The terms “hacker,” “cybercriminal,” and “identity thief” are often used interchangeably — but they’re actually different. Hackers are computer programmers who use their skills to breach digital systems. They’re not all bad actors: some, known as ethical hackers, use their knowledge to improve security practices. Cybercriminals, on the other hand, are people who use computers to commit crimes, while identity thieves use stolen personal information to commit fraud.

When you hear the word hacker, your next thought probably isn’t helper. In the mainstream media, hackers are often portrayed as cloak-and-dagger, fly-by-night figures — evil geniuses who are out to get your data. 

But, did you know that many of the people who search computer systems for bugs and vulnerabilities are actually out to lend a hand, or at least make an honest living?  

In fact, there are many different types of hackers. Some have good intentions, while others may be malicious. Let’s take a closer look at how cybercriminals are categorized, the ways hackers can differ from identity thieves, and how you may be able to best protect yourself from the not-so-good guys.

What’s a hacker?

By definition, hackers are computer programmers who use their technical skills to breach digital systems, networks, and devices. In the process, they may employ a variety of tools and techniques, including rootkits, a type of malware that can control a system remotely; distributed denial-of-service (DDoS) attacks, which disrupt connections and services; and vulnerability scanners, or programs that find potential weak spots or loopholes. 

But, that doesn’t mean they’re all bad guys. Many hackers are actually security professionals hired by software companies to find — and then help fix — unknown exploits. Their goal is to identify bugs and vulnerabilities first, before bad actors find them and take advantage.

What are the three types of hackers?

There are three types of hackers, categorized by the color of their metaphorical hats: 

  • Hackers who use their skills for good are known as white-hat hackers. They protect companies, governments, and consumers by testing and improving digital security measures, all with the aim of keeping data out of the wrong hands. An ethical hacker may be employed as a security engineer for a major corporation or a computer forensics investigator for the NSA. This type of hacking is legal and necessary work; practitioners can even earn special credentials and certificates designed specifically for ethical hackers. 

  • Black-hat hackers may act without such noble intentions. These bad actors engage in criminal activity, such as breaking into protected digital systems without permission. Working alone or in groups, some black-hat hackers aim to steal and sell data for personal financial gain. Others work to modify, delete, or leak valuable data to harm a competing organization, corporation, or nation-state. One famous example is Iranian Behzad Mesri, a former member of the Iranian military who allegedly stole unaired content from HBO in 2017, then held it ransom for millions in bitcoin. 

  • Gray-hat hackers fall somewhere in between. Gray-hat hackers don’t generally leak data or bring down systems. But a gray-hat hacker might illegally search a private system for vulnerabilities, then contact the owner and offer to fix a previously unknown issue — for a hefty fee. A gray-hat hacker may also engage in unethical behavior if they see the potential to benefit the common good. For example, some sources suggest the professional hackers who helped the FBI crack a San Bernardino terrorist’s iPhone back in 2016 were gray hats.

With data leaks making more and more headlines, it’s important to note that not every breach is the handiwork of a black-hat hacker. Security incidents can be accidental, like when a well-meaning employee unknowingly leaks customers’ information onto the internet, or a security team doesn’t properly encrypt sensitive data. But there are things you can do to stay alert. For example, before sharing personal information with a website, it’s a good idea to check their privacy policies for an idea of how your data will be protected.

What’s the difference between a hacker and a cybercriminal? 

Cybercriminals are people who use computers or the internet to commit crimes. Both black- and gray-hat hackers may break the law, effectively becoming cybercriminals. All 50 states have computer crime laws governing the damage or disruption of computer systems. 

Just as there are many ways to break these laws, there are many faces of cybercriminals. Some are petty thieves: lone wolves who steal information for financial gain. On the other end of the spectrum, there are organized crime groups who use the internet to buy and sell illegal goods — think weapons and drugs — or broker unlawful services. Corporations may break the law by engaging in cyber espionage, while nation-states have been known to hire cybercriminals to spy on other governments, steal information, or otherwise engage in cyber warfare.

What about identity thieves? 

There’s a lot that goes into categorizing different types of hackers, but the terms hacker, cybercriminal, and identity thief are often used interchangeably — and inaccurately. 

Identity thieves use stolen personal information, such as your name, birth date, and Social Security number, for illicit personal gain. An identity thief might open a new line of credit, take out a loan, or even receive medical services using your name. 

Identity theft can happen without a computer, like when someone applies for a job in-person — using your Social Security number. But identity theft is increasingly carried out on the internet. As companies continue to track and store our information, our digital footprints grow — and unfortunately, those data trails can become fodder for fraudsters. 

In 2018 alone, 14.4 million people were victims of some type of identity theft. If you happen to be one of them, you know it can be incredibly difficult to untangle the mess and reclaim your records. 

While we can’t always control what happens to our data, we can be vigilant about protecting our identities, both online and in the physical world.

How can I protect my data?

If you’re an Allstate Identity Protection member, you can feel good knowing there are a number of features in place to help alert you if your information does fall into the wrong hands.

To up your defenses, log in to the portal and switch on dark web monitoring. Enter your details — such as log-in credentials, passwords, and account numbers — and we’ll notify you if we find your information where it shouldn’t be. You can also activate credit monitoring to receive notifications about your credit activity. That way, you can act fast to minimize damage if someone else opens a line of credit in your name. 

You can’t stop cybercriminals and identity thieves from operating. But with Allstate Identity Protection, you have a holistic, multi-faceted approach to your data protection, complete with alerts about potential fraud and a team of Identity Specialists available to help with round-the-clock remediation. Doesn’t it feel good to be proactive?