To those unfamiliar with computer hacking, the ones behind it may seem like mythical creatures that border on being from another species. It’s easy to see where this impression could come from too, looking at the complexity of some modern attacks. And to make things at least a little bit more understandable, people have come up with a way to categorize hackers according to their motivations and methods. And this categorization is, somewhat funnily, based on hat colors.
A white hat hacker is one of the “good guys”. They are typically highly skilled and motivated primarily by the desire to help people out. A white hat may commonly fill their time with activities like poking holes at security systems and notifying companies of what they’ve found, pouring through lists of leaked credentials and contacting people that may have been affected, and generally making the Internet a safer place. A white hat hacker may or may not be additionally motivated by monetary compensation, but in cases where they do seek it, they should not impose any difficulty on those that are unable or unwilling to pay.
It’s not rare for companies to seek out white hat hackers and reward them with bug bounty programs, or even outright hire the top ones, and this is a common starting path for people looking to get into careers like penetration testing and IT security. It’s not mandatory to start out that way of course, but it can greatly help, especially in terms of building valuable connections and getting a taste of how the job plays out in reality.
Not every hacker is motivated by a good heart, and just like every field out there, hacking has its fair share of malicious actors who’ve realized that they can profit from their skills quite nicely. Black hat hackers are the ones that cause all the trouble in the background, and the ones that might be on the other end of the line when you’re being extorted after your hard drive got encrypted by a virus. Black hat hackers typically have no moral values that prevent them from hurting people with their actions, and they can be quite crafty in how they do their jobs.
Where a white hat hacker would notify a company about a security exploit they’ve found in their system and may not even ask for anything in return, a black hat will follow the most profitable path that this information opens up for them. Whether it’s selling the exploit on the black market, blackmailing the company with it, or even using it personally to steal their information, whatever can get them the biggest payout with the least amount of risk involved is usually what happens.
Rarely, black hat hackers may also find legitimate employment, but that’s usually not a case of a person turning around and deciding to do good, but rather one who’s realized that they can simply earn more in a legitimate position after developing their skills up to a certain level.
Not everything is black and white, and this includes hackers. Just like other people, some have more flexible morals that can change from one situation to another. A grey hat hacker would usually lean towards the good side most of the time, but they would be more willing to break the law to get the job done. White hats typically refrain from any illegal activities in the course of their work, even small crimes that can significantly simplify their tasks. For a grey hat, a done job is a done job, regardless of what it took to get there.
Of course, grey hats still have some limits and morals and they would refrain from taking things too far in certain cases, otherwise there would be no distinction between them and black hats. Also, one should typically not expect any personal attacks targeted at them coming from grey hats, as opposed to black hats. It can sometimes be hard to draw a precise boundary between those definitions, and even hackers themselves are occasionally not quite sure which category they fall into, but in the end, these descriptions were mostly created for the convenience of the wide audience, not so much as a strict definition.