According to various definitions you read on-line and in print, there are roughly ten (10) different classifications of Hackers. These can all be found on-line as well as the varying definitions as to what each is. When hiring someone to do Penetration Testing or Vulnerability Testing, most organizations use White hat, Black hat or Grey Hat hackers.
A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests, or vulnerability assessments for a client - or while working for a security company which makes security software. The term is generally synonymous with ethical hacker, and the EC-Council, among others, have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.
A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). The term was coined by Richard Stallman, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in hacker culture, or the ethos of the white hat hacker who performs hacking duties to identify places to repair or as a means of legitimate employment. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".
A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hat hackers sometimes find the defect of a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.
A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other black hat hackers), hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature), usually with little understanding of the underlying concept.
A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.
A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.
A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.
Hacktivism can be divided into two main groups:
• Cyberterrorism — Activities involving website defacement or denial-of-service attacks; and,
• Freedom of information — Making information that is not public, or is public in non-machine-readable formats, accessible to the public.
Intelligence agencies and cyberwarfare operatives of nation states.
Organized criminal gangs
Groups of hackers that carry out organized criminal activities for profit.