Summer is coming to a close, and with it the end of a steady stream of superhero movies that have been lighting up the box office over the past few months. But while on-screen heroes have been lassoing bad guys or saving the galaxy, here in the real world we’ve been witnessing a different type of anti-criminal activity: defense against cybercrime.
While the security industry is always focused on the latest “hack of the day” or other headline-generating malware outbreak, few attacks in recent memory have generated as much interest as WannaCry, the ransomware attack that crippled organizations worldwide back in May.
In a particularly shocking twist, researcher Marcus Hutchins, who discovered how to stop WannaCry, was recently arrested on separate hacking charges, leading to much debate within the security community. Not only was this person responsible for stopping arguably the most high-profile ransomware attack in history, but now he was accused of creating an unrelated malware strain that could land him in prison. In the wake of his arrest, many tried to figure out if he was a “black hat or a white hat” – someone who used his hacking expertise for good, or for wrongdoing?
If the summer movie season has taught us anything, it’s that heroes and villains aren’t always so black and white. While superheroes may not exist offscreen in the way they do on celluloid, we can take some parallels between the onscreen supernatural and the offscreen hacker.
The White Hat: Wonder Woman
There’s no doubt about it: Wonder Woman fights on the side of good. Since the moment she left her hidden island home, she’s been out there protecting individuals from whatever harm may befall them. Such is the life of a white hat hacker – individuals who use their generous talents for good, protecting organizations, governments or individuals from harm at the hands of another. Some of these white hats have corporate jobs conducting research, pushing updates, writing code and more; others are “hacktivists” who use their talent to further a cause they believe in. Regardless of their approach, like Wonder Woman, they want to leave the world a little better than when they found it.
The Black Hat: The Joker
Black hat hackers are the ones that most often come to mind when we think of a typical Hollywood-esque “hacker” – a nefarious evildoer who is bent on taking down the system and anyone who gets in their way. Most often these attackers are motivated by some form of personal, financial or idealistic gain. Of course, there are also those, like The Joker, who have no motivation whatsoever other than wanting to cause chaos and prove they are capable of bringing down a system. Like The Joker, some men just want to watch the world burn. Whatever their motivation, the black hat hacker is one who runs outside the realm of legal activity and is at risk of arrest or prosecution from authorities.
The Grey Hat: The Mutants of X-Men
It doesn’t take a Hollywood movie to show us that people don’t always fall neatly into the “good” or “bad” categories. Like your average human, the majority of hackers fall somewhere in-between – a grey zone, if you will. Similarly, consider the mutants of the X-Men series, a group of individuals with special capabilities that lead to a range of skills, some used for good, others decidedly not. What makes X-Men unique is how it addresses not only the mutants themselves, like we see in many superhero movies, but the public reaction to these mutants. Many of the characters in the comic book and its movie counterparts are children, sent to a school for “gifted youngsters” to protect them from the judgment they face in the real world. It isn’t the humans who need protecting from these mutants – it’s the mutants who need to be protected from the public perception of their abilities as inherently wrong, when in fact there are many beneficial uses that can come from their actions.
As people with an extraordinary ability to control the way the world works, many of today’s hackers mimic the X-Men. They toe the line between personal gain for their talent and a desire to do good for others. But if the rest of the community would give hackers more of a chance before writing them off as evildoers, not only would there potentially be more incentives for capable people to go into the white hat hacking business, but the stigma of evil hackers would slowly start to dissipate. By appreciating the unique skillset that hackers bring to the security industry, the benefits will be too large to ignore.