What Color is Your Hacker Hat?

Black Hat? White Hat? What's With All The Hats?

Black hat
Comstock / Getty Images

With the release of hacker-related movies such as the Blackhat film, many people wonder what exactly is a ‘black hat’ hacker? For that matter, what is a 'white hat', or a 'grey hat'? What’s with all the hats anyways? Why not different colored pants?

Here are the basic types of hackers and their hats:

White Hat Hacker:

A white hat hacker could be thought of as the “good guy” of the hacker community. This type typically includes what are known as “ethical hackers”.

This category is home to security professionals that specialize in penetration testing of systems and other types of do-gooders. These types usually fully disclose any vulnerabilities they find, not holding them back for extortion purposes, as a black hat probably would.  

If a white hat attacks a system, it is probably pre-authorized by the system owner, prearranged, and within very specific test boundary parameters so that the target’s operations aren’t damaged or harmed in any way. This type of hacking is usually sanctioned (by the target company who is probably paying for it) and the rules of engagement have been agreed upon by all parties (or at least cleared by the target's upper management).

Black Hat Hackers:

A black hat hacker is likely to be motivated by less altruistic goals than a white hat. Black hat hackers are probably in it for the money, notoriety, or for other purely criminal purposes.

These hackers typically want to break into systems to destroy, steal, deny service to legitimate users, or use the system for their own purposes. They may steal data in order to sell it on the black market. They also might attempt to extort money from system and or data owners, etc.

Black hats are considered the traditional “bad guys” of the hacking world.

Grey Hat Hackers:

Grey hats are as the name implies, somewhere in the middle between black hat hackers and white hats. They may act illegally sometimes but usually have good intentions and are usually not motivated by personal gain. This doesn’t mean they won’t seek personal gain, but it is not traditionally their motive.

This type of hacker may break into a system and then leave a nice note to the administrator saying “Hello, you might want to patch this vulnerability because I was able to get in”. If they had been a black hat, they would have exploited the vulnerability and used it to their advantage. If they had been a pure white hat, they wouldn’t have done anything without the express permission of the system owner.

Script Kiddies:

Script kiddies are usually unskilled novice hackers (hence the “kiddies” moniker) that implement easy to use attack tools and/or automated scripts that other people have built. The motives of script kiddies vary. They may attack systems purely for the thrill of the hack, for perceived “street cred”, or for other motives, political or otherwise.


A hacktivist (blend of the words 'hacking' and 'activist') may use computer hacking and vulnerability exploitation to further their own political agenda.

Goals typically associated with hacktivist groups may include promoting things such as freedom of information and freedom of speech. Goals can also be very specific and politically motivated or non-specific. Tactics used by hacktivists can range from the simple mirroring of websites that have been shutdown, all the way to acts that would be considered cyber-terrorism, such as denial-of-service attacks. 

All these types of hackers are players on the cyber battlefield of the Internet. You can prepare yourself to deal with these folks and the tools they use by educating yourself on the topic of computer security.

Check out our articles on Defense-in-depth and How to prepare for Cyber-warfare for more discussion and information you can use to help protect your systems and yourself.