Skip to main content

Black hat, White hat, and Gray hat hackers – Definition and Explanation

If you watch the news and keep up with technology, you know what a hacker is, but you may not realize hackers fall into different categories known as black hat, white hat, and gray hat. The terms derive from the old Western movies of American popular culture, where the protagonists wore white or light-colored hats, and the antagonists wore black hats.

Essentially, what determines the type of hacker is their motivation and whether they are breaking the law.

Black hat hacker definition

Black hat hackers are criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.

Black hats are motivated by self-serving reasons, such as financial gain, revenge, or simply to spread havoc. Sometimes their motivation might be ideological, by targeting people they strongly disagree with.

What is a black hat hacker?

Black hat hackers often start as novice "script kiddies" using purchased hacker tools to exploit security lapses. Some are trained to hack by bosses eager to make money quickly. The leading black hats tend to be skilled hackers who work for sophisticated criminal organizations which sometimes provide collaboration tools for their workers and offer service agreements to customers, just like legitimate businesses. Black hat malware kits sold on the dark web occasionally even include warranties and customer service.

Black hat hackers often develop specialties, such as phishing or managing remote access tools. Many get their "jobs" through forums and other connections on the dark web. Some develop and sell malicious software themselves, but others prefer to work through franchises or leasing arrangements – again, similar to the legitimate business world.

Hacking has become an integral intelligence-gathering tool for governments, but it is more common for black hat hackers to work alone or with organized crime organizations for easy money.

How black hat hackers work

Hacking can operate like big business, the scale of which makes it easy to distribute malicious software. Organizations boast partners, resellers, vendors, and associates, and they buy and sell licenses for malware to other criminal organizations for use in new regions or markets.

Some black hat organizations even have call centers, which they use to make outbound calls, pretending to work for a well-known technology organization such as Microsoft. In this scam, the hacker tries to convince potential victims to allow remote access to their computers or download software. By granting access or downloading the recommended software, the victim inadvertently enables criminals to harvest passwords and banking information or surreptitiously take over the computer and use it to launch attacks on others. To add further insult, the victim is typically charged an exorbitant fee for this "help."

Other hacks are swift and automated and don't involve human contact. In these cases, attack bots roam the internet to find unprotected computers to infiltrate, often through phishing, malware attachments, or links to compromised websites.

Black hat hacking is a global problem, which makes it extremely difficult to stop. The challenges for law enforcement are that hackers often leave little evidence, use the computers of unsuspecting victims, and cross multiple jurisdictions. Although authorities sometimes succeed in shutting down a hacking site in one country, the same operation may run elsewhere, allowing the group to keep going.

Black hat hacker example

One of the most famous black hat hackers is Kevin Mitnick, who, at one point, was the most wanted cybercriminal in the world. As a black hat hacker, he hacked into over 40 major corporations, including IBM and Motorola, and even the US National Defense warning system. He was subsequently arrested and served time in jail. Following his release, he became a cybersecurity consultant who uses his hacking knowledge for white hat hacking purposes.

Another well-known example is Tsutomu Shimomura, who is a cybersecurity expert credited with tracking down Kevin Mitnick. A computational physics research scientist, Shimomura also worked for the US National Security Agency. He was one of the leading researchers who first raised awareness of cell phones' lack of security and privacy. The founder of Neofocal Systems used his security skills for ethical purposes and played a crucial role in bringing Kevin Mitnick to justice. His book Takedown was later adapted to a film called Track Down.

White hat hacker definition

White hat hackers – sometimes also called “ethical hackers” or “good hackers” – are the antithesis of black hats. They exploit computer systems or networks to identify their security flaws so they can make recommendations for improvement.

What is a white hat hacker?

White hat hackers use their capabilities to uncover security failings to help safeguard organizations from dangerous hackers. They can sometimes be paid employees or contractors working for companies as security specialists who attempt to find gaps in security.

White hat hackers are one reason large organizations typically have less downtime and experience fewer issues with their websites. Most hackers know it will be harder to get into systems managed by large companies than those operated by small businesses that probably don't have the resources to examine every possible security leak.

A subset of ethical hackers includes penetration testers or "pentesters,” who focus specifically on finding vulnerabilities and assessing risk within systems.

How white hat hackers work

White hat hackers use the same hacking methods as black hats, but the key difference is they have the permission of the system owner first, which makes the process completely legal. Instead of exploiting vulnerabilities to spread code, white hat hackers work with network operators to help fix the issue before others discover it.

