Black hats vs white hats may sound like a spaghetti Western or a Parisian fashion show, but actually they make a clever way to distinguish between criminals who bypass computer systems for nefarious purposes and computer specialists who try to stop them.
(There are also gray hat hackers who may commit illegal computer acts but usually do so without malicious intent. We will leave them to play their dangerous game alone for now and focus on the black and white hats.)
What do black hat hackers do?
A black hat hacker is a skilled computer network user who has learned how to bypass security protocols. He or she may be motivated by one of several reasons, including personal or financial gain, protesting a social cause, espionage, or simply the thrill of cyber crime.
These hackers devise the malware, trojan horses, ransomware, and viruses that infect your computer and cause headaches for individual users and companies alike. Black hat hackers range from students trying to change their grades to international criminals who steal consumer financial information from major corporations.
What do white hat hackers do?
A white hat hacker is the black hat’s nemesis. This hacker tries to stop cyber criminals before they commit a crime by using his or her powers to find the weak points in a company’s digital security wall. White hat hackers use many of the same tools as a black hat hacker, but they do it for it good. Their work involves penetration testing, evaluating existing security systems, and assessing vulnerability.
Most white hat hackers have earned a CEH (Certified Ethical Hacker) designation.
Who are some famous black and white hat hackers?
Most hackers are not celebrities. After all, black hat hackers are trying to avoid both the eyes of the public and the long arm of the law while white hat hackers hold an ordinary - albeit interesting and lucrative - job. A few hackers have managed to make the news, however.
Julian Assange, the founder of Wikileaks, is possibly the world’s most famous hacker. He began his hacking career in 1987 and has hacked into such high profile places as the Pentagon. He now lives in the Ecuadorian Embassy in London and is wanted in several countries.
Kevin Mitnick might be the most famous black hat hacker to switch sides. He first gained unauthorized computer access in 1979, was arrested in 1995, and founded a security consulting company in 2000.
Tsutomu Shimomura got hacked by Kevin Mitnick. A hacker himself, Shimomura secured justice by helping the FBI track Mitnick down. Today, the two work on the same side as white hat hackers.
Robert Tappan Morris holds the dubious distinction of creating the first internet worm, but he didn’t mean to…exactly. He was trying to find out how large the internet was. Morris got busted by police anyway, took his punishment, and now serves as a professor at MIT.
Who said computer geeks lead boring lives?
Which would win in a black hats vs white hats hacker competition?
Assuming both hackers were equally skilled, knowledgeable, and experienced, the white hat hacker would win a head-to-head contest.
One simple reason - the white hat hacker only has to play defense. The black hat, on the other hand, is exclusively on the offense all the time. That may be one reason that the average cyber criminal earns $30,000 per year while the average ethical hacker earns more than $71,000.
Plus, white hat hackers assume virtually no risk while black hat hackers can receive prison sentences of 6 months to 20 years and fines of thousands of dollars. One hacker, Albert Gonzalez, had to pay back hundreds of millions of dollars in restitutions.
While the dark side of hacking might seem more alluring, the money and freedom of a great career is all on the side of ethical hacking.
What kind of personalities do hackers typically have?
According to a study conducted by Andik Matulessy and Nabilla H. Humaira, researchers in Indonesia, and published in Psychology and Behavioral Sciences, white hat hackers scored high on agreeableness, black hats had the most openness to new experience, and gray hats showed the most neuroticism.
Your typical hackers - regardless of hat color - are highly intelligent, curious, individualistic people who appreciate novelty and abstract thinking. If you are a Myers Briggs (MBTI) enthusiast, think of hackers as INTJs or INTPs.
Why should I earn a certificate to be a hacker? Don’t real hackers learn on their own?
Some people say that all hacking experts are autodidacts and "true" hackers don't take training or bother with certifications. It’s certainly true that any hacker will be self-taught to some degree. Cybersecurity is a fast-paced field with new material introduced all the time. To be successful, you must have a desire to learn and a capacity to teach yourself.
However, earning a certificate such as a CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst), or PenTest+ can help jumpstart your career, add credibility to your resume, and result in a more lucrative position. Holding certification helps prove knowledge and competence. While many uncertified ethical hackers are highly skilled professionals, having certification can help document what they already know.
Ethical hacking is a self-regulating industry. In other words, no certificate, degree, or license is necessary to practice. That could change, of course, as cybersecurity begins to institutionalize. For now, though, companies and government agencies need to sift through resumes for the right candidates. Certification is one way to stand out.
Plus, CEH certification may give applicants a leg up into jobs with more stable companies, higher salaries, and more job security. It also fulfills Department of Defense requirements for the CSSP Infrastructure Support, CSSP Analyst, CSSP Auditor, and CSSP Incident Responder positions.
Ethical hacking is a high-paying, fast-growing field. Getting certified can be a big step toward a lifelong career of helping secure critical data against nefarious criminals. It’s a big job. Are you ready for it?