Ethical hacking: White hat, black hat?
You might have noticed that mainstream media has this kind of love-hate relationship with hackers. In movies and series we see both sides of hacking: the good, altruistic hacker (like in the series Mr. Robot and the infamous 1995 movie Hackers), as well as the evil, ambitious hacker (like the Puppeteer in the Ghost in the Shell franchise, although the protagonist is also a kind of hacker herself, as well as the antagonist in Live Free or Die Hard).
In the news, however, the portrayal tends to be more negative. There are good sides to the same coin, and a knowledge of how hackers work help programmers maintain apps. We’ve seen the demonization of Anonymous during the height of hacktivism around 2010, the controversy over Russian hackers allegedly interfering with the 2016 elections in the US, including Hilary Clinton’s hacked emails, and rumors about military hacker armies in countries such as Iran, China, Russia, and North Korea.
However, hacking is a culture and a lifestyle. There are many people involved with it, with many different worldviews and opinions, and that leads to many different kinds of hackers, notably recognized for their “hats”. Let’s talk a bit about them.
The black hat hacker is the “villain”. They are hackers that use their knowledge of cybersecurity and exploiting vulnerabilities to get money, either by using it to steal money for themselves, by stealing data to sell online, or doing those kinds of things for hire. They are also the kinds of people who create viruses, spyware, worms, ransomware, and other kinds of malicious software.
The black hats can either act alone, doing their own thing, or can also be a part of groups, commonly smaller groups. They value their anonymity and do all they can to remain hidden from everyone, even their clients. It can take a few white hat hackers to be able to track them down, if that is even possible.
White hat hackers are the “good guys”. They are ethical hacker, meaning they strictly adhere to an ethical code, and as such only use their skills to help people. An ethical hacker is commonly found in large tech and security companies with the objective of discovering and fixing security vulnerabilities before the black hats do so.
If you read on the news about an exploit having been discovered in a product of a major company, it probably means that a white hat discovered it, and it has already been fixed.
The guy that discovered that Trump’s Twitter password was “maga2020” and told the authorities instead of messing around? Yes, he is a white hat hacker too. That’s how they are.
Ethical hackers tend to be so helpful for finding exploits that it is common to see companies offering huge rewards for them when they manage to find such vulnerabilities, with Mozilla paying up to 10,000 dollars and Google, 31,337 (yes, that is the exact amount, the pun was definitely intended).
The “chaotic good” of the non ethical hacker world, red hats follow their own ethical code, but also aim to do good. They are commonly regarded as “vigilantes”, and are known for going after and defeating black hats using their own means, frequently without aid from the police.
Consequently, they are pretty controversial. Who they will go after will depend on their own definition of white hat and black hat. Just the same, they sometimes turn their attention to targets outside of hacker culture, such as organized crime and extremist groups, and their techniques may involve tracking and exposing people publicly or even “bricking” their enemies’ computers (that is, making them unusable).
Many hacktivists tend to be red hats, commonly defying the line between legality and illegality and good and evil, including controversial groups such as Anonymous and Wikileaks.
The most recent red hat attack was the hack on the Parler platform: a group managed to obtain access to the administration software of their server, and with that gained access to every user’s data and aided the FBI in finding the Capitol invaders.
Hacker culture is a pretty diverse and complex world, but you can rest assured that there are many good guys out there protecting us from the bad guys.