In our last blog post, we talked about some of our security services and how thoroughly we can test your business for cyber weaknesses. One of the terms we used in that was ‘White Hat Hacker’, to describe ourselves. Now it might seem odd to refer to a high level cyber security company as ‘hackers’ but in reality, that’s exactly what we do in order to provide you with the best service possible. You see, ‘White Hat hackers’ are just one type of hacker out there and they are the only ones who aren’t dangerous to your business. To illustrate, here’s what each type of hacker ‘Hat’ does:
Script Kiddies don’t really care about hacking into systems and stealing things. They simply copy code and use it for a virus, SQLi or something else. Script Kiddies will never hack for themselves, they will just download some overused software (such as LOIC or Metasploit) and watch a YouTube video on how to use it. A very common Script Kiddie attack would be a DOS (Denial of Service) or DDOS (Distributed Denial of Service), where they flood an IP with so much useless information that it collapses, preventing other people from using it.
White Hat hackers are also known as ethical hackers, and they’re the good guys of the hacker world. They help you remove viruses, perform pen tests and generally help people understand where their vulnerabilities are and fix them. Most White Hat hackers will hold some form of computer or security related qualification, and often pursue careers in hacking and cyber security. They love the challenge of finding the holes but have no interest in doing anything with them. There are even a number of qualifications specifically for them – Offensive Security Certified Professional (OSCP), CREST Certified Infrastructure Tester and CREST Certified Application Security Tester.
Black Hat hackers, or ‘crackers’ are the types of people you often hear about on the news and from businesses trying to sell cyber services. They find banks and big companies with weak security systems and steal credit card information, confidential data or money. Their methods are varied but actually fairly basic most of the time.
As with everything in this world, nothing is just black and white. Grey Hat hackers don’t steal information or money like Black Hat hackers (though they may sometimes deface a website for fun), nor do they help people out like white hack hackers. Instead, they spend most of their time just playing around with systems, without doing anything harmful. This type of hacker actually makes up most of the hacking community, even though Black hat hackers garner most of the media’s attention.
Green Hat hackers are the babies of the hacker world. They are new to the game and mainly use script, like Script Kiddies, but they have aspirations of becoming full blown hackers. They are often found asking questions of fellow hackers and listening with childlike curiosity.
Red Hat hackers are the vigilantes of the hacker world. They’re like white hats in the sense that they put a stop to Black hat attacks, but they are downright scary in how they do it. Instead of reporting the malicious hacker they find lurking inside a business, they shut them down by uploading viruses, DoSing and accessing their computer to destroy it form the inside out. Red hats use many different aggressive methods to force the cracker out and potentially even kill their computer. The good news is, businesses don’t need to worry about these.
And finally, we have the Blue Hat hackers. If a Script Kiddie ever took revenge, he would become a Blue Hat Hacker. Blue Hat hackers will seek vengeance on anyone who has made them angry. Most Blue Hat hackers are fairly new to the hacking world, but unlike green hats they have no desire to learn.
So hopefully that clears a few things up, and gives you a bit of an insight into the world of hacking in all of its colour. At Bridewell, our job as White Hat hackers is to keep all of the other hackers out of your business by identifying weaknesses and shoring them up, protecting you, your clients and your data. For more information or to enquire about out security testing process, get in touch with us today.