SkipToMainContent

Emerging Threats

What is the difference between black, white and gray hat hackers?

A man’s hands with a laptop and mobile phone.

February 25, 2022

Hackers can be categorized by the type of metaphorical “hat” they wear. What is the difference between black hat, white hat, and gray hat hackers? Here’s what you need to know. 

When you think of a hacker, you might picture someone eager to load your laptop with malware or maybe a shadowy figure locking up the computers of your town's government offices and then demanding a ransom to unfreeze them.

Or maybe you imagine cybercriminals who steal the bank account, credit card, and Social Security numbers of thousands of victims, selling this information on the dark web. 

If you do, you're picturing what are known as black hat hackers. These are the cybercriminals who generate headlines with ransomware attacks, steal information from companies and governments, and create data breaches that expose the credit card information of consumers.

But not all hackers wear a “black hat.” 

Some — known as gray hat hackers or white hat hackers — aren't seeking to hurt others with their hacking skills. Instead, they might work with companies and governments to find security flaws in their computer networks. Or, if they do access vulnerabilities in these computer systems, they might report them to their owners, and then expect to be paid for their efforts.

What are the differences between black hat, gray hat, and white hat hackers? Read on to find out.

What is a black hat hacker? 

Like all hackers, black hat hackers usually have extensive knowledge about breaking  into computer networks and bypassing security protocols. They also create malware,  programs that allow them to gain access to computer networks, spy on victims’ online activities, or lock the devices of their victims. 

Black hat hackers are typically out for personal or financial gain, but they can also be involved in cyber espionage or protest. Some might be addicted to the thrill of  cybercrime.

Black hat hackers can range from amateurs getting their feet wet by spreading malware, to experienced hackers who steal data, specifically financial information,  personal information, and login credentials. Many then sell this information on the dark web. Other hackers not only steal data, they modify or destroy data, too.

Black hat hackers at work

Black hat hackers are the ones behind those big data breaches that make headlines each year. In a data breach, hackers steal the personal and financial information held by large companies or governments, including the credit card, log-in and Social Security number of consumers, patients or constituents.

These hackers can then publish this information to embarrass a corporation or government body, sell it on the deep web, or blackmail companies, agencies, or individuals.

According to the Identity Theft Resource Center's 2021 Data Breach Report, the United States saw 1,862 data breaches in 2021, a record high.

Data breaches have long been on the rise. In perhaps the biggest ever, black hat hackers breached Yahoo and stole 3 billion customer records from 2013 to 2014. And in October of 2016, hackers stole more than 412 million customer records from adult website Adult Friend Finder. National credit bureau Equifax was also the victim of black hat hackers when a data breach exposed more than 145 million customer records from May through July of 2017.

What is a white hat hacker? 

White hat hackers are also skilled at breaking into networks and exposing vulnerabilities in the computer systems of major retailers, government agencies,  healthcare providers, and corporations. But these hackers use their powers for good  rather than evil. Also known as “ethical hackers,” white hat hackers can be paid  employees or contractors working for companies as security specialists that attempt to find security holes via hacking. 

White hat hackers employ the same methods of hacking as black hats, with one  exception — they do it with permission from the owner of the system first, which  makes the process completely legal. White hat hackers perform penetration testing,  test existing security systems, and look for vulnerabilities in companies' computer  systems. There are even courses, training, conferences, and certifications to teach people the basics of ethical hacking. 

White hat hackers at work 

There are plenty of white hat hackers working to help companies and government  agencies protect themselves from cybercriminals. Charlie Miller is a good example. He earned his hacking credentials by finding vulnerabilities at Apple. He has worked as a white hat hacker for the U.S. National Security Agency.

Jeff Moss is another well-known white hat hacker. He served on the U.S. Homeland Security Advisory Council for the administration of President Barack Obama and co- chaired that council's Task Force on CyberSkills. 

What is a gray hat hacker? 

As in life, there are gray areas in the hacking world that are neither black nor white.  Gray hat hackers operate somewhere between the extremes of their black hat and  white hat counterparts. They don't necessarily want to cause pain or steal from their  victims, but they often hack into their targets' networks to look for vulnerabilities in      a system without the owners' permission or knowledge. 

And if they find these vulnerabilities? They will report them to the owner, but they often request a fee to fix the issues they find. If the owner does not respond or comply,  sometimes these hackers will post the newly found vulnerability online for the world  to see. 