White hat hacker tactics and skills include:

1. Social engineering

White hat hackers commonly use social engineering (“people hacking”) to discover weaknesses in an organization’s “human” defenses. Social engineering is about tricking and manipulating victims into doing something they should not (making wire transfers, sharing login credentials, and so on).

2. Penetration testing

Penetration testing aims to uncover vulnerabilities and weaknesses in an organization’s defenses and endpoints so they can be rectified.

3. Reconnaissance and research

This involves researching the organization to discover vulnerabilities within the physical and IT infrastructure. The objective is to gain enough information to identify ways to legally bypass security controls and mechanisms without damaging or breaking anything.

4. Programming

White hat hackers create honeypots that serve as decoys to lure cybercriminals to distract them or help the white hats gain valuable information about the attackers.

5. Using a variety of digital and physical tools

This includes hardware and devices that allow the penetration testers to install bots and other malware and gain access to the network or servers.

For some white hat hackers, the process is gamified in the form of bug bounty programs - competitions that reward hackers with cash prizes for reporting vulnerabilities. There are even training courses, events, and certifications dedicated to ethical hacking.

Black hat hacker vs white hat hacker

The main difference between the two is motivation. Unlike black hat hackers, who access systems illegally, with malicious intent, and often for personal gain, white hat hackers work with companies to help identify weaknesses in their systems and make corresponding updates. They do this to ensure that black hat hackers cannot access the system's data illegally.

Black hat hacker

White hat hacker example

Some of the most famous examples of white hat hackers include:

Tim Berners-Lee

Famous for inventing the World Wide Web, Tim Berners-Lee is also a member of the white-hat hacking camp. Today he serves as the director of the World Wide Web Consortium (W3C), which oversees the development of the web.

Greg Hoglund

Greg Hoglund is a computer forensics expert who is best known for his work and research contributions in malware detection, rootkits, and online game hacking. Previously, he worked for the US government and the intelligence community.

Richard M. Stallman

Richard Stallman is the founder of the GNU project, a free software project that promotes freedom regarding the use of computers. He founded the free software movement in the mid-1980s with the idea that computers are meant to facilitate cooperation, not hinder it.

Charlie Miller

Famous for finding Apple vulnerabilities and winning the well-known Pwn2Own computer hacking contest in 2008, Charlie Miller has also worked as an ethical hacker for the US National Security Agency.

Dan Kaminsky

Dan Kaminsky is the chief scientist of White Ops, a firm that detects malware activity via JavaScript. He is best known for discovering a fundamental flaw in the Domain Name System (DNS) protocol that would allow hackers to perform widespread cache poisoning attacks.

Jeff Moss

Jeff Moss served on the US Homeland Security Advisory Council during the Obama administration and co-chaired the council's Task Force on CyberSkills. He also founded hacker conferences Black Hat and DEFCON and is a commissioner at the Global Commission on the Stability of Cyberspace.

Gray hat hacker definition

Somewhere between white and black are gray hat hackers. Gray hat hackers enact a blend of both black hat and white hat activities. Gray hat hackers often look for vulnerabilities in a system without the owner's permission or knowledge. If issues are found, they report them to the owner, sometimes requesting a small fee to fix the problem.

Some gray hat hackers like to believe they are doing something good for companies by hacking their websites and invading their networks without permission. Still, company owners rarely appreciate unauthorized forays into their business information infrastructure.

Often, a gray hat's real intention is to show off their skills and gain publicity — maybe even appreciation — for what they consider a contribution to cybersecurity.

What is a gray hat hacker?

Gray hat hackers may sometimes violate laws or usual ethical standards, but they do not have the malicious intent typical of a black hat hacker.

When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not tell others about it until it has been fixed. In contrast, the black hat will illegally exploit it or tell others how to do so. The gray hat will neither illegally exploit it nor tell others how to do so.

Many gray hats believe that the internet is not safe for business, and they consider it their mission to make it safer for individuals and organizations. They do this by hacking websites and networks and causing chaos to show the world they are right. Gray hats often say they mean no harm with their incursions. Sometimes, they are simply curious about hacking a high-profile system — without regard to privacy and numerous other laws.

In most instances, gray hats provide valuable information to companies. Nonetheless, the community of white hats — and much of the cyber world — do not view their methods as ethical. Gray hat hacking is illegal, as the hacker has not received permission from an organization to attempt to infiltrate their systems.

