Last Updated: October 3, 2021
The Web is the most significant battlefield history has ever known. There are no national borders, nor organized armies. The online battleground is where the purest clash between good and evil takes place.
Every day cybercriminals launch thousands of attacks against companies, governments, and individuals. And hundreds of thousands of malicious programs will attempt to infiltrate a system by the time you reach the end of this article.
The good news is that we have white hat hackers to balance the scales.
What Is a White Hat Hacker?
White hat hackers, also referred to as “ethical hackers,” are cybersecurity specialists who test systems’ security.
Although a white hat uses similar methods as a black hat hacker (cybercriminal) to penetrate a system, there’s one crucial distinction.
The ethical hacker has permission to penetrate a system and expose its vulnerabilities. On the other hand, a black hat doesn’t. Moreover, black hats do so with malicious intentions, often driven by greed. That’s why their actions are illegal and punishable by law.
In general, both white and black hats do the same thing – they find flaws in a system. While the latter exploit those flaws, usually for financial gain, the ethical hacker points them out so the system’s owner can fix them.
Often corporations hire white hat hackers to test their systems and find problems with their security before a blackhat can take advantage of them.
Since the definition of a hack is to gain access to data in a system, cybercriminals and cyber defenders are both hackers. And both parties get paid to hack.
Although crime usually pays well, white hats also earn an impressive salary. Plus, they have multiple other sources of income.
Many tech companies offer bug-bounty programs to find flaws in their systems. White hats are hacking the system in question to find eventual holes in their security, thus earning bounties if they succeed.
If you think about it, white hat hackers don’t help only the companies by improving their security. They help consumers as well by making sure the services they use are safe and secure.
We can all agree we’d prefer using a safer service. This is why white hats are so valuable in today’s digital world.
Why Are Hackers Called Hats?
The analogy of white and black hats goes back to the US Western movies made between the 1920s and 1940s. Back then, the good guy usually wore a white hat, while the villain had a black one.
Throughout history, white has always been considered the color of light and purity, while black has symbolized darkness and evil. That’s why brides wear white dresses at their weddings. The grooms wear black because, well you know, they are doomed from that day onward (just joking).
Anyway, this black and white symbolism is why we call the good guys white hat hackers and cybercriminals – black hat hackers.
So now you know what a white hacker is and why they are called hats. Still, there are several other types of hats to make things more interesting.
What Is the Difference Between a White Hat, a Black Hat, and a Grey Hat Hacker?
Like in life, nothing is just black and white. There are plenty of shades in-between.
That’s why we’ll take a look at the different types of hats to see who’s doing what.
What Is a White Hat Hacker?
As mentioned above, white hats are the “good guys.” They often get hired by companies or compete in bug-bounty programs.
White hat hacking is legal and handsomely rewarded. With the growing need for cybersecurity specialists, white hat hacking is becoming an increasingly profitable activity.
In fact, do you know what the unemployment rate for cybersecurity specialists is?
That’s right – Zero! Nada! Niente!
There isn’t a cybersecurity specialist on Earth who can’t find a job for their skills! No other industry in the world is in such demand for specialists.
White hat hackers are sought after and well-paid.
Are you already considering a career change? We’ll get to that.
What Is a Black Hat Hacker?
The Sith Lords of the hacking empire are often highly-intelligent, but selfish creatures. Driven by greed, cybercriminals are responsible for all kinds of cyberattacks. Data breaches, DDoS attacks, ransomware, cryptojacking, and identity theft are just several of the types of attacks that make the headlines.
There’s a mundane motivation behind most of these – money. Cybercriminals make quite a profit doing what they do.
Black hats are the supervillains in the modern world, yet media and movies somewhat romanticize these criminals. Mostly Hollywood is to blame for this, since there isn’t only one movie about black hat hackers, which makes them look cool. Movies like Swordfish, Hackers, and BlackHat create a misconception of the real black hat hacker.
Don’t be fooled – black hat hackers are criminals, and that’s that. They may look like the average person, but at the end of the day – they earn their living by committing crimes.
Fortunately, some of them turn to the Light Side. More often than not, that happens once the authorities catch them.
Usually, agencies prefer to take advantage of their skills, instead of locking them up. Unfortunately, that only happens to a small percentage of black hat hackers.
What Is a Grey Hat Hacker?
