In its relatively short life, the internet has racked up a long list of accomplishments, and while it’s impossible to say which is actually the most significant, it would be hard to argue against the notion that the internet has made life easier. It’s easier to communicate, easier to bank, easier to shop, easier to meet your new girlfriend, easier to gather all the information you could ever want on anything, no matter how obscure.
However, the internet has made many negative things easier as well, very much including crime. Black hat hackers might not be viewed as criminals the way bank robbers or burglars are, but with the increasing crush of cybercrime and ever-mounting damages, you can’t help but wonder: should they be?
Black hat hacking, defined
Black hat hackers take aim at everything from individual computer users and Internet of Things device owners to the web properties of small businesses, major corporations, organizations and governments, using their typically extensive technical skills to steal data, modify data, render a service or network unusable or alter its operations. While some are certainly motivated by financial gain, others are motivated by politics, or simply enjoy the attention and mayhem.
The damage done
With such a wide breadth of hacking targets there comes a wide breadth of hacking damages. On an individual level 2016 saw identity theft reach a record high, with 15.4 million Americans affected and over $16 billion stolen.
Last year was also a record setter for data breaches, with a total of 4.2 billion records compromised around the world. The damage from those breaches is far from done as it will take one to two years before the resultant class action lawsuits and settlements have concluded. One such data breach in 2015 that resulted in 79 million individuals having their health records compromised ended with the company paying out a total of 115 million dollars.
Massive as these numbers may be, they don’t begin to touch on the devastating consequences of having private data stolen from one’s own computer or from an organization entrusted with that private data. They also don’t begin to touch on the consequences suffered by businesses who failed to protect that data, many of whom are made to pay up in class-action lawsuits.
With what they do, black hat hackers can ruin lives, marriages, families, reputations and businesses, all without leaving their living rooms.
Crime and punishment
Hacking in and of itself is not illegal. This is because not all hacking constitutes criminal activity (more on that below). However, many of the results of black hat hacking are illegal and are classified as computer crimes, which is what more or less makes black hat hacking a criminal activity. Some of the most common computer crimes include accessing a computer, computer system or computer network without authorization (which, yes, is basically black hat hacking), and misusing computer system data. In the United States computer crimes tend to range from class B misdemeanors, which carry a punishment of up to six months in prison in addition to the possibility of a $1000 fine, to class B felonies, which carry a punishment of up to 20 years in prison and/or a fine of up to $15,000. Identity theft and larceny charges are also frequently levied at defendants charged with computer crimes.
One of the most serious computer crime convictions in the history of the United States is that of hacker Albert Gonzalez, who was sentenced to 20 years in prison for stealing 170 million credit card and ATM numbers. He and his co-defendants also paid back hundreds of millions of dollars in restitution. But while these record-breaking convictions grab headlines, black hat hackers of all types are being arrested and charged in the United States, not to mention around the world. Hacking into a single computer without the owner’s permission could very well result in a criminal conviction.
Computer crimes in the United States are also commonly punished through civil action.
There’s no way around it: black hat hackers are criminals, and with damages mounting and these crimes gaining increased attention, it won’t be long before cyber criminals are fully lumped in with your run-of-the-mill criminals ranging from pickpockets and burglars to white collar fraudsters in the eyes of the public. Breaking the law, after all, is breaking the law, no matter how comfortable and convenient the internet has made some of those illegal activities.
But just because someone once dabbled (or more than dabbled) in black hat hacking doesn’t mean he or she has to be considered a criminal for life. People with hacking skills – even those with black hat hacking pasts, like infamous Anonymous hacker Hector Monsegur – are being fervently sought by businesses and organizations who want to put those skills to use in securing their own networks and systems. Hackers using their powers for good to try and break into target systems in order to better secure those systems are considered white hat hackers or ethical hackers, and with an ethical hacker certification can command an average salary of $102,000. So not only is it fairly straightforward for a black hat hacker to go legit, it’s also pretty profitable.