A “black hat” is a hacker that acts maliciously and illegally. The term originates from old western films in which the bad guys typically wore black or dark hats while the good guys wore white or light hats. In the real world, the hacker in question generally doesn’t wear a physical hat, but the concept of good and bad still applies.
Hacking as a term is generally used to refer to breaking into some computer system. That actual definition of hacking, however, is “getting something to do something that it wasn’t designed to do.” There’s a whole range of things that this can then cover, including things like “life hacks,” bio-hacking, makers in makerspaces, and of course, computer hacking. Note that there is no ethical stance. Hacking, in general, isn’t necessarily good or bad. However, it can be employed negatively.
Black hat hackers are the sort of people that do exactly that. They identify security vulnerabilities in systems and exploit them. This is always to the detriment of the legitimate system owner and generally benefits the hacker. Black hat hackers are the opposite of white hat hackers, or ethical hackers, who use the same skill sets to benefit the system owner and respect legal restrictions. There’s also the middle-ground grey hat hacker, who may not necessarily be malicious but doesn’t necessarily try to help or respect the law.
The standard motivation of black hat hackers is personal gain. Most hacking is performed to sell or otherwise use the data acquired. Dark web black market sites allow black hat hackers and other ne’er-do-wells to sell illegal wares. Data breaches are a classic source of username and password combinations that can sell quickly in such forums. Payment card details also sell well.
In some cases, the hackers can gain money directly from the victim. This can be through some scam. For example, the victim could be convinced to invest money in a scheme that doesn’t exist. Another common scam is to provide a facilitation payment to receive some winnings. Ransomware is another method of getting money from victims.
In some cases, rather than selling data to random people, hackers sell it back to the victim. In ransomware, this typically takes the form of selling the victim access under the threat that access is forever lost. Sometimes hackers involved in a data breach will try to sell the stolen data back to the victim. This assumes that the sale is exclusive, which relies on trusting the word of the untrustworthy.
Sometimes the motivation is simply revenge. The classic example of this is the disgruntled systems administrator. Typically, a sysadmin has a lot of access and knowledge of the systems they’re responsible for. As such, it’s relatively easy for them to bring the system to its knees if they want to and if their access isn’t revoked promptly.
In a small number of cases, their motivation is just the challenge. In this case, black hats are typically motivated by a person or company claiming something is unhackable. They aim to prove the other person wrong and demonstrate their skills.
Black Hats in All but Name?
Some other types of hackers are realistically black hats, but this is somewhat overlooked for one reason or another. Hacktivists, for example, have some cause motivating them. While their cause may or may not be seen as noble or legitimate by your average observer, legally speaking, there’s no difference between their actions and that of a black hat.
Realistically, hackers employed by intelligence agencies that attack other countries’ systems are technically also black hats. Yes, they have a contract of legal indemnity from their position, but that’s only from doing what their government has told them to do. From everyone else’s perspective, they’re still black hats.
A black hat is a hacker that victimizes people and breaks the law. The defining feature of their actions is that they negatively affect the victim in illegal ways. Motivations aren’t necessarily considered for black hat hackers, but they are typically aimed at personal gain. Black hats are responsible for data breaches, malware, ransomware, viruses, and DDoS attacks.