Skip to content
hacker_culture_
Back to the blog
Field GuideMay 26, 20263 min read

White Hat, Black Hat, Grey Hat: A Field Guide to the Hacker Hats

White hat, black hat, grey hat, and the newer colors too. What the hacker hats actually mean, where the terms came from, and why the culture needed them at all.

The hat colors are everywhere in security writing, and almost no one explains where they came from or why they exist. Here is the short, honest version.

The three you need to know

White hat. A hacker who breaks into systems with permission, to find and fix the holes before someone malicious does. Penetration testers, bug-bounty hunters, and corporate security teams are white hats. Same skills as the bad guys, opposite intent, and crucially, consent.

Black hat. A hacker who breaks in without permission and for harm or personal gain: theft, ransomware, espionage, vandalism. This is the figure the press means when it says "hacker," which is exactly the confusion the hats were invented to fix.

Grey hat. Everyone in between. A grey hat might break into a system without permission, with no malicious intent, and then tell the owner about the flaw (sometimes politely, sometimes by publishing it). No real harm meant, but the access itself was unauthorized, which keeps it on the wrong side of most laws.

Where the colors came from

The metaphor is borrowed from American Western films, where the hero wore a white hat and the villain wore a black one. The security world adopted it in the 1990s, precisely because the single word "hacker" had become useless. After cases like the 414s and the Morris Worm, the public used "hacker" to mean "criminal," and the people doing legitimate security work needed a way to say "not that kind."

It is worth remembering that the hat distinction is about authorization and intent, not skill. A white hat and a black hat may run the identical exploit. The line between them is permission.

The newer colors

The palette kept growing, with varying degrees of seriousness:

  • Red hat: aggressive defenders who go after attackers, or (in another usage) Linux's most famous company. Context decides.
  • Blue hat: outside specialists invited to test a product before launch, or, in some scenes, a revenge-minded amateur.
  • Green hat: a beginner, still learning the craft.
  • Hacktivist: breaks in to make a political point rather than money, in the lineage of groups that grew out of the culture documented across the Story.

These extra colors are useful shorthand but far less standardized. If someone leans hard on "red hat hacker" as a fixed category, take it with salt.

Why the culture is uneasy about all of it

Here is the twist. Inside hacker culture, "hacker" never meant criminal in the first place (see what hacker culture actually is). To many old-timers, the hat colors are a concession to a misunderstanding: a vocabulary invented to rescue a good word the media had broken. The hacker ethic is about curiosity and openness, not about which hat you wear.

So use the hats when you are talking about security work, where intent and authorization genuinely matter. Just remember they describe what someone does with the skill, not the older, deeper thing the word "hacker" was always supposed to mean.

Explore the museum

More from the blog