๐ Story hook
In 1999, a 15-year-old boy from Boston hacked the Pentagon. His name was Jonathan James. He didn't steal secrets. He just wanted to see if he could.
Nine months later, he was caught. He got a suspended sentence (he was a minor). Then, real hackers from the FBI offered him a job.
Today, there are 4 million ethical hackers in the world. They earn $50k-200k per year. They do the same thing as Jonathan, but legally. They are called white hat.
Let's figure out how they differ from those who are in prison.
๐ฏ Three types of hackers
๐ค
White hat (ethical hackers)
Who are they: security engineers, pentesters, bug bounty hunters. They look for vulnerabilities, but with the owner's permission.
Goal: find a hole โ report to the owner โ get paid or a salary.
Example: Tesla pays a hacker $15,000 for a vulnerability found in their Model 3. The hacker finds it โ sends a report โ gets the money.
Law: 100% legal. There's always a written permission or an open bug bounty program.
Salary: $50k-200k per year + bug bounty bonuses.
๐ค
Black hat (criminals)
Who are they: cybercriminals. They hack without permission. They steal money, data, and extort.
Goal: personal gain. Stealing cryptocurrencies, selling databases, ransomware.
Example: The Conti group (Russian-speaking) hacked Costa Rica (the president declared a state of emergency). They demanded $20 million. They earned ~$2.7 billion in 2 years before disbanding.
Law: criminal offense. Up to 7 years in prison under the Russian Criminal Code, up to 20 years under the US CFAA. Extradition is possible.
"Salary": from $0 (caught quickly) to millions (worked for a long time + managed to escape).
๐
Grey hat (grey area)
Who are they: "benevolent" hackers who look for vulnerabilities without permission, but not to harm.
Goal: find a hole โ disclose it publicly (security research) or ask the owner to fix it (without payment).
Example: A hacker finds a vulnerability on a bank's website. They don't try to steal. They simply write to the bank, "Here's your vulnerability." The bank says thank you. But formally, it was illegal โ they entered without permission.
Law: technically a violation. In practice, rarely prosecuted โ but depends on the country and company.
Salary: 0. This is a hobby, not a profession. Many grey hat hackers eventually transition to white hat (bug bounty).
๐ฌ Real stories
Kevin Mitnick โ from criminal to defender
In the 90s, Mitnick was the most wanted hacker by the FBI. He hacked Motorola, Nokia, Sun Microsystems. He was sentenced to 5 years.
After prison, he became a white hat. He opened a consulting company, Mitnick Security. He earned ~$10k per hour for lectures. He wrote 4 bestselling books.
Lesson: the skills are the same. Only the goal and legality determine โ millions or prison.
Marcus Hutchins โ from hero to criminal to hero
In 2017, the WannaCry virus paralyzed hospitals worldwide. 22-year-old British citizen Marcus Hutchins found the "kill switch" โ a simple string that stopped the attack. He saved billions.
Three months later, he was arrested in the US โ for old code he wrote at 18 (a banking trojan). He got 1 year of probation.
Lesson: your past in security is not forgiven. Never write malware "just for fun".
Pwn2Own โ legal hacking tournaments
A conference where hackers are invited to hack iPhones, Teslas, Windows. They get paid for each found vulnerability. The best teams earn $1-2 million over a weekend.
One of the champions is the Russian team Synacktiv. In 2024, they hacked the Tesla Model 3 โ earned $200k + the car itself.
Lesson: this is not a myth. Hackers really earn hundreds of thousands of dollars at tournaments.
๐ก Why you need to understand hats
When a friend says, "Let's hack our school's website for fun" โ you'll immediately understand:
- This is black hat by definition (no permission).
- Russian Criminal Code, Article 272 โ up to 4 years even for "attempting".
- If you want practice โ there are training sites (HackTheBox, TryHackMe, our platform).
This course teaches you to be a white hat. This is both skills and legality, and money. All three โ in one package.
๐ค Vibe-task: ask Claude
Open Claude (claude.ai). Ask:
I'm starting to study ethical hacking. Tell me 3 real stories
of white hat hackers who earned more than $100,000 on bug bounty
in 2023-2024. Briefly: name, company they hacked, payout amount.
Write down the names in a notebook. In the next modules, we'll read their reports โ this is the best way to learn.
๐ฌ What's next
In the next lesson โ law. What threatens when crossing the line. Russian Criminal Code, Article 272, US CFAA, real cases. And most importantly โ how to do everything legally through bug bounty.