The word ‘hacker’ is often used with a negative connotation to describe cybercriminals, but it is not necessarily the case that all hackers have bad intentions.
In fact, the activities carried out by hackers are legal as long as the system is not compromised without the owner’s consent.
We find 3 categories of hackers known as black hat, gray hat and white hat that differ mainly by the intentions and motivations of the activities they carry out.
Who are black hat hackers?
Black hat hackers are defined as ‘malicious’ hackers who enter computer networks with malicious intentions. These cyber criminals mainly act out of opportunistic motives such as personal gain, the excitement of creating chaos, but also the desire for revenge.
We can find novice black hats, who merely spread malware, but also expert black hats capable of stealing, modifying or even destroying personal data and information.
How black hats act?
Many black hat hackers work through assignments on the Dark Web, e.g. developing malware, while others opt for collaborations with partners, acquiring licences for malicious software to spread in other markets.
We can find automated attacks run by bots targeting unprotected computers on the web, e.g. phishing, others are outright scams. In these cases, black hats make calls through call centres, pretending to be big companies like Google, trying to convince victims to allow remote access to their computers. As a result, the targets in question allow hackers to collect private information such as passwords and bank details.
Who are the grey hat hackers?
Gray hats are hackers who are somewhere in between black hats and white hats.
They are able to sneak into a system without the owner’s permission and, when they find vulnerabilities, report the problem to the owner and then, often, demand a ransom.
These cyber criminals think they are performing a very important task for companies, not considering that the latter may not appreciate the unauthorised invasion.
It is seldom the organisations themselves that value the information provided by grey hats because this type of activity is not welcome in the IT world as it is illegal and immoral.
How do grey hats operate?
Having illegally obtained access to a vulnerable system, grey hats are able to ask the owner to hire them to solve the problem, although most of the time organisations prefer to respond legally.
Occasionally, it happens that if the targeted organisations do not respond to the solicitations of the grey hat hackers in a timely manner, the latter are able to use the vulnerabilities to their advantage.
Who are the white hat hackers?
By now you can imagine that white hat hackers act for good, protecting organisations from possible black hat attacks!
Cyber criminals are aware of the difficulty in hacking the systems of structured organisations that can afford white hats, unlike smaller companies that probably do not have the necessary resources. It is precisely thanks to white hats that large companies can consider themselves safe from cyber attacks.
How do white hats act?
White hats act in the same way as black hats, the only difference being that the former have the permission of the owners of the systems and their actions are therefore 100 per cent legal. These ‘good’ hackers are used to performing penetration tests, assessing the vulnerability of computer systems and studying the weak points of defence of the members of organisations (social engineering).
