The term computer hacking is generally used to refer to one or more persons who break into secure computer systems for malicious purposes. However, this definition is not completely accurate. Many organizations employ hackers to test their computer network defenses' effectiveness and discover any security vulnerabilities or flaws in their IT systems and installed applications. Those people are legally authorized to perform such hacking tests and are commonly referred to as White Hat hackers.
In this article, we will shed light on the different types of hackers and see each one's motivation.
- Black Hat: This group is what most people refer to when talking about computer hackers. They are also known as crackers. Black hat hackers are cybercriminals who break security systems for malicious purposes. They target banks or other companies with weak security and steal money, credit card information, or other sensitive information such as trade secrets or customer/vendor information. This group is mostly responsible for creating different kinds of malware (e.g., ransomware and RAT), which can gain unauthorized access to target devices. This group's primary motivation is financial gain; however, many Black Hat hackers are employed by foreign governments and organized criminal groups for espionage purposes.
- White Hat: "Ethical Hackers," White Hat hackers use their hacking skills for good. They'll help you remove a virus or test your company's security defenses (also known as PenTesting). Some White Hat hackers hold a college degree in IT security, digital forensics, or computer science. Many of them choose to follow a certification path to document their hacking experience. (https://www.cybrary.it/course/ethical-hacking/). The most popular certification is the CEH (Certified Ethical Hacker) from the EC-Council.
- Script Kiddie: Script Kiddies or "skiddie" is a person who lacks programming knowledge and IT security skills and uses existing security tools to launch cyber-attacks. The internet is full of security tools written by skilled programmers and intended for computer security auditing and digital forensics. Many of these tools are free and even open source. Most of these tools were not created for hacking purposes. For example, NirSoft offers a plethora of security tools for retrieving forgotten passwords (see Figure 1); however, the same tools can be abused for malicious purposes when used by the bad guys.
Figure 1 - Using WebBrowserPassView from Nirsoft to retrieve stored passwords in web browsers.
- Gray Hat: Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don't penetrate IT systems for malicious intent. They use the same hacking techniques of Black Hat hackers to discover vulnerabilities and security flaws in target systems without the owner's permission. After discovering such vulnerabilities, they report it to the owner to fix, and sometimes they request a small payment for their efforts. If the owner refuses to cooperate and fix the vulnerability, they publish it online. These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media's attention. Although Gray Hat hackers do not attack for malicious purposes, their action is considered illegal, as they did not get the owner's permission before attempting their security invasion.
- Green Hat: These are newbies to the hacking game, but unlike Script Kiddies, they care about hacking and strive to master the necessary skills (e.g., programming, operating systems function, and IT security) to become a full-blown hacker. They're hacker community often flames them for asking many basic questions. When their questions are answered, they'll listen with intent and curiosity listening to family stories.
- Red Hat: A Red Hat hacker sometimes refers to a person who targets Linux based systems. However, in the hacking world, a Red Hat hacker plays a similar role to a White Hat hacker in protecting IT systems from cyberattacks but from a different perspective. This group is considered the vigilantes of the hacker world. They work by targeting Black Hat hackers to cease their criminal activities or disclose their real identity to the public. Instead of reporting the malicious hacker to authorities, they may target criminal devices using aggressive attack techniques, such as launching DoS attacks or planting viruses to destroy the attacker's device, making it inoperable.
- Blue Hat: If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who anger them. Most Blue Hats are newbies, but like the Script Kiddies, they have no desire to learn.
Summary
Hackers can be categorized into good or bad, hence, White or Black. However, this is not always the case in the real world, as there are different types of hackers wearing different color hats, and their motives can differentiate each group.
