Black, Gray and White-Hat Hackers: What’s the Difference?

4 min read
what-is-a-white-hat-hacker

They may not be physically wearing a hat, but hackers are classified by their metaphysical “hat” colors. Have you ever seen a Western movie where the hero is wearing white, and the outlaw is dressed in black? Similar to that, white-hat hackers are the heroes of the cybersecurity world and black-hat hackers are the criminals. Gray-hat hackers fall in-between. 

What Is a Black-Hat Hacker?

What Is a White-Hat Hacker?

What Is a Gray-Hat Hacker?

Black-Hat vs. White-Hat vs. Gray-Hat Hackers

Where Does the Ethical Hacker Career Fall in These Categories?

Other Types of Hackers

Tips to Reduce Risk & Stay Safe from Hackers

Frequently Asked Questions

What Is a Black-Hat Hacker?

A black-hat hacker is a person that illegally breaks into computer networks. They may be aiming to steal log-in credentials, personal and bank information, modify or delete stolen data, sell data on the dark web, or commit other malicious cybercrimes. A black-hat hacker is most often acting for personal or financial gain, criminal intentions or employed by rogue nations. A black-hat hacker will typically work alone or with other like-minded hackers.

Famous black-hat hackers

Kevin Mitnick hacked into over 40 corporations, including IBM, Motorola and U.S. National Defense warning system. He was arrested and jailed and afterward became a cybersecurity consultant and white-hat hacker. 

Julian Assange: The founder of WikiLeaks, a website where news leaks and classified documents can be published anonymously. He also hacked NASA, Stanford University and the Pentagon. He was arrested in 2010 under the Espionage Act of 1917.

What Is a White-Hat Hacker?

A white-hat hacker or ethical hacker is a cybersecurity professional who finds vulnerabilities in networks and software to secure weak spots. Their main objective is to find and fix any security openings before black-hat hackers can get to them. Another responsibility is to disclose vulnerabilities to software vendors so they can patch customer systems. A white-hat hacker may be employed as a penetration tester or similar profession, or they may work independently and freelance their skills. 

Famous white-hat hacker

Tsutomu Shimomura: In 1994, Shimomura was hacked by Kevin Mitnick (when he was a black-hat hacker) and had his cellular phone tools and other private data stolen. Shimomura, a computational physicist and white-hat hacker, helped the FBI track Mitnick down. After a few months, Mitnick was arrested, largely thanks to Shimomura’s digital detective work. 

What Is a Gray-Hat Hacker?

Gray-hat hackers are in the middle of the ethical spectrum. Not necessarily fueled by malice, these hackers break into networks without permission to find vulnerabilities. Some may be looking to profit by offering to fix the issue found. Some may hack into a network just to see if they can. Oftentimes, gray-hat hackers will hold ransom a victim’s personal information, but may or may not release it to the public. Gray-hat hackers typically work alone or in small groups with like-minded hackers. 

Famous gray-hat hacker

Khalil Shreateh found a bug on Facebook that allowed people to post to a user’s wall even if they enabled the privacy settings to prevent this. Facebook employees continually ignored the bug that he reported, so he ultimately hacked into Facebook and wrote on Mark Zuckerberg’s wall for attention. Facebook then fixed the bug but deleted Shreateh’s account for fear of further hacking attempts.

Black-Hat vs. White-Hat vs. Gray-Hat Hackers

 Black-Hat HackersGray-Hat HackersWhite-Hat Hackers
Ethical IntentionsHacks for malicious reasons or for self gain.Can hack for self-gain or to test systems or their own skills.Employed or self-motivated to find and patch vulnerabilities before a black- or gray-hat hacker exploits a target
Primary methods of hackingMalwareRansomwarePenetration testing
Typical targetsIndividuals, organizations and governmentsOrganizations and governmentsTheir own employers or governments

Where Does the Ethical Hacker Career Fall in These Categories?

Ethical hackers are white-hat hackers who find vulnerabilities in order to fix them (not exploit them). Those interested in a career in ethical hacking are in luck — there is a desperate need for cybersecurity professionals in the workforce. According to Salary.com* the average ethical hacking salary in the United States is $103,583 with the typical range between $93,400 and $118,169. The salary ranges on multiple factors, including location, education, certifications, industry experience and more.

*Note: Salary information is updated in real-time, and the numbers listed here reflect the average at the time this article was written. 

[RELATED] Penetration Testers on the Front Lines of Cyber Security>>

Other Types of Hackers

  • Green-hat hacker: A green-hat hacker is someone that is new to hacking and lacks advanced technical skills and education.
  • Blue-hat hacker: A blue-hat hacker is either an amateur hacker motivated by revenge or a security professional contracted by a company to inspect for software vulnerabilities (Examples: Microsoft and Windows).
  • Red-hat hacker: A red-hat hacker is the “enemy” of the black-hat hackers. A “vigilante” who seeks out malicious hackers to report them, but also shut down or destroy their computers.

Tips to Reduce Risk & Stay Safe from Hackers 

Cybercriminals are always evolving and improving their attack tactics, and so must cybersecurity professionals. Luckily there are a lot of resources that cyber professionals can use to stay up to date and continue to fight against cyber threats. Here are a few tips for businesses and individuals to stay safe. 

For businesses

  • Invest in a cybersecurity professional that has an advanced degree to lead the team.
  • Continue to periodically train staff.
  • Limit user permissions and admin settings.
  • Make sure remote employees are on a closed network/VPN and using multi-factor authentication. 

For individuals 

  • Don’t use the same password (or easily guessable passwords) for multiple accounts.
  • Limit who you share personal information with.
  • Keep tabs on your online financial accounts.
  • Review and set your privacy settings on social media.

Frequently Asked Questions

Is hacking illegal?

That depends. Hacking is illegal if done without the permission of the hackee.

What is a white-hat hacker?

A white-hat hacker is a cybersecurity professional who finds vulnerabilities in networks and software to secure weak spots.

What is a gray-hat hacker?

Gray-hat hackers are in the middle of the ethical spectrum. Not necessarily fueled by malice, these hackers break into networks without permission to find vulnerabilities.

What is a black-hat hacker?

A black-hat hacker is someone that illegally breaks into computer networks to commit some type of harm.

Do hackers get paid?

That depends. If a hacker is employed, then they will be compensated for their skills.

Do I need a master’s degree to become a hacker?

Not necessarily, but often, a master’s degree can give cybersecurity professionals an upper hand in the job market.

Want to see the top-paying jobs in cybersecurity? Read this article.

Want to see the top entry-level jobs in cybersecurity? Read this article.

Want to see the top non-technical jobs in cybersecurity? Read this article.

Want to learn how to land the best jobs in cybersecurity?Read this article.

8 Top-Paying Cybersecurity Jobs

Get the Free PDF

Download your copy of this blog post for convenient access.