The colors of hacking

Introduction

In cyberspace, concepts often have such a high level of abstraction that there is no widespread agreement even on the fundamentals; such is the case with the word "hacker" and, in greater detail, the different types that exist today. While concepts evolve and adapt to the environments that use them, attribution in cyberspace is very difficult to define because it is usually done by custom, or until someone takes the trouble to appropriate a topic (and then someone else does the same, returning us to the discrepancies we initially mentioned).

In this article, we conducted research across different forums, groups, publications, and other digital environments where the community gathers. We searched for definitions, refined them slightly, applied logic, validated some variations, and presented them here for your own validation.

As mentioned previously, these definitions can be considered opinions, and it will be up to the user's discretion whether to accept them, modify them, or reject them outright, as is commonly done in cyberspace.

History

The hacker world we know today began almost alongside computer science itself. It has a not-too-distant ancestor in the telephone networks when they became automated, opening up opportunities for the curious to find mechanisms to exploit those automations. One of the most popular figures of this era, and an inspiration for future hackers, was John Draper AKA Captain Crunch, who discovered that it was possible to bypass security controls on telephone networks using a 2600 Hz frequency. He achieved this using a whistle offered as a free prize inside the cereal box that gave him his AKA. This inspired other curious individuals with both good and bad intentions to venture into the world of telephone networks and see what else could be discovered. Among the renowned figures here, we have Steve Wozniak, co-founder of Apple Computers, who also designed the Blue Box — a device used to generate the tones necessary to navigate these telephone networks. Following a press article that dubbed these individuals Phreakers (or telephone line hackers), a culture parallel to computer science was born, governed by curiosity, technical skill, and initially divided by the ethics of those who practiced it.

A summary of the early years of hacking, its inspiration, and the first discrepancies in the definition of a Hacker (by those who, we could say, witnessed its birth) can be found in the following documentary video on the subject.

Even in documents presented as official, we find the same discrepancies. For example: The Internet Glossary (RFC 1392, dated 1992) initially defined it as:

Later, RFC 4949, dated 2007 as an update to 1392, updated this definition into 3 concepts:

This last one has unfortunately been used maliciously by different entities to refer to this group of people — entities such as NIST or the Royal Spanish Academy (Real Academia Española).

Here we see that a primary need to differentiate arose among those who used their skills based on ethics.

Taking inspiration from Hollywood westerns, where the bad guys regularly wore a black hat and the heroes or good guys wore a white hat, we directly obtain 2 classifications:

Black hat hackers

Highly skilled computer enthusiasts who use their knowledge for unethical or illegal activities.

White hat hackers

Individuals who use their skills for "good" or cause no harm; they simply enjoy their computer skills either to improve designs, learn more, or for the sheer pleasure of doing so, in an ethically manner.

Naturally, we see that a third definition can be (and was) generated: those who were not entirely bad or entirely good. Depending on their mood or affiliation, they could use their skills to jump between what is moral, ethical, and legal at their own convenience.

Gray hat Hackers

Individuals not bound to a specific moral code who can use their skills for both legal and ethical activities, as well as those that are not. Their actions can vary over time, mood, or objective.

Hackers in the industry

If you can't beat your enemy, join them.

Although the hacker culture was born as a counterculture to corporate, government, and clearly military environments, sooner rather than later they ended up joining forces. Today, it is very common for White hat hackers to work as such across different industries and organizations. Given the vast number of activities to be managed — ranging from monitoring, hunting, threat intelligence, and incident response — new terms emerged to link all these professionals together, including the "blue team." A couple of additional concepts were also defined to describe the actions of these individuals within an organizational structure:

Cybersecurity (for the civilian environment) and Cyberdefense (governments and military entities)
Offensive Security (aka red teams — civilian environment) and Offensive Cyber Operations (governments and military entities)

Here, large industry organizations like Microsoft and government entities (such as the GSA with the FedRAMP program in 2012) began accepting and hiring external consultants to test services and products for vulnerabilities before they were launched.

