Trend Micro News

Hacker, Hacktivist, or Cybercriminal?

June 17 , 2012

These days the computer news media uses the terms hacker and cybercriminal more or less interchangeably. That can be misleading. While their meanings overlap, they are not exactly the same thing in all contexts.

A cybercriminal is just what the name implies, a person who uses computer technology to commit a crime for which that person can be prosecuted. The crime usually involves illegally gaining access to one or more computer systems to steal information, take them offline or both, either for malicious purposes or financial gain. Breaking into computer systems involves hacking, so a cybercriminal can be considered a type of hacker.

But there are hackers who do this sort of thing legally, so you can’t always associate a hacker or hacking with criminal activity.

White Hat vs. Black Hat

In the security industry, the distinction is made between white hat and black hat  hackers. Organizations hire white hat hackers – sometimes referred to as ethical hackers –  to probe and break into their computer systems to determine the extent to which these systems are secure and make recommendations to improve security. They frequently make full disclosures of their findings so the greater security community can benefit from the information they collect. White hat hackers’ activities are legal since they sanctioned by their clients.

Black hat hackers, on the other hand, are cybercriminals whose intent is entirely malicious. Without invitation, they plunder computer systems for their own gain at considerable expense to their victims.

There was a time when black hat hackers were referred to as crackers because their computer break-ins were analogous to safe cracking by bank thieves. But I haven’t seen the term cracker used in quite some time, so it seems to have gone out of fashion.

I should point out that even the term black hat can be a little misleading. There is an important series of conventions called Black Hat that is attended by security experts and students – many of them white hat hackers – to learn about the latest trends and tools in the computer security industry.

Enter the Hacktivist

During the last several years a new class of hacker has emerged, the so-called hacktivist, who engages in hacking of computer networks and systems as a form of protest.  You’ve probably heard about the group known as Anonymous, a collective of clandestine – and yes, anonymous – hackers who have taken down and infiltrated computer systems belonging to companies and governments with whom they have political disagreements.

Hacktivism does not fit neatly into either white hat or black hat categories.  Unlike either their white hat or black hat counterparts, hacktivists are motivated by politics not profit.  They find themselves at ideological odds with many organizations and feel justified in their computer attacks against them.

However, depending on whether or not you agree with a given hacktivist group’s point of view, you could see hacktivists as either white hats or black hats. In October, 2011, Anonymous took down 40 child pornography websites and publicly revealed the names of over 1500 people who frequented those sites.

But the group also attacked computers belonging to the Bay Area Rapid Transit (BART) and leaked personal information of over 2000 BART users on the Internet. This was done in retaliation for BART officials shutting off cell phone service to prevent people from communicating to coordinate a protest against a police shooting on a BART train.  Whether or not Anonymous agrees with BART’s actions is not really the important thing. The group took action against BART without due process and leaked personal information of BART users who were unlucky enough to get caught in the crossfire of this feud.

Shades of Grey

To a certain extent, hacktivists blur the distinction between white hat and black hat hackers. They often get involved in illegal activities but, as we’ve seen with Anonymous, for causes that can in some cases can be considered just. I would put hacktivists in another category of hacker known as grey hat.

The term grey hat was coined by the hacker group L0pht back in 1998. It was originally used to describe hackers who report the vulnerabilities they find to the organizations whose computers security they breach. Later in 2002, the Anti-Sec community used the term to describe people that work in the security community during the day and work as black hat hackers on off hours.

Since 2002 grey hat has taken on diverse meanings.  The Electronic Frontier Foundation, a non-profit digital rights advocacy group, defined grey hats as ethical hackers who inadvertently or intentionally violate the law to research and improve security.  It is this definition that I think best applies to hacktivists, except that they are not so much interested in improving security as they are in advancing their political causes.