In recent weeks, some people have been shunned from the Null Byte community because they expressed "black hat" aspirations. This is because Null Byte is the "white hat" hacker training/playground. Although most of us think we know what that means, it does beg the question; "Who and what is a white hat hacker?"
There has been much discussion lately here on Null Byte about what it means to be a white hat hacker, and I'd like to take a moment to define what I see as white hat hacking. The symbolism, I think, is very clear. The GOOD guys wear white hats—and we are the good guys of hacking. That is much simpler to say than it is to define.
Hacking Is the Most Important Skillset of the 21st Century
Let's begin by emphasizing that I believe that hacking will be THE most important skill of the 21st century, for both good and ill. Some will use it to spy on us, some will use it to steal from us, and some will use it to fight us. Whatever it is used for, it will impact your life in significant ways!
That is probably the most important reason to study hacking. If it will impact your life on a daily basis in significant ways, you are likely to feel powerless as it overwhelms you. If you have significant hacking skills and experience, you will likely feel powerful as you will have the skills to defend and protect yourself and those around you.
Black Hats
It's pretty easy to define black hats. They are the people who steal from us and spy on us. Some do that WITHOUT being legally-sanctioned (cyber criminals) and some will do it WITH legal sanctions (national spy agencies and commercial data collectors).
White Hat Hackers Are Those That Are Legal?
Some people define a white hat hacker as someone who "hacks in legally proscribed ways." This would obviously include pentesting, legally-sanctioned espionage, and legally-sanctioned cyber warfare. In most cases, I would agree with that, but I would not want to be limited by that definition. I think the definition of white hat hacking can be defined much more broadly.
Sometimes, the Law Is Wrong & Must Be Broken
I think it goes without saying that laws are made by the powerful, and those laws are designed to maintain their power. In some cases, the good guys must break laws for the greater good. No significant change takes place without someone breaking the law.
For instance, the founding fathers of the U.S. were considered traitors and guilty of treason by the British, and they would have been hung if they had been caught or lost the War for Independence. Rosa Parks broke the law by refusing to give up her seat to a white person on a Montgomery, Alabama bus that many mark the beginning of the Civil Rights Movement for African-Americans in the U.S. Mahatma Gandhi broke many laws of the British colonialists to free his people from the yoke of British rule. Nelson Mandela broke the laws of the South African government and served 27 years in prison in order to free his nation from apartheid.
I would say that all of these people were the "good guys," but all of them broke laws that they thought were oppressive and unjust.
Hackers as Lawbreakers
The hacker group, Anonymous, has broken many laws. Some of their members are now serving prison terms as a result (most famously, Jeremy Hammond).
They supported WikiLeaks' attempt to show the world the unjust and inhumane crimes taking place in the Iraq War. That action was in violation of U.S. law. Anonymous is now attempting to neutralize ISIS recruiting efforts online, which many consider a good thing, but would violate most cybersecurity laws around the world (denial of service attacks are illegal in most countries). Edward Snowden is in exile in Russia as a result of his efforts to reveal to the world the spying efforts of the NSA. His efforts have had an impact around the world, yet he is a wanted man in the States. Some leaders in the U.S. government consider his actions treason and want him to serve a long prison term. Is he a black hat because he broke law, or is he a hero and white hat for exposing to the world the abuses of the NSA?
I think you can see that defining a white hat is not simple. If we only use the definition that a white hat only hacks legally, then it would miss some very important illegal activities that changed the world for the better. If we limit ourselves to defining the good guys as those who follow the laws, then George Washington, Mahatma Gandhi, Nelson Mandela, and Rosa Parks would all be considered black hats, while in reality, they are all the white hats (good guys).
Defining the White Hat Hacker
In my opinion, a white hat works for the greater good of society and the world. If you are in a country that restricts freedom of speech and expression, you are likely a white hat hacker if you use your skills to keep the internet free and open. If your country is threatened by a cyber attack from a belligerent country and you can use your skills to blunt or repel that attack, you are likely a white hat hacker. If your country is subject to an oppressive and authoritarian regime and you can use your hacking skills to alter that, you are likely a white hat hacker. Obviously, you would be using your hacking skills for the greater good in all of these cases.
In summary, I want to emphasize that a white hat hacker—the kind we are here at Null Byte—are the good guys. We use our skills for the greater good of our people, our community, and the world. Sometimes those goals may clash with local laws, but WE ARE STILL WHITE HATS.
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
20 Comments
I still don't understand this White and Black Hat thing.(I mean why we need to justify ourselves!)
