I recently watched We Are Legion: The Story of the Hacktivists by Brian Knappenberger, a documentary about the hacking collective Anonymous that takes the viewer into the underworld of hacking. This network of activists and hacktivists with their scary Guy Fawkes masks really fascinated me. Anonymous was founded around 2008 and today is famous for their political protest hacks.
Are they the bad guys or are they not? And how bad is bad?
A hacker is generally understood as a person with exceptionally good programming skills. You could also say a hacker is a computer genius. But hackers are not always cybercriminals. There are three types of hackers: black-hats, grey-hats and white-hats, depending on their criminal behavior. A black-hat hacker is a flat-out criminal who hacks into computer to steal sensitive data for personal gain only, or to damage and destroy systems and networks. Yep – this sort of hacker is also to blame for all the spam mail you get.
Grey-hat hackers use their expertise for – more or less – illegal ends, minus some of the maliciousness. Their illegal deeds are in fact fueled by ethical motivations. If grey-hat hackers discover a vulnerability, they report it only to the software vendor and sometimes offer to fix this security weakness for money.
Dear Mark Zuckerberg, sorry to have hacked your Facebook page…
Khalil Shreateh is a great example of a typical grey-hat. In 2013, he tried to tell Facebook about a security bug which allowed hackers to post on the walls of Facebook users. But Facebook ignored his warning. So he hacked into the Facebook page of Mark Zuckerberg – and posted the following in friendly and incorrect English: Dear Mark Zuckerberg, first, sorry for breaking your privacy and post to your wall. I has no other choice to make after all the reports I sent to Facebook team. Only after this did Facebook finally contact him, because they were curious as to how he did what he did. This vulnerability is now fixed.
For a good cause
And a white-hat? He’s the good guy. His job is to check and improve the security of software, systems and networks. In fact, he is often paid or even employed by IT companies. For example, he performs penetration tests – attacks on computer systems – to detect vulnerabilities which then need to be fixed. This includes testing the network defenses and uncovering IT risks of his employer.
After I watched the movie I developed a soft spot for hackers, but best protect yourself: Make sure you have security software installed on all your devices, regularly update your software, use strong passwords, think of encryption of disks, drives and partitions (VeraCrypt). Keep safe!
English-German glossary of hacking terms: