Different types of hackers explained

To the average person, the word “hacker” evokes an image of a kid in a hoodie pounding away on a keyboard in front of several monitors in their parent’s basement. It might also invoke scenes from some of the popular hacker themed movies like War Games (1983), Hackers (1995), The Girl with the Dragon Tattoo (2009), and the cosplay fan favorite Neo and the movie The Matrix (1999)?

The media paints with a broad brush

There is a lot of bad press about hackers. Read the news and it seems some big company is breached again and their data (or money) is stolen. The press always refers to these individuals or groups as hackers, however, it is not that simple. There are diverse types of hackers who range in age and each with their own agendas. Hackers can be grouped into the stereotypical white, grey and black hat hackers, however, even that is over-simplified. There are penetration testers, security researchers, hacktivists and state sponsored groups too. The world of hacking is extremely large and complex.

Origins and different types of hackers

The original definition for a hacker was actually in a positive sense. It referred to someone who could think outside the box, take advantage of weaknesses in systems and policies. In the 1960s, hacker subculture emerged at MIT, TMRC, and MIT Artificial Intelligence Laboratory. There individuals engaged in activities that required playful cleverness to accomplish, like placing a police cruiser on the roof of the Great Dome. These activities (pranks or hacks) were said to have “hack value” and be perpetrated by hackers. Today, the term “hacker” has become associated with computers and “hackers” in the sense of “someone using ingenuity” still exists, but they are often confused with computer criminals or hacktivists.

Due to the sorted ethics and goals of hackers, the media and the computing world has made attempts to differentiate between the different types of hackers with terms like “black hat”, “white hat”, and “grey hat”. The people and hacks talked about are examples, but there are millions of hackers who have had an effect on history. From a certain point of view, figuring out a cryptographic scheme is a hack. Some consider hacking analog machines in the same light as computer hacks. The definitions contained within this article are based off of study material for CompTIA and ISC2’s certification tests.

Disclaimer: The people and groups inside those categories are my opinion and I understand that motives are judged in the eye of the beholder. Feel free to comment your opinion, lets discuss!

White Hat hackers

White hat hackers fit into two categories: penetration testers and red teams. Some security researchers consider themselves to be white hat as well. These are the proverbial good guys, the ones who profess to do no harm and follow all the rules. They are employed by companies or hired out as contractors to test enterprises. The ethical hacker job market is extremely vibrant and continues to expand as the concern over cyber security continues to grow.

Penetration Testers and Red Team Members

Hackers can work for companies professionally. Many larger companies have their own internal team and some companies contract an external organization to conduct tests. Red team members are typically more involved in working with Blue team members to help prevent attacks, where penetration testers are more focused on the attack itself. This may vary from organization to organization, but ultimately both perform various types of attacks on systems, networks and buildings. The manager of the program defines the scope of each test, whether it be a single server, software application, data center building, or everything within a domain. Once the test is complete, a detailed report is written up so that the vulnerabilities found might be fixed.

Bug Bounty Hunters

Hackers can work for bug bounty companies like HackerOne (whose client list includes Starbucks, General Motors, and the United States Department of Defense) and Bugcrowd (whose client list includes, Western Union, Tesla and Pinterest) who facilitate the legal hacking of business IT systems in order to find vulnerabilities. Companies register for these programs and set a scope much like penetration tests. Hackers login, search the scope for vulnerabilities and report them if they find one. The company’s engineering team ‘triages’ them and the hacker gets paid a bounty pre-arranged between the company and the HackerOne/Bugcrowd. Some companies like Google run individual bounty programs and follow the same process. Bounties can range anywhere from $50 to $50,000.

Notable White Hats

There are many famous white hat hackers, here is a list of only a handful randomly picked. Greg Hoglund is the founder of the Rootkit Web site and best known for finding vulnerabilities in the online game World of Warcraft. He performed a lot of work for the United States as well. Charlie Miller who is best known for being the first one to hack the iPhone and Android phones as well as a number of other apple products. Joanna Rutkowska (yes, girls are hackers too) earned a standing ovation at Black Hat Briefings conference in 2006 for her “Blue Pill” attack against the Vista kernel. There’s a lot of hackers that make the world safer one hack at a time. Most don’t chase fame though, so you may never hear about them without digging.