The grey hats are halfway between black and white hats. They see computer hacking more or less as a test for their skills.
They can hack into some systems, but they usually don’t have the malicious intent of black hats. Most often, they don’t even possess the skills of a black hat. At the same time, a grey hat hacker doesn’t intend to become a white hat.
So what do they do exactly?
Well, they hack mostly to prove themselves. If hacking could earn them some money in the process, even better. Once grey hats find an issue in a system, they will usually inform the owner. Naturally, they’ll offer to fix the problem for a fee.
Nonetheless, most of them don’t exploit the vulnerability. Still, what grey hats are doing is illegal, since they lack permission from the system’s owner.
Some grey hats even use their skills for minor crimes – like stealing small amounts of money.
To summarize, they try to monetize their skills without exposing themselves to great risks.
These three types of hackers represent the majority of hackers worldwide. Still, there are several more groups in the global hacker family.
What Is a Blue Hat Hacker?
This type of hacker hacks for revenge. They don’t have any great hacking skills and target only companies or individuals who did them wrong. Blue hats usually don’t aim to improve their hacking abilities. Still, they know enough to hit their target in a way that satisfies the hackers’ hunger for revenge.
What Is a Green Hat Hacker?
Green hats are newbies. They are eager to learn and can’t wait to turn into a “real” hacker as soon as possible. You can often see them at hacking conferences, armed with hundreds of questions.
To put things in perspective – if computer hacking was a role-playing game, black hats would be a level 90 hacker, while green hats would only have a single-digit level.
What Are the Script Kiddies?
Script kiddies are considered a part of the hacking community, but they don’t want to learn. They download already written malicious codes and use them to create a virus. More often than not, they do that to impress their friends.
Despite their lack of skill (or maybe because of it), they aren’t harmless. The problem with script kiddies is they can’t assess the consequences of their attacks. That’s why they can create mayhem without realizing it.
What Is Hacktivist?
Thanks to the “Anonymous,” hacktivists have become widely known. They are a different breed of hackers, which is similar to black hat hackers.
See, the biggest difference between hacktivists and all other types of hackers is they hack for a cause. Mostly it’s to propagate political views or promote social change.
You know – problems like freedom of speech, human rights, and so on. If you think about it, they aren’t such bad guys in terms of ideals.
A Denial-of-Service (DoS) attack occurs when hackers flood a server with massive waves of traffic. This attack aims to shut down a system or render it inoperable completely. Nevertheless, it’s controversial to promote freedom of speech while executing a DoS attack on a website.
What Is a Red Hat Hacker?
I left this type of hacker for last since it’s a mystery if red hats even exist. The Web is conflicted whether they are real or just a myth.
However, if they do exist, they are the best ones out there.
They are like white hat hackers, meaning they also aim to stop cybercriminals. Still, the methods they use are different from white hats’. If a black hat strikes at a system, white hats would like to see him prosecuted by the law. Red hats, on the other hand, take the law in their hands and outright aim to destroy the black hat, using an arsenal of techniques.
They have all the skills and tools of both white and black hat hackers. Once they find a malicious hacker, they launch an all-out attack including, but not limited to, uploading viruses, DoS attacks, or taking control over the black hat’s computer.
Rumor has it they are either the vigilantes of the hacking community or agency-recruited black hat hackers who operate in secrecy.
There is no official information on red hats’ actions, but there’s a possibility that such hackers have attacked Dark Web crime marketplaces.
To summarize – a red hat hacker is motivated by pure desire to destroy black hat hackers.
Now, let’s get back to the stars of the show.
What Motivates White Hat Hackers?
The number one driver for nearly every human being to become a hacker is curiosity. Not to find what something does, but what it may do. So, once people find out what hacking is, a whole new world unfolds in front of their eyes.
At that precise moment they have a choice to make – should they use their skills for good… or not. If they find an exploit, what should they do with it? Should they report it, so everyone can benefit from this, or exploit it for personal gains?
It all comes down to the individual’s ethics. Most black hat hackers are selfish by nature, not caring about the consequences of their actions for other people.
White hat hackers, on the other hand, genuinely want to make the world a better and safer place. What’s great about these guys is everyone, including you, benefits from their work.
There’s one other reason why an ethical hacker protects systems, instead of exploiting them – money.