Black Hat Hackers are criminals just like the other criminals.
I believe we are Just Hackers!
Nice Article Though!
so where are the grey hat guys?
what is your opinion about who they are?
Hacked by Mr_Nakup3nda
I assume he might have combined White and Grey hats here.
Since Grey hats are pertty much whites who are hacking to help in an illegal way.
I'd support that though. A white hat is a white hat under the microscope, but what does one do behind the scenes?
I can still do illegal ethical hacking, however noone would know it was me.
You never know :P.
Great article nevertheless.
I did not combine white hats and grey hats. I clearly defined black hats and white hats. Grey hats are hackers who are sometimes white hats and sometimes black hats. Max Butler is a good example.
I wrote this article in an attempt to redefine a white hacker and what it means to our community.
I see your point, I did not mean to speak on your behalf, I might have miss-phrased that a bit.
Appologies if I have.
However, aren't Grey Hats simply white hats not obeying the law?
What I mean is, a White hat will ask for permission or get hired in order to hack.
A Grey Hat will hack anonymously and illegaly with no mallicious intent however.
On the other hand a Black Hat will hack for their own evil purposes.
Is that not correct?
That's how I see it, pretty much like Phoenix said.
RPG allignment representation of my understanding of these terms.
White hat - Chaotic Good
Grey hat - Chaotic Neutral
Black hat - Chaotic evil
People will always try to categorize each other in this world and in the world of hacking its no different.
Had a great time reading this.
I don't think whitehats and hacktivists to be the same.
-The Joker
my classification has always been
BlackHat: Hackers who engage in malicious/illegal activity for their own benefits, but might be at the harm of others
WhiteHats: Hackers/SecurityResearchers/PenTesters, hackers who get access/legalPermission from a web/program/companyOwner to test the security of their products/programs/etc. to find security flaws, report them to the owner, and suggest fixes to them
GrayHats: Hackers who break laws, but for a good purpose/cause. (I dunno how to put that in words, but dunno how to describe them without missing the mark...)
but then again, that's just my opinion. Others may have a different definition.
It's almost right, but I use an extra term 'hacktivist' to get 4 distinct classifications. Here they are-
Whitehat-Pentesters, who obtain authorization from the company to find security flaws and suggest fixing them.
Blackhat- Illegal & Malicious to the right/innocent
Grayhat- I'd call them 'unauthorized' pentesters, who find vulnerabilities without legal authorization.
Hacktivist- Hacker activists, who hack for a cause and won't mind breaking laws for that
People do not belong perfectly in 1 category, but actions do.
-The Joker
I consider the whole "hat" thing a bit superfluous. Indeed, I remember a tutorial on here about hacking your creepy neighbour's webcam that would not seem to fit into the "white hat" tag that NB has adopted; whatever the intention of the hacker the law would still have to be broken. As for people being shunned for expressing black hat aspirations - if anyone is dumb enough to discuss breaking the law on a public forum they should seriously reconsider their planned life of crime.
Do you know what the 'Black Hats' from Null Byte have done so they got kicked out of here?
That is interesting because I think I do wanna know how to do 'black hat' acts because now I consider my self as grey hat, I dont hack to make people feel bad , only to learn so I wanna know a lot of things related to the hacking subject :D
White hats and Black Hats do the same things and use the same tools, it is their intent that differentiates them.
both ways of hacking are interesting tbh and i really wanna learn more and more about hacking
What about perspective? You don't train to be one or the other. Although, people assume that black hats "know more". Take for instance, if I walk down the street, see a bank and decide to hack them that night. The next day, the bank and the police consider me a blackhat-i broke into their stuff unsolicited. However, if I walk in the next day and turn over what I did, hand them a resume and 5 reasons they should hire me fulltime, they might consider me a whitehat-i did not use the data for personal/financial gain. However, most might consider me to be a greyhat-doing blackhat things with whitehat intentions.
No, they will likely consider that a full confession and charge you as a criminal. That's a Hollywood scenario; if I ever saw one.
The only things that differentiate white and black hats is intention and permission.
Grey hats are a whole other story.
ghost_
They won't. They will arrest you if the bank is not feeling too generous. Yet, the complaint is already placed. What I'd do is to hack during the interview so they won't file a complaint against me.
-The Joker
honestly, i just need help... i dont know any underground hacker, i do want to learn before how to... but i just dont have a time for now. please help. need a white hat hacker?
its a mobile game. leading to a cp. help please. im serious.
Share Your Thoughts