White Hat, Black Hat, and Grey Hat Hackers : Finding which hacker is what made easy
The long-fought battle between Apple and the FBI over unlocking of San Bernardino’s terrorist iPhone 5C finally saw a resolution. The Washington Post reported this week that the FBI broke into the San Bernardino shooter’s iPhone using the services of paid professional hackers, called as “grey hat” hackers.
The federal government paid hackers a one-time fee to find a “previously unknown software flaw” or a zero-day flaw in the iOS 9 software in the San Bernardino iPhone 5C that would allow them to access the data on the terrorist’s phone.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature.
There are basically three types of hackers: white hats, black hats and grey hats.
To understand these, let’s first know what a hacker is. A hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment, or to evaluate those weaknesses to assist in removing them.
White Hat hackers aka ethical hackers
White hats are security researchers or hackers who breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client or while working for a security company which makes security software. They normally notify the vendor once they discover a vulnerability in software so that the flaw can be fixed. For identifying any flaws in software, companies that have bug bounty programs these days pay white hats anywhere between $500 to more than $100,000 by selling that information. White hats are also considered as ethical hackers.
Black Hats aka cyber criminals
Considered as criminals, a “black hat” hacker is a hacker who “violates computer security for little reason beyond maliciousness or for personal gain”. Black hat hackers use their expertise to find or develop software holes and break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. They also sell information about the security holes, zero day vulnerabilities and exploits to other criminals for them to use. Obviously, black hats are considered the bad guys, as they are the epitome of all that the public fears in a computer criminal.
Grey Hats aka bit of both
A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker can be individual hackers or researchers who surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hats normally sell or disclose their zero-day vulnerabilities not to criminals, but to governments—law enforcement agencies, intelligence agencies or militaries presuming that they use the vulnerabilities responsibly for the public good. The government’s use those security holes to hack into the systems of adversaries or criminal suspects.
Resource : Wired.