The term “hacker” is popularly associated with cybercriminals harboring malicious intentions, when in reality, it’s a lot more. A hacker can be anyone who utilizes their computer software and hardware knowledge to break down and bypass a computer, device, or network’s security measures. It’s popularly believed hacking is illegal on principle, which isn’t the case if a system owner willingly and knowingly grants access. In fact, many private entities and government agencies hire hackers to help maintain their system’s security.
There are two main factors that determine what type of hacker an individual is: their motives and legality of their actions. Hackers are divided into three types—white, black, and grey hat, a naming system that was derived from old western films, where the protagonists would always wear white hats and vice versa for villain characters.
1. Black Hat
Black hat hackers are normally responsible for creating malware, which is frequently used to infiltrate computerized networks and systems. They’re usually motivated by personal or financial gain, but can also participate in espionage, protests, or merely enjoy the thrill. Black hat hackers can be anyone from amateurs to highly experienced and knowledgeable individuals looking to spread malware, steal private data, like login credentials, along with financial and personal information. Upon accessing their targets and depending on their motives, black hat hackers can either steal, manipulate, or destroy system data.
2. White Hat
Also known as “ethical hackers,” they’re often employed or contracted by companies and governmental entities, working as security specialists looking for vulnerabilities. While they employ the same methods as black hat hackers, they always have permission from the system’s owner, making their actions completely legal. White hat hackers implement strategies like penetration tests, monitor in-place security systems, along with vulnerability assessments. Ethical hacking, the term used to describe the nature of a white hat hackers’ actions, can even be learned through independent sources, training, conferences, and certifications.
3. Grey Hat
As the name suggests, these individuals utilize aspects from black and white hat hackers, but will usually seek out vulnerabilities in a system without an owner’s permission or knowledge. While they’ll report any issues they encounter to the owner, they’ll also request some sort of compensation or incentive. Should the owner not respond or reject their proposition, a grey hat hacker might exploit the newfound flaws. Grey hat hackers aren’t malicious by nature, but do seek to have their efforts rewarded. Since grey hat hackers don’t have permission to access the system by its owner, their actions are ultimately considered illegal, despite any alarming findings they might reveal.