In this old movie Westerns, the good guys wore the white hats and the bad guys wore the black ones.
In the world of cybersecurity, the color of the hat indicates the behavior of the “hacker” as well. A “hacker” isn’t necessarily an evildoer.
A hacker could be someone who is an expert at programming and solving problems with a computer. Or, it could be a person who secretly compromises computer security in order to get information or cause damage.
Three basic colors
Here is a brief guide to the common types of hackers and their hat colors.
- White hats – These are considered the good guys. When they discover vulnerabilities in computer software or systems, they report these so that the flaws can be corrected.
- Black hats – These are the bad guys. These hackers exploit vulnerabilities, typically to break into systems to destroy, steal or deny service to “legitimate” their own purposes – usually for financial gain.
- Gray hats – These hackers fall in the middle ground between the white and black hats. As in any Western, there is always someone who isn’t all bad, nor all good.
Gray hats may break into computer systems for a number of reasons. One is out of personal curiosity to see if they are able. In this instance, they may brag about having done so to gain credibility and/or to embarrass organizations with weak security measures.
Or, they may disclose or sell the vulnerabilities they have discovered to the organization that they hacked.
Regardless of what color hat might hack into your organization’s network systems, it is paramount that effective cyber defense strategies be in place and kept updated.