What are white hat, gray hat, and black hat hackers?

Tips & tricks
7 mins
From left to right: a white hat, a gray hat, and a black hat.

You’ve seen the headlines. Data stolen. Computer networks locked. Private information leaked. Whenever hackers are mentioned in the media, it’s almost always in a negative light.

While it’s true there are many nefarious hackers out there, these aren’t the only class of hackers around. In fact, hackers can fall into several categories, namely black hat, white hat, and gray hat hackers. These designations were inspired by old wild west movies where the good guys wore whites hats and the baddies black hats.

But what exactly are the differences between white, black, and gray hat hackers? Let’s take a look.

What is a black hat hacker?

Black hat hackers are ones responsible for those big data breaches hitting the headlines. They’re criminals who break into computer networks with the intention of causing harm. This can be in the form of stealing passwords, credit card info, or other sensitive customer data. They might also hold company systems hostage via ransomware or destroy files.

Black hat hackers are often motivated by money, revenge, or just the desire to sow seeds of chaos. Others might be in it for the thrill, hired by governments or criminal organizations to perform espionage, or as a form of protest.

Black hat hackers often start off their life of cybercrime as independent “script kiddies”—someone who uses existing code and purchases hacking tools from dark web vendors to attack websites, servers, and computer systems.

The dark web acts as a hub for black hat hackers. Here they can chat with other black hats on dark web forums, find hacking jobs, buy and sell malware and hacking tools, or get recruited into hacker groups or criminal organizations.

It’s common for black hat hackers to specialize to heighten their chances of being recruited into a group to earn serious illegal cash. Some focus their attention on phishing schemes and social engineering, while others might develop malware or plan DDoS attacks.

Examples of black hat hackers

Ransomware groups

Ransomware groups are among the biggest black hat hackers of our time. They work by infecting systems with ransomware, a type of malware that locks the victim’s device or network and demands payment in exchange for unlocking it. These ransomware groups are black hat hackers who work together to carry out ransomware attacks and extort money from the companies and individuals they target. One recent example is Conti, which, in addition to attacking more than 1,000 companies and government services, held Costa Rica’s systems for ransom earlier this year, demanding 20 million USD in payment.

Kevin Mitnick

Kevin Mitnick is considered the most notorious black hat hacker of all time. At one time he was the world’s most wanted cybercriminal. Over a two-and-half-year spree, Mitnick stole millions of dollars in corporate secrets from over 40 major corporations, including Motorola, IBM, and various telecom companies. He even hacked the U.S. National Defense warning system. Mitnick was caught and imprisoned twice, and now works as a cybersecurity consultant, swapping his black hat for a white hat.

Gary McKinnon

Another notorious black hat hacker is Gary McKinnon. Also known as Solo, this Scottish hacker is alleged to be the mastermind behind the largest military computer hack of all time. McKinnon hacked 97 U.S. military and NASA systems between 2001 and 2002. The hacks cost the U.S. government around $700,000 in damages.

Read more: Explainer: Lapsus$ hacking group

What is a white hat hacker?

Now it’s on to the good guys. White hat hackers—also known as good hackers and ethical hackers—have the opposite intentions of black hat hackers. While black hats are criminals, the bandits of the Wild West that is the internet, white hats work with the sheriffs. They work with companies to identify flaws in their systems. If any issues are found, white hats will recommend and implement fixes at the behest of the company.

White hat hackers often work for large companies or government agencies, acting as security consultants whose task it is to identify and plug gaps in security that could be exploited by black hats.

Without these white hat hackers, companies would be falling prey to cyberattacks every other week. It’s thanks to their hard work that the private data and financial information you share with companies, banks, and government organizations is protected.

It’s important to note that someone can only be a white hat hacker if they have the permission of the system owner they’re hacking into. ExpressVPN’s own bug bounty program rewards independent white hat hackers who find flaws in our systems.

Read more: ExpressVPN’s $100,000 bug bounty bonus for VPN server vulnerabilities

Examples of white hat hackers

Charlie Miller

Charlie Miller is well-known for winning a $10,000 prize during the 2008 Pwn2Own computer hacking contest, where he was the first to find a major bug in the MacBook Air. He’s also identified flaws in Apple’s Safari browser, as well as demonstrating a vulnerability with text messaging on iPhones that would allow an attacker to compromise the devices. After a stint with the NSA and Uber, Miller now works as a computer security researcher with Cruise Automation.

Dan Kaminsky

Dan Kaminsky was the chief scientist and co-founder of WhiteOps, a computer security firm. Kaminsky is most well-known for identifying a major DNS (Domain Name System) flaw that gave black hats the ability to launch widespread cache poisoning attacks.

What is a gray hat hacker?

Gray hat hackers fit somewhere in between black hat and white hat hackers. They’re not knights in shining armor like white hats, protecting the internet from black hat bandits out of the goodness of their hearts. And yet, they’re also not outright criminals, looking to steal secrets and personal data to sell to the highest bidder.

Gray hats look for vulnerabilities in a system, yet will do so without the owner’s permission. If they find any flaws in the system, a gray hat will inform the system owner of these vulnerabilities, often requesting payment for the work. However, since the company hacked by the gray hat did not commission them to perform the hack, they are under no obligation to pay the gray hat. In fact, their actions can be seen as illegal.

Examples of gray hat hackers

“Mr. White Hat” (Poly Network hacker)

A hacker stole 600 million USD from cryptocurrency platform Poly Network in 2021, in one of the largest crypto heists ever. The plot twist came when the hacker agreed to return the money, claiming that the heist was carried out only for fun and to encourage Poly Network to improve its security. The crypto platform dubbed the hacker Mr. White Hat—although his actions were firmly in a gray area.

Axel Gembe (Valve hacker)

In 2003, a 20-year-old German hacker named Axel Gembe hacked the video game company Valve, creators of the Steam video game site. Gembe broke into Valve’s system and downloaded the entire code for an unfinished build of Half-Life 2, releasing it online for anyone to download and play. Things took a turn when Gembe emailed Valve, asking for a job based on the skills he demonstrated through the hack. Newell scheduled an interview with Gembe, who confessed in detail to the hack. Rather than a job, Gembe was given ​​two years’ probation for the crime.

How to protect yourself from hackers

Keep your devices up to date

Update your operating systems and apps as new versions become available. This ensures you have the latest bug patches.

Create stronger passwords

Hackers seek access to your network, devices, and accounts—which should all be protected by strong passwords. Always create long, complex passwords, and don’t repeat them across accounts. A password manager like stores all your passwords securely so you don’t have to remember them, allowing you to create stronger ones. It’s also best practice to use two-factor authentication for your accounts.

Watch out for phishing and other scams

Attachments and links in unsolicited emails could house all manner of malware looking to gain access to your passwords, bank details, and more. Only click on files and open emails from people and organizations that you know and trust.

Be careful when using public Wi-Fi

Public Wi-Fi is often unencrypted and unsecured, making devices connected to them susceptible to cyberattacks. The easiest way to protect yourself when using public Wi-Fi is with a VPN app. Turning on your VPN will protect your online traffic in an encrypted tunnel.

Read more: Cybersecurity tips for small businesses

Phone protected by ExpressVPN.
Take back control of your privacy

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
Welcome to my own little pocket of reality. Watch out for YouTube marathons about space and existentialism, Herbie Hancock humming sessions, and Timmy Trumpet duet sessions.