The Different Types of Hackers | Types of Online Criminals Series

Robert BuheckerCybersecurity and Vulnerabilities

Hacker Types Differences

A Guide To The Different Types of Hackers

Hacking and hackers have inspired Hollywood movies like 1983’s “War Games” and the 1995 Angelina Jolie film, “Hackers.” For many, these Hollywood movies were the first introduction to the word hacking, and what computer hacking is. However, the digital landscape changed drastically since the 80s and early 90s. Now, hacking is a broad term that encompasses everyone from social activists (hacktivists) to full-time penetration system testers and cybercriminals.

In the first post in our guide to cybercriminal blog series, we discuss the differences between phishers and hackers. Their methods are a less direct connection, and more behind the scenes. If you are not familiar with hackers, there are roughly six different types and they are defined by a color code and hats.

Contact Us Now

The Hat Colors And What They Mean

Based on the roots of the old western movies, cowboys used to wear either a white hat or a black hat. The white hat would represent if it was a good cowboy while the black hat meant the villain. This is the same type of system used to define hackers.

White Hat — A whitehat hacker is a digital security specialist paid by a company or organization to break into a protected system to test and assess their network security. White hat hackers use their skills to improve their client’s overall security through penetration testing. This allows for a company or government organization to identify the risks in their systems and fix them before a lethal third party exploits it.

Black Hat — Black Hat hackers penetrate various computer systems and networks with malicious intentions. These intentions almost always include personal financial gain. These types of hackers can range from teenagers looking to spread viruses to a network of criminals who steal credit card information. Unlike a white hat hacker, their intentions are sinister.

Gray Hat — A gray hat hacker is not a paid employee or contracted hacker. Instead, a gray-hat hacker enters a protected system to find vulnerabilities. Once the vulnerabilities are found they will alert the company or organization and ask for a sum of money. However, it is possible that a gray hat hacker will put the vulnerabilities online and expose the system to other hackers. Some of their actions might cross legal and ethical lines.

Blue Hat — This specific type of “hacker” isn’t much of a hacker but more of an employee of Microsoft. A blue hat hacker is someone who is at an outside computer security consulting firm. These hackers will bug test a system. The term blue is also known as a security professional that Microsoft hires to find vulnerabilities in windows. The unofficial name is due to the blue badge that Microsoft employees wear.

Red Hat — There is some debate about what a red hat hacker is, which means there are two definitions for it. The first definition is that red hat hacking is not hacking at all. Rather, Red Hat is a software company that designs open source components for the Linux operating system.

However, the other definition is someone who is similar to a white hat hacker, but more vicious in their retaliation attempts. For example, the red hat hacker is considered to be the vigilante of the digital world by stopping a black hat hacker, then, targeting the black hat’s computer, and shutting it down, or cracking it.

Green Hat — Green hat hackers are typically new to the hacking game. Otherwise known as a “newbie.” Since they are new to the game but want to fully explore the hacking work, they will ask many questions and receive a lot of flack from the hacking community. Since they are new, they might cause more damage to a system than they intended or know about and will not know how to fix it.


Ethical hackers will continue to help shape the future of cybersecurity and help companies and organizations stay ahead of a cybersecurity problem. However, unethical hackers can continue to thwart good people and expose their systems and leak their information. Fortunately, SecureForensics can help you with data breach incident response, malware, and more. Call us for a free phone consultation at 1-800-288-1407.