White Hat vs Black Hat vs Grey Hat Hackers

Hackers are now mythological figures of our age. We have seen them in spy films, tinkering in front of a PC while stealing secret information and sensitive data. We hear about them on the news, with cases such as Wikileaks and Anonymous. In most cases they are presented as outlaws. But do we really know who they are and what they do?

There are mainly three hacker figures, known in Information Security jargon as White Hat, Black Hat and Grey Hat. In short, the good, the bad and the middle ground between the two.

Today we also talk about the ethical hacker: a professional in system penetration who uses the same tools and techniques as “bad” hackers, but in a controlled way and within a well-codified set of professional services. There is almost fifteen years of literature on the subject, although someone will always improvise as an expert.

Hackers are not all the same:

• White Hat - These are hackers hired by companies and used on those same companies to discover vulnerabilities, which are communicated so that appropriate controls can be implemented;

• Black Hat - These are the bad actors, those who attack IT systems with the intent to steal information, create problems and earn money illegally. In short, everything a company must protect itself from.

• Grey Hat - These are the middle ground between White and Black. They attack IT systems without notice and inform companies of their vulnerabilities. Sometimes they ask to be paid for the work done.

White Hats must also be excellent communicators, in order to report the technical details of what they discovered while testing the system.

These three hacker categories share the same objectives: curiosity, the challenge of infiltrating an IT system and the personal satisfaction that follows. Hackers come from a very complex subculture, and to understand it fully one must read many documents, some dating back to the late 1980s, on ethics, freedom of information and many other principles.

Today's attackers, however, do not split hairs. Often, through disinterest or ignorance, they do not know the origin of the subculture they claim to belong to, but they have no scruples about using every technique and tool to violate systems and pursue profit.

For this reason it is a strategic move to rely on true professionals, active in research and not simple “workers” in an industry that, whether we like it or not, companies increasingly need. EasyAudit is provided by an organization specialized in penetration testing, using proven experts who can truly help companies protect corporate networks and web systems. All certified with the EasyAudit Checked seal, a guarantee for your customers!