The Mind of the Hacker

When All the Cowboys Have Black Hats:  The Good, the Bad, and the Ugly in the Hacking Community

With the dawn of the computer age, an entire new dimension of puzzle-solving and mathematical calculation became accessible to the everyday consumer.  Computers transitioned from being massive million dollar machines requiring entire rooms to house them, to affordable household items.  For many of us, the 'code' that makes computers work remains just as arcane as witchcraft was to a Salem jury.  However, there exists a community of gifted individuals with the mathematical, analytical and problem-solving abilities to unlock the mysteries of computer coding.  And with the proliferation of the world-wide internet in the last two decades, the entire world has become their playground.  An individual with the training, knowledge and talent to manipulate computer coding finds work in the industrial technology industry, as a computer programmer or program developer or in a multitude of other fields.  It is these same skills that allow them to work their way around and through the controls placed on a computer system that would leave their less-savvy (and more right-brained) counterparts at a standstill.

Individuals able to work their way around controls placed in systems specifically to stop that happening are referred to universally as "hackers."  Just like any man who carried a gun and rode a horse in the Wild West was called a cowboy.  However, the silver screen conveniently differentiated cowboys for us by placing the hero in a white hate, and the villain in a black hat.  In the hacking community, just like in the Wild West, there are those who use their hacking skills for good, and those who use them for evil.  Unfortunately, hackers are not nearly so easily distinguished as the motion picture cowboys of Hollywood's western heyday.  In the real world, all hackers tend to look, act and often work, very similarly. To complicate matters further, they often skate very close to the thin line of legality, and some weave back and forth across it with a steady irregularity reminiscent of closing time at the local saloon. In short, they all wear black hats.

Who Are They

Hackers as a community often have a few distinguishing characteristics.  Obviously, there are exceptions, as it is impossible to quantify a group of individuals completely. However, hackers, in order to be good at what they do, will, at the very least, have in common the abilities that make hacking possible. Most hackers are males, generally past puberty (older than 12) and young enough to have been exposed to computers at an impressionable age (which usually puts them below 35). They often have the ability to remember ridiculously long and complex strings of their long-term memory! Hackers are often described as obsessive, and have the ability to concentrate on technical problems for a phenomenal length of time, spending long hours in front of computers.  Their interest/obsession with computers often works to isolate them socially, resulting in poor development of social behaviors, and a 'loner' mentality.  In fact, they often relate better to computers than to humans.  Again, these are generalized, (although common) shared behaviors, and cannot possibly define all hackers. 

In addition to distinguishing generalized hacker behaviors, it also helps to understand how a hacker relates to the world, especially since it is often very different from the way in which an average consumer would view things.  Hackers have a very distinct way of approaching the world and problems. For example, a good teacher cannot read or research information without automatically thinking of ways in which to disseminate it, or involve others in the learning process.  A good mechanic cannot ride in a car without subconsciously assessing whether or not the engine is running smoothly, the brakes are functioning, and the alignment is correct, or what should be done to fix it.  A good doctor cannot look at a person without determining whether or not they appear healthy and normal, and what could be done to cure them.  A good bodyguard automatically assesses threat values in every new situation, and what could be done to neutralize them.  Hackers are similar to each of these professionally trained people with a natural aptitude for their field. Good hackers automatically assess and understand system strengths, and know what could be done to either strengthen that system, or compromise it.  It's just how their mind works!

Why They Hack

A fundamental question to ask when attempting to understand behavior that often becomes criminal, is why the subject behaves in that way.  Regardless of whether or not they hack criminally, hackers often answer these type of queries remarkably similarly.  Common themes describing why hacking fascinates them revolve around the challenge of cracking computer code, of breaking into a system and forcing it to reveal its secrets to you.  Hackers have a great deal of intellectual power and energy, and it has to go somewhere.  Focusing it on solving a problem that no one else can solve gives an undeniable self-esteem boost and a mental 'high' that is difficult to duplicate.  The risk element (knowing that you could get caught and prosecuted, or at the very least that you shouldn't be doing something) gives hackers a fierce adrenaline buzz.  Hackers often see their activities as pure fun, and occasionally as a way for revenge.  In addition, hacking is often seen as 'sticking it to the man,' working against big corporations and administrations, which appeals to the essentially independent nature of most hackers. 

Successful hackers have to be able to think outside the box, and come at problems from an entirely new angle. Hacking is an intellectual challenge, part of an infinite search for more knowledge. In addition to the satisfaction of figuring out how things work and solving a puzzle, each successful hack makes them that much better at what they do. Often, the ability to manipulate a system in any way they want gives the thrill of control, especially attractive to hackers who feel they lack control in other areas of their lives.  In addition, hacking can be a road to fame, becoming well-known within a certain community.  Compromising difficult systems confers bragging rights for the hacker.  Finally, hacking can be a source of money; the better you are, the more profitable it can be.

