Good and bad is a reoccurring contrast in many aspects of society. We find it in fairy tales, our behavior, our opinions (it can be subjective…), the rules (but the law is quite clear on what’s good and what’s bad), etc. These concepts also play their role in the cyber world when it comes to hackers. ‘Hacker’ is a rather broad concept that can refer to many things: a person who can hack, a hacker who uses their skills to commit crimes, or a cyber criminal. Important to note is that not all hackers immediately are criminals. In this post I want to discuss two classifications: black hat hackers and white hat hackers.
Black Hat Hackers
The cyberspace creates new possibilities for crime, namely cybercrime, and thus for a new type of criminal: black hat hackers. Black hat hackers are cyber criminals that use hacking as part of their M.O., I would argue. They aren’t just cybercriminals, as this form of criminality goes beyond ‘just’ hacking (see my blog on social engineering for example). Their actions are driven by malicious intentions mainly for their own profit at the cost of other individuals or companies.
Cyber crime itself is something that developed together with the development of cyberspace. There are a four features that Jahankhani, Al-Nemrat & Hosseinian-Far (2014) discuss as contributor to the new opportunities offered by cyberspace. First, globalization (as with many security issues) minimizes the role of conventional boundaries such as territorial borders. These haven’t completely disappeared though, since for example critical infrastructure of cyberspace is placed within nation territory. Second, networks create ways of victimization. Third, synopticism and panopticism creates a certain surveillance culture in which technically all can watch all provided with the necessary tools and skills. And finally data trails leave ‘bits’ of information about someone online. Together though, they can lead to identity theft. Cyberspace enables conventional crime to be continued online, but also creates opportunity for new crime.
Cyber crime is a rather new concept, which refers to a broad extent of criminal online behavior. We can include many crimes like doxxing and identity theft, but a real consensus on the meaning is yet to be reached. As stated before I would argue that a ‘black hat hacker’ is a cyber criminal with malicious intentions using hacking as tool, considering that hacking and cyber crime do not mean the same thing.
White Hat Hackers
On the other side of the spectrum we can speak of ‘white hat hacker’. The colour contrast is one we often see when speaking of good and bad, and also in this case the lighter colour refers to the ‘good side’. White hat hackers have the skill of hacking, but don’t use these skills to do harm. They stay within the boundaries of the ethics of hacking.
White hat hackers can use their skills to improve the overall cyber infrastructure by searching for weak spots and instead of exploiting these, make the company aware of them so they can be fixed. By looking for example for zero days, which are vulnerabilities in software, once found a security patch can be created for it. In general, white hat hackers are individuals that don’t use their skills for criminal behaviour but rather for ‘the good’.
Though a division like ‘good’ and ‘bad’ is satisfyingly plain, it is rarely so easy. In my fourth blog ‘hackers without borders’ the perpetrators are clearly black hat hackers, but in my blog on the Ashley Madison I discuss a case that is already harder to judge so easily. Although the hackers clearly engaged in criminal behavior, their actions had (for them) some moral grounding. In some cases the hacker seems to be in a rather grey are, but this is a topic for another day (probably in a week or so, very randomly estimated).
Sabillon, R., Cano, J. M., Serra-Ruiz, J., & Cavaller, V. (2016). Cybercrime and Cybercriminals: A Comprehensive Study. International Journal of Computer Networks and Communications Security, 4(6 June), 165-176. Availbale at http://www.ijcncs.org/published/volume4/issue6/p1_4-6.pdf
Jahankhani, H., Al-Nemrat, A., & Hosseinian-far, A. (2014). Cyber crime Classification and Characteristics. In B. Akhgar, A. Staniforth, & F. Bosco (Eds.), Cyber Crime and Cyber Terrorism Investigator’s Handbook (pp. 149- 164). Waltham, MA: Syngress. Available at https://www.researchgate.net/publication/280488873_Cyber_crime_Classifica tion_and_Characteristics