“Where good hackers wear white hats and bad hackers wear black hats.”
There is another way to classify hackers. Do you remember classic westerns? In these films, white hats were an indispensable attribute of the good guys, while the bad guys could be recognized by black hats. Today’s cybersecurity landscape resembles the prairies of the Wild West, where good hackers wear white hats and bad hackers wear black hats.
However, there is still a third category of hackers who can relate to both.
If we call a hacker a specialist who has a deep understanding of computer systems and software and who uses his knowledge to look for various kinds of vulnerabilities in them, then an unscrupulous hacker, referred to in network slang as a “black hat”, does this in order to steal valuables or cause other harm. The four types of motivation mentioned above (theft, reputation, corporate espionage, state hacking) are applicable to such “black hackers”.
“White hackers” or “white hats” are also looking for vulnerabilities in organizations’ security systems, but they do this in order to improve them and prevent possible data theft or other cybercrimes before “black hackers” can take advantage of these vulnerabilities. According to a recent article published in the online version of the New York Times, corporations often hire “white hackers” and include them in their support service. In other cases, companies may resort to outsourcing and use the services of agencies such as HackerOne, which, for a fee, test software for vulnerabilities and errors.
Finally, there are “gray hats” or “gray hackers” who, like “black hats”, use their skills to hack various systems and networks without any permission. But instead of bringing the crime to an end and causing real damage, they report the vulnerability to the owner of the network and offer to eliminate it for a small fee.