White Hat hackers aka ethical hackers
White hats are security researchers or hackers who breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client or while working for a security company which makes security software. They normally notify the vendor once they discover a vulnerability in software so that the flaw can be fixed. For identifying any flaws in software, companies that have bug bounty programs these days pay white hats anywhere between $500 to more than $100,000 by selling that information. White hats are also considered as ethical hackers.
Black Hats aka cyber criminals
Considered as criminals, a “black hat” hacker is a hacker who “violates computer security for little reason beyond maliciousness or for personal gain”. Black hat hackers use their expertise to find or develop software holes and break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. They also sell information about the security holes, zero day vulnerabilities and exploits to other criminals for them to use. Obviously, black hats are considered the bad guys, as they are the epitome of all that the public fears in a computer criminal.
Grey Hats aka bit of both
A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker can be individual hackers or researchers who surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hats normally sell or disclose their zero-day vulnerabilities not to criminals, but to governments—law enforcement agencies, intelligence agencies or militaries presuming that they use the vulnerabilities responsibly for the public good. The government’s use those security holes to hack into the systems of adversaries or criminal suspects.
