While that might sound a rhetorical question, in reality the question is entirely subjective. The term “Hacker” itself is decades old, it was first coined at MIT in the 1960’s (Hacker Origin), however, since then the usage and meaning of the word has changed significantly. Historically it has been used to describe a number of things, such as; A malicious person who breaks into computer systems, programmers or simply someone who just tinkers with electronic devices. The global perspective has now shifted to a more criminal connotation of the word, partly due to mass media sensationalism surrounding computer hacks.
So how do we define an Ethical Hacker?
“An ethical hacker is an individual hired to hack into a system to identify and repair potential vulnerabilities, effectively preventing exploitation by malicious hackers. They are security experts that specialize in the penetration testing (pen-testing) of computer and software systems for the purpose of evaluating, strengthening and improving security.” –Techopedia Definition
That just about sums it up. It is worth stating, however, that this definition isn’t 100% accurate. You cannot prevent exploitation completely, nobody can detect a zero day exploit, hence the name.
So what’s the deal with the metaphorical hats? White, Black, Grey. Well these are just ways to define hackers, it helps define motives and intention.
The Black Hat
These are the bad guys, right? Well it depends in the specific person. You can be a black hat with ethics, however it is generally seen that you do not have any. You will do anything it takes to compromise a computer system. These are the guys who hack into big corporations, steal data and sell it on the black market to the highest bidder. The motivations of black hat’s can differ greatly, some do it for financial gain, others for notoriety. One thing is for certain, the black hats are always trying to be one step ahead of the guys defending the computer systems.
The White Hat
I guess you can call these guys the “Ethical Hackers”, as the definition above stated. White Hat hackers have written permission to compromise the network of computer system for the sole purpose of assisting in defence. They generally are the people behind the penetration tests & vulnerability assessments. These days you can also get certified in doing this job professionally, whether this OSCP Certification (Offensive Security Certified Professional) or CREST. Certificates come in all levels of complexity and generally speaking, they are a great starting point to get into the world of hacking.
The Grey Hat
Grey hat hackers are the blurred lines of the bunch, these guys don’t always have written permission to do what they do. It is not always for malicious intent, the are termed “grey” because often they find vulnerabilities in the systems and report it to their owners, often for something in return. It is important to clarify that Hacking anything without written permission and a sense of scope is still illegal, whether you do it for the right reasons. If you do not have permission to perform the actions, don’t do it.
I hope this post has clarified what a Ethical Hacker does, and what the kinds of hacker are. It is important to define this before moving forward with content.
(Hacker) – https://www.helpnetsecurity.com/2002/04/08/the-history-of-hacking/