A hacker by definition is an unauthorized actor who tries to gain access either to steal, alter, destroy, or disrupt data and operations. However, they are not all “bad” as mainstream media portrays them. There are several types of hackers and their motives will depict them to the category.
White Hat Hacker:
Non-malicious hackers who attempt to break into an organization at their request. These are usually penetration testers also known as ethical hacking. There are many details but here are some basics. As a pen-tester have a goal and info. The organization may choose how they want the ethical hackers to test their org which is described below. They test physical security as well as digital security. Pen-testers are usually certified by organizations such as Certified Ethical Hacker (CEH).
· White-box testing is when they get full information such as system information which mays it easier for them to understand.
· Black-box testing occurs when they do not get any information.
· Grey-box is a combination of both. Where they get a little bit of info but not too much.
Black Hats:
This group is the opposite of white hats. They are malicious and cause disruptions and damage. They break into systems/networks without authorization or permissions. This group may consist of several different threat actors. (This could be a whole separate topic itself for another time but here are some basics as well.)
· Script kiddies — who are unskilled. They use codes and tools written by others. AKA Noob hacker
· Hacktivist — driven by social change, political agenda, or terrorism. Groups such as Anonymous.
· Organized Crime — in for the money.
· Advanced Persistent Threat — Groups of hackers funded by countries themselves.
Gray Hats:
These hackers are not malicious but unlike white hats. They are not invited or authorized. They usually hack out of curiosity but they risk breaking the law by doing so.
Blue Hats:
Are similar to white hats but are not employed by the company. They are freelanced or bug bounties who attempts to hack into a network with permission.
So, are all hackers “bad”? No, it really depends on their intent. Generally, no one should attempt to break into anyone’s systems unless it’s your own sandbox environment for educational purposes only. When using skills for good such as a white and blue hat hacker. You can help an organization reduce risk and vulnerabilities which can be exploited by the other teams.
Note: If anything is incorrect or unclear. Will fix upon notification.
