Hackers - the great unknown
Seldom does the media paint a more distorted picture than when it comes to hacking. It goes something like this: a man wearing a balaclava sits in a dark room typing away at his computer. Green cryptic characters fill up his screen until he reaches his murky goal! So far, so unrealistic. That there's more to the hacker community that once featured prominent members like Apple founders Steve Wozniak and Steve Jobs and that many security issues became public thanks to hacking is a story that is rarely told. And the many positively motivated members are also swept under the rug all too frequently. Reason enough to take a closer look at hackers.
Their beginnings were quite humble - as the world wide web had not been invented yet. Originally, the hacker culture emerged in academia. It was the display of creativity and originality thought to constitute a "hack value" that gave rise to the term "hacking". While some thought out new ways to use their computers, others tinkered with amateur radios to enhance their signal output - all purely to demonstrate their technical aptitude and cleverness. Thus, the term hacking was born. In 1972, when it became apparent that a tiny whistle from a box of Cap'n Crunch cereal could fool a phone company's switchboard by reproducing its specific tones, Steve Wozniak came up with the "blue box". It was a clever hacking device that did the same electronically and was later made more marketable with the help of Steve Jobs. Ever since, the basic approach for hacking has been to find a flaw or loophole, come up with a smart solution - and have one foot in jail in the process.
Today, hackers are mainly separated into three groups - and classified by (don't laugh) hats. White Hats, also known as ethical hackers, are the good guys. They use legal means to find security vulnerabilities, inform the affected parties and only go public if no remedial action is taken afterwards. It's thanks to them that so many security issues have been found and fixed in the past. While some members act out of good will, others make a lot of money from reporting their findings to companies like Google and others that reward such activities with million dollar budgets every year. It's now become a viable career with proper certification options such as the CEH (Certified Ethical Hacker).
Black Hats, also called crackers, are the black sheep of the hacker community. They don't report their findings but exploit them to blackmail companies, purchase items with stolen passwords or sell their data on the black market. Black Hats are the creators of all types of malware and keep IT officials on their toes with ever-evolving attack schemes. With them, it's all about making money. Gray Hats are the most difficult to classify. They employ illegal means but don't make any money off it. Their motivation is either to gain fame within the hacker community (which is far more important for a member than it might seem from an outsider's perspective) or to follow noble ideals just like White Hats. They comprise most of the hacking world and, since some of their actions are potentially illegal (depending on the affected country), often end up in the crosshairs of the authorities and ultimately in jail.
Finally, there are hacktivists. These are groups like Anonymous that seek to fight for freedom of speech and a free Internet yet constantly clash with authorities, global corporations and copyright laws. Originally founded by members of the anarchist board 4chan, this group quickly attracted hackers from all over the world to launch various demonstrations and attacks. Since members are (naturally) anonymous and everyone can join in the fun, the group is highly heterogeneous. In the past, they attacked government sites in Tunisia and Zimbabwe because of restrictions against freedom of the press and human rights violations, flooded ISIS-owned Facebook and Twitter pages with homosexual content and disabled various sites owned by right-wing extremists. Since hacktivists frequently employ illegal means to spy on their targets or shut down sites and pursue other punishable activities (like publicizing secret documents), they as well often come in conflict with government authorities. If you target a company that might have committed some environmental sin, you may have the moral high ground but you'll still be harming a legal business. Still, many can identify with these goals which is why these groups are constantly attracting new members.The end of many hacking careers
As controversial as their methods are, hackers contribute a lot to our security. We would never have heard about vulnerabilities that allow for remotely controlling modern cars, Yahoo's billion dollar data leak or the NSA's formerly secret collection of attack trojans without them. Then again, Black Hats are a constant nuisance with their attempts to steal money and data from companies and private individuals alike with no end in sight. One more reason for some states and secret agencies to recruit their cyber soldiers from the ranks of these particularly gifted villains. We now come to the politically most delicate subject: state-sponsored hackers. Russian hackers may have already become the bugbear for US security services but every major country now has their own army of cyber soldiers. The most momentous attack so far has been the Stuxnet attack back in 2010 when computer worms attacked Iranian nuclear facilities and not only deleted data but also irreparably damaged uranium centrifuges. Experts agree that this type of network-based war fare is on the rise. This way, even smaller or poorer countries can quickly deal massive blows to their adversaries or steal sensitive information with a bunch of smart people and computers - and on a shoe string budget.
Hackers, whether as single individuals or organized into (government-supported) groups, won't disappear from the news any time soon. As long as the degree of interconnectivity increases with more and more devices going online and as long as money can be made off information, hacking will continue to give birth to new highly profitable and illegal business methods. All we can do is rely on the security centers on our devices - and the ultimate security system that sits right between our ears.
What I would like to know: have you already been a victim of hacking? Don't be timid, it happens to the best of us!