What are the three types of hackers?

Answer 1

There are thee types of hackers white hat, grey hat, and black hat.

If a white hat hacker finds a fault in a security system ie. a website then they will inform the owner immediately.

Whereas if a grey hat hacker finds a fault he will do what he feels like at the time ie. exploiting the site OR informing the owner.

A black hat hacker if they find a fault will immediately exploit the site for there own beneficial gain ie. advertising and infecting other computers with "viruses" to gain access to more sites.

So a hacker can be many things from protecting systems by informing the owners or Exploiting and stealing data.

The most common name for the destructive type of "hacker" is a "cracker". I always try to refer to a bad hacker as a cracker to avoid confusion.

Also, there is a very important distinction between the three, as to both HOW and WHERE they attempt to break a system or program.

A White Hat (or, more properly, a "computer security specialist" or similar) will NEVER attempt to break into a system that they do not own or do not have explicit permission from the owner to do so. That means, they will usually be hired by a system or software owner to test the security of the said system or software package. They will always report their findings to the owner of the system, though there is somewhat of an ethical responsibility to report any significant (i.e. things that would impact the public) exploits to the community-at-large, if the original owner does not seem to be willing to address the issues - e.g. in case of a coverup of the problem, a White Hat is generally ethically bound to report the problem to the proper authorities, which may include public organizations such as CERT. More concisely, a White Hat is a professional, who abides by professional ethics and performs his or her duties out in the open.

Grey Hat folks generally don't have obvious ill intent (to contradict the previous answer). That is, they're not looking to exploit any problems for personal gain. However, they generally follow an ethic which believes that it is OK to perform intrusion and exploit scans on systems which they DON'T own or have permission to do so. This makes it hard for a target to determine the difference between a Grey and Black Hat hacker, as the initial method of operation looks identical. That said, Grey Hat folks generally report their findings to the target - that is, they'll inform the target as to what security issues they have found. Most Grey Hats will give the target a small window to address the issues; however, a GH will always report the issue to the wider media and security groups, and will NOT consider any information that the target wants to keep private. That is, GH folks seem to see themselves as "defenders of the public good", and that by exposing weaknesses of systems, they will ultimately force folks to be more secure. This is a plausible, but not provably true, scenario. Grey Hat folks are hobbiests and enthusiasts, who generally don't get paid for their work, but pursue it for personal reasons. They generally keep their identities masked (or at least don't usually broadcast them), as much of their work is quasi-illegal.

Black Hat folks, of course, are in it for the money (one way or the other). They're targets will never be informed of breaches, and in fact, most BH folks strive to keep their exploits secret from everyone, as it allows them to sneak in and steal information of value undetected. Black Hat folks are pure criminals.