Hackers† The news loves to report on them and the public just loves to completely misunderstand what they are actually doing. The word “hacker” has been associated with malicious computer criminals, in large part due to the way it is used in the media and film.
Originally, the malicious type of computer wizard was known as a “cracker”, but it seems that the hacker community has given up trying to make “cracker” paste. Instead, hackers with different moral leanings are categorized under three different “hats”. Also, it turns out, as wizards.
So if you think all hackers are “bad guys”, now is the perfect time to unpack the basics of hacker morality. With great power comes great responsibility, and how a hacker chooses to use their knowledge determines which hat they will wear.
Of course, any hacker can wear more than one hat. The hat is associated with the type of hacking taking place, not necessarily who is doing the hacking.
By the end of this article, you’ll understand what type of hacking fits under what hat, and hopefully you’ll understand how hackers fit into the larger digital ecosystem. So hold on to your own hat (whatever it may be) as we delve into the moral headgear of hacker culture.
White Hat Hackers are the lawful good wizards of the net
White hat hackers are also known as ‘ethical hackers’. If you want a legal career as a hacker, this is the one hat you should wear. Ethical hackers always go out of their way to ensure that whatever they do is done with the consent of everyone involved. They act as security advisors and advocate for a safer digital world.
One of the most valuable services offered by white hats is known as a penetration test or “pentest”. Basically, the ethical hacker will do his best to find holes in a customer’s security. If they succeed in beating a customer’s security, a full report of mitigations follows.
Ethical hackers never intentionally harm data, systems or people. You can take courses on ethical hacking and, if you have the right experience and qualifications, a certification as an ethical hacker.
White hats are usually driven by a passion for privacy and security. They are becoming increasingly important as the business, services and government institutions we all need move to fully digital business models.
Gray Hat Hackers Roll True Neutral
Gray hat hackers aren’t malicious per se, but they don’t follow a strict code of ethics either. A gray hat could be wasting their time poking around in places they are not allowed to be. They don’t steal information or intentionally damage anything, but they don’t really care about consent either.
If a gray hat discovers a security issue, they will likely report it privately to the owners of the system. However, gray hats are known to publish exploits if not fixed, as a way to force system owners into action.
Gray hat hackers are often driven by simple curiosity and a desire to explore the internet. It is not the intention to break the law or intentionally do harm.
Only annoying laws and ethical principles sometimes get in the way of what they want to do. Despite unethical pen testing being illegal, some companies tolerate gray hats that deliver critical exploits without exposing them to malicious users.
Major technology companies often offer “bug bounty” programs where people can bring in unsolicited vulnerabilities that they discover. As long as the reveal is in accordance with their bug bounty rules, anyone can participate.
Black Hat Hackers – Chaotic Evil Wizards
Black hat hackers are the bogeymen of the internet. These people use their skills and knowledge for profit, the “lulz” or both. “Lulz” is a corruption of the internet term “LOL” or laughing out loud† In this context, it basically means doing something because you think you can or because it would be funny.
When it comes to making money, black hats have many options. All illegal and immoral! They break into systems to steal information or just destroy everything, causing massive damage.
Selling stolen credit card information is a black hat’s day job. Identity theft? Just another day in the internet underworld folks. The other two types of hackers are, as you might expect, usually opposed to malicious hackers.
State hackers are a relatively new addition to the hacker pantheon. They don’t really fit neatly under any of the traditional hats and are a new breed of cyberwarfare soldiers. What they do is (intended) legal, under their own country’s espionage laws, but their intentions can also be malicious.
State hackers do not fit neatly into the hacker hat spectrum, as hackers to date have largely been citizen groups and individuals. Still, state hackers are here to stay, so we need to find a space for them in our thinking about the hacker world. Perhaps we could call them “camo hats”. No, that will never work, right?
We need hackers!
Hackers naturally live on the edge of the digital world. They are certainly very different from the average user and even power users and tech enthusiasts don’t move in many of the same circles.
A hacker’s mind, no matter what hat he wears, must be at odds with the typical person. They can move away from the biases and prejudices that most of us have and achieve some pretty amazing solutions and exploits as a result.
While the specter of black hat hackers may keep some people up at night, there is no doubt that to advance technology and policies related to those technologies, we need people with that “hacker” mentality.
It is important to remember that hacking is often part of the innovation process. Someone comes up with an idea and tests that idea instead of dismissing it as impossible. So if you automatically associate the word “hacker” with crime, it may be time to rethink those prejudices.