The Good, The Bad and The Ugly

Essentially, whether a hacker is good or bad, or just plain ugly, depends on which of the motivations just discussed is acting as their primary driver. "Good Cowboy" hackers can be extremely valuable to the computer and software industry.  They develop firewalls, software, patches and methods of improving security. Good hackers will explore and test systems for faults that could be exploited, and work with companies to create more hacker-proof systems.  Often, they are employed by companies as the 'hired gun' who comes into town to tell the "bad cowboy" hackers not to mess with this particular rancher. 

Good hackers are invested in pushing the boundaries of technology onward and upward, stretching system performance to be the best it can be.  They use hacking as legitimate avenues of inquiry and information gathering.  Essentially, it is vital for the computer industry to have its cadre of good hackers, enabling it to help itself, and keep software vendors on the up and up, rather than leaving both the industry and the consumers to the mercy of the unscrupulous.

Bad hackers would be those whose primary motivators are revenge, destruction or profit. Malicious hackers are those individuals whose goal is to destroy data and information, destroy revenue, and otherwise compromise a company or individuals ability to move forward profitability.  Some of these hackers work against the government and/or big business for the purpose of spreading anarchy, chaos and confusion.  This kind of behavior can be driven by idealism, a misplaced sense of 'fun,' or sheer ignorance of the advantage criminal organizations will take of the chaos they create.

Many hackers who originally began for the thrill or the challenge, graduate to doing it for monetary gain.  The confidential information they can strip from supposedly secure systems can be sold to organized crime syndicates, counter-intelligence agencies of foreign countries, the spamming industry or other hackers. In addition to the information, hackers can sell the back door they have found or created into the system, allowing permanent access to the purchaser.  Finally, hackers doing it for the money sometimes become exploiters, charging companies blackmail money to cover up the fact that the system has been compromised.

What they Can Do to You

With the rise of consumers using computers as their main data storage and secure information repository, the stakes are high for potential break-ins.  In addition, Wi-Fi, networking and world-wide access to internet is connecting all of these computers. Initially, the main threat was viruses released indiscriminately to do maximum damage.  Today, the virus threat is declining, and the threat of a system being intentionally compromised by a hacker, for nefarious purposes, is becoming far more likely.  And although awareness is increasing, the subtlety of cyber attacks has helped destructive hacking become a crime wave that cannot be solved by a main street shootout.

Any business with a Web site is a target for hackers to perpetrate a wide variety of unpleasantness.  In addition, the rapid proliferation of PDAs, mobile phones, Ipods and a multitude of other devices that can connect to the internet, has provided hackers with a plethora of new entry points.  Criminal hackers primarily focus on gaining free access to proprietary systems and databases.  Theft of confidential information can result in identity theft and financial fraud, as well as loss of proprietary data.  They can deface websites and cancel vital services, like phone and electricity, as well as create 'denial of services' situations.

How they Do It

Malicious Hackers create a variety of tools to wreak their havoc.  They can write tools and/or applications with the ability to crack passwords or make a user on a system invisible to system security.  Many hackers create something called a 'vulnerability scanner' which scans millions of systems world-wide with astonishing rapidity, flagging and identifying systems with low-level security or protection for the hackers' specialized attention at a later date.  Hackers will also spend time discovering flaws in software that allow either information gathering or information destroying worms and viruses to be introduced and propagated. In addition, hackers write and use (or sell) something called "exploits" which are software applications or tools specifically constructed to take advantage of unpatched holes in widely marketed software.  Something called a "zero-day" exploit strikes at a hole or vulnerability that no one know was there until the damage unleashed by a worm or virus is devastating.

How You Can Stop Them

The first step in stopping the criminal hackers is to refuse to be intimidated by the mythical fast draw.  Never give in to blackmail or exploitation, and contact the legal authorities as soon as you suspect your system has been compromised.  Be aware that anyone can be a target, and be savvy about what kind of information you display or post online.  Make sure you have the best security protection that you can afford, and that it is sufficient to the nature of the information you have stored within your system.  (An icecream store and a legal firm would have different needs).  Train your employees and/or family members about security risks and improper disclosure of information.  Make sure that you have adequate back-up for your vital data files and information.   Finally, support education initiatives that will instruct young people on acceptable use of computer resources, and how to channel curiosity and talent into acceptable paths.