Black, grey and white hat hackers – they’re not all bad!
|— The term “hacker” has a negative connotation of a malicious entity using their skills for personal gain, but there are different kinds of hackers. We say that they wear different kinds of hats.|
— A black hat hatter is one who uses their skills for personal gain, working against the law and with no good intention.
— In contrast, white hat hackers are employed for their skills to find vulnerabilities in a company or network’s security to improve the infrastructure and protect users. Ledger’s Donjon is a team of security experts who wear white hats to make sure Ledger’s systems offer the most security possible.
— Grey hat hackers sit in between; not quite on the side of the law but not with malicious intent.
So you’ve heard the word “hacker”, but did you know there are black, grey and white hat hackers? Read on to understand how some hackers actually help your security.
When you think of a hacker, the image of a hooded person in a dark room lit up by a screen of coding might flash across your mind. You might think of illegal digital activity, theft, and cyber attacking. But things aren’t always as they seem and not all hackers deserve the reputation – there’s bad hacking, but there’s also good hacking.
Before we get into the different types of hackers, let’s check out what hacking is.
The very brief definition of hacking
A hack, simply put, is the act of compromising devices, networks, and platforms to find weaknesses in security and chinks in the armour. It’s classically technical – using script, coding and malware to attack a system. There are other ways of gaining entry into a user’s network without their knowledge, without a direct attack, like through phishing.
The three different kinds of hackers
Hacking gets pretty interesting because it’s not all code-cracking and plundering. There is a range of categories that hackers fall into. The category, defined as the “hat” the hacker wears, all depends on what their intention is and whether the methods are illegal or not.
Think of a hacker like a cowboy: You’ve got the baddies who want to cause chaos, steal from the vulnerable, and terrorize the town. They’re the ones in the black hats. Then you’ve got the opposite: The cowboy who wears the white hats. They exist to bring good.
They’re both cowboys, but their methods and intentions stand in stark contrast.
The villains: Black hat hackers
Black hat hacking is the classic stereotype of hacking – the idea of the hooded malicious cyber attacker. The tell-tale sign of a black hat hacker is if they’re in it for purely personal gain and don’t pay attention to the law.
Black hat hacking is cybercrime and – any type of criminal activity – it has a negative impact on others. In May, Darkside, a cyber hacker group, hit the Colonial Pipeline with a cyber-attack. Using a compromised password, the black hat group infiltrated the system and held the system for ransom – disrupting the flow of nearly 50% of all gasoline and fuel supplied to the entire East Coast region for almost a week. Because of the hack, not only did fuel prices skyrocket, but concerns of geo-political factors were brought in because of the Russian computing language used by the hackers.
Kevin Mitnick is another massive name in the world of black hat hackers. At the peak of his career, he hacked some massive name corporations like Motorola, IBM and the US National Defense and was known as the world’s most wanted computer criminal for his illicit activity at a global digital scope. Now (after years in prison for his behaviour), he works as a paid consultant in digital security and runs his own security firm, casting aside his black hat to don a white one…
The good guys: White hat hackers
White hat hackers use their skill to infiltrate systems and attack – but for good. They’re also referred to as ethical hackers and work to pinpoint the problems in the cybersecurity of a company or network’s system. White hats work not to exploit or expose, but to protect.
They might use the same techniques and tricks of the trade as black hats, but the key difference is in their intention and legality: (1) they hack for good and (2) they hack within the law. Often white hats are employed to test the security of a network so that it can make sure users are as protected against malicious hacking as possible.
A good example of white hat hacking is Ledger’s very own team of white hat hackers. The Ledger Donjon consists of skilled experts with a wealth of insight and experience in security. The team works hand-in-hand with Ledger’s development and hardware team to analyze and assess potential vulnerabilities to consistently improve Ledger’s products. They’re considered hackers, but they’re the good guys.
Grey hat hackers
We know that black hats work maliciously and without regard for the law and white hats work for good and with permission. In the between lies grey hat hacking. Grey hats are a bit of a blend between the two. Often they’ll operate without permission (so not necessarily within the legal limits) but their intentions are a little purer than the black hats. If a grey hat finds a security issue, they tend to report them to the system owner rather than exploiting the vulnerability. Some might ask to be compensated for their endeavour and others might use the hack like a digital business card. They’re lawless, but not rogue. They’re a little like digital Robin Hoods.
Back in 2014, Asus users got a nasty surprise when a hacker successfully gained access to their routers. The hack was a move to expose an issue that was discovered, which meant thousands of user’s files were available online. The hacker sent a message to the affected users warning them of the vulnerability offering them advice on how to better secure their data. Users weren’t happy about it, but their agitation was targeted to the company, not towards the hacker. His move might not have been legal, but the motivation was free from malice.
If you meet a hacker…
The odds aren’t high that you’ll meet someone and they’ll introduce themselves as Joe the Hacker, but if it does happen, don’t discard Joe as a bad guy.
Hackers wear many hats and despite the negative connotation, it’s important to recognise that there are white-hatted heroes that serve a crucial part in building secure, reliable infrastructure by finding and pointing out the hidden weaknesses that leave you and your data vulnerable.
Knowledge is power.
Trust yourself and keep learning. Check out our informative – and highly entertaining – School of Block episode, all about how to be a high roller (or not) in cryptoland.