The average salary of an ethical hacker in the US is $71,331 per year. In some states, it can reach up to $132,322 a year, including bonuses. Compared to the average salary in the US, which is $47,060 per year, ethical hacking looks tempting.
There are also many bug-bounty programs, which offer nice payouts. The biggest one so far is $112,500, paid by Google. The average bounty paid by HackerOne is over $2,000 for critical issues.
So you see, ethical hacking can be a profitable profession. Not only that, but there’s the undeniable pleasure of creating a safer world. So let’s see how they actually do it.
White Hat Hackers’ Techniques
White hat hackers earn a living through what is known as penetration testing (a.k.a pen testing). Companies hire them to infiltrate the network and find any potential holes in their security policy. That’s usually done before black hat hackers can find the vulnerabilities and exploit them.
White hats use the same tools and techniques as black hats. They break into a system and go around through the whole network to find any problems. Once they do, they (or the company’s security department) fix(es) them to prevent future attacks.
The only downside of hiring white hats is their fee. The service doesn’t come cheap, and usually, this limits the time ethical hackers have to find vulnerabilities. Black hats, on the other hand, have all the time in the world to prepare for an attack. Once they infiltrate a system, they can stay there for months before they launch the actual attack.
Usually, companies perform automated breach simulations to test their security. While this is a good practice, these simulations are often outdated, since black hats create new techniques and malware daily.
That’s why white hat hackers remain the best solution in terms of cybersecurity. So here are some names worth mentioning.
World’s Most Famous White Hat Hackers
There are thousands of ethical hackers who work day and night to make the world a better place. Although every one of them deserves appreciation, here are the top five most renowned white hat hackers.
Kevin Mitnick – the Poster Boy of Hacking
“To some people, I’ll always be the bad guy.”
Kevin Mitnick is known as the world’s most famous hacker. His hacker background is so rich we’d need a separate article for his story.
Long story short – he used to be a black hat hacker. Mitnick was on the FBI’s most-wanted list for hacking into 40 major corporations.
He was arrested in 1995 and served five years in prison for numerous cybercrimes. One of the interesting facts about his time in prison is he spent the first year in solitary confinement.
Because, according to officials, he could “start a nuclear war by whistling into a payphone.”
After his release in the year 2000, Mitnick became a security consultant. His clients are Fortune 500 companies and the FBI (the very same agency which took him down in the first place). Today he runs his own cybersecurity consulting firm, called “Mitnick Security.”
Kevin Mitnick is also responsible for the fame of the next hacker on our list.
Shimomura’s name became famous after he helped the FBI capture Mitnick.
See, back in 1994, Kevin Mitnick made a mistake. He stole a specialized software code from Shimomura’s computer, who was a cybersecurity specialist for the NSA.
Naturally, Tsumotu Shimomura took this personally, and, long story short – he helped the FBI catch Mitnick, by pinpointing the location of Mitnick’s apartment.
John Markoff was a journalist for the New York Times back in the 1990s. He wrote a book called “Takedown” which tells the story of Mitnick’s capture. Four years later, the story appeared on the big screen thanks to the movie Track Down (in some countries known as Takedown.)
Dr. Charlie Miller
According to Foreign Policy, Dr. Miller is one of “the most technically proficient hackers on Earth.”
After his graduation from the University of Notre Dame, he worked for the NSA for five years. Then he started working for Uber, where he dealt with autonomous vehicles.
He became widely known for hacking a Jeep remotely, gaining full control of the vehicle. That led to a recall of 1.4 million cars due to their security flaws.
Today, Dr. Miller works for Cruise as a cybersecurity expert for autonomous vehicles.
Greg Hoglund’s name doesn’t ring any bells for most people, but he’s well-known in the hacking community.
He contributed a great deal to security because of his research on system vulnerabilities and rootkits. Rootkits are tools, which enable hackers to gain control over a system without being detected. He also patented several methods for software testing and wrote a number of books.
His name became more widely-known when he exposed a big vulnerability in World of Warcraft. That discovery jump-started his career as an author with the book “Exploiting Online Games.”
Like other white hat hackers on our list, Hoglund also worked with government agencies in pursuit of black hat hackers and improving security.
Greg Hoglund founded several companies, including Cenciz, Bugsan, and HBGary.
