White Hats and Black Hats
Article by Rick Leinecker, April 13, 2007
White hats and black hats sound like the characters in Mad Magazine's Spy versus Spy cartoons. What I want to talk about are two types of hackers: white hat hackers and black hat hackers. They are at opposite ends of the spectrum. White hat hackers have good intentions while black hat hackers have bad intentions.
White hats work to keep computer systems and networks safe. They have a genuine interest in protecting Information Technology (IT) infrastructure. White hats are sometimes referred to as ethical hackers. The idea of white hat hackers may seem strange since all we hear about on the news are the bad buys. But quite a few of them do exist.
White hats usually know as much as black hats. They are security experts, and some have IQs that sizzle. One of the roles that they play is to try to find vulnerabilities first, and then quietly report them so that they can be fixed. White hats also try to break into networks to find the holes, which when found, they report to the appropriate personnel.
Some white hats make a very comfortable living. Many companies hire them to find the holes in their network security. After finding the holes, the companies can patch them before the bad guys can find them. Hiring the white hats is very beneficial for companies providing that they can afford to hire them. Sometimes the white hats who work for companies are known as sneakers. And groups of sneakers are often called tiger teams.
While white hats are ethical, black hats are not. They do their best to gain access to systems for fun and profit, or to carry out malicious feats that compromise systems and networks. Many times the black hats are just trying to prove that they can carry out a successful attack. Many times they're trying to do damage. Many times they're trying to steal sensitive or valuable data. In any case, their intentions are bad and their activities are unethical.
A gray hat in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
Before you go out and "ethically hack" a web site or network a warning is in order. It's against the law to even attempt to gain entry to a network resource of any kind. If you are trying to hack a web site to find the holes and warn the owner, you could face some serious charges if caught. Make absolutely sure that you have permission before you try to penetrate a network.
Those are the basics of Black Hats and White Hats.