Why all the hats?

When the word ‘hacker’ springs to mind, most of us get a mental image of an anonymous, hooded figure, bent over a computer in some dark recess of the Web. However, not all hackers are bad.

 

Although the term hacker is associated with threat actors and cyber criminals, the word ‘hacker’ can be used to describe anyone, who, regardless of whether their intentions are good, bad or nebulous, uses their programming or computer skills to break down or bypass security measures on a PC, device or network.

 

“Hacking per se is not illegal unless the perpetrator is compromising a system without the owner’s knowledge or consent.  Many organisations, both private and public sector, employ hackers to help them identify holes in their systems,” says Robert Brown, CEO of DRS, a Cognosec company.

 

According to him, hackers are usually divided into three groups, black, grey and white, depending on their intentions. “The terms black hat and white hat were first coined in the old spaghetti westerns from decades ago. The villain was always seen in a black hat, the hero in a white. Black and white hats distinguish themselves in two ways, the nature of their intentions, and whether or not they are transgressing any laws.”

 

White hats are hackers who use their technical abilities and skills for good. They are called ethical hackers, and are often employed by governments and other organisations to help to find security flaws in their systems, he says. “To do this, they will try and break into an organisation’s systems, as this is the most sure fire way of pinpointing any vulnerabilities. The main difference is that white hats do this with the full knowledge and consent of the organisations they are hacking.”

 

This process is 100% legal, and penetration testing is recognised as a necessity among security practitioners and organisations alike. “They perform vulnerability assessments, test the existing systems, and try to get in. Because they have the skills and can think like hackers, they are best equipped to know what methods bad hackers will use to breach a business.”

 

Black hat hackers, on the other hand, have entirely different motivations, says Brown. “These guys can be financially motivated, hacking into a business for monetary gain, either by stealing banking details and logins, credit card numbers and suchlike, or proprietary information that can be sold to competitors. Some hack to satisfy their egos or gain recognition from their peers. We also see hackers who are motivated by ideology. These ‘hacktivists’ breach systems for social or political reasons, often aiming at exposing wrongdoings and corruption, using hacking as a way to demonstrate their dissatisfaction with powerful businesses and governments who’s views differ from their own.”

 

Then, he says, we get nation-state and nation-state-sponsored hackers, who generally have vast resources behind them, and are formidable adversaries. “The stakes are much higher here. While exact motivations cannot be known, nation-state hackers have been seen to target defence, nuclear programmes and critical infrastructure. Big damage and espionage is their goal, and this sort of cyber activity can have catastrophic effects on a country’s national security and fiscal health.”

 

Finally, we get the grey hats. “These guys operate in the murky waters that are neither white nor black. These guys will seek out vulnerabilities and flaws in a system without any prior consent or even knowledge of the owner. Should any be found, they will report them to the system owner, and ask for a fee in order to resolve the problem. Should payment not be forthcoming, they often post the vulnerability on the Web for all to view.”

 

Grey hats are not necessarily motivated by malice, they are just looking for a payday for their efforts, he says. “They don’t usually exploit the vulnerabilities they find, but irrespective of this, their activities are still viewed as illegal, and frowned upon, because they did not get permission before hacking the organisation.”

 

Not all hackers are the same. White hackers help businesses to identify security flaws to better protect themselves and their customers. Grey hats are not malicious, and some might say they even serve a useful purpose. It’s only the black hats who are a real danger to businesses, and who need to be rooted out and prosecuted, he concludes.