Hackers: Black Hats, Gray Hats, White Hats, Oh My!

by

March 22, 2019

Security7-Blog Image

It’s funny sometimes how we categorize things. As a species that is. It’s a quirk of ours. We’re the only animals on the planet that does it.

Sometimes we use a dead language like Latin to help us classify things (because it’s unspoken it means it won’t change, ex: Animalia, Plantae, Phylum, Genis, etc., etc.).

But we don’t stop there. We have a million different ways that we classify things. We just like to do it. We categorize, and subcategories and micro categorize every chance we get.

Even those of us who work in the InfoSec world like to categorize things. Which might come as a surprise because there are some who might not classify all of us as human beings.

One of the things we’ve categorized is hackers. We’ve split them up into three different categories: white-hat, black-hat, and gray-hat. If you’re like me, and ever wondered where that came from, we’re about to take a magical journey together and learn a thing or two along the way.

Firstly, what is a Hacker?

According to Merriam-Webster’s dictionary, a hacker is:

A person who illegally gains access to and sometimes tampers with information in a computer system

It’s a pretty straight forward definition, right? It was. Once. But not anymore. There are a lot of people who identify as being a “Hacker.” There are ethical hackers, and there are unethical hackers and there are hackers that live somewhere in-between.

Since it might be hard to identify which is which at first sight, they’ve applied labels, or descriptors, to themselves to help in the process.

To do this, they’ve co-opted an old television and movie trope. Over the years movies have used color to help identify what side of the fence a character might be on. One genre where that’s been incredibly noticeable is the Western.

What are White-Hat Hackers?

Here’s how it breaks down: in a western, you can usually identify who’s who by what color hat they’re wearing. The hero is often wearing a white or light colored hat (examples of this are Clayton Moore as the Lone Ranger, Alan Ladd as Shane, and Roy Rogers in…well…basically everything he ever made).

Likewise, a white hat hacker is typically a hacker who uses their technological prowess for good. They’re usually experts who excel in compromising information security systems but do so legally.

They might work as a security consultant/contractor or as full-time employees for large InfoSec software vendors or MSSPs. Penetration testing is an excellent example of the type of activity that a white-hat hacker is involved in.

What are Black-Hat Hackers?

jackpalanceblackhat

In the movies, the villains typically wear black hats or are clothed entirely in black (think of Henry Fonda in Once Upon a Time in the West, Jack Palance in Shane, and more recently Yul Brenner and Ed Harris in their respective versions of West World).

A villain being dressed all in black isn’t just limited to Westerns. Darth Vader and the Wicked Witch of the West are great examples of this. They’re the bad guy, and that point is made very clearly by their choice in clothing.

Likewise, a black-hat hacker is typically up to no good. THey’re the ones that make the news. Black-hat hackers typically operate anonymously, rarely revealing their identity and never disclosing their intentions until it’s too late to stop them.

It’s harder to identify a black-hat hacker in the wild. They can operate as lone wolves or as part of a rogue nation state-backed hacking team. The type of target they go after can range wildly.

If there’s somebody itching to cause some chaos on the internet, it’s going to be a black-hat hacker.

What’s a Gray-Hat/Brown-Hat Hacker?

themanwithnoname

Ah, yes, the gray-hat. These individuals live somewhere in between the others. Think about Clint Eastwood’s Man with No Name in Sergio Leone’s Dollars Trilogy. While his hat is more of a brownish-gray (if you’re going to be pedantic and point out a flaw in my argument) but the character is sort of a cross between the traditional western hero and villain.

The Man with No Name is clearly the hero in the films, but he’s not the kind of individual you’d want to run into walking down a dark sidewalk on your way to the local saloon. He can be dangerous, he’s typically out for himself, and he’s not above shooting somebody that’s wronged him in the back when they’re not looking.

However, he’s honorable. He might rub people the wrong way and not conform to societal norms, but he’s a hero. That’s the gray-hat hacker in a nutshell.

Where the white hats are the good guys, and the black-hats the bad guys, the gray-hats are the bounty hunters or vigilante. They do what they want to, but they’re not in the game to hurt somebody. They want to do what they’re gonna do and be left alone by everybody to do so.

They’re relatively similar to a white-hat in regards to what they do, but they’re far more mercenary. The gray-hat hacker doesn’t wait for permission to compromise a security system. They’ll do the deed on their own and then try and sell their findings to their target rather than exploit the weakness.

Unlike a black-hat hacker (who would sell what they find to the highest bidder or hold the target ransom), the gray-hat hacker will inform their target of what they saw and then negotiate with them to both closes the exploit and make a little money for finding it.

Conclusion

So there you go. Now you know more about hackers and Western movies! If you haven any thoughts you’d like to share regarding hackers and/or what color hats they wear, feel free to chirp up in the comments section!

If you’d like to subscribe to our blog, please use the CTA in the upper-right-hand corner of the page.

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...