Borrowed either from Western movies or Dungeons and Dragons—where dark characters wore black hats and good characters wore white—hackers are labelled as either black hat, gray hat, or white hat. A black hat hacker is typically your evildoer, committing crimes as a part of a larger organization with the intent to profit from their actions. A white hat hacker tends to be the security professionals that test, audit, and contribute to software that aim to protect systems and applications. Finally, a gray hat is someone who falls somewhere in the middle, often times operating alone without permission, finding and exploiting vulnerabilities, and asking for compensation to fix the weakness.
Most hackers are part of a given group, and fall into the black hat, white hat, or gray hat categories. Often times this involves a hazing or initiation ritual in order to weed out the government spies and to quantify the initiate’s talents and abilities. White hat hackers also tend to be quiet and selective about their activities and group involvement. This may seem counterintuitive, since they seemingly have nothing to hide, but there are subtleties that are still very sensitive. For example, let’s say a collective of white hats are working on a popular open source program that powers banking software. If the software is discovered to have a large vulnerability, that information must be kept secret and safe until a patch can be released and distributed to the businesses. The gray hat hackers have hacking characteristics that are considered both black hat and white hat hackers, but they work independently.
As mentioned earlier, the black hat hacker is an evildoer. They commit crimes with the intent to profit from their actions, with a complete disregard for whether or not they harm organizations or individuals. Anonymous is one of the newest and definitely the most known black hat hacker groups today. As a completely decentralized, anonymous, and open group, anon accepts any hacker that wants to be involved. Furthermore, the group proposes missions and calls to action that are opt-in only. With Anon’s adoption of democracy and open doors, they have positioned themselves as a group of vigilantes and most of the general public praises their activities. This is probably due to their attacks against organizations that are deemed evil or corrupt such as ISIS, Westboro Baptist Church or even the US government.
Like Snowden, and often times working alongside him, Julian Assange has been a notorious hacktivist for quite some time. He is well known for his creation of WikiLeaks, a website that allows whistle-blowers and informants to anonymously share classified documents with the public. Many such documents are contributed by the black hat actions of hacktivist secs and individuals, in addition to inner operatives and employees within government institutions.
Not many white hat secs get the same amount of press as the malicious ones. Good news just never seems to have the impact that bad news has. But Chaos Computer Club is a white hat sec that has managed to grab a few headlines over the years. This Germanybased hacker group has been around since 1981, and since that time has made many public demonstrations to educate and protect against security risks. Their most renowned demonstrations include robbing a bank, cloning an GSM cell phone card, and publishing the fingerprints of the German Minister of the Interior; each to educate the public on issues inherent in otherwise trusted technology.
Some hackers become so either because they are veteran programmers that start to pay more attention to security, or because they stem into from another tech-related interest such as gaming or web development. The tech world is so large and nebulous, that there is actually very little need to become a master at any one language or tool. Often times hackers today are using existing penetration testing suites and tools in order to find and exploit vulnerabilities in a system. For example, there is a Linux distro called Back Track that comes pre-installed with anonymity tools, pen testing applications, and automated programs for hacking things like WIFI networks. With a minimal understanding, a gray hat hacker individual with a basic background in tech can start to breach into websites, networks, and other systems.