What do you call someone who hunts for security gaps in computer hardware and software? A hacker, right? What about someone who executes a vulnerability test and presents their findings to software vendors to help them improve the quality of their products? There is more than one type of hacker, and understanding the difference is important.
A complicated history
In the 1950s, the term “hacker” was vaguely defined. As computers became more accessible, the word was used to describe someone who explored the details and limits of computer technology by testing them from a variety of angles.
But by the 1980s, hackers became associated with teenagers who were caught breaking into government computer systems — partially because that is what they called themselves, and partially because the word hacker has an inherently aggressive ring to it.
Today, several of those pioneering hackers run multimillion-dollar cybersecurity consulting businesses, while countless others run amok online, hoping to make a quick buck off of hapless victims.
“Black hat” hackers
Closer to the definition that most people outside the IT world know and use, black hat hackers create programs and campaigns to commit all sorts of malicious acts. Crimes such as identity theft, credit card fraud, and extortion are for their sole benefit, but they can also work under the auspices of a corporation or a state and commit espionage and cyberterrorism.
During the 1990s, Kevin Mitnick was a prime example of a black hat hacker. Mitnick went on a two-and-half-year hacking spree wherein he committed wire fraud and stole millions of dollars of data from telecom companies and the National Defense warning system.
After paying his debt to society by spending five years in prison, he set up his own eponymous cybersecurity firm and became its CEO and Chief White Hat Hacker.
“White hat” hackers
Sometimes referred to as ethical hackers or plain old network security specialists, these are the good guys. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs or working as full-time technicians, white hat hackers are just interested in making an honest buck.
Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the Sinclair QDOS operating system on his Sinclair QL, he released Linux, a secure open-source operating system.
“Gray hat” hackers
Whether someone is a security specialist or a cybercriminal, the majority of their work is usually conducted over the internet. This anonymity affords them opportunities to try their hands at both white hat and black hat hacking.
For example, Marcus Hutchins is a known gray hat hacker. He’s most famous for testing the WannaCry ransomware until he found a way to stop it.
During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He was arrested in 2017 and branded a “gray hat” hacker.