There are three main types of hats: black hats, white hats, and gray hats. Black hats are the most common type of hat, and they are typically worn by hackers. White hats are similar to black hats, but they are usually worn by people who work with technology. Gray Hats are a new type of hat that is becoming more popular in the hacker community. They are typically gray because they help protect against cybercrime. Each hat has its own unique purpose. Black hats typically use their Hats to conceal their identity while working in the dark or during sensitive situations. White Hats can be used for cover when meeting with other people or when undercovering a crime scene. Gray Hats can be used as part of a hacker team or as part of an overall security strategy. There is no one right way to wear a Hat, but it is important to choose one that will fit your personality and style. If you want to be more visible to others, you may want to try wearing a white Hat. If you want to stay hidden while working on sensitive projects, you may want to try wearing a gray Hat. There is no wrong answer – just be sure that the Hat you choose fits your specific needs!

Hackers aren’t inherently bad — the word “hacker” doesn’t mean “criminal” or “bad guy.”  Geeks and tech writers often refer to “black hat,” “white hat,” and “gray hat” hackers. These terms define different groups of hackers based on their behavior.

The definition of the word “hacker” is controversial, and could mean either someone who compromises computer security or a skilled developer in the free software or open-source movements.

Black Hats

Black-hat hackers, or simply “black hats,” are the type of hacker the popular media seems to focus on.  Black-hat hackers violate computer security for personal gain (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDOS attacks against websites they don’t like.)

Black hats fit the widely-held stereotype that hackers are criminals performing illegal activities for personal gain and attacking others. They’re the computer criminals.

A black-hat hacker who finds a new, “zero-day” security vulnerability would sell it to criminal organizations on the black market or use it to compromise computer systems.

Media portrayals of black-hat hackers may be accompanied by silly stock photos like the below one, which is intended as a parody.

White Hats

White-hat hackers are the opposite of the black-hat hackers. They’re the “ethical hackers,” experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.

For example, many white-hat hackers are employed to test an organizations’ computer security systems. The organization authorizes the white-hat hacker to attempt to compromise their systems. The white-hat hacker uses their knowledge of computer security systems to compromise the organization’s systems, just as a black hat hacker would. However, instead of using their access to steal from the organization or vandalize its systems, the white-hat hacker reports back to the organization and informs them of how they gained access, allowing the organization to improve their defenses. This is known as “penetration testing,” and it’s one example of an activity performed by white-hat hackers.

A white-hat hacker who finds a security vulnerability would disclose it to the developer, allowing them to patch their product and improve its security before it’s compromised. Various organizations pay “bounties” or award prizes for revealing such discovered vulnerabilities, compensating white-hats for their work.

Gray Hats

Very few things in life are clear black-and-white categories. In reality, there’s often a gray area. A gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn’t work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.

For example, a black hat hacker would compromise a computer system without permission, stealing the data inside for their own personal gain or vandalizing the system. A white-hat hacker would ask for permission before testing the system’s security and alert the organization after compromising it. A gray-hat hacker might attempt to compromise a computer system without permission, informing the organization after the fact and allowing them to fix the problem. While the gray-hat hacker didn’t use their access for bad purposes, they compromised a security system without permission, which is illegal.

If a gray-hat hacker discovers a security flaw in a piece of software or on a website, they may disclose the flaw publically instead of privately disclosing the flaw to the organization and giving them time to fix it. They wouldn’t take advantage of the flaw for their own personal gain — that would be black-hat behavior — but the public disclosure could cause carnage as black-hat hackers tried to take advantage of the flaw before it was fixed.

“Black hat,” “white hat,” and “gray hat” can also refer to behavior. For example, if someone says “that seems a bit black hat,” that means that the action in question seems unethical.

Image Credit: zeevveez on Flickr (modified), Adam Thomas on Flickr, Luiz Eduardo on Flickr, Alexandre Normand on Flickr