+1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Why we surveyed a bunch of hackers

Written by Becca Stucky

September 30th, 2014

At this year’s (2014) Black Hat USA, we conducted a survey of 127 self-identified “black hat” hackers. Why’d we do it? Because it’s not every day that you can get an insider perspective on the thought process and motivation behind today’s black hat hacker.

Black Hat vs White Hat vs Awesome Programmers

We have to caveat this with a little perspective, because people define “hacker” a lot of different ways.

You’ve got Black Hat hackers, who are mostly up to no good. Are they out to do something “bad” or “hurtful”? Possibly, but not always. Some people may consider themselves a Black Hat hacker if they are gaining access to a network just for the thrill. They may not actually steal data or do anything malicious. Does that make them criminals? It’s up for debate. Many people say a resounding “yes,” but others believe if they don’t do any harm, it’s more like standing in an empty park at night after it’s closed, when the gate was open.

You’ve got White Hat hackers, who are definitely the good guys. These hackers are paid by companies to purposefully find security holes in order to fix them. They are on payroll at companies as full time employees, consultants, or they work for pen testing firms. I like to think of them as the white knights of cyber security, wouldn’t you agree?

You’ve got awesome programmers, who hack together code in fast and unique ways to solve complicated problems. It seems Facebook gave a nod to this interpretation when they rolled out their new programming language, appropriately named Hack.

So what did our hacker survey say?

We definitely received some interesting results. My favorite part of the survey is two-fold:

• 86% of hackers don’t believe they will be caught
• 88% of respondents believe their own personally identifiable information is at risk

Let’s focus on the idea of never getting caught. When we first released our report, that was the most commonly syndicated statistic of the survey, probably because of its blatant relevancy to the recurring “customer data breach” headline blitzing the media every week (how many times has your credit card been replaced this year?). But let’s be brutally honest; as often as breaches have been monopolizing news headlines, they’re only a tiny fraction of what’s actually happening. Of those publicized, how many have found their hacker without the hacker coming forward, like what happened with Yo?

Considering the number of incidents reported versus the number of hackers who prefer to lurk quietly, it’s not surprising that even hackers believe their own data is at risk. But knowing that, I was still surprised by this statistic. Here are people with the best insight into how to gain unauthorized access! They of all people should be able to protect themselves!

The thing is, that’s just not true. People can and do hack personal computers, but the real risk to a hacker’s personal information is in corporate data storage. Just like the rest of us, if they shop in stores, use social media, go to the doctor, or use a bank, they are trusting a company with their information. When talking about personal information stored by companies, hackers are at the same risk as everyone else that their data could be compromised.

What makes IAM, PIM, PAM and the other acronyms so confusing?

Get the answers—and check out our interactive ACRONYM DICTIONARY


Like this post?

Get our top blog posts delivered to your inbox once a month.


The following two tabs change content below.

Becca Stucky

Marketing Project Manager at Thycotic
Interested in any topic where technical complexity is turned into clear, understandable ideas, Becca comes to Thycotic with a degree in physics, a love of tech, and a long history of consulting in the green building industry. When not analyzing data at Thycotic, she can be found walking the neighborhoods of DC with her dog, Apple.