Hacker is a buzzword these days, with most news outlets generically plugging the term to describe someone (or some organization) that has hacked someone else (or some other organization). What’s unfair about sweeping generalizations is they often misrepresent the true meaning of the word.
After all, it could be that a hacker saves the world. But in reality, most headlines will read something like “Hackers steal billions from such and such,” as if hackers and criminals are interchangeable—an irresponsible representation of the word. If this is new to you, we recommend checking out our creative director’s documentary from a few years ago.
So what is a hacker? Let’s skip the dictionary definitions and instead identify types of hackers. By doing so, maybe we can advance the conversation to more specifically describe security events, and change the public perception of what it means to be a hacker.
White Hat Hacker
White hat hackers are the good guys and gals that identify and fix problems in cybersecurity. They are the ones hired by organizations to hack their networks to find vulnerabilities. They are the ones that reverse engineer ransomware attacks to develop decryption keys. Put simply, white hats are ethical hackers with the same level of skillsets as the bad guys. But they use those skillsets to do good in the world. There’s even a classification program to become a Certified Ethical Hacker.
Black Hat Hacker
The opposite of white hat hackers, black hat hackers are the bad guys. They are the ones writing malicious software and viruses. They are the ones who sell ransomware as a service or offer DDoS attacks for an hourly price. They’re the ones media outlets plug in their headlines simply as “hackers.” Essentially, black hat hackers are those that violate computer security for malicious purposes, most often resulting in data theft or financial loss for the hacked.
Grey Hat Hacker
As the name suggests, grey hat hackers fall somewhere in the middle of white hat and black hat hackers. They might hack an organization and then inform that organization of the vulnerabilities in exchange for a fee. They may instead choose to make that information public. The key idea here is that it illegal to hack a system without permission (white hat hackers, for example, get permission); therefore, grey hat hackers straddle the line of legality and ethics.
And then there are few other hats that have popped up over the years like blue hats, green hats and red hats. This article from 2015 defines seven of them, (and no, dear Harry Potter fan, you don’t get sorted into a hat at a young age). The biggest takeaway is that hackers come in many shapes and sizes. It’s a vague term that originally and generically meant someone with an advanced set of computer skills. Unfortunately, that term has since been deteriorated by bad press.
The Good, The Bad and The Anonymous
Moving on from hats and colors, we enter another slice of the hacking world known has hacktivism. Hacktivists have a specific propaganda behind their campaigns. Which is to say they are politically or socially motivated, and their cause is often freedom of information and human rights.
You’ve probably heard of the group Anonymous—arguably the most notorious group of hacktivists. Much of their activity gets fair press because their end-goal seems just. Such as when they declared war on ISIS or their Friday of Solidarity—a protest supporting the Black Lives Matter movement.
But hacktivism also carries a much bigger stick. For example, many believe that Wikileaks’ dump of confidential emails hurt Hillary Clinton’s presidential campaign. Whether or not that was the case, it’s clear that hacktivism goes beyond website defacing (a common tactic) and DDoS attacks (a distributed denial of service attack that shuts websites down).
Much like grey hat hackers straddle the line of ethical vs unethical hacking, hacktivists straddle the line of cyberterrorism vs civil disobedience. And just like it’s unfair to lump in all hackers with cybercriminal activity (in regards to the example headline from above), it’s unfair to lump in all hacktivists with cyberterrorism.
In an article first printed in Computers and Society in 2000, Mark Manion and Abby Goodrum note:
“Hacktivism has the potential to play an active and constructive role in the overcoming of political injustice, to educate, inform and be a genuine agent of positive political and social change.”
Hacktivists have the power of anonymity and can operate where law enforcement officials cannot. So when there is social injustice, like when ISIS takes their propaganda and communications to the dark web, they may be able to hide from law enforcement agencies, but they can’t hide from hacktivists. Hacktivists are the Batman of the internet, if you will.
But cyberterrorism is also a real concern. Shutting down the internet so you can’t order items from Amazon is one thing. A nation-state swinging foreign elections is something completely different. Many security experts fear that the next wave of cyberterrorism will have a major impact on a nation’s ability to operate. We saw this happen with the attack on Estonia in 2007, which at the time was considered to be the second-largest cyberwarfare attack by a nation-state. It has since been dubbed “Web War One.”
Then there was Stuxnet—a sophisticated worm that literally caused Iranian nuclear centrifuges to destroy themselves, while the operators’ computer screens showed everything as normal. It was the first cyber weapon to successfully destroy physical infrastructure.
Why All This Matters
We usually reserve this space to discuss matters of personal security—strong passwords and VPNs and such. But we also feel it’s important to recognize and understand who and what hackers are. We’re a long way away from news headlines replacing the word hackers with “Black Hats” or “White Hats” to better clarify a security incident. But as with all things in cybersecurity, knowledge and communication play a vital role.
2016, in a word, was epic. There were 56,000 ransomware infections in the month of March alone. Hundreds of millions of accounts were exposed across the globe. It’s hard to imagine 2017 being much different.
We need more hackers to fight back against the bad guys, the nation states and the perils of the internet. We need more hackers discovering vulnerabilities in our software and inventing fixes to our cybersecurity problems. Hackers have given us so much of the technology (the good, the bad and the scary) that we use today. So it’s important to define the types of hackers and encourage the youth to pick the right side. There is no Sorting Hat. It’s up to us to lead by examples and show—not tell—our kids and students why white hats are so important, and why hacktivists might be a necessary extension of justice. Investing in the future is our best weapon in fighting back against cybercrime.
That’s why all of this matters. Now go make sure all those passwords are strong and unique, and enjoy the holidays!
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019