Published Mar 21, 2022Updated Jul 17, 2023
Contribute to Docs

Hacking involves using technical skills to break into computer systems and access sensitive data. By itself, hacking is neither “good” nor “bad”. It depends on many factors, including the intentions of the hacker.

Types of Hackers

Hackers can be split into three distinct types: black hats, grey hats, and white hats.

Black Hat Hackers

These are the hackers that are notoriously regarded as “the bad guys” that infiltrate systems either for personal gain or to impress other hackers. Generally, a black hat hacker uses malware, viruses, and ransomware attacks to do the following:

  • Steal credit card and/or bank account information.
  • Leak sensitive information to the public.
  • Take one company’s sensitive data and give/sell it to another.
  • Steal large amounts of personal information and sell it to third parties.
  • Cripple a company’s computer system by taking control of it and then holding it for ransom.
  • Steal and sell the login information of large amounts of users.

Grey Hat Hackers

Grey hat hackers also commit malicious digital acts, but on a relatively smaller scale. They will still usually hack a system for personal gain or respect. The sort of actions a grey hat hacker may take include:

  • Attacking and identifying vulnerabilities within a system.
  • Reaching out to offer their help (for a fee) without explaining the underlying issue(s).

This puts system maintainers in a tough position as to whether it would be wise to accept the hacker’s assistance with little to no information.

White Hat Hackers

White hat hackers hack for the benefit of others, particularly organizations trying to discover (and close) security vulnerabilities in their system. They always obtain permission before penetrating an organization’s system. Also known as “ethical hackers”, many white hat hackers carry a Certified Ethical Hacker (CEH) qualification.

A white hat hacker will normally engage directly with a company and listen to their concerns. Next, they will attempt to hack areas of their network to spot weaknesses. After they finish, they provide a report to the company and potential next steps.

Generally, white hat hacking involves:

  • Testing the strength of firewalls meant to detect malicious activity.
  • Finding vulnerabilities in the codebase of web applications.
  • Discovering weaknesses in databases that could leave a company susceptible to SQL injections, which target database codes and structures.
  • Checking if an organization is resilient against cyber attacks such as distributed denial of service (DDoS) attacks.
  • Seeing how well a company can recover after a ransomware attack.
  • Testing backup systems for vulnerabilities.

Protection From Hacking

While not a 100%-guarantee, steps can be taken to protect against malicious hacks, including:

  • Creating complex, hard-to-guess passwords for all online accounts.
  • Never leaving login credentials exposed in a public place.
  • Using password protection for all devices.
  • Avoiding public Wi-Fi networks, such as ones at coffee shops or airports, because they have lax security measures.
  • Connecting to services with a VPN, which encrypts all data you send and receive while connected.
  • Using an internet firewall to help filter out malicious data.
  • Learning to recognize and avoid phishing attacks and other types of social engineering.
  • Only installing software from trusted sources.
  • Avoiding websites that might host malicious code.

Hacking Tools

Learning how hackers think, as well as the tools they often use, can be invaluable. This involves the following programming languages and tools:

All contributors

Looking to contribute?

Learn Cybersecurity on Codecademy