Hackers – who are we defending ourselves against?

Hacking and hackers are shrouded in many myths, perhaps most notably by film production and journalists who need to engage their readers and viewers. But very little of what we see in the media corresponds to reality.

So who are the dreaded hackers, can I identify them and what do they have in common?

Hackers come from different backgrounds, different parts of the world and different social classes. You can’t generally say that the typical hacker is a twenty-five-year-old white guy, addicted to caffeine from energy drinks, who doesn’t get along with his peers and spends all his free time in a dark basement surrounded by computers.
What most hackers have in common, however, is the ability to use things in ways other than how they were intended and to circumvent obstacles. Whether it’s physical, technological or psychological.
In the beginning, it’s curiosity. How the world around us works, how different tools work and how the human mind works. And if the object of interest has any weaknesses in its design that can be exploited or abused (this is often a rather subjective assessment).

Opening the lock

When you want to open a classic lock, it’s a good idea to know how its mechanism works first. Then you can use the tools and techniques to open it without a key. Or you can simply use explosives. While this can be fancy, it has a few minor drawbacks. Someone may notice and have strange questions like if the door is yours, why you don’t unlock it normally, and where you got the untaxed explosive. Sometimes it can also be handy so that the owner of the lock doesn’t even find out in the future that it was unlocked (it’s pretty hard to lock after using explosives). Well, and it can also happen that the explosion will destroy what is behind the lock and what you are doing it for in the first place. Not to mention that if handled carelessly, it can radically reduce the number of your favorite limbs.
That’s why it’s quite handy to know that there’s a mechanism in the lock that can be opened fairly quickly, quietly, and without further consequence. Therefore, hackers are usually very familiar with the systems they are attacking. As we will show later, this does not mean that the hacker has to be a computer genius. There is room for hackers in almost every field.
After all, hacking isn’t just getting into places we shouldn’t. It can also be the ability to use things differently. For example, the recently popular biohacking is not about sneaking into (preferably) your own body and taking something there. Rather, we’re trying to improve the processes that happen there.
I’ll stick to describing hacking in the most familiar IT sector, but basically anything can be applied elsewhere in some way.

Hackers, fashion and the state

WesternBecause the world needs pigeonholes, hackers have also started to divide themselves into groups: black hat, white hat and grey hat. This designation was taken from Hollywood Westerns of the 1920s, where there was an unwritten convention that heroes wore white hats and villains wore black hats. At least that’s what Wikipedia says.

Black hat hackers are the equivalent of the negative heroes of the wild west. They use their knowledge to enrich themselves or harm their victims. A black hat hacker will break into your bank account and take your money, install a webcam tracking program on your computer or crash your company’s website.

A special subset of black hat hackers are state-organized hackers. These are usually employees or contractors of the secret services or military who are tasked with cyber attacks on targets outside the territory of the state. Compared to independent hackers, they have a big advantage in that they have access to the best technology or other resources and can thus afford attacks that are unavailable to others. But this topic deserves its own article. So more about that some other time.

A white hat hacker will also hack into your company’s website. But there is one significant difference. He will only do it with your permission. That’s why they’re also called ethical hackers. Why would you give your consent? Precisely because you want to know if your business is secure against such an attack. If a white hat hacker succeeds in such a penetration, he will do you no harm. On the contrary, you’ll get a precise description from him of what needs to be fixed so that no one else can get in. And you pay him for it. That’s called penetration testing. White hat hackers often set up companies to help their customers improve the security of their systems.

Grey Hat hacker – often claimed to be something in between. But rarely do you learn what it means to be something in between. Can someone be just a little bit of a thief? It’s more likely that the line between white hat and black hat is blurry. A hacker may pose as a white hat, but there is a suspicion that he is also using his knowledge and skill unethically. Alternatively, he attacks companies, organisations or even states without their consent or knowledge, but he is motivated (sometimes subjectively) by good reasons. He may be an environmental activist, a human rights campaigner or even a religious fanatic.

Legal versus ethical

At the same time, we need to distinguish between legality and ethics. Laws are different in different parts of the world. Here in Europe, for example, there are different rules almost every 500km. What is legal in Prague may be criminal in Vienna. And because the Internet has no borders, it makes it even more complicated for judging. In countries like North Korea, for example, any use of a computer is illegal in most cases. Therefore, it is not possible to judge hackers according to local national law. Especially at a time when nation states are starting to lose their meaning.

Blind shooters and non-state armies

There is another group. They are not hackers in the true sense of the word. More like wannabe hackers. They’re known as “Script kiddies”. Today, there are a large number of hacking tools on the Internet that are freely downloadable. And it can be tempting to look like a hacker in front of your buddy. It’s not difficult to download a program, press the imaginary “Hack it!” button. But the attacker usually gets nothing. Because even with these tools, you need to work with purpose and precision. On the other hand, even if he doesn’t gain anything, he can still do some damage (corrupt the database, delete important files, overwhelm the network, etc.). Therefore, it is important to protect systems even against such amateur attacks.

In the cyber world we can also find non-state organised hacking groups. They are actually small armies of hackers who have a common goal and try to achieve it by joining forces. However, this does not necessarily mean that these groups meet in secret places and carry out their attacks (ethical or unethical) from there. The individual members often do not know each other personally. They may be scattered all over the world, operating under aliases, and all they need to know about each other is their abilities. This ensures, among other things, their physical safety. If a member of the group is discovered, they can’t reveal anything important about their colleagues.

I want to become a hacker

A common question is how one can become a hacker. The answer is not simple and certainly not universal. Hacking is about learning and deepening your knowledge every day. Basically, anyone who is an expert in their field and has the desire to keep improving and delving into every detail can become a hacker. There isn’t even a clear line where we can say that we (or anyone else) is a hacker. While there are various courses and certifications, even that is not a prerequisite. A certificate doesn’t necessarily make you a hacker if you don’t keep doing it, and on the other hand, the lack of one (it costs time and money) doesn’t mean you’re not a hacker.

Well then, how do I open the lock?

It’s not hard and after practicing it can go fairly quickly. But this is just a basic technique, it’s more or less a sport (yes, there are competitions). Professional thieves hardly use it.

See the video for instructions, and I’ll tell you how to defend your digital locks 🙂

Milan

Jmenuji se Milan Půlkrábek, pamatuji si počítače bez internetu, Internet bez Google a mobilní komunikaci bez šifrování. Mám za sebou více než dvacet let profesionální praxe v IT, přednáším a píšu články o IT bezpečnosti, kryptoměnách a nových technologiích. Od roku 2014 jsem součástí nezikové organizace Paralelní Polis v Praze.