These types of hackers may not be inherently malicious; they’re just looking to get  something out of their discoveries. Usually, gray hat hackers will not exploit the vulnerabilities they find. They won't steal and leak the financial information that  retailers have collected on their customers, for instance. However, this type of hacking  is still considered illegal because the hackers don't receive permission from the owners before attempting to attack their systems.  

Gray hat hackers at work

Khalil Shreateh is one of the better-known gray hat hackers. In the summer of 2013, he  hacked the Facebook page of company founder Mark Zuckerberg. Why? To force  Facebook to correct a flaw that allowed him to post to the Facebook pages of other  users without their consent. Motivated by Shreateh's hack, Facebook fixed this vulnerability.

How to stay safe from hackers 

You can't eliminate the threats of hackers completely. If a black hat hacker exposes the data collected by your favorite department store, your information might end up on the dark web, no matter what you do.

But you can take some steps to at least reduce the risks that hackers will access your personal and financial information. 

Limit how much information you provide others 

There are times when you can't avoid giving away personal information. If you sign your children up for your local school district, for instance, you'll have to provide plenty of information about yourself. But there are other times when you can be more judicious.

Your dentist office might ask for personal information when you sign up to be a patient. You don't have to provide everything they ask for. There's no reason for your dentist to know your Social Security number. Let your dentist's office know that you're not comfortable giving up that much information.

Do the same at stores. A cashier might ask you for your phone number when you're making a purchase. Don't provide it. And consider avoiding signing up for department store credit cards. Most of these cards are unnecessary — credit cards offered by banks and other financial institutions typically provide better interest rates and rewards programs — and by not signing up for them, you won't provide these retailers with your most personal information. 

Check your online financial accounts regularly 

You can’t always prevent your personal and financial information from being exposed. But you can track your online credit card and bank accounts to make sure no one is  making unauthorized purchases through them.  

Check these accounts regularly. And if you find suspicious transactions — perhaps made by a cybercriminal who stole or purchased your personal information  — call your credit card providers and financial institutions immediately. You can usually receive a full refund from fraudulent purchases made with your credit card  information if you act quickly enough.  

Order your free credit reports 

The three national credit bureaus of Experian, Equifax and TransUnion all maintain credit reports on you, reports that list your current and past credit card accounts and loans. Order these reports regularly from AnnualCreditReport.com  — you can order your reports from each bureau once a year at no cost during normal  times and once a week during the COVID-19 pandemic until at least April 22, 2022 —  and read them carefully.

If you find credit card accounts and loans that you don’t remember taking out, it’s likely that a scammer has used your information to open these accounts in your name.  Immediately contact the bureaus and the financial institutions behind these accounts.

Freeze your credit 

You can also freeze your credit with Experian, Equifax, and TransUnion to protect yourself from identity theft. When your credit is frozen, lenders can’t check your credit. If someone pretending to be you applies for a credit card or loan in your name, they won’t be able to proceed with the application, preventing them from opening that fraudulent account or taking out that loan. 

Freezing your credit is free, but you will have to do it at all three credit bureaus. Simply  log onto the home pages of Equifax, Experian, and TransUnion and find their credit- freeze pages. Remember, if you do want to apply for a credit card or loan, you’ll have to unfreeze your credit first. You can then freeze it again after you’ve received approval for that loan or credit card. 

Frequently Asked Questions (FAQs) 

What is a black hat hacker? 

Black hat hackers are usually out for personal or financial gain. In other cases, they can  be involved in cyber espionage or protest. Some might be addicted to the thrill of  cybercrime.

What is a gray hat hacker?

Gray hat hackers don't necessarily want to cause pain or steal from their victims, but they often hack into their targets' networks to look for vulnerabilities in a system without the owners' permission or knowledge. Gray hat hackers will report the vulnerabilities to the owner, but they often request a fee to fix the issues they find. 

What is a white hat hacker?

Also known as “ethical hackers,” white hat hackers can be paid employees or contractors working for companies as security specialists that attempt to find security holes via hacking. White hat hackers are skilled at breaking into networks and exposing vulnerabilities in the computer systems of major businesses, government agencies, and other large organizations. 

Is gray hat hacking illegal? 

Gray hat hackers typically will not exploit the vulnerabilities they find. They won't steal  and leak the financial information, for example. Even so, this type of hacking is  considered illegal because the hackers don't receive permission from the owners before attempting to attack their systems.

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.