White hats can be dubbed the “good guys” of hacking. They can research and find any lapses of security in software and then notify the owner of the system to fix it. Companies can gain a false sense of security after employing white hat hackers to identify security vulnerabilities. Since companies can change their systems and hackers can develop new techniques, the security threat is ongoing; and penetration testing should be ongoing as well. For example, white hats can identify a vulnerability that could cause invalid death certificates to be issued, which criminals could take advantage of to claim fraudulent life insurance payouts, or a vulnerability that could allow a power grid to be shut off remotely.
Famous white-hat hackers include Tim Berners-Lee (inventor of the World Wide Web), Apple co-founder Steve Wozniak, and Jeff Moss (founder of the annual hacker conference Defcon).
White Hats, Gray Hats, Black Hats
There are three different types of hackers out there. White hats, gray hats and black hats. Black hats are the criminals of the group. They will scour for holes or backdoors in order to gain access to systems and use malicious software to steal data. They will typically sell this information to other black hats as well. Gray hats fall into the middle of the group, but instead of selling the information they access to a malevolent party, they will sell it to governments and other agencies, who, in turn, will use that for the good of the public. Some of these hackers can be contracted or they may act as their own independent agents.
Consider the case of the FBI, who took Apple to court over the iPhone of one of the San Bernardino shooters. The agency requested Apple unlock the iPhone in order to gain access to the shooter’s personal information. Apple refused, citing privacy issues, and the case was then taken to court. The FBI later withdrew its case, saying a third party managed to unlock the phone. Although the FBI never confirmed who gained access to the iPhon