Author: Gary Hibberd
Date: 8th July 2020
I was speaking at an online conference recently about the Dark Web; What it is, who uses it, and what can be found there, when someone asked me the following question;
What does a Hacker look like?
It’s an interesting question, and one I’ve been asked many times. During the event, I responded as succinctly as I could, but I think it warrants a slightly longer explanation. On the event I simply said;
“Firstly, it’s important to note that not all Hackers are Cybercriminals, and not all Cybercriminals are Hackers. A Hacker can look like anyone… In fact, many of us are Hackers. Hackers have a different view of the world, and look at ways to change systems and processes, to meet their needs.”
Hackers; Made for TV
If you’ve seen the Netflix show, ‘Mr Robot’, or ‘The Girl with the Dragon Tattoo’, you may now have an image of a strange loner, wearing a hoody, hunched over their keyboard. That will be your ‘go-to’ image when someone mentions the word ‘Hacker’.
The characters in these shows are misfits and introverts who don’t seem to fit in with society. But while it may be true that the Hackers who break into systems have skills many of us don’t have. It doesn’t necessarily follow that they are all maladjusted individuals, incapable of human interaction, or the ability to purchase other clothing than black hoodies and ‘V for Vendetta’ masks!
Evolution of Hackers and Hacking
Answering the question, what does a hacker look like, is the wrong question to ask. I believe we should be asking what is Hacking, and who is most likely to do it?
Again, please keep in mind that not all Hackers are Criminals, and not all Criminals are Hackers! How do I know this? Well, first of all, I know a number of fantastic Hackers. How? Because we employ them in Cyberfort. They are part of the Ethical Hacking team within Arcturus. I also have friends (both real and in the virtual world), who are Hackers, and they are very nice people who come to garden parties with their wives, and we discuss (where possible!) the kinds of things they’ve been up to.
They bring the kids, they have dogs running around, and they are the life-and-soul of the party. Not your average image of a Hacker, and not a hoodie in sight! Finally, I know not all Hackers are Criminals, because I started my career in IT wanting to be a Hacker.
After watching ‘War Games’ back in 1983, I decided I wanted to learn all I could about computers, and coding; So I did. I built networks at home. I learnt Assembly, Machine code, PASCAL, FORTRAN, C and C++ to name but a few. I loved it. But that was a LONG time ago, and my technical skills aren’t really relevant any more. But although my technical skills now, aren’t where they would need to be, to be useful to our Hacking team, the truth is; I have the mindset of a Hacker – I had it 37 years ago, and I have it now. Many of us do, perhaps even you.
The Hackers Mindset
Googling the question “What is Hacking?” will present the response; the gaining of unauthorized access to data in a system or computer. But I believe this is wrong and doesn’t come close to what Hacking really is.
It’s worth knowing that Hacking pre-dates modern computing, dating back to the 1960s when MIT’s Model Train enthusiasts would ‘Hack’ the train sets, and modify how they operated. From there, the ‘Hackers’ moved on to the computing department, to see how they could alter the computers, and modify what they did.
Radio ‘Hacks’ of the 1970s would take apart Radios and modify them so that they could either communicate or listen in to pirate radio stations.
Of course, we can think of Hackers as being highly intelligent and having an understanding of computing to such a level that it can almost seem mystical, But it’s the Hackers mindset that I believe sets them apart from we mere mortals. Hackers look at systems, and processes and ask; “How can I get that, to do something different from what it was intended?”
This mindset is not unique to our brothers and sisters who understand computers, and coding; We all have it to a larger or lesser extent.
Have you, or anyone you know, been asked to look at a process in your company, and asked “How can we make this better?”, or “How can I change X so that it no longer gives me Y. It gives me Z instead.” Any process improvement or change requires us to dismantle it, and rebuild it in a way that benefits us.
If you’ve done the above, and you’re good at it. If you can see things that others miss, then the likelihood is that you have a Hackers Mindset.
Hackers who are hacking computers are highly skilled people who have equipped themselves with technical knowledge of systems, programmes and networks. They have a mindset that allows them to see the technological world differently than the majority of society.
But there is a new sheriff in town; The Social-Engineer. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that could be used for fraudulent purposes. In short; Social Engineers are Hacking Humans, not technology.
Fraudsters and scammers have been with us since the dawn of time. Humans are fallible and can easily be tricked into handing over money, or information which is of value to someone else. All it takes is someone, with a certain mindset who can see how fear, uncertainty, stress, anger, hate, love or greed can be used against us. These ‘deadly sins’ are the systems by which Humans operate, and Social Engineers know how to take these systems apart and manipulate them, to achieve their own personal goals.
Protecting ourselves in this modern era, we can’t simply expect the Hackers to attack the devices we hold; they will (and do) attack the people holding them. That’s why raising awareness around Social Engineering (phishing etc) is so important. You can’t simply expect the Firewall you built to prevent Hackers from breaking in.
As we often say; Hacking a computer is highly technical and requires a lot of knowledge and skill. But Hacking Humans is easy; You just need to know which button to press.
So where does this leave us? Have I answered the question; “What does a Hacker look like?”.
If you’re not sure by now, then I suggest you take a look around your team and ask who has an innate skill of seeing things others can’t. Can they take a problem and look at it in new and unique ways? Are they able to influence and persuade people to take action?
If they’re not sat around your team, perhaps they’re the person looking back at you in the mirror.
Personally, I prefer the question; What is a Hacker?
According to Wikipedia, Social Engineering is “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >