White hat, black hat, grey hat hackers: What’s the difference?

White hat, black hat, grey hat hackers: What’s the difference?

When you think of the world of ethical hackers (white hat), malicious hackers (black hat), and hackers that flirt with both sides (grey hat), you may envision people in shiny trench coats and dark glasses, whose computer skills are only matched by their prowess in martial arts.

The truth is that hackers are pretty different from their depiction in The Matrix. For example, most hackers can’t slow time down and jump across tall buildings. At least, not that we know of. In reality, a hacker usually keeps a low profile and concentrates on their work.

What’s a hacker?

The answer to “what’s a hacker?” depends on who you ask. We’d guess that most people who work with computers will tell you the answer is something close to this Wikipedia description: “a computer expert who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means.” Much to the annoyance of many of those people, outside of computing, people often understand “hacker” to mean something different and more negative.

To many, a hacker is someone that employs their expertise to breach a computer, smartphone, tablet, or network, regardless of intent. Although it is often used to refer to illegal activity, even within this narrower definition not all hackers are deemed criminal. They are often classified into three main categories: Ethical hackers have traditionally been known as “white hat”, malicious hackers as “black hat”, and “grey hats” are somewhere in the middle.

Ethical hackers

Ethical hackers look for security flaws and vulnerabilities for the purpose of fixing them. Ethical hackers don’t break laws when hacking. An ethical hacker can be someone who tests their own computer’s network defenses to develop their knowledge of computer software and hardware or a professional hired to test and enhance system security.

Security careers related to ethical hacking are in-demand. Malware analysts are a good example. An in-demand ethical hacker who has worked hard to develop their skillset can have a lucrative career.

Ethical hackers are sometimes referred to as white hat hackers. White hat hacker is an outmoded term for an ethical hacker. It comes from 20th century Western films in which the good guys wore white hats. Modern experts refer to them as ethical hackers.

Malicious hackers

Malicious hackers circumvent security measures and break into computers and networks without permission. Many people wonder what motivates hackers who have had intentions. While some do it for cyber-adventure, others hack into computers for spying, activism, or financial gain. Malicious hackers might use tools like computer viruses, spyware, ransomware, Trojan horses, and more to further their goals. While there may be financial incentives to hacking, the risks are high too: A malicious hacker can face a long time behind bars and massive fines for their illegal activity.

Just as “white hat” is an older term for ethical hackers, conversely “black hat” is an older term for malicious hackers, also based on the old Western film practice of which hats the “good guys” and “bad guys” wore. Today, malicious hacker is a more apt description.

Grey hat hackers

A grey hat hacker skirts the boundaries between ethical and unethical hacking by breaking laws or using unethical techniques in order to achieve an ethical outcome. Such hackers may use their talents to find security vulnerabilities in a network without permission to simply show off, hone their skills, or highlight a weakness.

Tips on how to become an ethical hacker

You may have what it takes to become a highly rated ethical hacker if you’re patient, clever, have an affinity for computers, have good communication skills, and enjoy solving puzzles.

A degree in computer science or information security and a background in military intelligence can be useful but isn’t necessary. Thanks to the wide availability of information and open source code, and incentives like bug bounties, there are many routes into ethical hacking outside of traditional education. For more advice on how to become an ethical hacker, take a look at our interview with bug bounty hunter Youssef Sammouda.

How do I protect myself from a hacker?

An unethical hacker can use many techniques and tools to breach your computer or device’s network security. Your first line of defense is to make life hard for hackers by ensuring you: Use strong, unique passwords; keep your systems patched with security updates; install advanced antivirus protection that defends your computer against malicious software; enable the firewalls on your Internet router and computers. For an extra layer of defense, you can protect your network traffic from snooping and tampering with a VPN.   

Lastly, be on guard for phishing and social engineering attacks that try to trick you into doing something that’s bad for you, like downloading malware or giving out sensitive information.