The Quest for the Righteous Hack
A variety of people from all walks of life read these blogs. Although I am what you’d call a reformed hacker, my perspective on certain aspects of the hacker subculture and current events is going to be from a hacker’s perspective. This could allow me possible leverage in shaping the attitudes of hackers in this vast, lawless wilderness we call the internet.
In the 1995 film Hackers, Phantom Phreak tells Joey that if he wants to be elite, he’s got to do a righteous hack. No accidental hacks. You see, Joey, the only member of the group of hacker friends who didn’t have an alias had yet to be christened with a hacker handle.
He didn’t really know what he was doing. He was throwing commands around, not knowing what they do. The only thing he does know is that he hacked an ATM, which spat out $700 in the middle of the street. Sounds cool, right? Well, he got arrested. So there you have it.
His friends are seasoned hackers. They chastise him for being an idiot. Rightly so. Joey had no idea the consequences that would ensure for trying to jump right into the hot seat of a hacker who would otherwise know what they’re doing. He downloaded a script, proceeded to scan for weak points of entry, and then, pointed the scripts at a target. Though he succeeded, in the end, he lost as he was taken away in handcuffs.
Why? Well, if you watch the movie, Joey is always seeking validation from his hacker friends. He wants to be seen as elite with the rest of them.
Defining Hacking for the Lulz
Many hackers do what they do for “the lulz,” or for laughs. This could mean that while anything goes, whatever happens, it is for the hacker’s amusement. A perfect example of this happened back in 2008 when a friend of mine called The Fixer used to scan huge IP ranges for remote desktops and crack into them.
For us, the task was rather innocuous. But the lulz came in when he’d search the networks of the computers he broke into, and upon finding a shared printer device, proceed to print absurd images and black sheets of paper just to waste their ink. Now I’m a proud printer owner. I know how it feels to own a printer that’s run out of ink.
Oftentimes when hackers deface a random website that otherwise was never in their crosshairs at all, it was for the lulz. They often get lucky, as Joey did. This is oftentimes because of Google Dorks, also called Google Hacking.
Script kiddies can obtain copies of the latest lists to the most up-to-date custom search queries that allow threat actors to identify specific websites or public-facing computer systems with a very specific vulnerability or unprotected access control. A popular search string is to search for servers that are improperly configured to publicly publish their file directories.
I myself managed to break into the control panel of a person’s domain subscription manager. Though I had access to his credit card information, instead of stealing his data, I bought him ten years' worth of hersheysquirts.org with his own credit card.
They may not understand how anything actually works, but they can still create just as much damage as any threat actor. From here, if they are able to find weaknesses in the web server, trust and believe a defacement will be erected, bragging rights to their friends, and street creds for the intrusion itself, regardless of the skill level of the intruder.
The Righteous Hack Examined
One could say that the righteous hack would be the hack that never happened. Where no accounts were compromised. No damages ensued, and the target remained safe and secure.
But this is largely not going to be the case. Systems will be compromised in the case of the righteous hack. What happens when those systems are seized by the hands of hackers is what matters.
“For me personally, a righteous hack has a more serious context, with the expectation of nothing in return,” said SoloMsc, a member of the hacktivist group GhostSec.
“Recently I dumped a database that consisted of chat logs of a judicial system in Ecuador, with the hope of exposing corruption there. And for just laughs, I’ve destroyed devices of scammers and just made life hard for them,”
he said, explaining the contrast between hacks for laughs and those considered for the righteous context.
“Pedo baiting is kind of in-between that. Leaning more towards righteousness since exposing pedophiles does get them off the streets, but it’s also so fun seeing a pedo's life fall apart when he wants photos of the decoy and you send him a photo of his house,”
“100% I never touch hospitals or anything to do with children, the elderly, or animals. Having a code keeps us who we are,” SoloMsc added.
This is critical because sometimes when hackers devote a gratuitous amount of time trying to break into a system, due to the time and labor that went into the intrusion, hackers often feel like — since they were finally able to gain access — they have to carry the attack all the way through to make their time worthwhile. Just because an actor can break in, doesn’t make it a target.
At the same time, some hackers outright avoid breaking in, simply because they’re privy to the sensitive nature of the potential targets, and thereby, avoid them for the sake of morales.
During the conquest to expose corruption and to fluster the efforts of those caught in the crosshairs, it was during #OpColumbia when a hacker from GhostSec called Iron Sea hacked computer systems controlled by the military air forces of Colombia. They dumped the contents of the entire database, exceeding 700 GB in size.
This hacker draws the line between engaging in hacks for the ego or fame. They pursue activities that support a just cause.
“My limits are my values,” they said when asked about the difference between the limits of what they will or will not hack, and why. “I have a very high level of empathy. I am high emotional potential with an atypical profile.”
To this hacker, not joining in the majority to merely fall in rank and facilitate what others are joining in is a component of their moral compass, especially if the majority are focusing on something that does not create a positive impact for the common good.
“The feeling of injustice is my main motivation, I think, to see millions of lives destroyed because few men play God,” Iron Sea said.
Recognition Is Weakness of the Ego
In my experience as the former leader of a hacking group, my peers often sought validation from me and from the rest of their teammates by pursuing all kinds of targets. They often did this without my knowledge or consent. Their aim was to the group, but especially me.
When in 2008 my group almost committed mutiny against my rule of tyranny by demanding they be made into a democracy, I was pretty concerned. What followed were hacks that were meant to be more public, striking a defiant note in the face of all our enemies in the form of a silent challenge to defeat us.
They wanted recognition. To be seen and applauded by others. This only escalated, after I got into a serious legal dilemma. The fact that the FBI was now watching only emboldened them to act more brazen and audacious because now the world was watching.
Ultimately, I discovered that the need to seek attention from others usually is the hacker’s greatest weakness and an even greater weapon to those who know how to wield it against them.
It means that some of our greatest feats are committed only because others are watching. This means that those who watch hold greater power than those who hack, simply because some of our greatest hacks are bourne out of a need to be seen by those who are watching us.
Thus, the righteousness of the cause is lost if the motive is driven by the need to be recognized by others.
An article by