An Inside Look Into Black Hats, Motives, and Cybercrime: Ideologies Explained

No time to read? Listen to this article here:

The famous words of The Mentor in his revered 1986 manifesto called The Conscience of a Hacker still resonate today among our multifaceted hacker subculture, immortalized within the digital pages of Phrack Magazine where it first appeared, and across the annals of time.

For the purposes of this article, we have to address the common misconception most individuals share regarding the generalized term, Black Hat. As with any group that has been categorized and thus stereotyped as a consequence, let’s revisit the stigma so that we can pull on the tangled thread of this misconception until we arrive at a clearer portrait of what a Black Hat is.

Merriam-Webster defines the term Black Hat as a hacker who infiltrates a computer system for malicious purposes (as to disable a website or uncover secret information).

Black Hats are commonly described as hackers who gain access without permission from an authorized user. The act can be compared to a stranger walking into your home and rummaging through your things with or without your knowledge or consent. Naturally, the latter would cause anyone to feel that their privacy is being violated.

Hollywood and the video game industry heavily romanize certain aspects of the hacker subculture, which often portray such as that of heroic radicals. This is not usually rooted in reality. News stories about cyber attacks carried out by some Advanced Persistent Threat (APT) unit organized by a hostile foreign nation-state, or some story about a cyber vigilante who was fighting to whistle-blow on a secret hidden by a dirty corporation that was negatively impacting public privacy but got arrested by the FBI in the process, all have a tendency to characterize hackers in general as being cut from the same cloth.

But while the mainstream portrays hackers as black hoodie-wearing cyber thugs, the fact of the matter is nothing could be further from the truth as the motives behind an unauthorized intrusion are not so black and white, even when the law is fundamental in its stance that unauthorized access is a prohibited act.

While the stance of the law on this is clear, it is the motive of a hacker that is a true differentiator, separating him or her from the typical amoral characteristics we commonly associate with people who break the law. As bold as this statement is, we have learned throughout history that sometimes it may be necessary to disobey a direct order when it violates privacy, freedom, safety, and of course, life itself.

Take for example the case of the Steubenville cyber vigilante, Deric Lostutter, aka KYAnonyous, who exposed the heinous cover-up by law enforcement and school officials in the infamous Steubenville rape case, involving a 16-year-old girl and two high school football players in August 2012. Ultimately, Deric faced more jail time than the now-convicted rapists. It was his view that laws had to be broken because law enforcers themselves were inefficient, choosing to protect the reputation of the football team rather than defend the integrity of the law.

Most of us have probably heard of the celebrated White Hat, the proverbial White Knight of cybercrime. This is a person who is commonly thought of as doing the right thing. But perhaps there is such a thing as the White Hat InfoSec professional who does the right thing for the wrong reasons?

In the end, it’s all about motives - and who is controlling the narrative.

Unauthorized Access is The Key To Cybercrime

Let's take a look at the legal definition of unauthorized access as defined by the US Computer Fraud And Abuse Act, even though its interpretation differs from state to state.

"Unauthorized access" entails approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent. These laws relate to these and other actions that interfere with computers, systems, programs, or networks.

Simply put, the letter of the law prohibits unauthorized access for any reason. So there is a line drawn when that threshold is crossed, which then makes a transgressor a criminal, regardless of the intent behind the attack.

But are things always so binary in the real world? Can categories such as which colored “hat” a person is thought to wear and law transgressors accurately portray the motives or intent of every threat actor engaged in some sort of prohibited act within cyberspace?

If we dig deeper, we may just arrive at the reason why The Mentor posed in his Manifesto the question, “Did you … ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?”

Hacktivist Group GhostSec Speaks Out About Stereotypes

Wembley Partners had the opportunity to interview Sebastian Dante Alexander, previously from the hacktivist group known as GhostSec, whose recent string of cyber attacks have been gaining traction in online news, especially after assisting U.S. law enforcement on their own volition in 2015, after they thwarted ISIS terror plots in New York and Tunisia. The information GhostSec provided allowed the identification and the subsequent arrest of 17 suspects in Tunisia. At that time, they had also successfully terminated over 57,000 Islamic State social media accounts that were used for recruitment purposes and communicating threats that undermined the integrity of our national security.

“Yes. Categorizing hackers, be it by "Hats" or communities, i.e., "infosec" for example I find it misleading and cliche. There are hackers and there are criminals,” said Sebastian.

He added, saying, “Stereotyping a hacker based on intent and targets they attack gets them generalized, and most likely gets targeted in a negative way, be it that they did good or bad. I believe any hacker is a hacker. There should be no "hats" or terms to label us rather we should be all accepted into any community we join and not be seen in the negative way the media and others put us in. Yes of course there are criminals in the field whose only motivation is money and they take their own paths and as such. They are criminals while everyone else who has a proper love and motivation for hacking deserves to be seen as a hacker and a human…

“The reason I do hacktivism and threat intelligence are I believe I can make a difference in the world and support those being victimized and/or silenced me and my group go with the same belief that we can support the people through outsmarting those who are victimizing the people of the world, on top of this motivation we also believe hacking to be an art and something we truly enjoy.”

Cybercriminals Are Criminals Who Use Hacking Skills For Financial Gain

As this controversial ideological piece comes to a close, it is relevant to note that some hackers are effectively cybercriminals motivated by financial gain, which itself comes in many shapes and sizes. These are often the ones whom we are all fighting against.

The contrast between light and dark is self-evident when laws are being bent or broken by 3rd party actors outside the law, but even more so when the law itself takes a disinterest in pursuing a just matter. Whether it’s malware, a phishing attack, scams, or an APT unit committing crimes for the benefit of their foreign controllers, every person is defined by the question regarding why they do what they do.

Perspective is everything: from the point of view of the APT fueled by a strong sense of nationalism, they are hacking for the benefit of their country. But to us, they are the adversary. While ascribing a “hat” to explain certain characteristics might help us think we understand the motives behind an attack, in the end, it's rather arbitrary, especially when we have lost control of the narrative to outsiders who might not always understand what we are doing and why.

An article by

Jesse McGraw

Like this content? Subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!