How gray hat hackers work

When a gray hat hacker successfully gains illegal access to a system or network, they may suggest to the system administrator that they or one of their friends be hired to fix the problem for a fee. However, this practice has been declining due to the increasing willingness of businesses to prosecute.

Some companies use bug bounty programs to encourage gray hat hackers to report their findings. In these cases, organizations provide a bounty to avoid the broader risk of having the hacker exploit the vulnerability for their own gain. But this is not always the case, so getting the company’s permission is the only way to guarantee that a hacker will be within the law.

Sometimes, if organizations do not respond promptly or do not comply, gray hat hackers may become black hats by posting the point of exploitation on the internet or even exploiting the vulnerability themselves.

Gray hat hacker vs white hat hacker

The critical difference between gray hat hackers and white hat hackers is that if an organization decides to ignore a gray hat hacker, the hacker is not bound by ethical hacking rules or an employment contract. Instead, they could choose to exploit the flaw themselves or share the knowledge online for other hackers to use.

Gray hat hacker example

An often-cited gray hat hacker example took place in August 2013, when Khalil Shreateh, an unemployed computer security researcher, hacked the Facebook page of Mark Zuckerberg. His motivation for doing so was to force action to correct a bug he discovered which allowed him to post to any user's page without their consent. He had informed Facebook of this bug only to be told by Facebook that the issue was not a bug. After this incident, Facebook corrected this vulnerability which could have been a powerful weapon in the hands of professional spammers. Shreateh was not compensated by Facebook's white hat program as he violated their policies.

How to protect yourself from hackers

Ten ways to protect yourself from hackers:

1. Use unique, complex passwords

A strong password is not easy to guess and ideally made up of a combination of upper- and lower-case letters, special characters, and numbers. People often leave passwords unchanged for years, which reduces their security. By breaching a password, hackers get one step closer to getting your data. Avoid writing your passwords down on a piece of paper, and don't share them with others. A password manager tool is an excellent way to manage your passwords.

2. Never click on links sent in unsolicited emails

They may be part of a phishing scam, an attempt to gain your passwords, credit card numbers, banks account details, and more. Clicking on these links could download malicious software – malware – onto your device.

3. Use secure websites

Use shopping websites that have Secure Sockets Layer (SSL) encryption. To check whether a website has this installed, look at the URL – it should begin with "HTTPS://" instead of "HTTP://". The "s" stands for "secure". There will also be a lock icon nearby, and where this appears depends on your browser. Try to avoid saving payment information on shopping websites – if fraudsters compromise the site, they will gain access to your information.

4. Enable two-factor authentication

This adds a layer of security to the login process. When you set it up, you will still need to enter your username and password, but you will also have to verify your identity through a second authentication factor – often a PIN sent to your cell phone. This means an identity thief would need to know your login details and have possession of your cell phone – which is a less likely scenario.

5. Be careful when using public Wi-Fi networks

They can be unencrypted and unsecured, leaving you vulnerable to hackers looking to steal any information which passes between you and the websites you visit. Your personal information, such as passwords or financial data, is then vulnerable to identity theft. Using a VPN can help.

6. Deactivate the autofill option

It is a time-saving feature, but if it is convenient for you, it's also convenient for hackers. All the auto-fill info must be kept somewhere, such as in your browser profile folder. This is the first place a hacker will go to look for your name, address, phone number, and all the other information they need to steal your identity or access your accounts.

7. Choose apps wisely

Only download apps from trustworthy sources such as the Apple App Store or Google Play. Make sure you update your software and apps regularly and get rid of old apps you don’t use.

8. Trace or erase

Make sure your data is secure if your mobile device is stolen or lost. You can install software that can wipe your phone if it is lost. You can also set up your device to lock itself after a pre-set number of failed login attempts.

9. Disable and manage third-party permissions

On mobile phones, third-party applications that users download onto their devices have certain permissions turned on without notifying the gadget’s owner. Therefore, location services, automatic uploads, data backup, and even public displays of personal phone numbers are all permissions set to green upon installation. Managing these settings and on-set permission, especially those connected to the cloud, is essential when keeping your data secure from hackers.

10. Install trusted cybersecurity across all your devices

Cybersecurity like, Kaspersky Internet Security blocks viruses and malware in real-time and stops hackers from taking over your PC remotely. So you and your family will always be protected — no matter what device you’re using to access the internet.

Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.

Related Articles:

Black hat, White hat, and Gray hat hackers – Definition and Explanation

Hackers generally come in three forms: Black hat, white hat & gray hat hackers. What do they do & what is the difference between them?
Kaspersky logo

Related articles