What do you call someone who hunts for security gaps in computer hardware and software? A hacker, right? What about someone who presents their findings to vendors to help them improve the quality of their products? There is more than one type of hacker, and understanding the difference is important.
A complicated history
In the 1950s, the term 'hacker' was vaguely defined. As computers and the people who worked with them became more accessible, the word was used to describe someone who explored the details and limits of technology by testing them from a variety of angles.
But by the 1980s, hackers became associated with teenagers who were being caught breaking into government computer systems — partially because that is what they called themselves, and partially because the word hacker has an inherently aggressive ring to it.
Today, several of those pioneering hackers run multimillion-dollar cybersecurity consulting businesses. So what should you call someone who uses their knowledge for good?
“White hat” hackers
Sometimes referred to as ethical hackers, or plain old network security specialists, these are the good guys. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs or working as full-time technicians, white hat hackers are just interested in making an honest buck.
Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.
“Black hat” hackers
Closer to the definition that most people outside the IT world know and use, black hat hackers create programs and campaigns solely for causing damage. This may be anything from stealing information using malware to forcefully shutting down networks using denial-of-service attacks.
Kevin Mitnick was the most infamous black hat hacker in the world. During the 1990s, Mitnick went on a two and half year hacking spree where he committed wire fraud and stole millions of dollars of data from telecom companies and the National Defense warning system.
“Gray hat” hackers
Whether someone is a security specialist or a cybercriminal, the majority of their work is usually conducted over the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking.
For example, Marcus Hutchins is a known gray hat hacker. He’s most famous for testing the WannaCry ransomware until he found a way to stop it.
During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has been arrested and branded a “gray hat” hacker.
The world of cybersecurity is far more complicated than the stylized hacking in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t give small businesses a pass. If you need a team of experienced professionals to help you tackle the complexities of modern cybersecurity, call us today.
Published with permission from TechAdvisory.org. Source.