Many hackers who break into computers hope to steal money, access information, or hold files for ransom. Others work above board and are paid to probe and test the security of digital systems. There are also types of hackers that exist in a gray area between legal and illegal hacking.
The main types of hackers
Hackers are usually classified based on their intent, a target’s consent, and legality — but hacker definitions aren’t always black and white.
White hat hackers
White hat hackers engage in legal hacking to improve digital security for those who contract them. They are paid to infiltrate digital systems to identify potential security vulnerabilities and report their findings to their clients. White hat hacking allows companies and organizations to patch security weaknesses before they can be exploited by malicious hackers.
For example, an insurance firm might hire a white hat hacker to simulate annual attacks in order to ensure their clients’ personal information is secure. White hat hacking is based on consent — clients make a request and are aware that an attempt will be made to hack their systems.
Black hat hackers
Black hat hackers are cybercriminals who orchestrate scams and exploit vulnerabilities with the intent to cause harm. The aim of black hat hackers is usually to make money. They do this in many ways, but most involve stealing money outright, cracking passwords to access information that can be sold on the dark web, or holding sensitive data for ransom.
Black hats are the most dangerous hackers, and they typically go to great lengths to hide their identities — it’s extremely rare that a hacker would openly chat with you. They sometimes band together into hacker groups to pull off large-scale hacks.
Businesses have the most to lose from hacking, as they hold large amounts of our personal data. But individuals can be hacked as well. Black hat hackers often gain access to larger systems by hacking individual devices like phones and routers. Email accounts are also popular targets for hackers.
That’s why it’s so important for businesses to conduct regular cybersecurity testing and for individuals to protect their data with threat protection software like AVG AntiVirus.
Gray hat hackers
Gray hats exist in an ambiguous ethical hacking area between white and black. These hackers infiltrate systems without their targets’ consent, but they don’t exploit vulnerabilities to cause harm. Instead, they inform the victims of the hack in order to help them improve their security.
But gray hat hackers don’t always share this information for free. While gray hats inform companies that they’ve been hacked, they sometimes ask for a fee in exchange for the details. In these cases, the victims must pay if they want to know their system’s vulnerabilities. But if they refuse to pay, gray hat hackers will not attempt to retaliate and cause harm.
Gray hat hacking is nowhere near as bad as black hat hacking, but it’s still unethical. Gray hat hackers break into systems without consent, and even if their aim is to improve security, their actions are still illegal.
Red hat hackers
Red hat hackers see themselves as the “superheroes” of the hacking world. They typically target black hat hackers to disrupt their attacks or retaliate against them. While red hat hackers are staunchly anti-black hats, they use similar techniques to hack black hat rings or individuals. They may launch full-scale attacks to destroy black hat servers or steal their resources and return them to those who’ve been wronged.
Blue hat hackers
Blue hat hackers are white hat hackers who are employed by an organization. Their job is to maintain the cybersecurity of the organization and prevent attacks. Blue hats are not usually called “hackers” once they’re employed by an organization or company.
Blue hats often work as part of a team, and they may not be responsible for carrying out hacks on their own. They usually work for IT departments in large companies. Or they may work for cybersecurity agencies that sell white hat hacking services to clients.
Script kiddies and green hat hackers
These terms are often used interchangeably but there are differences. Both refer to inexperienced hackers, although green hat hackers may aspire to become white or black hats, whereas script kiddies’ intentions are almost always malicious, and they use existing malware and scripts created by other hackers to launch their attacks.
Script kiddies may also rely on social engineering, because they aren’t skilled enough to execute more technologically sophisticated attacks. That means they may impersonate others and send fraudulent emails, hoping to convince their targets to hand over sensitive information.
By contrast, green hat hackers want to develop the technical skills to one day become white or blue hat hackers. Some don’t have a clear motivation defined at this stage and can end up heading down the black hat path later.
