Hackers are not the bad guys

Every day we are seeing more and more articles saying hackers have broken into another system somewhere in the world with an image depicting a person in a hoodie, usually in a darkened scene hunched over a laptop or computer screen, sometimes even with gloves on. Now I want to point out some things that are very wrong with this.

Firstly, typing in gloves, now that would be hard, and I feel that any self-respecting hacker would find it irritating at the very least to run their malicious code in the dark while trying to break into your systems wearing bulky gloves.

Let’s break this down a bit, the person (Hacker) is hunched over the computer which is certainly going to cause some back pain; the lights are off so eyestrain problems. We all know those pesky blue lights from the screens are damaging our eyes, the hoodie and gloves are on so every time they try to run their commands they keep typing the wrong keys and spend five times as long trying to execute their malware which they have bought on the dark web. Seems like a very stressful situation if you ask me.

All jokes aside, I have been seeing lots of chatter from my peers trying to convince the world that “hacker” is not the correct word to use when trying to describe a malicious actor breaking into a company’s system or infecting them with one of those awful crypto bugs.  The word hacker means – “An enthusiastic and skilful computer programmer or user” as far as the dictionary goes but I personally class a hacker as someone that tries to find ways to access or use a program or system in a way that it was not intended to be initially used. To yes break things but not always in a malicious way, it could be to test the strength of a security protection or input/output manipulations just to see what they will do. Many of these people are the ones out there now protecting your businesses.

If you have been to any conference related to the security industry in the last 10 years you will have seen thousands of hackers in one place, ordinary looking people you would see in your street or even your neighbours that could be put into the category of Hacker. I would personally class myself as a hacker, probably not a very good one but none the less I would fall into that category.

 I work as a senior security engineer and I do penetration tests as a primary part of my daily duties. I try to manipulate and break our client’s systems to just see if I can but the difference is once I find a problem I help the client fix it. I am a hacker.

I don’t remember seeing a hooded, shady looking character at any of these security events over the last few years, trying to cover their face so that no one can identify them. Our team regularly attends these types of events to ensure we keep up with what is happening in our field and this image that is constantly portrayed just isn’t realistic, yes, it is the standard thing that everyone has been doing for years to portray a hacker but just because everyone is doing it does that make it right?

Let's look at the statement of a hacker; they are the cause of all incidents, right? Wrong. Not all hackers are underworld figures, cybercriminals or just mischievous people who want to take you and your business for a ride to hold you for ransom over your own data. NO,hackers are normal people with normal jobs that in many cases are trying to help businesses protect their systems from being breached by the real criminals or malicious actors just like I do.

 I used two words in the first half of this paragraph that could better describe someone who has hacked into your systems and encrypted your files. Let’s list some options here:

  • Malicious actors/s
  • Cybercriminal
  • Criminal
  • Cyber-terrorist
  • State-sponsored cyber-attack groups

These are just the first five that I thought of, but they are already better than using the word hacker when you really should be using criminal, it's really that simple. If we go back to the attendees of the conference or security groups that are full of people that are looking more like professional businessmen and women in suits or formal attire, that would be a better depiction of what most hackers look like, yes some of us like to wear jeans and possibly some geeky t-shirts (I personally like stupid slogan t-shirts) but my point is don’t tarnish us all with the same brush, most of us are actually here to help, not trying to get your secrets and sell them to the highest bidder.

If you are writing an article or white paper, consider what your article or discussion is about and use the correct name to describe the culprits responsible for the incident or breach. The cybercriminals or malicious actors are my favourites, simple but effective, realistic true statement and not hackers which tarnishes us all with that criminal brush.  

I feel if we can all do this we will all be better for it. Disagree? That’s fine, leave some comments and tell me what you think, that’s what it’s all about, creating an open dialogue and having the ability to truly give our opinion. This will generate a better industry that is working together resolving the problems that need our attention and some that just get under our skin like this one does to me. 

Tags cybercrimePenetration testing

Show Comments