What do you call someone who hunts for security gaps in computer hardware and software? A hacker, right? What about someone who executes a vulnerability test to present their findings? There are many types of hackers, and understanding the difference is important.
A complicated history
In the 1950s, the vague term used was “hacker.” As computers became more accessible, the word was used to describe someone who explored the details and limits of computers. They were testing them from a variety of angles.
But by the 1980s, hackers became associates with teenagers who were caught breaking into government computer systems. Partially because that is what they call themselves, and because the word has an inherently aggressive ring to it.
Today, several of those pioneering hackers run multimillion-dollar cybersecurity consulting businesses. While countless others run amok online, hoping to make a quick buck off of hapless victims.
“Black hat” hackers
Black hat hackers create programs and campaigns to commit malicious acts. Crimes such as identity theft, credit card fraud, and extortion are for their sole benefit. In addition, they can also work under the auspices of a corporation or a state and commit espionage and cyberterrorism.
During the 1990s, Kevin Mitnick was a prime example of a black hat hacker. Mitnick went on a two-and-half-year hacking spree wherein he committed wire fraud and stole millions of dollars of data. He stole from telecom companies and the National Defense warning system.
After spending five years in prison, he set up his own eponymous cybersecurity firm. He became its CEO and Chief White Hat Hacker.
“White hat” hackers
Sometimes referred to as ethical hackers or plain old network security specialists, these are the good guys. White hat hackers sell to hardware and software vendors in “bug bounty” programs or work as full-time techs. White hat hackers' interest is making an honest buck.
Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the Sinclair QDOS OS, he released Linux, a secure open-source operating system.
“Gray hat” hackers
Whether someone is a security specialist or a cybercriminal, the majority of their work is usually over the internet. This anonymity affords them opportunities to try their hands at both white hat and black hat hacking.
For example, Marcus Hutchins is a known gray hat hacker. He’s most famous for testing the WannaCry ransomware until he found a way to stop it.
During the day, Hutchins works for Kryptos Logic cybersecurity. But the US government believes he spent his free time creating the Kronos banking malware. After his 2017 arrest, he became a “gray hat” hacker.