Skip to content ↓ | Skip to navigation ↓

We’ve been hearing a lot about hackers recently, mostly in connection to serious data breaches. We think of hackers compromising the nude photographs of popular female celebrities, including Jennifer Lawrence and Kate Upton. We think of them stealing 56 million Home Depot customers’ credit card information. Or using Backoff malware to infiltrate Kmart or Dairy Queen.

All of these incidents teach us to think of hackers as nefarious individuals.They will stop at nothing to degrade our privacy, steal our identities, and ruin our experiences in cyberspace. Their craft is dishonorable, and so they deserve to be hated—and feared.

But is this stereotypical? Are all hackers like this?

In honor of National Cyber Security Awareness Month, which aims to improve user awareness about cyber threats online, below we problematize some of the most common hacker stereotypes we’ve come to learn and love. We do this in an effort to appreciate hacking for the complicated, variable and highly individualized practice that it is.

 Myth #1: Hackers Are Maladjusted Young People Who Live In Their Mothers’ Basements

shutterstock_150161756We all know this one quite well. Some of the most dangerous hackers—the myth goes—wear black T-shirts, have long hair and are under 30 years of age. They spend all of their time on the computer – a passion which they use to isolate themselves from the rest of society. They are weird and maladjusted, which helps to explain why they want to do what they do.

Sure, there might be hackers that fit this stereotype but countless others do not. Take the idea that hackers spend endless hours at the computer—this is a common misperception of computer scientists that, despite its wide appeal, doesn’t hold any water. In fact, many hackers have balanced relationships with their computers while others even have “day jobs” and just hack on the side.

Hackers can have healthy relationships with their peers and families and have proven records of academic excellence in school. Some may be young, but others are not, having spent decades accumulating their technical expertise. Many are well-adjusted to society, which in one light could make some hackers more dangerous.

John Walker, CTO of the Cytelligence Cyber Forensics OSINT Platform and a Blogger for Tripwire, explains: “There are [some] in our midst equally dangerous and very well accomplished over a number of years in which they have learned their trade, honed their skills, and could just be that guy sitting next to you in your office – so think again, don’t make too many preconceived judgements, and remember to consider the ‘Unusual Suspect Factor.’”

Myth #2: Hacking Is A “Boys Only” Club

shutterstock_158390291Hacking may be a predominantly male activity but that doesn’t mean that there aren’t female hackers out there. For instance, a loose 22-year-old group of women known as Haecksen, a hacker club that uses for its name the German word for “witch,” helped organize the Chaos Computer Club (CCC) Congress in 2010.

Other female hackers have spoken at DefCon or write viruses that destroy information instead of stealing it. We might hear the most about male hackers, but women are just as active in hacking communities.

Myth #3: All Hackers Are Masters of Their Craft

The way we paint hackers today elevates them to a level of unmatched technical prowess. Using this platform of expertise, they compromise any system they want with ease, regardless of whatever security protocols may be in place. Subsequently, as information security professionals, we are forced to play defense against these computer masters. shutterstock_131313473

Mark Stanislav, Security Project Manager at Duo Security, explains this is not always the case: “Manipulation of systems is often as predictable as watching the sunrise from the east every morning. After enough practice and/or education, a hacker of a specific context can likely say, ‘Oh, I’d totally try to do XYZ to hack that’ given a scenario.”

Additionally, not all hackers are necessarily skilled computer programmers. Sometimes all hackers need to know is where to look with respect to a particular system configuration or maybe they let a tool do that for them, despite having minimal understanding of how the tool works. Ultimately, we all know that it doesn’t take a computer expert to break into a network.

Myth #4: All Hacking Is Bad

The notion that all hackers intend to cause harm is one of the biggest hacking myths today. Lamar Bailey, Director of Security R&D at Tripwire, says:

shutterstock_169402199“Hacking systems to gain access to data or features that are denied to the current user is the most popular definition that most people think of when it comes to hackers, but it goes much deeper. Hacking hardware to add new features has become a very popular way to extend the life and increase the security of all devices in our homes.”

