Please explain if White Hat is an ethical form of hacking or a person using his or her hacking abilities under the pretense of doing a good deed to extort companies out of money?
A White Hat is actively searching the Internet for websites with known vulnerabilities. Once they locate a vulnerable site they exploit it to sample a small amount of secure data. With the information obtained from the website, they approach a company associated with the site, present their findings, and request a monetary fee to secure the companies site.
Looking only at the information that we have in this question, this is an ethical form of hacking. It could become unethical and extortionate if the “white hat” were to do the wrong things with the information they gain.
From what we are told in this question, this is ethical hacking because of the motive behind the hacking. The white hat is not trying to harm the company. Instead, the white hat is trying to help the company by finding its weaknesses and patching those weaknesses up. This is something that companies routinely hire people to do.
However, this could become extortion depending on what the white hat does with the information. If they simply go to the firm and present their findings, and then walk away if they are not hired, they are not doing anything wrong. However, if they imply that they will use the information to harm the company if they are not hired, they will be committing extortion.
In short, the ethics of this situation depend on what the white hat does with the information. If they threaten the company (or if they actually use the information to harm the company) they are not being ethical. If they only hack to show the company that it has holes in its security, they are acting ethically.