People often use the terms “hacker,” “cybercriminal,” and “identity thief” interchangeably — but they’re actually different. Hackers are computer programmers who use their skills to breach digital systems. They’re not all bad: some, known as ethical hackers, use their knowledge to improve security practices. Cybercriminals, on the other hand, are people who use computers to commit crimes, while identity thieves use stolen personal information to commit fraud.

When you hear the word hacker, your next thought probably isn’t helper. The mainstream media often portrays hackers as cloak-and-dagger, fly-by-night figures — evil geniuses set on stealing your data.

But, did you know that many of the people who search computer systems for bugs and vulnerabilities are actually out to lend a hand?

In fact, there are several types of hackers. Some have good intentions, while others may be malicious.

Let’s take a closer look at how cybercriminals are categorized, the ways hackers can differ from identity thieves, and how you may be able to best protect yourself from the not-so-good guys.

What are hackers?

First, let’s answer the basic questions: What are hackers? What do hackers do?

Hackers are computer programmers who use their technical skills to breach digital systems, networks, and devices. They may employ a variety of tools and techniques, including rootkits, a type of malware that can control a system remotely; distributed denial-of-service (DDoS) attacks, which disrupt connections and services; and vulnerability scanners, or programs that find potential weak spots or loopholes. 

Many hackers are security professionals hired by software companies to find — and then help fix — unknown exploits. Their goal is to identify bugs and vulnerabilities first, before bad actors find them and take advantage.

The three types of hackers 

Hackers are often categorized by the color of their metaphorical hats: white, black, or gray.

What are white hat hackers?

White hat hackers use their skills for good. They protect companies, governments, and consumers by testing and improving digital security measures.

An ethical hacker may work as a security engineer for a major corporation or a computer forensics investigator for the National Security Agency (NSA). This type of hacking is legal and necessary work; practitioners can even earn special credentials and certificates through organizations such as the International Council of E-Commerce Consultants. 

What are black hat hackers?

Black hat hackers are wrongdoers who engage in criminal activity, such as breaking into protected digital systems without permission. Working alone or in groups, some black hat hackers aim to modify, delete, or leak valuable data to harm a competing organization, corporation, or nation-state.

These bad actors may steal and then sell sensitive data, or hack directly into online accounts or cryptocurrency wallets. They may target individuals or large groups. For example, in 2022, hackers snagged about $620 million in cryptocurrency from the online game Axie Infinity.

What are gray hat hackers?

Falling somewhere in between the white and black hats, gray hat hackers don’t generally leak data or bring down systems. But they might illegally search a private system for vulnerabilities, then contact the owner and offer to fix a previously unknown issue — for a hefty fee. 

Gray hat hackers may also engage in unethical behavior if they see the potential to benefit the common good. For example, when the Russia-Ukraine War began in February 2022, “hacktivist” collective Anonymous announced it was waging its own cyber war against the Russian government. Anonymous has since taken a variety of actions, including hacking state databases and leaking massive amounts of information.

With data leaks often in the headlines, it’s important to note that not every breach is the work of a black hat hacker. Security incidents can be accidental, like when an employee unknowingly leaks customers’ information onto the internet, or a security team doesn’t properly encrypt sensitive data.

What’s the difference between a hacker and a cybercriminal?

Cybercriminals use computers or the internet to commit crimes. Both black and gray hat hackers may break the law, effectively becoming cybercriminals.

All 50 states have computer crime laws governing the damage or disruption of computer systems. 

Just as there are many ways to break these laws, there are many faces of cybercriminals. Some are petty thieves: lone wolves who steal information for financial gain.

On the other end of the spectrum, there are organized crime groups who use the internet to sell stolen or illegal goods or broker unlawful services. Corporations may break the law by engaging in cyber espionage, while nation-states have been known to hire cybercriminals to spy on other governments, steal information, or otherwise engage in cyber warfare.

Explaining identity thieves 

The terms hacker, cybercriminal, and identity thief are often used interchangeably — and inaccurately.

Identity thieves steal personal details, such as people’s names, birth dates, and Social Security numbers. 

What do identity thieves do with your information, if they obtain it? They might open a new line of credit, take out a loan, or even go after your tax refund. 

Identity theft can happen without a computer, like when someone uses a victim’s name, health insurance number, or Medicare account to obtain medical care.

But identity thieves often use the internet to carry out their crimes. As companies track and store your information, your digital footprint grows — and unfortunately, those data trails can become fodder for fraudsters.

In 2022 alone, 40 million adults in the U.S. were victims of identity theft according to Javelin Strategy & Research. If you happen to be one of them, you may know how incredibly difficult it is to untangle the mess and reclaim your records. 

While we can’t always control what happens to our data, we can be vigilant about protecting our identities, both online and in the physical world.

How can I protect my data?

You can’t stop cybercriminals and identity thieves from operating — but with Allstate Identity Protection, you can take a holistic, multifaceted approach to data protection.

If you’re an Allstate Identity Protection member, you can feel good knowing there are a number of features in place to help protect your data — including alerts about potential fraud and a team of identity specialists available to help with round-the-clock restoration.