What are white hat hackers?
White hat hackers use their skills to protect computer systems and networks from cyberattacks They use the same, wide-ranging methods as black hat hackers for identifying weaknesses in systems and networks.
What is a white hat hacker?
Most ordinary people think of hackers as people who sit behind a hidden computer screen and try to access systems and networks of individuals, organisations, authorities and companies with the intent to destroy them or steal private information. This isn’t completely untrue as there are criminal hackers, of course. But it does a disservice to the large amount of people who use their hacking skills for good. Hackers who hack into a system with the agreement of the owner and without any bad intentions, are called white hat hackers. They play an important role in the fight for more online security.
Although the words ‘black’ and ‘white’ in this context aren’t normally considered racist, they do imply a colour binary that could be misunderstood as racist.
Their name comes from the old wild west films. In these westerns, the good guys were recognisable from their white hats. This name was then passed to white hat hackers. The results of their work, which is also regularly called ethical hacking are then given to their ‘victims’. White hat hackers exploit security gaps to gain access to networks and systems. If they manage to do so, they will tell their employer so that these open doors can be closed. This helps avoid downtimes and data theft as well as reduces the chances of black hats causing any damage.
What type of white hat hackers are there?
The intentions and the processes used by white hats vary. While some dedicate their time for free to benefit online security and use their knowledge as well as their skills for good, others have made hacking their job. Companies and organisations hire white hat hackers to thoroughly test their own systems. If the hackers find any problems with the security, they can be properly and promptly addressed. If the hacker is unable to access confidential data, it is more than likely protected from criminals who use the same methods to access a secure system.
What methods do white hat hackers use?
The methods which white hat hackers use are varied and can depend on the client and the security architecture. The most well-known processes used by white hat hackers, with the understanding of their clients, are detailed below:
Penetration tests
With penetration testing, networks or individual computers are checked for weak spots. White hat hackers will try to find an entry door into an entire system.
Social engineering
Security in a data centre isn’t just about the computers contained within the data centre. Errors caused by humans can also cause significant gaps in security. With social engineering, white hat hackers test employees by sending them malware or pushing them to send confidential data. The reaction of such employees can then be analysed and any problems noted can be fixed.
Software
By using a range of programs and tools, white hat hackers can attack systems and find weak points with the permission of the operating system. Sometimes companies will also tender white hat hackers to attack their systems and offer a prize for anyone who, for example, can get around different cloud access security measures.
Honeypots
Honeypots, are nodes put down by white hat hackers to draw in criminal hackers. This allows them to be exposed or, at the very least, put off. This tactic is particularly useful if you want to study and understand the methods used by other hackers trying to get into the system and then close any gaps with more security measures.
White hat hackers, black hats and grey hats
It’s very easy to say to that for every villain, there’s a hero. However, one look at the hacker collective Anonymous and it quickly becomes clear that the reality is not always black and white. While most people look at the collective as a group of activists, others see their methods as criminal. Alongside white hat hackers, there are two other groups of hackers: black hats and grey hats.
Black hats
Opposite to the white hat hackers, you have black hat hackers. Named after the antagonists in old westerns who donned black hats, hackers in this group use gaps in security to access sensitive data or bring down a system. They do this for their own benefit and the hacking they do is illegal. Black hats blackmail companies, steal and sell data, or take down infrastructure. They represent, therefore, the negative image that many people have about hackers. Some black hats, though, justify their actions for ideological reasons, nevertheless the methods that they use are still illegal. White hats predominantly work to protect systems from black hats.
Gray hats
The world isn’t black and white and the same applies to hacking. Gray hat hackers are a mix of white hat hackers and black hats. While they do use illegal methods to gain access to systems without being asked, they don’t steal anything. Instead, they inform the operator of the gaps. While some grey hats act for the common good, others use their skills simply to show off or gain notoriety. Targeted companies as well as white hats are mostly critical of grey hats since they operate illegally and without being asked.
Famous white hat hackers
There are many white hat hackers worldwide, in particular, because they have turned legal attacks on a network into a lucrative job. Among the most famous white hat hackers are:
Sir Timothy Berners-Lee
Timothy Berners-Lee is the founder of the world wide web and today teaches at MIT and Oxford University. He is a champion of internet security and white hat hacking.
Dan Kaminsky
Dan Kaminsky was a well-known American security researcher who, among other things, discovered an entry point to the DNS protocol. Kaminsky was one of the cofounders of Human Security (originally White Ops) and received a lot of contracts as a white hat hacker. He died in 2021 from diabetes.
Charlie Miller
Charlie Miller became famous after winning the hacking competition at the Pwn2Own conference, later discovering weak spots in Apple products. He worked for the NSA and in 2014 managed to crack the electronic system of a Jeep Cherokee.