What is a Green Hat Hacker?
They are driven and often obsessed with finding out the tricks of the trade and developing their skills. Hacking is like mastering an instrument. Theory and knowledge are great foundations, but on their own, they mean nothing without practice, practice, practice. And to become really good, you need talent and aptitude as well.
Although the green hat hacker doesn’t have the skills of the full-blown threat actor, they can still cause serious damage to systems they manage to compromise – often unintentionally.
What is it about hacking – or about themselves – that makes them want to start down that path? Why does hacking have an appeal to youngsters and the ability to draw them in?
Contributing Factors of Green Hat Hackers
The typical candidate is an adolescent. They come from a wide range of social backgrounds. They have a high IQ. They are broadly computer literate before they engage in becoming a hacker. They are, by nature, curious. The majority are male, but not exclusively.
Usually, they are socially isolated and withdrawn but networked online with a group of similar adolescents. Some vulnerability and social awkwardness are common. Significance was placed on their need for online affiliation and affirmation.
Common Pathway Factors
The typical green hat hacker has an interest in, and an aptitude for, technology. They also have a willingness to engage in low-level, illegal, internet-related activity. This often escalates through positive reinforcement from like-minded members of their online network.
They may derive pleasure from the problem-solving of ever more complex hacks and the improved social ranking achieved by their exploits. Their online reputation was noted as extremely important to them, perhaps compensating for a lack of recognition or self-esteem in the real world.
Small-scale cyber-misdemeanors such as film and music piracy are often perceived to be distinct from “real crime” because the internet and the online world are “different” and “you can do what you want if you have the skills to do it.” The average green hat hacker would probably never consider walking into a real store and stealing a physical item. But digital theft of copyrighted material – while it was acknowledged as being wrong – was not considered serious and didn’t qualify as “a real crime.”
Progressing through the ranks in online communities provides the same sort of mental and brain-chemical rewards as progress through the levels of computer games. This behavior can become addictive, driven by the need for regular positive feedback, albeit for the wrong reasons and the wrong actions.
A 2017 report produced by the UK government’s National Crime Agency (NCA), titled Intelligence Assessment: Pathways into Cyber Crime, points out that a number of offenders find their way into cybercrime by using gaming cheat websites.
These sites contain the information required to illegally modify game binaries, allowing people to modify the game behavior. This can be the gateway activity that leads to more serious criminal behavior, often using other instruction-led forms of cybercrime. The green hat hacker will make use of the readily available tools from the Dark Web, GitHub, or YouTube instructional videos.
The NCA report also found that many young cyber-offenders progressed deeper into cybercrime because of the sense of accomplishment at pulling off a hack just to increase their online reputation. One green hat hacker is quoted as saying, “… it made me popular, I enjoyed the feeling … I looked up to those users with the best reputations.”
One shocking statistic from the NCA report is the average age of those involved in cybercrime is 17. By comparison, the average age of criminals involved in drug crime is 37.
In the early stages of the green hat’s career, financial rewards are rarely pursued. Instead, building their reputation and hacker credentials becomes so important that they will invest copious amounts of cognitive effort, time, and emotional investment into furthering or maintaining their social standing with their digital peers. Of course, this means they become even more withdrawn and solitary in the real world.
Green hats have never known an unconnected world. The internet has been an always-present element of their lives. Nowadays, almost every youngster has their own cell phone and permanent access to online influences, groups, and social media, with instant gratification through the reward scheme of likes, re-tweets, and up-votes.
With the easy availability of source code version control repositories such as GitHub, GitLab, and BitBucket, the source code for many hacking tools and digital threats is freely available. If you can follow a few simple instructions, you have access to a wealth of hacking firepower. Software toolkits – ostensibly to be used for fighting cybercrime and for the legal testing of the robustness of cyber defenses – can also be used for the exact opposite. They are the perfect tools for cracking those very cyber defenses. Kali Linux is a perfect example of this.
The Dark Web has allowed hacking forums to flourish. Overlay networks such as the Tor network and other freely available encryption-based anonymizing tools give the green hat hacker a feeling of invincibility. The anonymity removes inhibitions in a way that doesn’t happen in the physical world.
These factors can form a compelling influence on certain personalities and can make cybercrime attractive and addictive.
- The feeling of anonymity and invulnerability.
- The lack of inhibitions.
- The confused perception of cybercrime not being as bad as “real crime.”
- Readily available hacking tools and information.
- The desire to please and be praised and accepted.
Preventing Youngsters From Putting on the Green Hat
Government and educational systems need to facilitate the development of positive, legal pathways that inspire young people and cultivate and harness their technology skills in positive and engaging ways.
These schemes need to excel at providing the perceived benefits that the cybercrime route does: positive feedback, encouragement, recognition, advancement through the ranks, and mentorship.
The lure of cybercrime should be discussed in schools in exactly the same way drug abuse is discussed.
Teaching staff should be taught to identify youngsters who are most likely to be attracted to hacking. Processes should be put in place to enable them to refer the youngsters to groups that can provide positive mentoring and encourage a worthwhile development of their skills with a constructive personal – and legal – outcome.