The Three Hats of Hackers

White, Grey, & Black Hat Hackers

Michael Van Vuuren

History of hacking

• Began in the 1960s with phone phreaking
• Mimicked phone signals
• Evolved rapidly since the 1980s
• Nowadays computer hacking is common
• Malware, phishing, exploits, injections, tunneling...

white hat

grey hat

black hat

• Helpful
• Identify and fix vulnerabilities
• Work with organizations to improve cybersecurity defenses
• Reverse engineering, network scanning, exploting vulnerabilities then creating patches, etc.

• Either helpful or harmful
• Identify vulnerabilities
• Not directly working with organizations
• Sometimes uses illegal methods
• Compensation may determine whether they are harmful or helpful

• Harmful
• Break into systems with malicious intentions
• Self serving
• Typically uses illegal methods like malware and ransomware
• Cybercrime, cyberwarfare, piracy, phishing, and identity theft, etc.

Unethical hacking

1. Think black hat hackers
2. Performed without permission
3. For personal gain
4. Ignores cybersecurity laws
5. Often hidden
6. Likely to damage systems and compromise data
7. Targets everyday people and organizations alike

Ethical hacking

1. Think white hat and sometimes grey hat hackers
2. Authorized by the organization
3. Improves security and identifies vulnerabilities
4. Follows the law
5. Documented outcomes
6. No intent to harm or exploit
7. Not hidden from organization

VS

Relation to cybersecurity

White hats and often grey hats discover vulnerabilities and subsequently strengthen systems. Black hats exploit vulnerabilities to hack systems, and thus must be defended against.

Additional sources

Online community for network security: https://owasp.org/ Additional types of hackers: https://www.pandasecurity.com/en/mediacenter/14-types-of-hackers-to-watch-out-for/ Hacking techniques: https://www.rapid7.com/fundamentals/types-of-attacks/