Hat Colors Teach Who’s Who, Motivations and Techniques of the Hacking World

Hat Colors Teach Who’s Who, Motivations and Techniques of the Hacking World
Jillian Bateman — June 15, 2021

If one industry is built upon partnership and trust, it is the security industry. Some might even say camaraderie among all, even competitors, for the common good of making and keeping our physical and digital/cyber worlds safe.  

Realizing the risk of cyberattack is never zero — even with the best hardening tools and technologies — ESA, along with four other leading security industry associations, — ASIS International, The Monitoring Association (TMA), PSA Security Network and Security Industry Association (SIA) — recently joined forces to show their dedication to sharing information so others can learn about the evolving threat landscape and common challenges as well as know how to be better prepared when a cyberattack takes place. It’s not a matter of “if,” it’s “when.”  

There is power in numbers. Each association has and freely shares their compelling, eye-opening data, research, knowledge and content via in-person and virtual educational conferences and workshops, online training, articles and best practice recommendations to educate the security industry about minimizing cyber risk. These educational, information-sharing initiatives are the backbone of the association-formed cyber security partnership.  

Keeping to our word of continuing to educate and our dedication to life-long learning, there is a gap in information that is important for the security workforce to know and understand — who we are up against in the ongoing, never-ending war of cyber/digital security. It seems we have the resources to know what to do but learning about the personas behind cyberattacks could provide vital information and criteria related to attacks. Knowing and understand hackers’ motivations and character traits can help identify potential enemies, hacker type and/or the responsible group or individual, as hackers typically have a signature style of attack, such as preferred entry point. Once identified, effective cyber security strategies can be deployed to help thwart efforts. 

To help identify and differentiate the good, malicious and “in-between” hacker types, colored hats are used, each color representing hacker type, their motivation and common techniques used. So, what color hat(s) does your potential hacker(s) wear? 


White Hat 

Who: Known as “ethical hackers,” they use their savvy, sophisticated skills to protect others from malicious, dangerous hackers.  

Motivation: Help individuals and companies stay safe in the digital world by choosing this as their career, in positions such as information security analysts, cybersecurity researchers and consultants, security specialists, penetration testers, etc. 

How: Gaining system access to find and fix vulnerabilities quickly; develop cyberattack detecting tools; mitigate/block cyberattacks; harden software and hardware components; and build security software — all legal activities.  


Black Hat

Who: The total opposite of white hat hackers, these malicious, evil people use the same skills as white hat hackers to break into computer networks, exploit vulnerabilities and bypass security protocols with the goal of defrauding and blackmailing people.  

Motivation: Money and power. 

How:  By any means possible, such as phishing, selling malware, espionage, stealing identities, threatening to reveal personal photos, videos or other confidential data to the public unless they are paid not to do so. 


Grey Hat

Who: These hackers have not quite figured out if they want to use their skills for good or evil; their intentions are usually good but they don’t adhere to ethical hacking standards. Sometimes they will charge a fee to fix bugs and vulnerabilities; strengthen businesses’ security defenses; and provide recommendations, solutions or tools to patch vulnerabilities. The sketchy part, however, is when grey hackers release information about patched vulnerabilities to the public, usually with permission, but sometimes they use blackmail tactics to release the information anyway.  

Motivation: Enjoyment and thrill, but sometimes money. 

How:  Penetrate systems without consent, various types of blackmail.  


Green Hat

Who: Also known as “newbie hackers,” green hat hackers are dedicated to learning and determined to elevate their position within the hacker community.  

Their intentions are not usually to cause harm, but because they are so driven on proving themselves as a hacking professional, they may cause problems manipulating various attack techniques. This is where it gets problematic as they are not often aware of the consequences of their actions and they don’t know how to fix the result of their unintended malicious actions. 

Motivation: To gain credibility as a hacking professional. 

How: Scripting, coding and general hacking that they find out how to do from online research or from others. 


Red Hat

Who: These hackers want to save the world from the black hats, but they tend to choose extreme, sometimes illegal tactics to do so. Red hat hackers are like our cybersecurity Robin Hoods – taking wrong actions to achieve right outcomes.  

Motivation: Find and destroy all black hat hackers’ systems as a means of vigilante justice. 

How: Infecting systems with malware, launching attacks and gaining remote access to black hats’ systems and demolishing it. 


Blue Hat 

Who: Blue hat hackers take one of two paths — revenge or work as outside security professionals that companies hire to test software and products to find vulnerabilities prior to releasing it into the market.  

Motivation: Revenge by taking personal aim at someone or an organization or establish a career as a security professional, testing software and products. 

How:  Penetration testing; deployment of various cyberattacks without causing damage to ensure client’s networks/servers are not able to be hacked or penetrate; or revenge hackers can sometimes bypass authentication to gain unauthorized access to targets’ email or social media profiles, allowing emails to be sent and inappropriate messages to be posted to take revenge.  


Purple Hat

Who: These hackers test their own systems for vulnerabilities or, because combining red and blue creates the color purple, they are connectors between penetration testers and defenders, taking on characteristics of red and blue hat hackers? 

Motivation: Wanting to learn, ensuring they are protected and safe in the cyberworld and protecting an environment. 

How: Penetration testing.