Hacktivists are people who hack into systems to fight back against perceived political or social injustice. Hacktivists often try to expose government or corporate malfeasance by hacking into secure systems and exposing secret information.
The most famous hacktivist group is Anonymous, which has hacked many organizations including the Church of Scientology, the US Federal Reserve, and governments around the world to protest against apparent injustice.
Those who engage in hacktivism almost always intend to cause reputational damage or some other form of harm to their victims, even if they believe their intention is to promote the greater good.
State-sponsored hackers work for governments. Some are white hat hackers who work to improve national cybersecurity, but others use black hat tactics to harm other countries.
State-sponsored hacking is often a form of espionage, in which states attempt to gain information from other governments. Governments may use the knowledge gained in state-sponsored hacks to prepare for or avoid upcoming danger, or launch subversive attacks of their own.
Malicious insider (whistleblower)
A malicious insider, also known as a whistleblower, is someone who works for an organization and decides to expose wrongdoing from within. Because whistleblowers work for the targets they hack, they already possess the security access needed to expose confidential information. Some may act out of a grudge for financial gain or revenge, while others feel it’s their duty to expose the truth.
A famous whistleblowing example is Edward Snowden, who leaked classified information from his position within the National Security Agency in order to reveal programs of mass surveillance by the US government.
White hat vs black hat vs gray hat: what’s the difference?
There are three factors that differentiate the various types of hackers: consent, legality, and intent to cause harm.
White hat hackers get the consent of their targets before orchestrating an attack. Their actions are legal, and they don’t intend to cause harm. In fact, they do the opposite by improving their clients’ cybersecurity. That’s the crucial difference between a white hat vs a black hat hacker.
Black hat hackers are the opposite of white hats. They do not have consent to infiltrate digital spaces, and they do so with the intent to cause harm. Their actions are illegal, and black hat hackers are considered criminals.
Gray hat hackers don’t have the consent of their targets before attacking, but they don’t intend to cause harm either. Instead, gray hats seek to expose security flaws that their targets can fix before those vulnerabilities lead to bigger issues. Occasionally, gray hats may request payment in exchange, which is not ethical. Regardless of their intention, gray hats’ actions are illegal because they act without consent.
White hat, black hat, and gray hat hackers have different motives
Common types of hacking
There are three primary methods a hacker uses to infiltrate digital systems. These include network hacking, social engineering, and hardware hacking.
This is when a hacker infiltrates a system wirelessly by entering its network. Once inside, they can use their skills to delve further and access restricted information.
Once they get the network’s protocols, they can hack the router, devices, and software on the network. This might let them perform another hacking tactic known as sniffing (intercepting traffic in a network to gain valuable information) or conduct a Smurf attack (taking down a network).
Instead of trying to crack digital security, a hacker may manipulate a device or server physically to get inside its digital infrastructure. For example, if a cybercriminal hacks a phone belonging to an employee they may be able to access the company’s network.
Hackers might also search for an unattended USB port they could stealthily plug into and upload malware. Or, they may try to break into a physical location, like an office, to gain access to servers or computers.
It’s often easier to trick a human into giving up information than it is to crack a firewall. Hackers frequently scam people into giving up their passwords and private information.
Phishing is a type of social engineering attack that involves impersonating a trusted individual or organization. In a spear phishing attack, a hacker may spoof an email to an employee by impersonating their boss. They might invent a crisis and make an urgent request for data, causing the target to relinquish secure information without thinking.
It’s not just organizations at risk though, social engineering can lead to your Instagram account being hacked or even your online banking account.
Protect yourself from hackers
Not all hackers are bad, but there are those who do want your money and data. Everyone is a potential target, and when a hacker gains access to your accounts, they can wreak havoc.
You can protect yourself from hackers by staying alert and using a digital security app to fight online threats. AVG AntiVirus FREE provides six layers of powerful malware protection, including the ability to block dangerous email attachments and malicious websites. Plus, you’ll get notified immediately if your email passwords are hacked so you can act instantly to secure your data. Install AVG today.