IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

What is ethical hacking? White hat hackers explained

Not all hackers are motivated by greed - some of them use their powers for good

A graphic displaying an ethical hacker
Related Resource

Taking a proactive approach to cyber security

A complete guide to penetration testing

A complete guide to penetration testing - whitepaper from CyberCxDownload now

Hackers are usually portrayed as nefarious figures capable of wreaking havoc from the other side of the world, as they sit in a dark room and plot the demise of governments and corporations alike, making life difficult for IT teams. If you read some recent cyber security news, the stereotype isn’t entirely false: in the last week alone, hackers have targeted everyone from jobseekers and security researchers to Facebook and even the European Commission – and that’s the tip of the iceberg when it comes to recent hacking incidents.

Hackers have often been criticised for acting not only illegally, as hacking is considered a cyber crime, but also immorally, especially when targeting organisations working for the greater good, such as the education sector institutions, non-profits, and even laboratories working on the coronavirus vaccine. They have also been known to brag about the financial gains of their operations, one example being the REvil ransomware gang, which in October 2020 claimed to have made more than $100 million in one year from extorting large businesses. Not satisfied with their ill-gotten wealth, the group also revealed plans to make $2 billion with its ransomware as a service business.

However, this doesn’t mean that all hackers are automatically considered cyber criminals. In fact, many of them work to help organisations bolster their cyber security practices through detecting and reporting potential exploits. As their hacking is considered to be for the “greater good”, they are usually known as “ethical hackers” – hackers who use their skills for morally sound measures.

The ethical hacker, also known as a white hat, does the same thing as their malicious counterpart, only instead of exploiting vulnerabilities for the purpose of spreading code, they work with network operators to help fix the issue before it is discovered by others.

Both types of hackers get the same thrill of breaking something that wasn't supposed to ever break, they just have different motives. For many white hat hackers, the process is gamified in the form of bug bounty programmes - competitions that reward hackers with cash prizes for reporting vulnerabilities.

After all, who better to fight a hacker than another hacker?

Black hats, grey hats, and white hats

Within the cyber security community, hackers are divided into three camps - 'black hat' hackers, 'grey hat' hackers and 'white hat' hackers. Black hats hack their targets for self-serving reasons, such as financial gain, for revenge or simply to spread havoc.

White hat hackers, by contrast, actually aim to improve security, finding security holes and notifying the victim so they have an opportunity to fix it before a less-scrupulous hacker exploits it. Grey hats sit somewhere between the two camps, often conducting slightly more morally questionable operations, such as hacking groups that they are ideologically opposed to, or launching hacktivist protests. White hat and grey hat hackers can both be defined as 'ethical' hackers.

How do ethical hackers make money?

Black hat hackers generally earn their money through theft, fraud, extortion and other nefarious means. Ethical hackers, on the other hand, are quite often employed by cyber security companies, or within the security departments of larger organisations. The fact that they know how attackers operate often gives them valuable insight into how to prevent attacks.

Another way that ethical hackers can earn a living is through collecting 'bug bounties'. Large companies, particularly tech firms like Facebook, Microsoft and Google, offer a reward to researchers or hackers who discover security holes within their networks or services. This encourages them to report these holes, allowing them to be fixed before they can be found by criminals.

What motivates ethical hackers?

Most hackers are motivated by curiosity, and ethical hackers are no exception. They're often motivated by a desire to see what makes things tick, poking around in security systems just for the challenge of finding a way around them. Responsibly reporting their findings is the best way to indulge this desire whilst also staying on the right side of the law.

Many are also driven by a genuine desire to make the world more private and more secure. Exposing flaws in widely-used services and applications means that they're less likely to be used to harm innocent people.

Another big motivating factor for ethical hackers is, of course, cash. A career in pen-testing or red-teaming can be extremely lucrative, and often allows hackers to make a great deal more money than they would as a cyber criminal without fear of reprisals. Similarly, bug bounty programmes can provide incredibly generous payouts for discovering major flaws the current record-holder for the highest-value bug bounty is Google's $112,500 payment to a Chinese researcher who discovered a remote exploit vulnerability in Android.

How do I become an ethical hacker?

A graphic depiction of an ethical hacker certificate


If you're a hacker that wants to become a white hat, the good news is that you're already halfway there. Ethical hacking is more a state of mind than anything else; a desire to use talents for good, as opposed to evil. If you'd rather use your hacking talents to improve the world's security than to line your own pockets, you're well on your way to becoming an ethical hacker.

In terms of practical steps, there are numerous courses you can take that promise to give you all the skills needed to become an ethical hacker. However, while these can definitely be useful, either as a starting point or as a way to refine your knowledge, the best way to become an ethical hacker is to simply immerse yourself in the world of cyber security.

Read as much you can on the technical elements of hacking and cyber defence, keep up to date with developments in the field, and generally learn as much as possible about the theory and practice of cyber security.

It's also a good idea to learn a couple of programming languages, if you haven't already. While it's not absolutely essential for hackers (ethical or otherwise) to have an in-depth knowledge of coding, it can be incredibly useful, and will pay dividends throughout your career.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022