50 shades of hacking: How IT and cybersecurity industry actors perceive good, bad, and former hackers

ABSTRACT

The hacker is the epitome of a cybersecurity threat and the embodied misuse of the Internet. However, in recent years, notions of hacking have begun to change. Blurred boundaries mark the term, best expressed in its overlap with “security researcher.” This article draws on a 3.5-year research project on the hacker community and applies an international political sociology framework to uncover routines of rationalization. Interviews with IT and cybersecurity industry experts expose accepted identities, practices, and behaviors of hackers, which allows for the construction of in-group and out-group members in the IT and cybersecurity field. Additionally, the empirical findings are used to propose a conceptual framework (the Möbius strip) to situate the moral valence of hackers on a flexible model. Thus, the article provides insight into the ontological and normative complexities that define the study of hackers, as well as the perception of IT and cybersecurity professionals.

KEYWORDS:

• Hacker
• hacking
• security researcher
• identity
• cybersecurity
• industry

Acknowledgements

This research builds on previously published and unpublished scholarship, including a PhD dissertation at Queen’s University Belfast (2013–2017). The author would like to thank Dr Jenny McArthur and Emma Bowman for their helpful comments. Thanks also to the anonymous referees for their constructive feedback and valuable suggestions.

Disclosure statement

No potential conflict of interest was reported by the author.

Notes on contributor

Leonie Maria Tanczer is Lecturer in International Security and Emerging Technologies at University College London’s Department of Science, Technology, Engineering and Public Policy (STEaPP). She is member of the Advisory Council of the Open Rights Group (ORG), affiliated with UCL's Academic Centre of Excellence in Cyber Security Research (ACE-CSR), and former Fellow at the Alexander von Humboldt Institute for Internet and Society (HIIG) in Berlin. Her research focuses on questions related to Internet security and is inherently interdisciplinary. She is specifically interested in the intersection points of technology, security and gender and thereby draws on different fields, stretching from International Relations, Gender Studies to Computer Science.

ORCID

Leonie Maria Tanczer http://orcid.org/0000-0002-2618-6208

Notes

1 German: “Werden Sie doch Ethical Hacker!”

2 German: “Agentur für Innovation in der Cybersicherheit.”

3 Phreaking describes the manipulate of phone systems to, for example, make phone calls without paying for a used service (Turgeman-Goldschmidt, 2005).

4 Leaking is the act of publishing exfiltrated digital content. A newer form of leaking that describes the close intersection between leaking and hacking has been classified by Coleman (2017) as “public interest hack.” The tactic enables to increase the public value of leaked documents by the material having been gathered through the high-risk activity of computer intrusion.

5 Whistleblowing is the official reporting as well as the leaking of information concerning wrongdoing and done by insiders (Züger, Milan, & Tanczer, 2015).

6 Doxing is the act of collecting and publishing information online on a person, organization, or company and has become a controversial tactic to shame and intimidate targets (Donovan, 2017).

7 Hackathons are a type of event that bring programmers together with other communities to solve problems.

Additional information

Funding

This research was supported by funding received from Northern Ireland’s Department of Employment and Learning, Queen’s University Belfast’s School of History, Anthropology, Philosophy and Politics, the Larmor University Scholarship, the Santander Mobility Scholarship, and various academic travel grants received in the course of the author’s doctoral studies.