Based on the color concept previously mentioned among the group of defenders, the color for the following classification was adopted. Although their actions could be confused with those of a normal (Alpha/Beta) tester, their core focus remains entirely on cybersecurity testing.

Blue hat hacker

An external cybersecurity professional or ethical hacker hired by an organization to test a system or software for vulnerabilities before it is launched.

This concept could be extended to what we also know as a Bounty or Bug hunter: individuals dedicated to identifying flaws in applications or companies for legal and recognized financial gain — a legal alternative at the service of industries.

Its counterpart, naturally, should be the Red hat hacker, who ought to be an expert in offensive operations. However, in this field, the community bestowed this title upon cybercriminal hunters — essentially a digital vigilante, whether known or anonymous.

Red Hat Hacker

Is a cybersecurity vigilante who uses aggressive, offensive tactics to hunt down and disrupt malicious hackers (black hats). Rather than just reporting cybercriminals, they often launch counterattacks to take down the criminals' servers, disable their networks, and destroy their malicious resources.

Here, their actions can easily be confused with hacktivism, as they share a similar objective and approach: taking matters into their own hands and acting under what they deem appropriate. However, they differ in focus, since the objective for the red hat hacker is usually destructive, rather than spreading a message as hacktivists typically aim to do.

Now, if we try mixing colors — as happened previously with white and blue to define an ethically based application — we should find a middle ground between the two. However, since mixing red and blue actually classifies the focus of skills (Defensive Blue — Offensive Red) regardless of moral intent, the result generates a type of hacker that is less popular but highly validated within the guild: a hacker who can actively test the security of assets within their reach, extending attacks outside the digital spectrum and adding non-traditional security layers for organizations.

Purple hat hacker

A cybersecurity professional who bridges the gap between offensive (Red Team) and defensive (Blue Team) security. By combining both skill sets, they simulate real-world attacks while simultaneously optimizing defense mechanisms, fostering collaboration to improve an organization's overall security posture.

NOTE:_ This last role has also been assigned the context of being the person who helps bridge the work between the red and blue teams, serving as a sort of manager and facilitator. For this latter task, it was also proposed to change the color to Orange when adding coordination with development teams, as presented by April Wright at the 2017 Black Hat conference ("Orange is the new purple"). However, this is more of a description oriented toward work teams rather than specific individuals, and it often generates confusion._

Defined by knowledge

Speaking of skills, we all know that two extremes of learning exist: the novice and the expert.

However, on the front line of action, we have novices who want to learn out of genuine curiosity, and those who want to learn simply to draw attention and gain acceptance from third parties for their self-proclaimed skills. Instead of receiving positive recognition from the industry, they are given pejorative names like: Haxor, Lammer, Script Kiddie (or Skid), Luser, as well as any of their v4r1at10n3s in l33t speak. As if all these terms weren't enough, in some forums they are called Pink hat hackers.

Pink hat hacker

They are individuals (often teenagers) who buy or download ready-made hacking tools, malicious code, or ransomware from the Dark Web without truly understanding how they work.

It is a visual mockery; it represents a Black Hat that "faded" or someone who lacks the maturity and technical level to be considered a serious threat or a true Black Hat. When they execute an attack, they are usually caught quickly due to their own logical errors.

NOTE:_ This color has also been sought after as a designation for women involved in the hacker world, serving as a distinction that breaks away from the classic hacker stereotype (the hooded man in a dark basement) and encourages more girls and women to become interested in STEM disciplines and digital security. Some sites reference them as an innocent novice, but that concept is already covered in the following classification._

To refer to novices who have the right reasons for learning hacking, the community has agreed to distinguish them with the green hat.

Green hat hacker

A cybersecurity enthusiast who is starting their learning path for the pleasure of gaining knowledge, rather than seeking immediate recognition or pretending to possess skills that don't yet understand.

