Black hat vs white hat

01 May 2017

What does it mean? 

There are two types of hackers: white hats and black hats. 

Black-hat hackers are the bad guys. These are hackers looking for vulnerabilities that enable criminals to break into systems and steal data, credit card details, intellectual property and passwords. 

White hats are the good guys. Also known as ethical hackers, these are essentially security researchers who look for vulnerabilities in software, usually motivated by the desire to expose flaws and improve cyber security. 

White-hat hackers can also be employed or contracted by an organisation to carry out penetration testing and to look for flaws in their cyber security. They may also work unsolicited, informing the vendor of a vulnerability, potentially in return for a fee such as those provided in some companies’ “bug bounty” programs. 

For example, security researchers showed it was possible to remotely hack and take control of a Jeep Cherokee via its digital systems. Fiat Chrysler later recalled 1.4 million vehicles in order to patch the software. 

Why you should care?

Not all hackers are created equal. Somewhere in between black and white are the grey-hat hackers. 

Grey hats are controversial. While they do not have a malicious intent, grey hats may violate laws or ethical standards, while many white hats were once on the dark side. 

Some firms of grey-hat hackers sell vulnerabilities to repressive regimes or to intelligence agencies that could use them to spy on individuals. For example, in 2016 the FBI paid hackers for a zero-day vulnerability that enabled them to hack into an iPhone belonging to the terrorist behind the San Bernardino mass shooting. Days later, the FBI helped prosecutors in Arkansas hack an iPhone in a murder trial. 

White-hat hackers are in demand as companies look to identify weaknesses and plug gaps in cyber security. Reportedly, they can earn between USD 500 and USD 100,000 if they find a significant flaw. 

But there are ambiguities and risks. For example, ethical hackers may use questionable or illegal actions to fend off a distributed denial-of-service (DDoS) attack. Hackers could also unintentionally disclose information to other parties, or they could cause damage if negligent.

Download Cyber Decoder

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on



Find out more

Read our Cyber Risks & Insurance Insights

Read more

Receive our monthly cyber risk newsletter