50 Shades of Hacker: Discover the differences between White, Grey, and Black Hat hackers
February 22, 2016 No CommentsFeatured article by Eric Basu, Founder and CEO for Sentek Global
There are distinct differences when it comes to the hackers out in the world. Most often, the media focuses on the most unethical of hackers, but that doesn’t mean that ethical hacking doesn’t have its rightful place in the world of information technology security systems. In fact, there are three types of standard hackers: the White Hat hackers, the Grey Hat hackers, and the nefarious Black Hat hackers. Let’s delve into each one of these unique hacker hats and the features and ethics attributed to each, which separate one from another.
Where Do the Terms Black, Grey, or White Hat Come From?
Not every hacker is that sneaky felon, just waiting to pounce on the data of innocent business-goers. In fact, the word hacker doesn’t have inherently bad connotations. Hackers can refer to criminals who crack into security information technology, or alternatively they can refer to skilled computer programmers with unique talents that help companies protect their systems from unwanted attacks. Hacking itself isn’t illegal, unless the hacker is breaking into a secured system without prior permission. And many hackers make a legitimate business out of hacking into company security systems to expose potential vulnerabilities before they are leveraged by the more unethical hacking counterparts.
Hackers have been around for as long as there has been data behind technological security which has value and can be compromised. The difference between White, Grey, and Black Hat hackers can be most generically broken down to a matter of ethics. In 1983, hacking received official notice in the news, as six bills addressing computer crime were introduced into the House of Representatives. As a result of these laws, White Hat, Grey Hat, and Black Hat hackers desired segregation in order to offer each group a distinguished and representative stance on the morality and lawfulness of their respective activities.
– White Hat hackers break security for purely ethical reasons, and are often paid by businesses to do so. These professionals test security systems and attempt to break into secured information in order to expose vulnerabilities, White Hat hackers always proceed under entirely legal pretenses.
– Black Hat hackers are the most commonly referenced types of hackers, as their motives are purely malicious. They are the quintessential ‘hackers’ often seen on the Hollywood movie screens. These hackers are responsible for writing malware, introducing bugs, and stealing data from businesses such as financial or personal information. These hackers are the opposite of White Hat hackers and their efforts to compromise security systems are wholly unethical.
– Grey Hat hackers blur the line between completely ethical and legal hacking and unethical, unlawful activities. These hackers may hack into a system and then subsequently notify the administrator of such exposure. Or they may hold information ransom for profit or offer information free of charge in order to help protect system users. Oftentimes they proceed by charging the business owner a fee in order to correct the vulnerability in a form of exploitation, notifying the administrator that their technology is not secure, or publicly publishing sensitive information.
How White Hat Hacking Can Benefit a Business
Hacking attempts by unethical attackers can be devastating to a business. From the cleanup necessary and the extensive work required to understand the extent of the breach, to the reputational damage and the cost of shielding clients from further damage, Black Hat damage can be far-reaching and terribly impactful. Black Hat hackers often target credit card info, passwords, usernames, email addresses, protected health information, physical addresses, and phone numbers.
Businesses can benefit from White Hat hackers and those cyber security companies who employ them to seek out potential weaknesses and patch bugs. Many attacks can be prevented by employing White Hat hackers, either as full-time employees or consultants. White Hat hackers make a living out of breaching security systems, and these specialists are the perfect addition to businesses whose owners want to keep a close eye on just how vulnerable their systems are to the devious endeavors of Black Hat hackers. For many businesses, White Hat hacking is a rude awakening to the insufficient amount of security they may have thought was acceptable to keep their business safe.
Both bugs and security violations can cause huge headaches that place millions of users and sensitive national data at risk. White Hat hackers can be especially crucial employees for government entities that house large amounts of sensitive data, and cyber security companies that make a living by ensuring they are on top of potential security risks.
As more and more companies run their businesses online, the benefit of employing White Hat hackers is gaining ground. Many scholarly programs are beginning to help assist interested students in becoming a part of the workforce against Black Hat hacking, and many colleges are beginning to offer cybersecurity career tracks that encourage computer programmers to pursue White Hat hacking as a profession. By teaching these ethical hackers how to hack into both small and large-scale systems, they are helping corporations that must protect sensitive business data. These students are taught to think like criminal hackers and preemptively spot vulnerabilities.
White Hat hackers are also often employed after-the-fact to shed light on how the original breach was performed. But White Hat hacking can be a dubious endeavor, especially when working with officials. These hackers must always act above the law, even if they have access to data that could help investigations, but would put them into ethically grey areas.
Black Hat hackers may get the most media attention and Hollywood portrayals, but they are not the only type of hacker making a name for themselves. There are a great many flavors of hacker, from those who are one hundred percent ethical and can be found employed within some of the most notable cyber security companies, to those who blur the line without standing fully on one side or the other, and on to those who act with purely unethical motives.
Eric Basu is the founder and CEO for Sentek Global. He’s a former U.S. Navy SEAL Commander who graduated from San Jose State University with a Bachelor of Science in Molecular Biology and holds an MBA from Anderson Graduate School of Management (UCLA).