Many folks have taken to referring to hackers by the theoretical color of their hat- white, black, or gray. But what, exactly does all that mean? How exactly does one categorize a ‘hat?’ Believe it or not, that’s actually incredibly simple- and nowhere near as complex as some of the other terminology we’ve covered. Let’s get started, shall we?
White Hat: A White Hat is essentially ‘the good guy.’ These guys are hired by organizations to try to hack into their security systems – to find security vulnerabilities and holes that need to be closed. This is a process IBM has termed “ethical hacking,” and this form of authorized system break-in is generally the only hacking that White Hats engage in.
Gray Hat: Gray Hats fall somewhere in between black and white. While they certainly engage in ethical hacking, they may often do so without the consent of the company in question, later releasing the details of how they broke into an organization’s systems in hopes that the organization will improve their security. Notice how I didn’t say they’d contact the organization? That’s because they usually won’t- Gray Hats, while they don’t hack for personal gain, will often release the details of their break-in to the larger hacking community, watching the fallout as the info’s picked up by those who actually want the information the Gray Hat accessed.
Black Hat: Black Hats aren’t interested in improving security, helping an organization, or doing a service to the hacking community (in general). They’re in it for their own personal gain- be it monetary or revenge-based. Groups such as Anonymous and Lulzsec could be considered Black Hat organizations, as could whatever organization released the Flame Malware that had the Enterprise sector sweating buckets last month. Black Hats are the guys that the White Hats are trying to stop- they’re criminals, through and through.
The Red Hat Organization: It’s worth mentioning that “Red Hat” doesn’t actually refer to hacking at all. Red Hat is actually an open-source software company. One of their best-known products is Red Hat Enterprise Linux.
Image Credits: [My Lot]
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
I perhaps don’t follow the hacking community as much as I should, but I always kind of pictured at least a subset of White Hats to be those that may perform technically unauthorized break-ins, but will still release the information in a secure manner. This could also include hacking a company’s products, where there is no risk directly to the company infrastructure.
Also, I generally picture a different breed of Gray Hats, who hack and release information in a secure way (i.e. not directly to Black Hats), but with potential profit in mind. Some might call that blackmail, but it depends on the circumstances. Sometimes companies offer bounties on breaking their systems, sometimes it’s legitimately done with the the intention of forcing a company to be aware of the fact that their systems are vulnerable, or sometimes forcing them to ACT on the vulnerable systems that they ARE aware of, but don’t WANT to act on, or deny that action is necessary.