Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

// // //
08:05 AM
Chris Roberts
Chris Roberts
News Analysis-Security Now

Think You Know Hackers? Think Again

Hackers are more than the stereotypes. This list gets you started on understanding those who understand your IT systems.

So, there's the distinct possibility I might have gone on a recent rant about hackers and hoodies, masks, gloves and how the media stereotypes us. Yes, it's true. We’ve all seen and read the stereotypes.

However, at the same time, we've managed to do the same to ourselves thanks to some over-zealous marketing departments. Now is as good a time as any to set the record straight.

With all of that being said I thought I'd build off the involvement I had in a recent piece by Ellen Chang of TheStreet.com in which she highlighted a few of the key things people don't know about those of us in this industry.

Without further ado, here are ten things (plus one bonus) that you may not know about hackers:

  1. Most of us do own hoodies. They are warm, versatile and comfortable to wear when out and about on physical penetration tests. However, most of us don't sit at the keyboard with the hood up, gloves on and our faces covered. Let's adjust the stereotypes, please.
  2. Most of us prefer black or darker colors. We travel a lot. We are not always able to stay in the best of shapes and black works to hide the extra padding we've accumulated (temporarily in many cases…) Let's face it, you don't want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?
  3. Some of us will wear kilts a lot of the time. We wear them to conferences, to work, to meetings etc. Our community has no problem with kilts just as we have no problem with people identifying with anything they want to wear or be. Whatever you want to wear, whatever or whomever you want to be is acceptable in our community; the rest of the world needs to learn that lesson. However, if you call my kilt a skirt, I will hollow out your head with a spork and replace it with the guts of a ZX80.
  4. Many of us are self-taught. We have a thirst for knowledge that goes beyond just technical/traditional "geek" things. You'd be surprised if you engage us in conversation that we are typically well read and articulate if we could just work out how to converse with people sometimes.
  5. We are not always the best at communication. We typically think in patterns that are different than most others. We too often ask people to move out of the way and just let us "fix it" as opposed to taking the time to help educate all around us… and unfortunately, we don't like explaining things multiple times. We have to do a better job of communication with others at the user, manager and executive level, and they in turn need to do a better job of listening. It's a symbiotic relationship that both parties have to do a better job of understanding… we know it.
  6. Unfortunately we are a male-heavy industry. We don't want to be. We have a lot of work to do to be better at inclusiveness and understanding barriers and pretty much everything necessary to address the balances. We know it, we are working on it, the rest of the world could also take some lessons just as we have learned from others.
  7. We typically like to disassemble things. This is not done to cause problems but to understand how they work, to test them, to see if we can improve them and then to work out how to reassemble... often in a better form than the original. It's in our blood and our brains, accept it please. I took the household vacuum cleaner apart when I was eight to both see how it worked and to make a hovercraft... these days I do the same thing with companies and their tech.
  8. Most of us are in this realm to do good. We don't always go about it the right way, but the ultimate aim is to help things improve, to help humanity not go over the precipice or be sunk under the tsunami of technology that is upon us. We're not perfect but we want to help. So let us.
  9. Many of us are former military, government or something that involved using things other than keyboards. We are not the weak nerds that Hollywood likes to insinuate (neither are we the chiseled man-stud known as Chris Hemsworth) but again, when talking with us please understand that not only can we lob an exploit into your enterprise from across the globe, we can probably also shoot out the escape key on your keyboard from 1,000 yards.
  10. Get out of the "English" mindset. Again, thanks to mainstream media the "hacker" is a white male in their 20s and nothing could be further from the truth. The top country by scale is China, followed by the US and then we have a heap of other countries, most of whom don't have the pale white skin associated with the typical "hacker".
  11. Hacker and hacking is not a negative thing. The primary driving force for change and new inventions in this field is hacking, it is the simple ability to understand the status quo and be able to change it.

Want to learn more about the technology and business opportunities and challenges for the cable industry in the commercial services market? Join Light Reading in New York on November 30 for the 11th annual Future of Cable Business Services event. All cable operators and other service providers get in free.

So, there you have just a few insights into the hacker world. As a community, we could probably write a book's worth more. We have our issues and our challenges. We are growing up and working on how to be part of the enterprises we are charged with securing, how to be part of society even though many of us prefer to avoid it, and trying to work out how to navigate a path forward in this fragile technologically challenged world we exist in.

I hope that has helped. Let the debates begin!

Related posts:

Regarded as one of the world's foremost experts on counter threat intelligence within the cyber security industry, Chris Roberts is the chief security architect for Acalvio Technologies.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.