Can bad hackers reform and hack for good?
The world of computer technology is full of such instances of disruptive activity carried out by people who excel at dismantling systems and peeling back security layers in order to see how things tick.
Let’s provide some clarity on the terms used to describe hackers before we take a look at some of history’s noteworthy hackers:
White, black and gray hat hackers
Calling back to tropes in old Western films that made it easy to identify the heroes from the villains, hackers are typically divided into three groups.
Black hat hackers engage in illegal and criminal hacking. Some do so for the financial gain to be made from the stealing and selling of private data while others vandalize or disrupt targeted networks or websites for political purposes. No matter the incentive, black hat hackers are never officially sanctioned, unless you count those that are employed by clandestine state actors or ransomware gangs.
White hat hackers, on the contrary, are professionals who are enlisted by organizations in order to find security holes and bugs within their networks. They are valued for their unorthodox problem solving and their ability to “think like a hacker” when it comes to penetrating networks. They follow a strict code of ethics and do not access or break into networks or systems that they are not specifically told to. Many white hat hackers are contracted, although keeping some on the payroll has become increasingly common for large companies.
Gray hat hackers, as their name might suggest, fall somewhere between these two. These hackers are not officially hired, but may break into systems with potentially good intentions. Sometimes they will hack a network after finding a vulnerability and then ask the organization for a fee to fix the exploit, which can seem a bit like extortion.
If a company does not comply, a gray hat hacker may sell or simply release the instructions to hack the targeted network to the internet.
Who are some bad hackers gone good?
Some of history’s most notorious “black hat” hackers have turned the page and decided to use their expertise for good.
Robert Tappan Morris
Robert Tappan Morris is best known for creating the “Morris Worm,” considered to be the first computer virus.
While his intentions were to create code that would allow him to measure the size of the internet, his software bogged down computers due to continually re-infecting them. Morris was fined $10,000 and ordered to perform 400 hours of community service for his actions.
Today, Morris works at MIT and has founded Y Combinator, a startup accelerator that has helped to launch companies including Airbnb, DoorDash and Reddit.
Mark Abene, hacker alias Phiber Optik, founded a hacker group called the Masters of Doom.
While his work in the group was not intended to be malicious, his poking into unauthorized systems resulted in him garnering the attention of the FBI.
After his eventual arrest, he started a short-lived cybersecurity company before transitioning into becoming a cybersecurity consultant.
Kevin Mitnick led authorities on a wild goose chase after successfully stealing software and breaking into unauthorized systems. He often used social engineering tactics in order to encourage people to simply hand over login credentials.
Mitnick was eventually caught and served five years in jail.
Since his release he has founded a cybersecurity company called Mitnick Security Consulting, LLC and written books about his time as a hacker as well as his run from the authorities.
Best known for hacking the telephone lines of a Los Angeles radio station in order to win a Porsche 944 S2 Cabriolet, Poulson used the online handles “Condor” and “Dark Dante.”
He landed on the FBI’s most wanted hackers list after he accessed federal networks and stole wiretapped information. He was eventually arrested and served time in jail.
Since his release, Poulson has become a highly regarded investigative security journalist who has assisted law enforcement in arresting 744 sexual predators that were lurking on social media network MySpace.
He has since been a senior editor for Wired News but still managed to find himself in the hot seat after doxing an individual in 2019.
He helped to develop SecureDrop, a platform that is designed to allow for secure communication between journalists and their sources.
Steve Wozniak is famously known for having co-founded Apple along with Steve Jobs.
However, he started his computer career creating what was referred to as “blue boxes.”
These devices were able to hack phone lines and allow people to make long distance calls for free. He and Jobs sold the illegal boxes to their college classmates.
Wozniak left his illegal hacking days far behind him and has written books, served as a consultant for a wide range of topics in the industry and has engaged in a large amount of philanthropic work.
He also created Woz U, a training platform for software engineers.
“Mr. White Hat”
“Mr. White Hat” is the name given to an anonymous hacker by Poly Network, the decentralized finance platform that they stole more than $600 million in crypto from in August of 2021.
The day after stealing the funds, the hacker returned about half of it with a message that insisted they were intending to expose a vulnerability within Poly Network’s security.
While possibly acts of desperation, Poly Network first offered the hacker a “bug bounty” of $500,000 in exchange for the entirety of the stolen funds. They then upped the ante by also offering them the role of chief security advisor within the company.
While the hacker publicly turned down both offers, all of the funds were eventually returned and “Mr. White Hat” did end up moving the bug bounty money promised into an account.
While the individual in this case would likely be classified as a gray hat hacker given their tactics, the fact that this event occurred recently, combined with Poly Network themselves referring to them as “Mr. White Hat,” makes them a notable, current addition to the list.
How to stay safe from hackers
Cybercrime rates have reached an all time high and show little sign of slowing down. While big names like Lapsus$ Group and REvil steal the headlines by attacking high profile companies, the fact remains that small businesses are more frequently targeted and can find it very difficult to recover after a hack.
Follow these basic cybersecurity rules to help ensure that your network is not targeted by hackers:
- Practice excellent password hygiene. Using a password generator can help you create random, impossible to guess login credentials. Never use the same password across more than one device or account.
- Be sure that your staff has an understanding of phishing and social engineering tactics.
- Bookmark and follow cybersecurity news blogs and online cybersecurity resources.
- Keep your entire system updated from your OS to your hardware. You can affordably update your old hardware by purchasing refurbished equipment from a reputable supplier.
- From dark days to white knights: 5 bad hackers gone good by Meghan Kelly, 8 Nov 2013, VentureBeat
- The Black Hat Hackers who Turned Over a New Leaf 17 Sep 2019, CISOMAG
- The World’s Most Famous and Best Hackers (and Their Fascinating Stories) by Dan Price, 22 April 2022, MUO
- Famous White-Hat Hackers by Annie Mueller, 25 July 2021, Investopedia
- About | Officially Woz
- White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them? 7 Feb 2021, TripWire
- ‘Mr White Hat:’ The story behind a $600m crypto caper by Philip Stafford, Siddharth Venkataramakrishnan and Miles Kruppa, 13 Aug 2021, Financial Times
- Timeline: Poly Network and the curious case of ‘Mr Whitehat’ by Joanna England, 6 Dec 2021, FinTech