Black Hat

Black hats are hackers who have malicious intent or who profit from their hacks. These are the ones that hack for fun, for profit, or with the intent purpose of causing damage. There are many different types of Black Hat hackers but they fall into categories based on their goals: State sponsored hackers and criminals. These are two general groups but they can be broken down further. The term Black Hat is the official term for bad hackers in every security text book and certification so it is important to know. However, there are hackers who do good who consider themselves black hat, and one of the biggest hacker conferences is called Black Hat. I personally prefer to simply refer to hackers that commit crimes as “criminals” when not studying for a cert.

State-Sponsored hackers

State sponsored hackers can be military, intelligent agencies or private civilian contractors working for a government entity. They are following the laws of their own country conducting offensive operations against other countries or companies for cyber warfare. Many countries have a huge military presence use for hacking their enemies, like North Korea and the United States. The US and China use a lot of contracted civilians as well.


Criminals may hack for several different reasons. Some conduct operations to steal data to sell to countries or companies for espionage. Some simply steal money outright. or use ransomware to hold an organizations enterprise hostage until a ransom is paid Finally, there are criminals who sell destructive services like distributed denial of service attacks. These criminals operate botnets and are constantly trying to hack machines to grow their botnet capabilities.

Other forms of questionable behavior

Some companies will knowingly hire a Black Hat hacker because they have familiarity with the “dark web”. They may be aware of associates conducting attacks on specific places and provide early warnings of attacks. This can be used for things like dumping stock or deals with a company about to suffer an attack. Some companies have black hats contracted to attack their rivals as well.

Notable Black hats

Some black hat hackers become famous for their deeds. Jonathan James aka “c0mrade” was the first juvenile imprisoned for cyber crime. He hacked the NASA and the U.S. Department of Defense computers. Michael Demon Calce aka “MafiaBoy launched denial-of-service attacks against commercial websites, including Yahoo!, Amazon.com, and CNN. Albert Gonzalez stole and resold over a 170 million card and ATM numbers from 2005 to 2007. There are notable black hat groups too. The Lizard Squad is known for the cyber attack on Malasia Airlines.

Anonymous can be considered Grey and Black, but I list them here because they break hacking laws, and have no care for who they hurt. They have hacked the United State’s Pentagon, credit card companies, and the Church of Scientology. TeaMpOisoN claim to fame includes hacking NATO, Facebook, and Tony Blair’s email. Some state sponsored hacker groups include Fancy Bear aka APT28 or Sofancy (Russian), Bureau 121 (North Korea), Axiom (China), and the Syrian Electronic Army (SEA).

Grey Hat

Grey hat hackers are one of the most often confused group of hackers. Emanuel Goldstein, editor of a hacker magazine 2600: The Hacker Quarterly, has said that hackers draw a distinction by following a few simple rules.

  1. Try to reduce the collateral damage of their hacks.
  2. Stick to the morals of the subculture of hackers.
  3. Never commit hacks for the simple gain of money.

Emanuel coined the phrase “grey hat hacking,” which means neutrality is maintained at all times while skirting between what the law allows and what the law does not specifically disallow. It is a play on the terms White hat and Black hat. Grey hat hackers can be security researchers who hack out of scope or hacktivists who want to hurt a company but not people. Their work can fall between the questionably legal to illegal range, while still following their own set of morals. They might hack a company to find a vulnerable database but report it instead of attempt to profit from it. In this example, it is technically illegal, but they are well-meaning.

Some notable Grey Hat hackers

Some Grey Hat hackers earn fame for their work. Adrian Lamo aka “the homeless hacker” broke the law and served time, but then worked with the United States government to turn in Chelsea Manning. Gary McKinnon aka “Solo” made headlines for hacking 97 American military networks and left a message saying their “security system is crap”. He claimed to have been looking for classified info regarding UFO activity.

Disclaimer: Similar to Black Hats, depending on the different definitions of grey hat, some might consider those on the above list as either grey or black.

The New Age Activists

Hacktivism is when a hacker uses their skills to promote a political agenda or social change. This can be in the form of free speech or human rights. The term hacktivism was coined by Omega, who is a hacker and member of the collective Cult of the Dead Cow. Hacktivists are considered by most to be Greay Hat, because they typically don’t have malicious intent and don’t intend to gain personally. Hacktivists may view their behavior as “the ends justify the means.” In most if not all countries they are, however, still committing cyber crimes.

