What Color is Your Hacker Hat?

Black hat
Comstock / Getty Images

With the release of hacker-related movies such as the Blackhat film, many people wonder what exactly is a ‘black hat’ hacker? For that matter, what is a 'white hat', or a 'grey hat'?

White Hat Hacker

A white hat hacker could be thought of as the “good guy” of the hacker community. This type typically includes what are known as “ethical hackers”. This category is home to security professionals that specialize in penetration testing of systems and other types of do-gooders. These types usually fully disclose any vulnerabilities they find, not holding them back for extortion purposes, as a black hat probably would.  

If a white hat attacks a system, it is probably pre-authorized by the system owner, prearranged, and within very specific test boundary parameters so that the target’s operations aren’t damaged or harmed in any way. This type of hacking is usually sanctioned by the target company who is probably paying for it, and the rules of engagement have been agreed upon by all parties or at least cleared by the target's upper management.

Black Hat Hackers

A black hat hacker is likely to be motivated by less altruistic goals than a white hat. Black hat hackers are probably in it for the money, notoriety, or for other purely criminal purposes. These hackers typically want to break into systems to destroy, steal, deny service to legitimate users or use the system for their own purposes. They may steal data in order to sell it on the black market. They also might attempt to extort money from the system and or data owners, etc.

Black hats are considered the traditional “bad guys” of the hacking world.

Grey Hat Hackers

Grey hats are as the name implies, somewhere in the middle between black hat hackers and white hats. They may act illegally sometimes but usually have good intentions and are usually not motivated by personal gain. This doesn’t mean they won’t seek personal gain, but it is not traditionally their motive.

Script Kiddies

Script kiddies are usually unskilled novice hackers that implement easy-to-use attack tools and/or automated scripts that other people have built. The motives of script kiddies vary. They may attack systems purely for the thrill of the hack, for perceived “street cred” or for other motives, political or otherwise.


A hacktivist may use computer hacking and vulnerability exploitation to further their own political agenda. Goals typically associated with hacktivist groups may include promoting things such as freedom of information and freedom of speech. Tactics used by hacktivists can range from the simple mirroring of websites that have been shut down, all the way to acts that would be considered cyber-terrorism, such as denial-of-service attacks. 

All these types of hackers are players on the cyber battlefield of the Internet. You can prepare yourself to deal with these folks and the tools they use by educating yourself on the topic of computer security, including defense-in-depth and how to prepare for cyber-warfare.