What’s interesting about this is that Anonymous hacked an affiliated HBGary company, called HBGary Federal. The reason for that hack was that HBGary Federal was going to expose Anonymous’ identities.
Today, Greg Hoglund works at his company Outlier Security, which is a part of Symantec.
Dan Kaminsky is one of the most famous white hat hackers.
In 2008 he found a DNS flaw which allowed black hat hackers to redirect requests from one website to another in seconds. Thanks to Kaminsky’s discovery the vulnerability was fixed quickly after.
Since DNS is essential to the way the Web works, it would be a very different place today if not for Dan Kaminsky.
Not only that, but Kaminsky also found several vulnerabilities in the SSL protocol, which were also fixed in a few days.
Today Dan Kaminsky continues his whitehat security career by working as a CSO in his cybersecurity firm White Ops.
All of those five names have earned respect in the hacking community. They make the internet safer for all of us.
So now that you know what a white hacker is, the money and respect they can earn – how about a career change? It sure looks tempting.
How to Become a (White Hat) Hacker?
What is a white hat hacker’s job, exactly?
They identify vulnerabilities, simulate attacks, and recommend security upgrades. It might sound boring on paper, but looks can be deceiving.
Here’s the deal:
You can think of a system like a maze full of mysteries. The white hats’ job is to go through the entire maze and solve every puzzle inside. That’s the only way they can be sure there aren’t any other ways in or out of the maze.
So What Do You Need to Become an Ethical Hacker?
First and foremost – computing skills. A degree in any of the computer sciences or math would be a good foundation, even if it’s not a requirement.
There are hundreds of online courses you can take that teach you the ABCs of hacking. Once you have this covered, you can dive in the deep.
How Much Can You Earn?
There are several sources of income for white hat hackers.
The first is their salary if they have a full-time job. The ethical hacker median salary is in the range of $70,000-$80,000 per annum.
However, the brightest white hat hackers can earn more by bug-bounty programs and consulting. The best bug-bounty hunters can earn up to $500,000 a year by finding flaws in systems. Hackers in the security platform Hackerone have earned over $31 million in bounties since 2012.
Consultants also earn a good deal of money. They take home a hefty consultant fee of $15,000-$45,000 per company.
Where Can You Find a Job as an Ethical Hacker?
The short answer would be – everywhere.
There are computer and network security companies who are always on the lookout for bright talents.
Governments and agencies are also increasing their cybersecurity budgets year-over-year and are most often understaffed.
Naturally, you can be a freelancer/self-employed and make money by bug-bounty programs and consulting.
Well, now you know what a white hacker is.
You also know what they do, how they do it, and why. You even know how much money they make and some of their names and backstories.
We have many articles about cybersecurity and cyberattacks, but today you got to meet the human guardians of the internet realm.
So if you know what hacking is and want to make the world a better place – go ahead and become a white hat hacker. You can turn your computing skills into a lucrative career – there’s a huge demand for your abilities.
For everyone else – at least you can sleep well at night, knowing all your data has a guardian angel out there who works to protect it.
Stay safe online and I’ll see you next time.
White hat hackers are also known as penetration testers and ethical hackers. They are hired to search for system vulnerabilities before a black hat hacker can exploit them.
White hats often use the same techniques as their criminal counterparts. The difference is an ethical hacker has permission to infiltrate a system, while black hats do it illegally.
Generally, white hat hackers identify any flaws in the network and recommend security upgrades. It’s a common practice for white hats to fix the problems themselves.
The average ethical hacker salary is $71,331 per year. Still, some of them may earn up to $500,000 a year from bug-bounties and consulting companies.
Now, this is tricky.
If you believe the media, it’s Kevin Mitnick. He’s known to be the world’s most famous hacker. Still, it doesn’t necessarily mean he’s the best. Many white hat hackers deserve this title. Still, each of them works in different security fields, so it’s debatable who the best one is.
We’ve mentioned five people who are great at what they do, but there are many many more who do a tremendous job in keeping the Web safe.
In simple words – a black hat hacker is a bad guy, while the white hat is good. Both parties penetrate systems. Still, the first has malicious intentions for hacking the system, while the latter does the same to improve its security.
Generally, the law and the hacker’s motivation define what a white hacker is. Still, in some countries, the boundaries between white and black hats are a bit hazy.