We hear about hacking all the time. This country hacked that country's government. This hacker group has hacked a database and is holding it for ransom - or worse, has leaked everyone's data. Cyberattacks, supposedly the only way to fight a war in these modern times, and doxxing, a form of cyber-revenge...
Considering the mainstream perception of hackers, maybe we shouldn't wonder about the point of hackers so much as why do hackers have to be so mean, ill-intentioned and malevolent?
If that's the only question we ask, we're overlooking the full range of hackers, as well as the types of hacking activity and their purpose.
| Hacker identities: |
|---|
| White hat hackers: benevolent, ethical hackers. |
| Black hat hackers: malevolent, unethical hackers. |
| Grey hat hackers rest along the spectrum between white and black hat hackers. |
| Red hat hackers: the Robinhood of hackers. |
| Blue hat hackers are 'service' hackers. |
| Green hat hackers are novice hackers. |
Still, if pressed to give a unifying answer to the question of why hackers hack, it's simply this: because they can. It's a challenge they're keen to overcome, regardless of the purpose of their hacking. When put in those terms, hacking almost sounds noble, doesn't it?
As with everything, hacking has its pluses and minuses. Hacks can be better defined and easier to categorise; that's what Superprof undertakes now.
Hacking for Financial Gain
Ransomware hacks are some of the most oft-perpetrated; they're generally meant to net the hackers a hefty payday. Naturally, this type of hack implies that the targets would have substantial resources to pay the groups' demands.
The high-profile 2017 WannaCry ransomware attack is a prime example of a cyberattack conducted for financial gain. Launched worldwide, that cryptoworm debilitated computer systems running Windows operating systems, including the UK's National Health Service network and various universities in China.
It even infected the Chinese Public Security Bureau network.
However, delivering ransomware, either via an email phishing scam or a vulnerable server message block (SMB) port, as WannaCry was introduced in systems around the world, are not the only ways that hackers can plot for financial gain.
Some hackers make money by writing damaging or infectious code that they then sell to other hacking groups; sort of the cyber equivalent of an arms dealer in the real world. Others may hack databases to harvest client data that they then sell on the dark web while still others may use individuals' files, photos, videos and so on, for blackmail.
Identity theft is another way for hackers to gain financially from their activities.
Hackers may use such information to:
- open bank accounts, apply for credit cards and take out loans in others' names
- apply for and secure mortgages
- access and use others' credit card information
- apply for or redirect government benefits in others' names
- obtain vital documents such as passports and birth certificates, or to immigrate to a country they would otherwise have no access to
These black hat hackers may also hack in to individual computers to send phishing emails or scams, and they may even make voice calls from your devices that appear to impersonate you.
This type of hacking is generally what people think of when the topic comes up; it ties for first place with the next reason why hackers hack.
Hacking for Power and Control
Although WannaCry and other hacks like it were/are primarily financially driven, they are also about power and control. However, some hackers hack for those reasons with no financial motive involved. Stealing industry secrets is a good example of such.
Corporate espionage happens more often than you might think, and in several different ways. SQL (structured query language) injections account for more than half of all espionage forays. They involve attacks on servers' backend databases to gain access to company secrets and customer information.
Cross-site scripting (XSS) accounts for roughly 40% of corporate hacks. They consist of taking limited control of a network or system to trick users into performing actions that will benefit the hackers. For instance, you might make a legitimate database query only to get an unexpected return because the hacked system has redirected your query.
Brute force attacks and DDoS (distributed denial of service) attacks are some of the oldest and simplest hacking methods. Brute force involves guessing at a password until it's cracked, thus gaining access to a system and DDoS uses that gained access to wreak even more havoc.
Of utmost concern to corporate IT departments everywhere are commercially available password cracking tools. You can surely guess the reasons why.
Stealing company secrets isn't the only way that hackers can gain power, control and influence. Political espionage, as sinister as it sounds, is quite routine. Governments around the world regularly engage hackers to infiltrate other countries' government computer systems for a variety of reasons, from stealing military and national security secrets to hacking elections.
Incidents of government and corporate hacking are generally considered of the grey hat variety because they involve benevolent and malicious intent. They are often labelled cyberattacks in the media, though that description is inaccurate.
You may need an in-depth explanation of cyberattacks to know the difference between a hack for power and control and one that intends to damage and destabilise.
Hacking to Cause Harm
Some hackers aren't looking to score big or make a huge impact; they only want to muck things up. If they can cause individual-level panic or interrupt a vital service - government, corporate or some other major system, they consider their work well done. Obviously, they should be considered black hat hackers.
Some hack for personal revenge. If you've ever heard of someone's social media accounts being hacked and having inappropriate content posted to them, or getting doxxed or being locked out of their devices (not because they entered the wrong security codes), those are all instances of hackers hacking just for the fun of it.
What do they get out of such activity?
There's a sense of accomplishment that accompanies every successful hack, no matter how trivial or petty. Never mind that an individual's life may come into difficulty because their social media feeds suddenly show unsavoury content, the achievement lies in causing chaos.
With some exceptions, such as the next category of hackers, that is what hacking is all about.
Hacking to Make a Point
Not all hackers are malicious or out to make money; some hackers hack for the betterment of humankind, the world and the cyber-environment.
It's not hyperbole to state that you can find anything online, from the socially beneficial to... well, any hedonistic pleasure you might wish to indulge in. Such was the case with Ashley Madison, a site that connects married and committed-relationship people with those they might want to have an affair with.
The hacktivist group Impact Team attacked that website and its sister site, Established Men, infiltrated all of their client databases and accessed their personal information. Their aim was to shut these sites down but they were unsuccessful; both are still active today. The hacktivists nevertheless made public all of the clients' information - some 32 million users.
Later, they extorted those clients for a small ransom in exchange for not having their data made public.
Impact Team could be considered a red hat hacking group because they're working towards the betterment of society via not-strictly-legal means.
Other hacktivist groups hack for religious, political, environmental or social causes. For instance, while Donald Trump was the US president, the website loser.com redirected to his Wikipedia page. This would be a case of white hat hacking.
After all of this black hat hacking, it's good to talk about the good points of this type of activity. Still, there is much to say about hacktivism or ethical hacking; our companion article explains it all.
Hacking for Security Reasons
So far, we've covered black and white hat hacking, grey hat and red hat. The only two left are green and blue hat hackings.
The green hats are easy to explain: they are novice hackers, perhaps just learning how to code and discovering what they can do. You may find many such hackers at hackathons. Those are engaging events when hordes of hackers convene to hack their way through a fictitious challenge. Upon successful completion, the 'winning' hack team may receive a prize or some other sort of acknowledgement.
The blue hat hackers come in two shades: the corporate IT types who routinely hack their own systems to probe for vulnerabilities and, oddly enough, those seeking personal revenge in the form of doxxing or ruining someone's reputation. That type of blue hat hacker has dangerous parallels with a black hat hacker.
Blue hat hackers are often knowledgeable programmers contracted by software companies to test new programs ahead of a new release or update. They may also be invited to deploy benign cyber attacks on a system to see how well it could stand up to a malicious hack. Microsoft is known for this type of conference; attendees are referred to as blue hat Microsoft hackers.
Now we know that hackers aren't necessarily malevolent actors hunched over their keyboard in a dark room; sometimes they operate in the light of day and for the good of all.
Or for their own advancement, like those Mass Effect gamers who learn game-specific hacking skills.
Enjoyed this article? Leave a rating!
Loading...
