Black Hat, White Hat: you most likely already met these names, on the Internet or in a discussion about IT security.

White hats are security professionals who perform intrusion test or security audits on IT systems, with the agreement of companies. Their actions are therefore completely legal and generally part of a security audit contract.
Black hats also perform intrusions into computer systems, but without any agreement. These hackers can be classified as malicious (usually referred to as “bad guys”), look for vulnerabilities and exploit them to make profit.

Why do they wear hats?

Clint Eastwood dans Le Bon, la Brute et le Truand
Image tirée du film “Le Bon, la Brute et le Truand”, de Sergio Leone – 1966.

Similarities can be found between hackers and pirates attacking boats and coastal towns. Both wear black hats.
Black, symbol of fear, obscurity, darkness, lends itself well to the activities of black hat hackers.

However the consensus about the origin of hackers’ hats is focused on westerns, where cowboys also have hats.
In many of these films, bandits and various antagonists are wearing black hats where the sheriff and his protagonists wear white hats (although this is not a generality).
The Good, the Bad and the Ugly is a good example:
The Good, played by Clint Eastwood, wears a white hat while the Bad, played by Lee Van Cleef, wears a black hat.

White, symbol of purity and innocence, does not suffer from any negative meaning, and is therefore ideal as a symbol for IT security professionals, who act within the law.

White, black, but also gray and blue?

Gray is between black and white, caught between two worlds. These Gray Hats hackers do not have any authorization from companies and perform intrusions, but do not have bad intentions. They are motivated by performance, and by showing how good they are at breaking into systems. They usually report vulnerabilities back to the owner of the system, but not necessarily…

Gray (or even brown) can be found in westerns as a hat color, but blue become much more rare!
Blue Hats are security professionals hired to check for bugs before a new product is launched. It seems that Microsoft has been using this term quite a lot.

Whatever the origin of these hackers’ hats are, security professional or hackers rarely wear them in public (if ever they have one!). Hat remains a symbol, a sign of belonging to a group, but also a marketing tool.