What comes to mind when you hear the word “hacker”? For many of us, the answer is probably something like, “cybercriminal” or “data breach” or “stolen data”. While all of these answers can be relevant when discussing hackers, they don’t represent hacking in a holistic way.
Dictionary definitions for hacker include:
- A person who uses computers to gain unauthorized access to data; informal: an enthusiastic and skillful computer programmer or user. (Oxford Dictionary)
- A person who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems. (Cambridge Dictionary)
- An expert at programming and solving problems with a computer; a person who illegally gains access to and sometimes tampers with information in a computer system. (Merriam-Webster)
Each of these definitions reenforces negative connotations surrounding hacking by highlighting aspects such as “unauthorized” or “illegally obtained” access. However, the more generic descriptions, such as “skillful computer programmer”, better represent hackers as a whole.
The term hacker should be used as a neutral title that is built upon based on the intentions and behaviors of the hackers themselves. In the hacking world, these more descriptive titles are referred to as hats.
Not all heroes where capes, and not all hackers are villains. While the methods for hacking may be the same across the board, the motivations of hackers are what sets them apart. White hat hackers, also known as ethical hackers, use their computer skills for the good. These experts may work individually or as employees for specific companies. Their main goal is to identify vulnerabilities and security holes within computer systems in order prevent future exploitation. One example of this is known as penetration testing.
Some companies implement bug bounty programs or vulnerability disclosure programs which allow freelance white hat hackers to submit security flaws to developers and be compensated for their findings.
Black hat hackers, also known as unethical hackers, embody the stereotypical hacker image. These hackers are also the most common type to be mentioned in news cycles and other mainstream media such as tv shows and movies. These individuals infiltrate computer systems for their own agenda. Common malicious hacks include malware, ransomware, identity theft, and data theft – each of which are used for the cybercriminal’s personal, typically financial, gain.
Hats, like most things, aren’t always black and white. Some hackers fall into an ethical gray area and are referred to as – you guessed it – gray hat hackers. Gray Hats may not exploit weaknesses the way Black Hats do, but they also don’t have permission to be snooping around for security flaws either. In these cases, hackers gain what is considered illegal access to computer systems, but subsequently disclose the insecurity to the appropriate party so it can be fixed.
As you can see, hackers aren’t always as evil as mainstream media makes them out to be. Though they aren’t given the same level of attention, some hackers are doing a public service by helping companies identify and resolve vulnerabilities that would otherwise threaten the security of both business and user information.