carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Apr 23, 2020

Hackers wear many hats

Not all hackers are bad. Find out the difference between the good ones, bad ones and the in-between ones.

What’s the first thing that comes to mind when you think of hackers? If you’re like most people, it probably has something to do with stealing passwords, injecting malware and demanding ransom payments. But not all hackers operate with malicious intentions. In fact, at least 300,000 hackers are registered as ethical hackers. And some are in-between.

The different subtypes of hackers go by different names:

  • White-hat hackers – These are the good ones
  • Black-hat hackers – The bad ones
  • Gray-hat hackers – These are in-between

White-hat hackers are also known as ethical hackers. They test IT environments – including firewalls, computers, networks and even users – to find vulnerabilities and help organizations secure them before the black-hat hackers take advantage of them.

Black-hat hackers are commonly known as cybercriminals and threat actors. They work to circumvent security systems for personal or financial gain.

Gray-hat hackers have motives that fall somewhere in-between. They break into computer systems and alert administrators to vulnerabilities that need to be addressed. But they may also use their inside knowledge to extort a fee from the victim in exchange for helping to patch the security flaw.

Good guys wear black?


Some people argue that black hats, while operating with criminal intent, are actually performing a beneficial service. Successful hacks typically result in security upgrades for the affected systems, leading to a higher overall security posture.

Cybersecurity analyst and hacking researcher Keren Elezari says that hackers and hacktivists can push the internet and technology in general to become stronger, more secure and more cyber-resilient by exposing vulnerabilities.

Why do they hack?

Simple. Follow the money.

No matter what hat they wear, hackers generally don’t work for free. Not when there’s money to be made. Ethical Hackers earn around $91,000 USD per year. Some technology companies will offer bounties to coders who expose vulnerabilities. Apple offered $1.5 million to anyone who could hack an iPhone. Groups like HackerOne provide platforms connecting businesses, ethical hackers and cybersecurity researchers for security testing. Hackers on the platform have earned over $1 million. Black hats can earn even more, especially when they’re sponsored by governments.

What are other subtypes?

Different hacker personas have different motivations. Here are a few of basic kinds you’ll find out in the wild.

Script kiddies

Picture the stereotypical “hacker in a hoodie.” They generally fall under the category of Script Kiddie. They can be programming novices with at least a little coding knowledge. They often use free and open source software from the dark web to infiltrate networks. Their motives can place them in black, white or gray territory.


You’ve probably heard of a group of hackers known as Anonymous, a loosely affiliated group that once took down the CIA’s website. Their primary goal is to bring public attention to a political or social matter through disruption. This puts them into the category known as hacktivist. These gray-hat hackers are known for stealing and exposing sensitive information or launching denial of service (DDoS) attacks.

Red hats

Red hats are the vigilantes of the hacker world. They work to block, disrupt or destroy the work of black-hat hackers. Rather than reporting breaches, they often shut down malicious attacks with their own tools. 


Nation-state hackers engage in espionage, social engineering or computer intrusion, typically with the goal of acquiring classified information or collecting ransom payments. As they are backed by government organizations, they are often extremely sophisticated and well trained.

Malicious insiders

Some of the most dangerous threats are the ones right under your own roof. Malicious insiders are current or former employee who steal or destroy information. They could also be someone hired by a competitor to infiltrate an organization for trade secrets. Malicious insiders pose a very significant risk as they can provide remote access to protected systems. This can lead to a loss of intellectual property, financial fraud or additional cyber-attacks.

Next steps?

Now that you know the hacker subtypes, you should be better able identify threats and maybe even leverage hacking to help secure your business. One of the best defenses against hackers is an automated backup solution, like Carbonite Safe. A backup solution automatically copies your files, either to the cloud or to a local storage device. If a hacker manages to encrypt your files or threatens to delete them, you can recover backup copies without giving in to hacker demands.


Grayson Milbourne

Grayson Milbourne is the Security Intelligence Director at Carbonite and Webroot.

Related content