infosec - Black hat, White hat, Gray hat

These are terms for types of hackers.


Black Hat The criminal hacker. They break into computer systems for profit.
White Hat The ethical hacker. They work to identify, expose, and fix security vulnerabilities. They won't hack into a system without permission. They may be hired by the company to perform penetration testing.
Gray Hat The in-between hacker. Their activities may be benign, but they won't always ask for permission first.

Ads by Google

A real life example

The problem. Optimum Online allows you to download up to 3 months of phone call logs for personal use. If you wait longer than 3 months, you are out of luck.
The hack. If you know how the web works, you can bypass the web browser, access the Optimum site directly, and get any year and month that you want.

What would each type of hacker do?


Black Hat

They might create a program out of the vulnerability and sell it.
They might advertise the vulnerability and sell it.
They might create a web site offering free call logs, and place google ads on that site.
They might download call logs and sell them.

The object is to make money from the vulnerability.


White Hat

They would not have found the vulnerability, or even looked for it, without asking for permission from Optimum.


Gray Hat

They download call logs for personal use, for their phone number only.
They might try a friend's number out of curiousity.

Their use of the Optimum website violates Optimum's terms and conditions, but the hacker judges their activity to be benign, causing no harm to the company.

They might write an article from the experience to gain publicity or notoriety. The article, while not created for financial gain, may still benefit them personally or professionally.

Ads by Google



Ask a question, send a comment, or report a problem - click here to contact me.

© Richard McGrath