White, black, gray hat hackers: What’s the diff?

Jodesz Gavilan

This is AI generated summarization, which may have errors. For context, always refer to the full article.

White, black, gray hat hackers: What’s the diff?
The motivations of hackers distinguish them from each other

MANILA, Philippines – Hacking is nothing new to Filipinos.

Two recent scandalous incidents – the Bangladesh Bank heist and the Commission on Elections (Comelec) data leak – both involved hacking and are among the many times systems in the Philippines were broken into.

It’s the motives of hackers that differentiate one incident from another. Some just want to test systems, while others aspire to make money out of their hacking skills.

Get to know the hackers’ world a little better, and if you’re one of them, decide which category you want to belong. 


Contrary to what most people think, hacking is not just about stealing information. Some hackers stage attacks and challenge systems to prevent an entity or organization from being victimized further.

A white hat, according to TechTarget, refers to someone who hacks, not to take advantage, but to test the strength of entire systems and securities deployed. These types of hackers also identify vulnerabilities so appropriate defensive or corrective action can be made.

FOR GOOD? White Hat hackers usually just test the system in place.

Companies even hire this type of hackers from cybersecurity groups to test their systems and determine whether or not a breach is possible.

Hacking, in this context, is deemed both a necessity and a risk. Certifications and qualifications are needed for a person to practice white hat hacking “professionally.”  

Examples of these are the CNSS 4011 of the United States National Security Agency and the Certified Ethical Hacker (CEH v9) qualification from the International Council of E-Commerce Consultants (EC-Council).


The word “hacking” is often associated with cybercriminals and invasion of privacy. This is not completely without basis especially when dealing with black hats.

A black hat is the complete opposite of someone who practices white hat hacking. Black hats use their deep knowledge of computer networks and hacking for “unethical” reasons.

Also known as crackers, these hackers breach into systems with malicious intent. They often engage in cybercrimes and are interested in stealing personal and classified information used for various purposes which include making a profit or earning bragging rights, or both. 

Black hats who steal personal information from personal or government websites often sell the data they obtain in black markets on the Internet or the “dark web”. They’re sometimes sold in bulk and priced per record. According to information security expert Rene Jaspe, co-founder of local information security consulting company Sinag Solutions, each personal record can be sold from $1 (P46)* to $3 (P138). 

Running after the black hats and their buyers remains a challenge for authorities as these online markets contain stolen data encrypted in such a way that make it difficult for authorities to quickly trace perpetrators.

Other cybersecurity experts said hackers from Russia are interested in financial transactions, while those from China engage in “industrial” or “nation-state espionage”. The data infrastructure of energy companies and telcos are common targets of the Chinese hackers, they said.

FOR PROFIT. Black Hat hackers usually breach and steal data to sell.

The data, once sold, can be used for criminal activities. According to TrendMicro’s 2015 analysis of data breach records from 2005 to 2015, personally identifiable information (PII) and financial data were the most stolen records by black hat hackers. These data can be used in committing identify fraud, creating fictitious accounts, or worse, stealing money.

The latest Comelec data leak by LulzSec Pilipinas, according to information security experts, could result in “massive identity theft by preying criminals.” (READ: Experts fear identity theft, scams due to Comelec leak)

Although some parts of the leaked data were encrypted, a Rappler source pointed out nothing can stop a hacker from selling unencrypted data in the black market.

The international hacking group LulzSec is described as the “extreme offshoot of Anonymous”, which engages in hacking to push an advocacy. 

The Bangladesh Bank hackers fall under the classification of black hats because they knowingly broke into the bank’s account in the Federal Reserve Bank of New York and funneled millions of dollars out of the banking system into Philippine-based banks and casinos. (READ: TIMELINE: Tracing the $81-million stolen funds from Bangladesh bank)

The Bangladesh government has enlisted the help of the United States Federal Bureau of Investigation (FBI) in identifying the hackers and is waiting to recover funds from the Philippines’ Anti-Money Laundering Council (AMLC). Casino junket operator Kim Wong has turned over a total of $9,800,595.50 (P451,978,962) to AMLC.


Gray hats combine the intent and skills of both black hat and white hat hackers.

Just like ethical hackers, they hack into a system to point out vulnerabilities. However, like black hats, they do this anonymously and usually without the permission of owners.

Gray hat hackers do not take advantage of the identified vulnerabilities, instead choosing to inform the owners once they are done. At the very least, they ask for a small payment to fix the problem and to prevent further breaches into systems.

MIX. Gray Hat hackers are a mix of Black Hat and White Hat.

However, according to security software provider Symantec, there are some gray hat hackers who post hacked information online if they are not paid by the system owners.

An example of a gray hat incident was when a security researcher broke into the Facebook page of the site’s CEO, Mark Zuckerberg. It was an attempt to show the strength of a bug he discovered which allowed a person to post on any user’s profile even if they weren’t friends.

He did the hack to “prove his point” after being ignored by Facebook’s security team. He was, however, not compensated as the act breached the site’s policies. (READ: Hacker posts on FB founder’s wall, proves exploit)


A Massachusetts Institute of Technology (MIT) report in 2005 defines hacktivism as the use of computers or networks in a subversive way to direct the world’s – or a population’s – attention to a specific issue or agenda.

Usually political in nature, hactivists blend hacking and activism to spread their messages. These hackers often attack and breach the network systems of huge corporations and even government agencies to advance their cause. This is usually done via defacement – placing a political or protest message on the home page of a website.

Hacktivism comes in many forms but the earliest example, according to a 2006 article by WikiLeaks founder Julian Assange, was the Worms Against Nuclear Killers (WANK), which targeted the computer networks of the National Aeronautics and Space Administration (NASA) in 1989.

In the Philippines, the Cybercrime Prevention Act of 2012 drew a string of cyberattacks from groups allegedly attached to the group Anonymous Philippines. Hackers from this group defaced different government websites in protest of the law. (READ: Hackers target sites; law takes effect)

PROTEST. A screenshot of one of the defaced government websites in the Philippines in 2012.

The group hacked several other government websites through the years. It also targeted 195 Chinese government and commercial websites in May 2014 in relation to the maritime disputes between China and the Philippines.

On March 27 this year, Anonymous Philippines attacked and defaced the website of the Commission on Elections (Comelec). The hackers wanted the poll body to put in place the security features of the vote-counting machines to be used in the coming May elections. (READ: Comelec website hacked a month before polls)

The real identities of the people behind Anonymous Philippines remain unknown to this day, but there have been reports that claim the name is just an umbrella term for various hacker groups in the country.

Treading dangerously 

Hacking, regardless of the intended outcome, is a dangerous field. It renders systems vulnerable and exposes vital information, notwithstanding supposed good intentions.

For instance, professional hackers reportedly helped the FBI crack the protected smartphone used by Syed Rizwan Farook, one of the San Bernandino shooters, to access encrypted information.

Apple, the manufacturer of the iPhone, initially rejected the order of the FBI to provide the backdoor to breach the phone, raising privacy concerns.

Apple Chief Executive Tim Cook said that giving in to the demands of the FBI may lead “ill-intentioned individuals” to take advantage of the hack.

A thin line divides the white, black, and gray hackers. It actually takes little to cross it. – Rappler.com

*$1 = P46

All photos from Shutterstock.

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Download the Rappler App!
Natsu Ando


Jodesz Gavilan

Jodesz Gavilan is a writer and researcher for Rappler and its investigative arm, Newsbreak. She covers human rights and impunity beats, producing in-depth and investigative reports particularly on the quest for justice of victims of former president Rodrigo Duterte’s war on drugs and war on dissent.