Black hat refers to a hacker who breaks into a computer system or network with malicious intent. A black hat hacker may exploit security vulnerabilities for monetary gain; to steal or destroy private data; or to alter, disrupt or shut down websites and networks. The black hat hacker may also sell these exploits to other criminal organization.
Categories of hackers
The term black hat differentiates criminal hackers from white hat and grey hat hackers. These categories come from a perceived trope in Western movies, where the heroes could be identified by the white hats they wore and the villains by their black hats.
A white hat hacker, or an ethical hacker, is the antithesis of a black hat hacker. White hat hackers are often hired by organizations to conduct penetration tests and vulnerability assessments their systems to improve their security defenses. They conduct tests and attacks on websites and software in order to identify possible vulnerabilities, while also following established rules, such as bug county policies. They will notify the affected vendor of any issues directly so that a patch can be released to fix the flaw.
A gray hat hacker operates with more ethical ambiguity — while they do not hack into systems with the malicious goal of stealing data, they may be willing to use illegal methods to find flaws, expose vulnerabilities to the public or sell zero-day exploits to government and intelligence agencies.
A black hat hacker is typically one that engages in cybercrime operations and uses hacking for financial gain,
cyberespionage purposes or other malicious motives.
Laws and penalties against black hat hacking
U.S. law can punish black hat hackers under a number of computer crime statutes and state and federal laws, with penalties like being charged with different classes of misdemeanors and felonies that include fines, jail time or both. Some notable laws include the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act.