Hacking involves using technical skills to break into computer systems and access sensitive data. Even though hackers have been around for decades, with our increasing reliance on data and technology, they’ve been playing a far more significant role in recent years.
Still, hacking isn’t always a bad thing. There are good hackers, too, and you could become one. In our free Introduction to Ethical Hacking course, you’ll learn about how hackers can use their skills to help companies improve their cybersecurity measures by identifying vulnerabilities.
Ahead, we’ll explore the different kinds of hacking, how to protect yourself against malicious hacking, and how you can hack to help companies improve their systems.
The different types of hacking
There are three basic categories of hackers: black hat, gray hat, and white hat.
What is a black hat hacker?
Black hat hackers are the bad guys. They infiltrate systems without asking for permission, and they do it for personal gain or to sabotage a system.
When not motivated by greed, black hat hackers often hack to impress other hackers in their communities. When they penetrate a system known to have tough defenses, they earn the kudos of other hackers. Their skills can also earn them a spot within a team of hackers that exploit vulnerabilities to steal information for profit.
Generally, a black hat hacker programs malware, viruses, and ransomware attacks to:
- Steal identities
- Steal credit card information
- Steal money from bank accounts
- Leak sensitive information to the public
- Take one company’s sensitive data and give it to another
- Steal large amounts of personal information and sell it to third parties
- Cripple a company’s computer system by taking control of it and then asking for money in exchange for giving them control again
- Steal and sell login information
What is a gray hat hacker?
Gray hat hackers may not be malicious, but many consider their practices to be less than ethical. The typical gray hat hacker is, like black hat hackers, out for respect or monetary gain.
Here’s the kind of playbook you can expect from a grey hat hacker:
- The hacker attacks your system and finds a vulnerability.
- They reach out and inform you of your system’s weakness without going into the detail you’d need to fix the problem.
- They then offer to fix the problem with your network for a fee.
This leaves you with a difficult decision. Do you reward the hacker’s shady tactic by paying them to fix the problem, or do you reject their offer on principle but leave the vulnerability in place? If you reject their offer, you may also be left wondering what other vulnerabilities exist in your system.
What is a white hat hacker?
Hackers can also provide crucial cybersecurity services to defend companies from these kinds of attacks. In this way, a hacker — specifically a white hat hacker — can be a powerful resource.
A white hat hacker hacks for the benefit of others, particularly organizations trying to discover (and close) security vulnerabilities in their system. The biggest difference between a white hat hacker and a black hat hacker is a white hat hacker always obtains permission before penetrating someone’s system. A black hat hacker invades a system without asking.
A white hat hacker will typically engage in a normal business meeting with a company and listen to their concerns. Then, they’ll attempt to hack areas of their network to reveal its weaknesses. After they finish, they provide a report to the company and potential next steps.
Generally, white hat hacking involves:
- Testing the strength of firewalls meant to detect malicious activity
- Finding vulnerabilities in the coding of web applications
- Discovering weaknesses in databases that could leave a company susceptible to SQL attacks, which target database codes and structures
- Checking if an organization is resilient against distributed denial of service (DDoS) attacks
- Seeing how well a company can recover after a ransomware attack
- Testing backup systems for vulnerabilities
Check out our Introduction to Ethical Hacking to learn more about the tools and strategies white hat hackers use to evaluate a company’s cyber defenses.
How to protect against malicious hacking
It’s difficult to protect against malicious hacking 100% of the time, but there are some steps you can take. For example, you can:
- Create complex, hard-to-guess passwords for all your online accounts.
- Never leave login credentials lying around for someone to steal.
- Use password protection for all your devices.
- Use different, complex passwords for every account you have online.
- Avoid logging into public networks, such as those at coffee shops or airports, because they have lax security measures.
- Connect to services where you have to enter private information using a VPN, which encrypts all data you send and receive while connected.
- Use a firewall when connected to the internet. Firewalls help filter out malicious data, protecting you and your devices.
- Learn to recognize and avoid phishing attacks and other types of social engineering.
- Only install software from trusted sources.
- Avoid websites that might host malicious code.
Jobs that involve hacking
As we explained, white hat hackers use their skills to benefit companies and public organizations. A white hat hacker can perform jobs like:
A Penetration Tester is someone that a company hires to try to hack either their general network or a specific element of it.
For example, say a company is concerned about how easy it would be for a business partner to get inside their network. They can hire a Penetration Tester and give them the kinds of credentials a strategic partner may be granted. The Penetration Tester will then try to do one or more of the following:
- Access sensitive information
- Hack into web applications
- Access private databases
- Escalate their privileges to gain unauthorized access to an area of the network
Hackers hired to do software testing will often be given a completed version of a software while it’s still in development. They’ll then be asked to try to hack it, and when they’re done, they provide written feedback to the dev team.
A hacker may also be hired to test a specific element of the application early on in the development life cycle. In this way, the hacker helps the company avoid accidentally coding in vulnerabilities.
Overall cybersecurity readiness testing
Suppose a company has purchased the services of a managed security provider, has all their hardware and software in place, and has installed a full suite of antimalware. They may then turn to a hacker to have them evaluate their system.
The hacker wouldn’t just try to penetrate it but also give advice — from a hacker’s perspective — on how to improve the company’s cyber defenses.
Cybersecurity testing for a managed security service provider (MSSP)
Some companies don’t want to go through the trouble — or invest the funds — in establishing an in-house cybersecurity defense team. Instead, they hire an MSSP, or managed security service provider, that gives them what they need to protect their on-premise and cloud-based digital resources.
As a hacker, you can work for an MSSP, giving them a perspective they couldn’t get from a regular Cybersecurity Admin.
While working for an MSSP, you may be called in to work as a consultant on an as-needed basis, or they may hire you and present your skillset as part of the package they offer to their clients.
Government Cybersecurity Specialist or hacker
Because governments are constantly trying to hack each other, many have teams of hackers on their payrolls. In this position, you may be asked to hack into sensitive areas of another government’s system.
You could also be tasked with testing various government-managed systems or those that support crucial infrastructures, such as water systems or power grids.
Getting started with hacking
If you’re interested in becoming a white hat hacker — or if you’d like to get familiar with the tools hackers use so you can stop them — check out our free Introduction to Ethical Hacking course. Then, learn how to use the tools for the trade in the courses below:
Need more job prep? You can also take courses like our Fundamentals of Cybersecurity and Fundamentals of Cyber Resilience and Risk Management to learn more about the technical aspects of cybersecurity and the systems hackers tend to target.