Issues with Hacktivism

Some argue that hacktivist may be able to obtain information that law enforcement may not be able to otherwise. The issue with that is that any information obtained through illegal means will not likely be admissible in court. Another issue is that if the hackers are not directly working with law enforcement, and can wreak havoc on investigations. Ongoing investigations are revealed by accident, or the chain of custody for evidence can be tainted. In one case, law enforcement was trying to track individuals who were involved with a child pornography site. Undercover agents had infiltrated the system and were finding the people. Hacktivists took down the site, and the case was lost because everyone involved scattered. The hacktivists meant well, child pornography is wrong. Unfortunately, the people running the site got away.

Notable Hacktivist groups and people

Currently, two of the most well-known hacktivist groups are Anonymous and WikiLeaks. Jester made headlines for attacking WikiLeaks and Islamist terrorist sites. His exploits also include attacks on 4chan, a church that attacked a homosexual United States troop. Aaron Swartz advocates for the public to have free access to information. He was a co-founder of Reddit and was arrested for trying to steal academic journals from MIT.

LulzSec was a group of individuals around the United States and England who wanted to mock the lack of security on websites and enterprise networks. It is reported that they didn’t profit from their exploits. They did steal millions of individual identification records like credit card numbers addresses, names and ages from various places. They were responsible for Sony taking down their Playstation Network.

Reformed criminals

Criminal hackers get caught by law enforcement all the time. Many hackers turn to crime out of desperation, trying to feed their family or get taken advantage of by criminals to use their hacks to commit crimes. Not everyone out there has an easy path to a legitimate job no matter how smart they are. These hackers are not all malicious though, and many reform once they serve their time. Some of them even help law enforcement when they are out of jail.

Advantages of hiring a former black hat

First and foremost, black hats have “real-world” experience in conducting offensive attacks and might know more efficient ways of defending these attacks. Finding experience hackers who can handle pressure can be difficult, the best ones already have jobs. Since society has a stigma about criminals, former black hat hackers could potentially cost less compared to someone else. Not all criminals are 100% reformed when they are done serving time; there is a risk businesses have to accept when hiring them. Businesses would essentially be giving this hacker access to their networks and sensitive information.

Notable reformed black hats

Some former criminals make headlines or become well known for their skill. Most hackers use services which mask the identity and origin of where the traffic is originating, like Tor. It is only a matter of time before they get caught. Many reform once they are caught because they feel it wasn’t worth it.

Kevin Poulson

Kevin Poulson aka “Dark Dante” hacked the FBI’s database who is now a senior editor for Wired News. He was the first to serve parole time which prohibited him use of the internet. Once he had completed his time, he began writing about hackers and hacking and became very successful. He was the first to break the story about Chelsea Manning.

Cal Leeming

Cal Leeming is another example of a reformed criminal. When he was a teenager, he turned to digital crime to survive and put food on the table. He was caught, and served his time. Cal says that his arresting officer was kind to him and helped him. The officer was the first person to talk about how he could make a living using his skills. He has since become a speaker and helps business protect themselves from criminal hackers. Cal also reaches out to black hats to encourage them to come clean. He tries to teach them how to market their skills for legitimate earnings.

There are many different types of hackers

Unofficially, I’ve seen as many as 10 different types of hackers listed. I wrote about the 3 main types that will be asked about on major certification exams, but there are more types of hackers that aren’t on exams. There are also Script Kiddies, some people refer to as green hats or skids. These are new hackers who aren’t very technical and only use tools. I’ve seen some references to as many as 10 different hat colors including blue, green and red, but there is not any authoritative force behind it and I don’t want to confuse anyone trying to pass an exam. The only Red Hat I know is the flavor of Linux that is popular in enterprises.

The world of hacking is ever-evolving and changing. It is very easy to be successful just using tools. Whatever level of depth you want to get into with hacking is up to you. It takes time and serious study to get better at it.

Special thanks to Keiose for contributing to this article!

If you enjoyed this post, please subscribe. There is a lot of free study material on the site and more to come in the future. Be the first to know what is coming! Thanks for reading!

Back to home

Learn more about certifications

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob