SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
DRS CEO: “There are 3 groups of hackers: black, grey and white.”
Wed, 12th Jul 2017
FYI, this story is more than a year old

Most of us get a mental image of an anonymous, hooded figure, bent over a computer in some dark recess of the web when the word hacker is mentioned.

However, not all hackers are bad.

This is according to Robert Brown, the CEO of Dynamic Recovery Services (DRS), an ICT services and solutions provider based in South Africa.

Brown says the word ‘hacker' can be used to describe anyone, who, regardless of whether their intentions are good, bad or nebulous, uses their programming or computer skills to break down or bypass security measures on a PC, device or network.

“Hacking per se is not illegal unless the perpetrator is compromising a system without the owner's knowledge or consent.

Many organisations, both private and public sector, employ hackers to help them identify holes in their systems,” he says.

According to Brown, hackers are usually divided into three groups, black, grey and white, depending on their intentions.

“The villain was always seen in a black hat, the hero in a white.

Black and white hats distinguish themselves in two ways, the nature of their intentions, and whether or not they are transgressing any laws.

White hats are hackers who use their technical abilities and skills for good.

They are called ethical hackers, and are often employed by governments and other organisations to help to find security flaws in their systems.

They will try and break into an organisation's system, as this is the most effective way of pinpointing any vulnerabilities.

“The main difference is that white hats do this with the full knowledge and consent of the organisations they are hacking,” he says

He maintains that the process is 100% legal, and penetration testing is recognised as a necessity among security practitioners and organisations alike.

“They perform vulnerability assessments, test the existing systems, and try to get in.

Because they have the skills and can think like hackers, they are best equipped to know what methods bad hackers will use to breach a business.

Black hat hackers he says, can be financially motivated, hacking into a business for monetary gain, either by stealing banking details and logins, credit card numbers and suchlike, or proprietary information that can be sold to competitors. Some hack to satisfy their egos or gain recognition from their peers.

We also see hackers who are motivated by ideology.

These ‘hacktivists' breach systems for social or political reasons, often aiming at exposing wrongdoings and corruption, using hacking as a way to demonstrate their dissatisfaction with powerful businesses and governments who's views differ from their own.

And grey hats.

“They operate in the murky waters that are neither white nor black.

They will seek out vulnerabilities and flaws in a system without any prior consent or even knowledge of the owner. Should any be found, they will report them to the system owner and ask for a fee in order to resolve the problem," he says.

Should payment not be forthcoming, they often post the vulnerability on the web for all to view.

“Grey hats are not necessarily motivated by malice, they are just looking for a payday for their efforts.

They don't usually exploit the vulnerabilities they find, but irrespective of this, their activities are still viewed as illegal, and frowned upon, because they did not get permission before hacking the organisation," he concludes.