Good Hackers vs Bad Hackers: What's the Difference?

Some hackers destroy, others protect

Cyber Attacks
Bill Hinton / Getty Images

You've probably heard the term hacker. It sounds ominous, and for good reason, but you've probably also been told that there are good hackers.

Good hackers are also called white hats or security hackers, and bad hackers called crackers or black hats. A good and bad hacker work in much the same way and even use identical skills to perform the hacking, so what makes one better than the other?

While most of the exploits we will hear about in the news come from people who have malicious intentions, there are much more incredibly talented and dedicated people who are using their hacking skills for the greater good. It's important to understand the difference. 

White and black hackers are just a couple classifications of a hacker. There are also grey hat hackers and script kiddies, for example.

What Is a Hacker?

When most people hear about a hacker, they think of how they're portrayed in hacker movies: a person in a hoodie is hidden somewhere secretive with ten computer monitors that are helping him or her hack into a remote computer.

While that could most definitely be the case in the real world, it's important to know that there's another side to hacking that's considered ethical and is completely legal.

Both a good and a back hacker is most likely very good at computer programming, networking, and/or other related functions, and uses those skills to infiltrate a computer system.

However, the term "hacker" can refer to two types of people depending on the circumstance:

  • Good hacker: Uses their knowledge with permission to test vulnerabilities and other weaknesses and then offer details on how to improve the system so that bad hackers won't take advantage of it.
  • Bad hacker: Attacks the system without prior permission, which they might do to steal, alter, or destroy information, or to cause problems such as delays or a total lack of access.

Hacking for Good

Cyber security lock design

White hat hackers, or ethical hackers, work from inside a company. The business hires the hacker to help improve the security of their system by penetrating it just like a bad hacker would.

The company has full knowledge of the hacker's presence and gives them full permission to exercise their hacking abilities to find flaws. The hacker reports these issues to the company and might even be able to repair them, too, or at least offer a report of where there are vulnerabilities that need fixed.

Hacking is good in this case because the hacker didn't enter the system without permission. He or she didn't steal anything, didn't deface the company's website, didn't expose employees' personal information, etc. All of it was done legally and with full permission from the company with an explicit purpose in mind.

Ethical Hacking As a Job

Although white hat hackers aren't necessarily recognized as much as they should be, more and more companies are looking for people who can stay ahead of the individuals determined to bring their systems down.

By hiring white hat hackers, companies have a fighting chance. Even though these programming gurus were once considered outcasts in the public eye, many hackers now hold critical and extremely high-paying jobs with corporations, governments, and other organizations. In fact, in some cases, the hacker might even go to prison for bad hacking and then be hired later to do it legally!

Of course, not all security breaches can be prevented, but if companies hire people who are able to spot them before they become critical, then half the battle is already won.

Most white hat hackers are employed by computer security agencies, such as DXC Technology (formerly CSC). As stated on their site, they have thousands of "security professionals with deep specializations that include penetration testing, vulnerability management, SOC analytics, forensic investigation, and threat intelligence."

Why Are There Bad Hackers?

Hacking illustration of a stolen credit card

If a hacker could make a decent living hacking legally, why would any bad hacker remain a black hat hacker instead of just "switch over" to a good hacker?

Black hat hackers aren't going anywhere because most hacking is motivated by hatred or is performed in an attempt to make a statement or disclose secret information. In other words, a hacker who's doing it unethically feels the need to do it in order to make a point or expose an individual, company, government, etc.

Consider an example where an employee gets fired from a company. He might hack the company's website and deface it with lewd photos and words as vengeance for losing his job. This type of hack is obviously wrong because the company didn't ask for it.

Another hacker might leak emails from a politician, but might do so not as part of a personal retaliation but more of a public service. The hacker might think that she can use her skills to expose someone and let the public know details that are normally hidden.

Other hackers might just love the thrill of penetrating systems and bringing down networks. Perhaps it's simply too much fun to avoid, or the intellectual stimulation is unlike anything else. These are very smart people who have no moral qualms about seeking out and destroying computer infrastructures.

Some people are using the internet to demonstrate for political or social causes using actions referred to as hacktivism.

Examples of Famous Hackers

An anonymous mask representing the hacker collective Anonymous
JohnDWilliams / iStock Editorial / Getty Images Plus

Black Hat

  • Anonymous: A loosely associated group of hackers from all over the world, with meeting points on various online message boards and social networking forums. They're most known for their efforts to encourage civil disobedience and/or unrest through defamation and defacement of various websites, denial of service attacks, and the online publishing of personal information. 
  • Jonathan James: Infamous for hacking into the Defense Threat Reduction Agency and stealing software code.
  • Adrian Lamo: Known for infiltrating several high-level organizations' networks—including Yahoo, the New York Times, and Microsoft—to exploit security flaws.
  • Kevin Mitnick: Convicted for multiple criminal computer crimes after evading authorities on an extremely well-publicized chase for two and a half years. After serving time in federal prison for his actions, Mitnick founded a cybersecurity firm to help businesses and organizations keep their networks safe.

White Hat

  • Tim Berners-Lee: Best known for inventing the World Wide Web, HTML, and the URL system.
  • Vinton Cerf: Known as the "father of the Internet," Cerf has been highly instrumental in creating the internet as we use it today.
  • Dan Kaminsky: Highly respected security expert best known for his role in uncovering the Sony BMG copy protection rootkit scandal.
  • Ken Thompson: Co-created the Unix operating system and the C programming language.
  • Donald Knuth: One of the most influential people in the field of computer programming and theoretical computer science.
  • Larry Wall: Creator of PERL, a high-level programming language that can be used for a wide variety of tasks.