An ominous hooded man taps away in a dark room as green texts flood multiple screens. This is the mental image that comes to most people when they hear the word “hacker,” which is how the media and entertainment industry has portrayed them. Despite this, the common perception people have of hackers is rarely accurate to reality.

So, what does it mean then to be a hacker?

The Stereotype

If the image associated with hackers by media is inaccurate, where does this false stereotype come from? Two clashing and deciding forces work to perpetuate the stereotype in question. They are the culture of anonymity and the media limelight. What do we mean by this?

Well, it is no mystery that hackers are seen as a secretive, shadowy group. This public perception is due to a scarcity of positive hacker public figures. Even though there are thriving good hacking communities (like the ones seen at DefCon), the public rarely recognizes their constituents since their reputation derives from their high technical skills, which only fellow members can assess. Therefore, the few names that catch the public eyes are usually are synonymous with nationwide security scandals, as is the case with whistle-blowers like Julian Assange, Edward Snowden, or those like Kevin Mitnick, who was once on the FBI’s Ten Most Wanted Fugitives list.

For better or worse, this only serves the media’s ability to tell a fantastical tale so distant from the true nature of hacking. Additionally, since many influential hacking groups, like Anonymous, tend to have a decentralized, non-hierarchical structure, the individual then melts into the group as they work to achieve a critical mass. The anonymity sought by these groups then fuels preexisting negative stereotypes and enhances the notoriety of cyber-activist collectives.

Hacking, and the rest of cybersecurity operations, is a tedious and complicated process involving many calculated steps, protocols, and procedures. However, moviemakers often sensationalize and oversimplify real methods and situations to appeal to large audiences. Frequently, you will see someone sitting in front of several monitors, typing at inhuman speeds and taking down large infrastructures and organizations with just a few lines of code. Though it makes for good entertainment, this inaccurately represents an eclectic and layered community and trivializes what it so passionately stands for.

With this in mind, the question stands: What does hacking truly stand for?

What is Hacking?

To juxtapose the stereotype mentioned above, what does a hacker genuinely look like? Well, the only honest answer is that there is no answer. The truth is there is no definitive look to hackers. Hackers come from a wide range of backgrounds, races, ethnicities, and education levels. To emphasize this point further, let us analyze the following image:

Left to right: Kevin Mitnick, American computer security consultant, author, and convicted hacker. Amanda L Rousseau, Offensive Security Unicorn @ Meta Red Team. Santiago Lopez Ethical Hacker at HackerOne. Photo credits go to the authors.

Do you know what these three people have in common? They are all hackers. This picture demonstrates an irrefutable fact: Hackers come in all shapes, sizes, and colors. Therefore, if no set visual cue distinguishes hackers from regular folk, what truly defines hackers or hacking?

Simply put, hacking is discovering ways to use software, computer, and networking systems for purposes others than their intended use. This can mean anything from gaining unauthorized access to information systems, denying legitimate users access to data, stopping the function of technical services, stealing confidential information, or simply buffing the operation of a system. Surprisingly, despite how sinister the previous uses for hacking might sound, the intention behind them is not always malicious.

Actually, given by their intention, there are several categories under which hackers can fall. We will analyze three: black hat, white hat, and grey hat hackers.

  • Black hat hackers are those who use their computer and networking skills for illegal purposes or personal gain. They can use their knowledge to hack into systems by gaining unauthorized access, stealing confidential information, or disrupting computer or network services. One of the major ways this type of hacker make profit is when they hold stolen information “hostage” until they receive a sum of money for its “release”.
  • White hat hackers are the antithesis to black hat hackers. They are the “good guys” of the hacker world. They put their knowledge and skills to use by unearthing vulnerabilities for systems they have permission to hack. This is done so that the company become aware of said vulnerabilities and patch them. Many times the actions required in this process are the same ones a malicious hacker would make, the only difference being company authorization.
  • Grey hat hackers, as the name suggests, land on the sweet spot between “good” and “bad”. They will look for vulnerabilities in a system without permission but with possibly good intentions. These being to inform the company of the recently discovered vulnerabilities and charging a fee for the info on these or the service of fixing them. Now, where the grey area comes in is the illegal nature of performing these vulnerability tests without authorization. Additionally, if the company in question does not pay the grey hacker in a timely fashion, the hacker might expose these exploits to the Internet or use them himself against the company.

There’s more to hacking than a negative connotation, so let’s analyze some ways in which hacking can be properly represented while still warning the public of valid risks concerning threat actors.

Addressing Concerns

The primary reason that hackers have such a negative reputation is ignorance. Most people are not aware of what cybersecurity and, consequently, being a hacker involves. Therefore, the only way to address this issue is by exposure – through an accurate and truthful depiction of who hackers genuinely are and represent. So, how can this be carried out?

The first step is for the media to rely less on sensationalism and more on accuracy when depicting tales about hackers. For example, let’s examine the success of Mr. Robot, an Emmy-winning hit series that showed the life of a cybersecurity engineer turned hacker-vigilante by night. The success of this series was owed to an excellent script and not sensationalized hacking sequences. The show writers also took great care in consulting with a team of real hackers while writing the script. This resulted in a series beloved by hackers and common folk alike.

Rami Malek as Elliot Alderson in the popular series Mr. Robot. Photo: David Giesbrecht/USA

The real hacking community

It would be foolish to ignore the real threat presented by malicious or black hat hackers. Therefore, it is necessary to establish campaigns advocating for healthy cybersecurity practices, at an enterprise and public level. In these campaigns, knowledge on threat actors, security risks, and best practices would be imparted, equipping people to protect themselves from real threats.

The hacking community has long been misrepresented. This is due to inaccurate depictions by the media, the notoriety of some cases involving hackers, and the very nature of hacker groups and the community they may or may not represent. Media creators paying more attention to detail when telling stories regarding hackers and campaigns advocating for awareness on cybersecurity would help tremendously create a safer and more knowledgeable cyber-world.

Now, are you interested in becoming a white-hat hacker? Learn more.