Hacking 101: Black Hat vs. White Hat vs. Gray Hat Hacking

Hacking refers to the unauthorized access to a computer by exploiting a weakness in the system. Essentially, someone breaking into your computer and data who shouldn’t be there. This definition suggests the negative connotation to hacking — especially considering the state of cybersecurity and privacy risks facing an average internet user.

The cost of global cybercrime is expected to reach $10.5 trillion annually by the year 2025, risking the privacy of internet users. In fact, internet users now totals over 64% of the global population, or 5.16 billion individuals. This makes cybercrime activities, a.k.a. hacking, a concern for every one of those internet users…not to mention organizations that rely on the internet.

But is hacking evil? As it turns out, many organizations and security experts adopt a popular strategy when it comes to cybersecurity: the best defense is a good offense. The practice of ethical hacking has gained popularity in recent years and has given rise to three main categories in hacking:

• Black Hat
• Grey Hat
• White Hat (Ethical hacking)

Let’s review the key differences between these hacking categories and understand what it means for our online presence.

How Black Hat Hacking works (The worst kind)

Black Hat hacking refers to the practice of unauthorized access of a computer system with malicious intent. Black hat hackers may be any number of bad actors…

• Individuals intending to access another user’s online accounts and data.
• Organized cybercrime rings that steal personal information such as credit card information, or hold access to data and computer in exchange of a financial or socially motivated goals.
• State-sponsored cybercrime rings that compromise mission-critical infrastructure and organizations to achieve political or strategic military goals.

Black hat hackers adopt a range of strategies to compromise their targets. Social engineering activities such as phishing are used to compromise the human element — the weakest link in the cybersecurity chain — especially when the target is an individual user.

Exploiting known vulnerabilities in technologies is a common practice and used to target a large audience group, some of which may fall victim to the attacks. State-sponsored hacktivism takes a step ahead and exploits backdoors planted into technologies used by government and military organizations in other countries.

Black hat hackers typically coordinate their activities and gain access to hacking tools in underground Dark Web markets — most of their attacks are not aimed at specific individuals but user groups that may be running outdated vulnerable technologies, they rely on low-effort social engineering and zero-day exploit attacks. State-sponsored hacktivists on the other hand, typically rely on sophisticated tools, try to find unknown (and unpatched) technology vulnerabilities and have vast resources at their disposal. The Stuxnet attack is a notorious example.

(Black hat hacking shares a name with one the longest standing security events: Black Hat and the related DEFCON.)

White Hat Hacking (The best kind)

At the opposite end of the spectrum is White Hat Hacking, also known as ethical hacking. White hat hacking is the antithesis of black hat hacking.

White hat hackers are individuals authorized to find and exploit vulnerabilities in a system. They may be employed by technology companies, business organizations and government entities to identify weak links in their security chain. These are security specialists with certified academic backgrounds — as opposed to black hat hackers who tend to be hobbyists — and are employed as key members of the security department, partner or external consultants.

The goal of White Hat hacking is to examine every possible security risk acting from the perspective of a cybercriminal. Once a vulnerability is identified, the organization works with white hat hackers, security pros, to issue a fix. It’s often one part of a larger cyber threat intelligence (CTI) strategy.

In recent years, the scope of white hat hacking has extended beyond internal cybersecurity departments. Tech companies regularly hold bounty programs that motivate hobbyists and industry experts to find vulnerabilities in their systems in exchange for rewards and recognition.

Grey Hat Hacking (The in-the-middle kind)

At the middle of the hacking spectrum, is the practice of Grey Hat hacking. These hackers are neither motivated by malicious intent, nor are they formally employed and authorized to conduct hacking activities. Gray Hat hackers typically don’t cause damages to a victim — they discover vulnerabilities that can potentially cause damages. Then, these grey hatters reach out to the affected parties and notify them regarding the issues.

In case the party fails to respond or notice, the gray hat hackers often expose the exploit publicly, typically white hat conferences and groups where the community can work together to fix the problems. A popular example is the hacker who discovered a glitch in Facebook in 2013, which allowed him to post on Mark Zuckerberg’s Facebook wall.

Facebook CEO’s personal Facebook page, gray hat hacked in 2013. Remember this interface? (Image source)

Protecting against hacking

So how do you protect against all kinds of hacking attempts: white hat, black hat and gray hat? Since most of the hacking attempts rely on simple social engineering tactics and known vulnerabilities, the following best practices can help improve your online security against hacking activities:

• Use strong passwords.
• Never download files or click links unless received from a confirmed, legitimate source.
• Watch out for symptoms of hackers impersonating legitimate organizations. A typo or capitalized letter in the website URL likely points to a hacking attempt.
• Keep your systems and software up to date.
• Limit the information you share online.
• Keep track of your online financial activities. Alert the concerned authorities in case of anomalous or suspicious activity.
• Keep strong Identity and Access Management (IAM) systems for your business adopting the principle of least privilege access.

Related reading

• Disaster Recovery Planning: The Organizational Guide
• Ransomware Attack Types
• Cross-Site Scripting (XSS) Attacks & How To Prevent Them
• Introduction to Spyware: It’s Not All Bad News
• The CVE Guide: Common Vulnerabilities and Exposures Explained
• Security Books & Articles To Read (Recommended by Security Experts)

What is Splunk?

This posting does not necessarily represent Splunk's position, strategies or opinion.