Are all hackers criminals?

Are all hackers criminals?

Not all hackers are created equal. The terms ‘hacker’ and ‘cyber criminal’ seem to be used interchangeably in online media which is both misleading and reductive. A cybercriminal uses online means to profit from illegal activity regardless of the cost to its many victims. Hacker is a blanket term that doesn’t allow for much differentiation between those who hack for good and those who hack for evil. Many hackers hack for profit. But not all hack to profit from online crime.

blog_main_good_bad_hacker

In the US, western films between the 1920s and 40s contrasted heroes and villains with the use of black hats (villains) and white hats (heroes). This term has been adopted to define classes of hacker. There are essentially four kinds of hackers; black hat, white hat, grey hat and hactivists. The key to distinguishing between them lies with the permission to hack.

Black Hats

Black-hat hackers, or simply ‘black hats,’ are the type of hacker that violate computer security for personal gain. Examples of this include stealing credit cards numbers or mining for personal data to be sold to identity thieves. An example of just how lucrative this can be made the headlines recently when a hacker offered over 650,000 patient records for sale on the dark web; a class of different locations online that are hidden from public search engines and regular internet users. The data, stolen from various medical institutions, included names, addresses and social security numbers. The perpetrator will likely make close to USD$800,000.

Black hat hackers are online criminals who hack without permission for illegal financial or personal gain. Some simply hack for revenge or to prove that they can. The term ‘black hat’ is also used in everyday tech language to describe any kind of person or activity that is considered underhanded or somewhat dodgy, such as SEO black hats who drain website traffic and sell it back to the site owner.

Grey Hats

As in life, between black and white there are various shades of grey. A grey-hat hacker falls in the space between a black hat and a white hat. A grey hat doesn’t work for their own personal gain or to cause damage, but their actions may technically be illegal. A grey hat hacker does not ask permission to hack. If a flaw is found a grey hat may reveal the flaw to an organisation privately, enabling them to fix it. Sometimes, however, a grey hat may reveal the flaw publicly which is not necessarily malicious but exposes organisations to black hats who can and will exploit the vulnerability.

Hacktivists

Under the same umbrella as grey hats, hacktivists hack systems as a form of political protest. Anonymous, perhaps the most notorious hacktivists blur the lines of good and bad, always hacking without permission but for what they believe is the greater good. Anonymous have gained a lot of exposure for their Robin Hood type takedowns, such as the hacking and shutting down of child porn sites. They took it one step further however when they leaked the names of visitors to these sites.

When Michael Brown was shot by a police officer in Ferguson on August 9, 2014, Anonymous intervened, collecting evidence to expose Brown’s killer in the name of justice. However, after collating all the data they had collected, Anonymous came to the incorrect conclusion and released the name of an innocent man.

Another attempt to seek justice saw Anonymous leak details of thousands of Bay Area Rapid Transport (BART) users. The hack was in retaliation for BART shutting down cell service during a protest to stop activists communicating with each other. Many innocent personal users were caught in the crossfire and had their personal information leaked online.

Though their intentions are good, the means of hacktivists are illegal and the outcome often display mixed results. Additionally, the key objective of a hacktivist is to hack without permission to further a political cause.

blog_content_breaker_good_bad_hacker

White Hats

White hats hack with permission in what can be a lucrative industry for the highly skilled. Looking for vulnerabilities in companies, hackers are hired to find bugs and alert developers or companies so that they can be resolved. White hats often work for profit but don’t gain from the exploitation of others.

HackerOne is a company founded by two twenty-five year old hackers who discovered a vulnerability in their university’s grading system. After the university was alerted, and the boys were paid handsomely, they founded a business based on the idea that companies will play good money to be informed of breach points before black hats do.

Ethical Hackers are certified by a means of an exam involving penetration tests, whereby hackers seen to penetrate networks and computer systems with the purpose of finding and fixing any vulnerable access points they encounter. While unauthorized hacking, black hat hacking, is illegal, testing that is authorised by an organisation is not.

At Emsisoft, we invite ethical white hat hackers to put our software to the test. We’re keen to improve our products continuously, as we all know such a thing as perfect code doesn’t exist.

Summary

So, as you can see, not all hackers are the same. The key is the permission to hack and the means of receiving any kind of gain from found vulnerabilities.
A grey hat does not ask for permission but has no intention to cause harm or damage though their means may be illegal. A white hat is hired and permitted to do his work. A black hat is not.

Have a great (malware-free day!)

  • Robert Bonomo

    There is something a bit wrong with your definitions of the word hacker.

    Your have forgotten one which I believe is the original meaning as in hacking a square peg into a round hole or in computer terms is like taking two disparate systems and hacking them so they can work with each other. This describes much of the Internet protocols.

    But that is not the main purpose of this comment which is summarised in the following:
    “A grey hat does not ask for permission but has no intention to cause harm or damage though their means may be illegal. A white hat is hired and permitted to do his work. A black hat is not.”

    So where does this put an unnamed Nation State Agency. They are hired and permitted to work and do not ask for permission but also do not fit white nor grey since they intend to harm as we saw in Stuxnet. “Stuxnet is a malicious computer worm believed to be a jointly built American-Israeli cyberweapon.” They fit the black hat definition a bit more but are not online criminals as the government knows of their activity but does not prosecute and there is no personal gain involved; not even bragging rights.

    • John Doe

      They used stuxnet for a greater good so I think they are on a category of theyr own.

      • Robert Bonomo

        So then any time someone has a “noble” cause which they define as “noble” it means rules don’t apply. A funny little man who looked like Charlie Chaplin thought he had a “noble” cause about 70 years ago.

        • John Doe

          To me stoping madmen such as North Korea/Iran leaders from completing nuclear weapons and destroyng the world qualifies as a noble cause and they can do it by any means necesary.Compared to boots on the ground and all out war its a small price to pay dont u think?

          • Robert Bonomo

            You miss the point.

            Anyone can justify anything by convincing oneself that their case is noble. Both those names you mention are convinced, I’m sure, that their cause is “noble” thus they have/had a god-given right to act the way they do/did and thus their actions and approved by some “GOD”. In the last 2 great conflicts both sides were convinced “god” was on their side. It was BS. I’m glad about the side that won. The alternative to “boots on the ground” is to have no reason to put “boots on the ground”.