What Is a White Hat Hacker?
In recent weeks, some people have been shunned from the Null Byte community because they expressed "black hat" aspirations. This is because Null Byte is the "white hat" hacker training/playground. Although most of us think we know what that means, it does beg the question; "Who and what is a white hat hacker?"
There has been much discussion lately here on Null Byte about what it means to be a white hat hacker, and I'd like to take a moment to define what I see as white hat hacking. The symbolism, I think, is very clear. The GOOD guys wear white hats—and we are the good guys of hacking. That is much simpler to say than it is to define.
Let's begin by emphasizing that I believe that hacking will be THE most important skill of the 21st century, for both good and ill. Some will use it to spy on us, some will use it to steal from us, and some will use it to fight us. Whatever it is used for, it will impact your life in significant ways!
That is probably the most important reason to study hacking. If it will impact your life on a daily basis in significant ways, you are likely to feel powerless as it overwhelms you. If you have significant hacking skills and experience, you will likely feel powerful as you will have the skills to defend and protect yourself and those around you.
It's pretty easy to define black hats. They are the people who steal from us and spy on us. Some do that WITHOUT being legally-sanctioned (cyber criminals) and some will do it WITH legal sanctions (national spy agencies and commercial data collectors).
Some people define a white hat hacker as someone who "hacks in legally proscribed ways." This would obviously include pentesting, legally-sanctioned espionage, and legally-sanctioned cyber warfare. In most cases, I would agree with that, but I would not want to be limited by that definition. I think the definition of white hat hacking can be defined much more broadly.
I think it goes without saying that laws are made by the powerful, and those laws are designed to maintain their power. In some cases, the good guys must break laws for the greater good. No significant change takes place without someone breaking the law.
For instance, the founding fathers of the U.S. were considered traitors and guilty of treason by the British, and they would have been hung if they had been caught or lost the War for Independence. Rosa Parks broke the law by refusing to give up her seat to a white person on a Montgomery, Alabama bus that many mark the beginning of the Civil Rights Movement for African-Americans in the U.S. Mahatma Gandhi broke many laws of the British colonialists to free his people from the yoke of British rule. Nelson Mandela broke the laws of the South African government and served 27 years in prison in order to free his nation from apartheid.
I would say that all of these people were the "good guys," but all of them broke laws that they thought were oppressive and unjust.
The hacker group, Anonymous, has broken many laws. Some of their members are now serving prison terms as a result (most famously, Jeremy Hammond).
They supported WikiLeaks' attempt to show the world the unjust and inhumane crimes taking place in the Iraq War. That action was in violation of U.S. law. Anonymous is now attempting to neutralize ISIS recruiting efforts online, which many consider a good thing, but would violate most cybersecurity laws around the world (denial of service attacks are illegal in most countries). Edward Snowden is in exile in Russia as a result of his efforts to reveal to the world the spying efforts of the NSA. His efforts have had an impact around the world, yet he is a wanted man in the States. Some leaders in the U.S. government consider his actions treason and want him to serve a long prison term. Is he a black hat because he broke law, or is he a hero and white hat for exposing to the world the abuses of the NSA?
I think you can see that defining a white hat is not simple. If we only use the definition that a white hat only hacks legally, then it would miss some very important illegal activities that changed the world for the better. If we limit ourselves to defining the good guys as those who follow the laws, then George Washington, Mahatma Gandhi, Nelson Mandela, and Rosa Parks would all be considered black hats, while in reality, they are all the white hats (good guys).
In my opinion, a white hat works for the greater good of society and the world. If you are in a country that restricts freedom of speech and expression, you are likely a white hat hacker if you use your skills to keep the internet free and open. If your country is threatened by a cyber attack from a belligerent country and you can use your skills to blunt or repel that attack, you are likely a white hat hacker. If your country is subject to an oppressive and authoritarian regime and you can use your hacking skills to alter that, you are likely a white hat hacker. Obviously, you would be using your hacking skills for the greater good in all of these cases.
In summary, I want to emphasize that a white hat hacker—the kind we are here at Null Byte—are the good guys. We use our skills for the greater good of our people, our community, and the world. Sometimes those goals may clash with local laws, but WE ARE STILL WHITE HATS.