Hackers. The news loves to report on them and the public just loves to completely misunderstand what they actually do. The word “hacker” has become associated with malicious computer criminals, largely thanks to how it’s used in the media and film.

Originally the malicious type of computer wizard was known as a “cracker”, but it seems like the hacker community has given up on trying to make “cracker” stick. Instead hackers of different moral inclinations are sorted under three different “hats”. Also, as it turns out, like wizards.

So if you think that all hackers are “bad guys”, then this is the perfect time to unpack the basics of hacker morality. With great power comes great responsibility, and how a hacker chooses to wield their knowledge determines which hat they’ll wear.

Any given hacker can wear more than one hat of course. The hat is associated with the type of hacking that’s happening, not who does the hacking, necessarily. 

By the end of this article, you’ll understand which type of hacking fits under which hat and, hopefully, know how hackers fit into the larger digital ecosystem. So, hold on to your own hat (whichever it may be) as we delve into the moral headpieces of hacker culture.

White Hat Hackers are the Lawful Good Wizards of the Net

White hat hackers are also known as “ethical hackers”. If you want a legal career as a hacker, then this is the only hat you should wear. Ethical hackers always go to great pains to ensure that whatever they do happens with the consent of everyone involved. They act as security consultants and advocate for a safer digital world.

One of the most valuable services offered by white hats is known as a penetration test or “pentest”. Basically the ethical hacker will try their best to find holes in a client’s security. If they manage to defeat the security of a client, a full report with mitigations follow.

Ethical hackers never cause deliberate harm to data, systems or people. You can actually take courses on ethical hacking and, if you have the right experience and qualifications, get a certification as an ethical hacker.

White hats are usually driven by a passion for privacy and security. They are becoming ever more important as the business, services and government institutions we all need shift to entirely digital business models.

Grey Hat Hackers Roll True Neutral

Grey hat hackers aren’t malicious per se, but they don’t follow a strict ethical code either. A grey hat might while away their time poking around places where they have no permission to be. They don’t steal information or damage anything on purpose, but they also don’t really care about consent.

If a grey hat discovers a security vulnerability, they are likely to report it to the owners of the system privately. However, grey hats have been known to publish exploits if they aren’t fixed, as a way to force system owners into action. 

Grey hat hackers are often driven by simple curiosity and a desire to explore the net. They don’t mean to break the law or do harm on purpose.

It’s just that, sometimes, pesky laws and ethical principles stand in the way of a thing they want to do. Despite unethical pentests being illegal, some companies might tolerate grey hats who bring them critical exploits without exposing them to malicious users.

Large tech companies will often offer “bug bounty” programs where people may bring unsolicited vulnerabilities they discover. As long as the disclosure is done in accordance with their bug bounty rules, anyone can participate.

Black Hat Hackers – Chaotic Evil Sorcerers

Black hat hackers are the boogeymen of the internet. These people use their skills and knowledge for profit, the “lulz” or both. “Lulz” is a corruption of the internet term “LOL” or laugh out loud. In this context it basically means doing something just because you think you can or because it would be funny.

When it comes to making a buck, black hats have many options.All of them illegal and immoral! They break into systems to steal information or simply trash everything, causing huge damages.

Selling stolen credit card information is all in a day’s work for a black hat. Identity theft? Just another day in the internet underworld folks. The other two types of hackers are, as you might expect, usually in opposition to malicious hackers.

State Hackers

State hackers are a relatively new addition to the hacker pantheon. They don’t really fit neatly under any of the traditional hats and are a new breed of cyber warfare soldiers. What they do is (meant to be) legal, under the espionage laws of their own country, but their intent may also well be malicious.

State hackers don’t fit into the hacker hat spectrum neatly, because until today hackers have largely been civilian groups and individuals. Still, state hackers are here to stay, so we need to find a space for them in our thinking about the hacker world. Maybe we could call them “camo hats”. No, that’ll never catch on, would it?

We Need Hackers!

By their nature, hackers live at the fringes of the digital world. They are certainly very different from the average user and even power users and tech aficionados don’t move in much of the same circles.

The mind of a hacker, regardless of the hat they wear, has to be at right angles to the typical person. They can step back from the biases and preconceptions most of us have and thereby achieve some pretty amazing workarounds and exploits.

While the specter of black hat hackers might keep some people up at night, there’s no doubt that for technology and policies related to those technologies to move forward, we need people with that “hacker” mindset.

It’s important to remember that hacking is often a part of the innovation process. Someone comes up with an idea and tests that notion instead of dismissing it as impossible. So if you automatically associate the word “hacker” with criminality, it might be time to revisit those prejudices.