Black, Gray and White-Hat Hackers: What’s the Difference?
They may not be physically wearing a hat, but hackers are classified by their metaphysical “hat” colors. Have you ever seen a Western movie where the hero is wearing white, and the outlaw is dressed in black? Similar to that, white-hat hackers are the heroes of the cybersecurity world and black-hat hackers are the criminals. Gray-hat hackers fall in-between.
What Is a Black-Hat Hacker?
A black-hat hacker is a person that illegally breaks into computer networks. They may be aiming to steal log-in credentials, personal and bank information, modify or delete stolen data, sell data on the dark web, or commit other malicious cybercrimes. A black-hat hacker is most often acting for personal or financial gain, criminal intentions or employed by rogue nations. A black-hat hacker will typically work alone or with other like-minded hackers.
Famous black-hat hackers
Kevin Mitnick hacked into over 40 corporations, including IBM, Motorola and U.S. National Defense warning system. He was arrested and jailed and afterward became a cybersecurity consultant and white-hat hacker.
Julian Assange: The founder of WikiLeaks, a website where news leaks and classified documents can be published anonymously. He also hacked NASA, Stanford University and the Pentagon. He was arrested in 2010 under the Espionage Act of 1917.
What Is a White-Hat Hacker?
A white-hat hacker or ethical hacker is a cybersecurity professional who finds vulnerabilities in networks and software to secure weak spots. Their main objective is to find and fix any security openings before black-hat hackers can get to them. Another responsibility is to disclose vulnerabilities to software vendors so they can patch customer systems. A white-hat hacker may be employed as a penetration tester or similar profession, or they may work independently and freelance their skills.
Famous white-hat hacker
Tsutomu Shimomura: In 1994, Shimomura was hacked by Kevin Mitnick (when he was a black-hat hacker) and had his cellular phone tools and other private data stolen. Shimomura, a computational physicist and white-hat hacker, helped the FBI track Mitnick down. After a few months, Mitnick was arrested, largely thanks to Shimomura’s digital detective work.
What Is a Gray-Hat Hacker?
Gray-hat hackers are in the middle of the ethical spectrum. Not necessarily fueled by malice, these hackers break into networks without permission to find vulnerabilities. Some may be looking to profit by offering to fix the issue found. Some may hack into a network just to see if they can. Oftentimes, gray-hat hackers will hold ransom a victim’s personal information, but may or may not release it to the public. Gray-hat hackers typically work alone or in small groups with like-minded hackers.
Famous gray-hat hacker
Khalil Shreateh found a bug on Facebook that allowed people to post to a user’s wall even if they enabled the privacy settings to prevent this. Facebook employees continually ignored the bug that he reported, so he ultimately hacked into Facebook and wrote on Mark Zuckerberg’s wall for attention. Facebook then fixed the bug but deleted Shreateh’s account for fear of further hacking attempts.
Black-Hat vs. White-Hat vs. Gray-Hat Hackers
|Black-Hat Hackers||Gray-Hat Hackers||White-Hat Hackers|
|Ethical Intentions||Hacks for malicious reasons or for self gain.||Can hack for self-gain or to test systems or their own skills.||Employed or self-motivated to find and patch vulnerabilities before a black- or gray-hat hacker exploits a target|
|Primary methods of hacking||Malware||Ransomware||Penetration testing|
|Typical targets||Individuals, organizations and governments||Organizations and governments||Their own employers or governments|
Where Does the Ethical Hacker Career Fall in These Categories?
Ethical hackers are white-hat hackers who find vulnerabilities in order to fix them (not exploit them). Those interested in a career in ethical hacking are in luck — there is a desperate need for cybersecurity professionals in the workforce. According to Salary.com* the average ethical hacking salary in the United States is $103,583 with the typical range between $93,400 and $118,169. The salary ranges on multiple factors, including location, education, certifications, industry experience and more.
*Note: Salary information is updated in real-time, and the numbers listed here reflect the average at the time this article was written.
Other Types of Hackers
- Green-hat hacker: A green-hat hacker is someone that is new to hacking and lacks advanced technical skills and education.
- Blue-hat hacker: A blue-hat hacker is either an amateur hacker motivated by revenge or a security professional contracted by a company to inspect for software vulnerabilities (Examples: Microsoft and Windows).
- Red-hat hacker: A red-hat hacker is the “enemy” of the black-hat hackers. A “vigilante” who seeks out malicious hackers to report them, but also shut down or destroy their computers.
Tips to Reduce Risk & Stay Safe from Hackers
Cybercriminals are always evolving and improving their attack tactics, and so must cybersecurity professionals. Luckily there are a lot of resources that cyber professionals can use to stay up to date and continue to fight against cyber threats. Here are a few tips for businesses and individuals to stay safe.
- Invest in a cybersecurity professional that has an advanced degree to lead the team.
- Continue to periodically train staff.
- Limit user permissions and admin settings.
- Make sure remote employees are on a closed network/VPN and using multi-factor authentication.
- Don’t use the same password (or easily guessable passwords) for multiple accounts.
- Limit who you share personal information with.
- Keep tabs on your online financial accounts.
- Review and set your privacy settings on social media.
Frequently Asked Questions
Want to see the top-paying jobs in cybersecurity? Read this article.
Want to see the top entry-level jobs in cybersecurity? Read this article.
Want to see the top non-technical jobs in cybersecurity? Read this article.
Want to learn how to land the best jobs in cybersecurity?Read this article.