On the other hand, internationally renowned hackers celebrated for their developments or exploits are classified as Elite (leet / l33t), Wizard (because their solutions seem like magic), or Guru. In less formal circles, they are called silver hats, denoting the gray hair they wear as veterans of the industry.

Silver hat hacker

A cyberspace professional with years of experience in the industry; they do not necessarily have to be internationally recognized.

Following the thread of precious metals, there are also references to hackers who generate vastly important developments for the industry, such as tools, techniques, procedures, etc., contributing to the community and asking for nothing in return. These are known as Golden hats due to their valuable contributions to the industry at large.

Golden hat hacker

An expert who generates content for the cyber world, solves problems, gives away tools, PoC, etc., in a way that benefits the community without asking for anything in return.

The 'not so precise' ones

Now let's focus on the most vulnerable link: humans. Since Kevin Mitnick popularized (but did not invent) the term "Social Engineering," he also opened the door to a new type of attack in cyberspace that escapes traditional digital security. To date, its use has expanded so much that it enjoys various techniques such as:

Pretexting
Tailgating
Piggybacking
-ishing (phishing, smishing, vishing)
Shoulder surfing
Dumpster diving
Quid pro Quo
Baiting

Ironically, for this type of hacker — possessing social and psychological skills that diverge from technical skills — there is no generalized classification regarding hats. They are usually called Human hackers and publicly seek to identify as White hackers. However, it is clear that these activities are not solely at the service of ethical consultancies. In very niche spaces, and fighting over the name with other definitions, they have been referred to as Orange hat hackers. They are also defined as facilitators of cybercrime due to the use of their skills to obtain secrets or access that would be very difficult to acquire through technical means alone.

Orange hat hacker

A professional in the art of social engineering whose skills transcend the technical. They focus on the psychological and social manipulation of individuals or groups of people to obtain secrets or access that would be very difficult to achieve through technical means.

NOTE: There are other definitions that adopt this color that are also worth mentioning:

The "Education Hacker" (Academic Proposal)

They possess the technical knowledge of an advanced hacker, but their sole mission is pedagogical: designing labs, teaching legal penetration tactics, raising awareness among university students, and training the next generation of security professionals.

The "Obsessive" or Single-Focus Hacker (The most widespread in forums)

They do not hack randomly, nor do they look for easy money. They can spend months or years studying the infrastructure of a single corporation, a specific video game, or a particular government system until they find a way in. Their motivation is the intellectual challenge and the personal satisfaction of defeating that specific rival. Their ethics may vary (they can act as white or black), but they are defined by their hyper-focus.

Yellow Hat Hackers

In cybersecurity culture, the color yellow is usually associated with warning, prevention, and source code analysis. Two main definitions exist on the web:

"Malware Hunters" and Code Analysts

They do not dedicate themselves to launching simulated attacks (like the Red Team) or monitoring networks in real-time (like the Blue Team). Their job consists of auditing the source code of applications to find flaws before the software is compiled or released. It also includes malware analysts who isolate viruses in controlled environments (sandboxes) to study their behavior and create vaccines.

The Socially Responsible or "Low Profile" Hacker

In certain discussion forums, they are defined as a middle point between White and Gray. These are hackers who discover a vulnerability and, instead of seeking public fame or aggressively pressuring a company, notify the flaw in a strictly confidential manner and collaborate patiently with the developers. They are called yellows due to their focus on caution and diplomacy.

Brown hat hackers

More of an inside joke than a real definition of a hacker, as it would be the opposite of a hacker (skilled or smart). They are those who, clumsily or unexpectedly, generate catastrophic failures or make major discoveries. It is also used in some environments to define opportunistic attackers who had a stroke of luck, generating undesired behavior or obtaining an unexpected reward. some use children who innocently made significant findings as an example, such as the 5-year-old child who bypassed Xbox security (Kristoffer Von Hassel).