Picture this: a young person is in a dark room. The only thing visible is their figure, as it is just barely lit by the blinding LEDs of their computer screen. They type furiously on an ergonomic keyboard as thousands of lines of neon green monospace text fly across the screen. Click-clack-click-clack-click-clack. The moving text and the flying fingers come to a halt, and the computer emits a positive sounding “ding!” Out from underneath a dark hooded sweatshirt, the figure then announces that they have “gotten into the mainframe.”
When many people hear the term “hacker,” what they initially think of is not far off from the imagery just described. Thanks to movies and television shows that portray hackers this way, ‘dangerous’ and ‘criminal’ are thought to be accurate descriptors of the profession. Hackers seem to be mythical and powerful individuals, using their computer knowledge to break into systems and steal information. While this perception is not necessarily impossible, it is not completely accurate, either. What many people outside of the security industry do not realize is that hackers aren’t created equal and that the world of computers, security and data is actually safer because of hackers.
Hackers generally come in one of three forms: Black Hat, White Hat, and Grey Hat. The terminology comes from old spaghetti westerns where the “bad guy” would typically be the one wearing the black hat and the “good guy” a white hat. The two main things that differentiate these three groups are their intentions and whether or not they have received permission to complete certain tasks.
Black Hat Hackers
Let’s begin with Black Hat hackers. Black Hat hackers are the ones with poor intentions. These people, like all hackers, have somewhat advanced knowledge of computers and use these skills to spread malware, steal credentials or wreak havoc on somebody’s else’s system. The key here is that these hackers were not given permission to break into a system.
Why do they do it, you ask? Most cyber criminals have hopes of financial gain by holding someone else’s data “hostage” and requiring compensation as a ransom or using credentials to gain access to a bank account that is not theirs. Another reason might be for the pure thrill of exercising their skills and knowledge in the performance of illegal acts.
White Hat Hackers
Conversely, White Hat hackers, sometimes called “ethical hackers,” are those with good intentions. These hackers are typically hired by organizations to do exactly what Black Hat hackers do — look for vulnerabilities in a system. The difference is that they have always been given explicit permission to break in. By searching for holes, problems or vulnerabilities in any given piece of technology, White Hat hackers enable organizations to harden their systems before the bad guys get in. (Hardening is the process of making a system more secure and reducing the risk of future attacks. It is a vital part of the software development process.)
Upon finding vulnerabilities, White Hat hackers typically give the owner advice on how to fix them, or they’ll even take it upon themselves to fix them so that somebody with poor intentions can’t find them in the future. In theory, most software engineers should consider themselves to be hackers to some degree and attempt to poke holes in their own code by rigorously testing it. The more active White Hat hackers are early on, the fewer opportunities Black Hat hackers have for exploitation later.
Grey Hat Hackers
As with any generalization, not all things are black and white, which is why we also have the concept of Grey Hat hackers. Grey Hat hackers land somewhere in the middle between “good” and “bad.” They are the people who look for vulnerabilities in a system without permission but with potentially good intentions. They might inform an organization that they have been able to exploit their system and subsequently ask for a fee to fix it.
However, if the organization does not respond in a timely manner or if they do not comply at all, this Grey Hat hacker may become a Black Hat hacker by posting the point of exploitation on the internet for all the world to see or even exploiting the vulnerability themselves. Technically, the work of a Grey Hat hacker is illegal no matter their intentions since they did not have permission to try and break into a system.
The Importance of in Today’s World
As you can see, hackers are a vital part of a world that so heavily relies on software. Without the ethical ones, we might be unable to safely access bank accounts from mobile apps, send identification forms over email to an employer, purchase something online or share our current location with a friend via a messaging app. The only reason working from home safely during the COVID-19 pandemic is possible is because of those who have put in the work to test software and ensure proper security practices have been implemented. Tim Cook, the current CEO of Apple Inc., said that “the top people predict that the next big war is fought on cyber security.” Clearly, we need our White Hat hackers more than ever.