Ultimately, hacking has less to do with compromising data then with developing creative solutions to technical problems. Ken Westin of Tripwire rightly notes this fact: “Hacking is about understanding the underlying nature of technology—knowing specifically how things work from a high level all the way down to its most granular components. When you fully understand how things work, there is power in being able to manipulate it, shape it and utilize it in ways it may not have been intended to.”

In this sense, hacking, like many other things, comes down to intentions. Ethical hacking can improve the security of various products, whereas malicious hacking seeks to undermine data integrity. It’s how people hack which shapes the nature of a particular incident.

Hacking In All Its Colors

We hear a lot about hackers these days, but mainly those who are after people’s personal and financial information. The majority of hackers out there aren’t social miscreants who are technical masters bent on shutting down the Internet. They may be less knowledgeable, or they may be in the hacking business for the sake of computer security. The sooner we realize hacking’s variability, the sooner we can champion the whitehats who are helping to protect us, and the sooner we can broaden our focus to target those who threaten our security online.

 

Related Articles:

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerabilities. picThe Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Images courtesy of ShutterStock.

Hacking Point of Sale
  • Coyote

    From someone who has been under and above ground for around 20 years (different name), I want to thank you for this. It is so true. If it weren't for hackers – real, original meaning – we'd not have the Internet as it is, because of exactly what it is: taking what seems impossible and making it reality and not only reality but a positive reality and a wonderful learning experience. The misinformation/lies/slander/libel from the media and governments don't help any, either, but that isn't really surprising, sadly.

    I'm going to remark on the myths though, because it interests me a lot. But definitely, this isn't black and white (if you excuse the pun) like some seem to think.

    1. Funny thing is that fit me exactly and to this day I'm a recluse, I have long hair and I wear all black (but I am older than that and I never exactly lived in a basement…). I never did get along with my peers, either, not in person anyway. But indeed there are a lot of differences and it was never just anti-social (observe: not asocial like a recluse, like me, but instead anti-social, which is different, very much indeed) teenagers causing havoc.
    2. "Other female hackers have spoken at DefCon or write viruses that destroy information instead of stealing it." I actually was a friend with one of those females listed on the second link in myth #2. Lost contact years ago… I know she tried to contact me but it was in a time I was unable to get the message (this was after her arrest, that she tried to get back in touch) and never heard anything since that time. As for CCC Congress. This, I gather is related to the CCC itself, which is much older? DefCon… an old friend and I were not long ago talking about this, how it is hard to imagine how old it is because it feels like not long ago it was still in its infancy…
    3. Definitely true. Hence script kiddies and similar. There's a tool for everything, pretty much. It's always been this way, too. I actually do a lot of computer programming (and other things), have for years, but I don't even consider myself great or in this group (part of that is lack of esteem, part of it is I don't typically identify with others.. though still associate some).
    4. This is an interesting one, too. First, it used to be where it was all good. At least in theory. But nothing is that simple which is why the term cracker came into existence, to label those hell-bent on damage as crackers instead of hackers. As you point out, intent matters. I personally believe that it is missed in many other things, in life (if someone truly does not mean to be offensive to someone but comes across as offensive, is it just as bad as if they were intending to be offensive? I think not but many DO think it is equivalent). There's old wisdom that if you cannot break into your own computer, how can you be sure you can PROTECT it? That is ancient. Wonder why there is penetration testers now? (Obviously rhetorical). There is no good without evil and there is no evil without good and that goes for computer security and everything else in this world. Many have a hard time accepting this but it is true.

    Again, thanks for this post. It is always nice to not always see negative and more than that, negative on something simply because of what it is called and is therefore not necessarily justified. Just because someone is in X group or proclaims to be X, does not mean they are bad (or the reverse: GOOD) or even are X (ideals are easily modified and often are modified drastically).