Types of Hackers and What They Do: White, Black, and Grey:
Hackers are lumped into three (3) categories:
…
A black-hat hacker is an individual who attempts to gain unauthorized entry into a system or network to exploit them for malicious reasons. The black-hat hacker does not have any permission or authority to compromise their targets.
…
White-hat hackers, on the other hand, are deemed to be the good guys, working with organizations to strengthen the security of a system. A white hat has permission to engage the targets and to compromise them within the prescribed rules of engagement.
…
Grey hats exploit networks and computer systems in the way that black hats do, but do so without any malicious intent, disclosing all loopholes and vulnerabilities to law enforcement agencies or intelligence agencies.
…
I suppose but where is the category Customer-hat?
Customer-hat hackers carry out actions contracted for by a customer.
The customer-hat hacker designation avoids the attempts to pre-define moral or ethical dimensions to the work of hackers, generally summarized under the rubrics of black, white and grey hats.
Picking a recent post at random: Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign, you quickly get the impression that APT29 is a black-hat, i.e., is non-American.
As a contractor or customer, I’m more comfortable wearing a customer-hat. Are you?
PS: I’m aware that the black/grey/white hat designations are attempts to shame people into joining to protect institutions and systems unworthy of respect and/or protection. I decline the invitation.