White Hat Hackers

By Bailey Johnson

Instructor: Shing-Ping Liu Tucker, Ph.D.

CSCI 370-Information Security

Fall 2017

What is a White Hat Hacker?

Usually when people think of hakers they think of malicious software creators and users who break into computers to accomplish nefarious goals ranging from identity theft to messing with military computers like in the movies. All of this is true but only for one group of hackers known as "Black Hat Hackers." There is another group of hacker with the same skill set as the Black Hat Hackers however, they use their skills to help people. In fact companies often pay them to do so. These hackers are known as "White Hat Hackers."

Like their Black Hat brothern, White Hat Hackers are also skilled in bypassing computer security systems and creating destructive computer programs such as viruses and worms. In fact many White Hat Hackers are former Black Hat Hackers that decided to turn away from their life of crime. But unlike Black Hat Hackers, White Hat Hackers use their skills legally. Companies or private computer users will hire White Hat Hackers to test their security systems. White Hat Hackers will do their best to hack into the companies network and then report the security system's weaknesses back to the company. Other times a White Hat Hacker will be asked to release a malicious program, such as a worm or virus, into the system to see how well the security system deals with it. However, this method is usually done in a special simulated enviorment so as to not risk any of the companies actual files.

Hacker Subcatagories

Grey Hat Hackers: Grey Hat Hackers are usually hobbists with only intermediate technological skills. They will often modify their own computers for their own pleasure and might dabble in white collar crimes like file sharing.

Script Kiddies: This is just a name for unskilled novice hackers. Script Kiddies can be either white, black or grey hat hackers.

Hacktivists: This is the social activist hacker who is fighting for a cause. Hacktivists can be white, black or grey hat hackers.

The History of White Hat Hackers

1475- Evolving from the Indian game of chaturango, chess gains its formalized rule set. Tacticians sharpen their wits through this game, mastering the art of anticipating an opposition’s strategy. This is a key element in hacking.


1812- Georg Leopold von Reiswitz and his son develop Krigsspiel, a war-game that uses elements of chess. This game is used by the Prussian army to help prepare for battles.


1964- A group known as the “Tiger Teams” emerged. They were quickly known for their experience, energy and imagination. One of these first teams was assigned to track down possible sources of failure in a spacecraft subsystem.


1974- The U.S. Air Force conducts one of the first ethical hacks on record. I was a security evaluation of the Multics operating system.


1984- U.S. Navy Commander Richard Marcinko leads a team of Navy Seals whose objectives is to test the naval bases’ vulnerability to terrorism.


1985- The first issue of Phrack is published – an e-zine written by and for hackers.


1986- The Computer Fraud and Abuse Act cracks down on computer crime. Certain ethical hacking methodologies are now considered illegal without a contractual agreement between the ethical hacker and the client.


1995- Daniel Farmer and Wietse Venema release SATAN (Security Administrator Tool for Analyzing Networks), a tool to help system administrators find and report networking -related security problems.


2003- The open Web Application Security Project (OWASP) releases the OWASP Testing Guide, which includes a framework for penetration testing best practices.


2009- The Penetration Testing Execution Standard (PTES) launches, offering businesses and security service providers a common language and scope for performing penetration tests.


2013- Worldwide enterprise security spending reaches $6.4 billion. Security executives begin to use on-demand penetration testing services for cost-effective ethical hacking.


Cowboy Hat


Home    Pros/Cons    Narrative    Milestones    References