In the security world, hackers are categorised into three (3) main groups Black hats, Grey Hats, and White Hats. Black Hats are considered as criminals, hacking systems without permission and with malicious intentions. Grey Hats are considered Hybrids, dabbling with hacking without permission but with good intentions to help their targets and the community become more aware of security weaknesses. White Hats are considered the Good guys who typically work directly with organisations to test and improve their overall security posture and do not get involved with illicit activities.
Let’s look at the typical problem, Compromises. The biggest issue in security is not vulnerabilities; it’s about people with malicious intentions when they find vulnerabilities.
Now let’s hypothetically think about three (3) different worlds.
World # 1 – The Dark World
In world #1, vulnerabilities are not exploited for malicious intentions and we don’t have to worry about a constant Panic from being hacked. what would be the motivation for people to write secure code and perform due diligence to treat people’s information as sensitive if they don’t believe there is a consequence waiting for them when they don’t. Also in this world privacy and security professionals slack off because no one wants to misuse their poor efforts and weak implementations.
In world # two developers are motivated to write secure code because people with malicious intentions (Black Hats and malicious users) are looking for those opportunities to exploit vulnerable code or weak security practices. This is the world we currently live in where black hats, an ever-growing number of unethical hackers, are hard to maintain. Black hats are rewarded with significant amounts of money from their digital theft, little to no jail time by evading discovery from investigations, and popularity internationally when a large hack or breach occurs. White Hats walk the straight line, work within time constraints, try very hard to abide by regulatory and legislative stipulations. Additionally, White Hats battle with society and management for funding and for respect.
World number three is the world I would like to live in. In this world, security is a proactive process and vulnerabilities are consistently reported, investigated and fixed without the priority of exploitation to prove a point. Hackers are only praised if their work contributes to good and people don’t care about how great you are if it doesn’t help the world become a better place.
My trailing thoughts
I’m not pleased by how skilled a Hacker is at finding vulnerabilities, evading detection, or how widespread their compromise was. If what a hacker is participating in does not intend to better the world then they are not that great after all.
I am a promoter of White Hats and ethical professionals across every area of Information Security, the wider ICT, and personal life. Much respect if you’re contributing positively to the community.