeal of hacking comes from the challenge presented by cyber-security. It’s not exactly easy to breach the security of a private server, but it is satisfying to outsmart a computer. While both white hats and black hats have different ways to make money off of feeding this craving, grey hats aren’t necessarily out to make money, they may just want the satisfaction the comes from penetrating a network’s defenses. On the other hand, as their ambiguous shade of hat implies, what they do can by no means be considered legal.
To be clear, a grey hat doesn’t ever intend harm. If a grey hat crosses the line and does steal information, then they’re considered a black hat. Once they breach a network, they may choose to reveal the information either publicly or privately to warn the organization of the flaw, but even if they take the steps to help, accessing a private server without permission is illegal. So while the grey hats aren’t quite the bad guys, they may be considered the anti-heroes or maybe just the loose cannons.
THE GOOD, THE BAD, AND THE IFFY
The only thing that separates a black hat from a white hat is their own morality. The tools and the methods are exactly the same for any hacker, but their usage differ depending on the hacker’s intention. It’s maybe not important to know that the white hats are out there unless you’re in charge of keeping a network secure, but the knowledge may help explain why there are hacker conventions and meetups. Not all hacking is illegal, but you only hear about all the bad stuff it leads to. However, without the good guys, some security holes might never get plugged and the black hats would roam the internet unopposed.