WEBVTT 1 00:00:00.080 --> 00:00:05.719 Welcome curious minds to another deep dive. Today. We're pulling 2 00:00:05.719 --> 00:00:08.720 back the curtain on a topic often shrouded in mystery 3 00:00:08.759 --> 00:00:12.919 and well a lot of misconception. Hackers. Yeah, definitely forget 4 00:00:12.960 --> 00:00:15.839 the movie stereotypes for just a moment, because we're going 5 00:00:15.919 --> 00:00:19.719 way beyond those surface level ideas to you uncover who's 6 00:00:19.760 --> 00:00:20.679 really behind the screen. 7 00:00:20.800 --> 00:00:23.679 Indeed, and we've got some really fascinating sources today. There 8 00:00:23.719 --> 00:00:28.239 are excerpts from this pioneering study called Profiling Hackers. The 9 00:00:28.280 --> 00:00:31.120 science of criminal profiling as applied to it looks at 10 00:00:31.120 --> 00:00:34.399 this underground world with a pretty unique blend of technical 11 00:00:34.439 --> 00:00:35.880 and psychological analysis. 12 00:00:36.240 --> 00:00:38.799 Right, So, our mission for you today is basically to 13 00:00:38.920 --> 00:00:43.799 unpack what truly motivates these individuals, how they operate, and importantly, 14 00:00:43.960 --> 00:00:46.799 what their complex world means for all of us in 15 00:00:46.840 --> 00:00:48.479 our increasingly digital lives. 16 00:00:48.600 --> 00:00:50.960 Think of it as a shortcut maybe to understanding the 17 00:00:51.039 --> 00:00:52.759 who and the why behind the code. 18 00:00:52.840 --> 00:00:54.840 Okay, let's dig into this then, because when we hear 19 00:00:54.880 --> 00:00:58.200 criminal profiling, I think, you know, our minds often jump 20 00:00:58.280 --> 00:01:01.600 to a very specific image maybe Silence of the Lambs, right. 21 00:01:01.479 --> 00:01:02.000 The movies. 22 00:01:02.280 --> 00:01:05.599 Yeah, But the roots of this science they go way 23 00:01:05.719 --> 00:01:10.400 deeper and twist in some surprising ways, especially when you 24 00:01:10.400 --> 00:01:12.040 try to apply it to the digital world. 25 00:01:12.159 --> 00:01:14.359 It's really fascinating how far back it goes. You can 26 00:01:14.359 --> 00:01:16.840 actually trace some of it back to believe it or not. 27 00:01:16.920 --> 00:01:18.719 Eighteen eighty eight, London. 28 00:01:18.560 --> 00:01:20.560 Wow, eighteen eighty eight. Yeah. Yeah. 29 00:01:20.599 --> 00:01:23.439 Doctor Thomas Bond, he was a professor of forensic medicine, 30 00:01:23.599 --> 00:01:26.560 did an autopsy on a Jack the Ripper victim. And 31 00:01:26.599 --> 00:01:29.280 he didn't just do the autopsy, he assessed the attacker's 32 00:01:29.319 --> 00:01:33.560 surgical skills, even offered like an interpretation of the murderer's 33 00:01:33.599 --> 00:01:35.200 behavior based on their methods. 34 00:01:35.239 --> 00:01:37.239 So an early kind of profiling. 35 00:01:36.840 --> 00:01:38.519 Right there, exactly, an early form. 36 00:01:38.760 --> 00:01:41.920 Incredible. So okay, from those very early beginnings, when did 37 00:01:41.959 --> 00:01:44.879 it start to get more formalized like the FBI profiling 38 00:01:44.920 --> 00:01:45.840 we hear about. 39 00:01:45.599 --> 00:01:49.040 That really took shape much later in the nineteen seventies 40 00:01:49.040 --> 00:01:52.599 at the FBI in Quantico, Virginia, AUCA. Right, Yeah, special 41 00:01:52.599 --> 00:01:55.439 agents like Howard Teton and Patrick Mulaney. They kicked off 42 00:01:55.439 --> 00:01:59.519 this applied criminology program that eventually led to the Behavioral 43 00:01:59.519 --> 00:02:01.439 Sciences Unit, the BSU. 44 00:02:01.200 --> 00:02:03.280 The famous BSU, that's the one. 45 00:02:03.599 --> 00:02:06.200 And then later you had John Douglas and Robert Wrestler 46 00:02:06.239 --> 00:02:10.000 interviewing convicted serial killers. That work led them to develop 47 00:02:10.080 --> 00:02:14.000 the organized disorganized model, which is actually still influential today. 48 00:02:14.080 --> 00:02:18.680 And that model looks at things like intelligence, social skills. 49 00:02:18.240 --> 00:02:22.280 Planning exactly, things like the level of planning, intelligence levels, 50 00:02:22.319 --> 00:02:26.759 social adequacy, employment types. It helps make sense of the 51 00:02:26.800 --> 00:02:29.280 crime scene and the kind of person behind it. 52 00:02:29.360 --> 00:02:32.360 Okay, that makes sense for you know, a physical crime scene, 53 00:02:32.800 --> 00:02:34.960 but how on earth do you apply that kind of 54 00:02:35.000 --> 00:02:38.599 thinking to cyberspace Hacking doesn't really fit the typical violent 55 00:02:38.680 --> 00:02:39.280 crime mold. 56 00:02:39.360 --> 00:02:42.840 That is the core challenge, isn't it. Traditionally profiling focuses 57 00:02:42.879 --> 00:02:47.039 on violent crimes, sexually related crime, serial crimes. Hacking, Yeah, 58 00:02:47.039 --> 00:02:48.039 it doesn't fit neatly. 59 00:02:48.199 --> 00:02:49.479 So how do you bridge that gap? 60 00:02:49.599 --> 00:02:52.039 Well, the key thing is the serial nature of computer attacks. 61 00:02:52.159 --> 00:02:55.000 It's often a habitual crime, repeated behavior. 62 00:02:55.120 --> 00:02:56.599 Ah okay, the repetition. 63 00:02:56.840 --> 00:03:00.400 Yes, that repetition allows us to identify constants and behavior, 64 00:03:00.439 --> 00:03:03.360 which is fundamental to any kind of profiling. 65 00:03:03.680 --> 00:03:06.280 But here's where it gets really really interesting. I think 66 00:03:07.960 --> 00:03:12.520 the crime scene itself is just completely. 67 00:03:11.960 --> 00:03:13.120 Different, totally different. 68 00:03:13.199 --> 00:03:16.439 It's not a physical place. You don't have fingerprints or DNA. Nope, 69 00:03:16.599 --> 00:03:20.759 it's all electronic abstraction. Right, You're relying entirely on analyzing 70 00:03:21.560 --> 00:03:24.960 log files and audit trails. 71 00:03:25.080 --> 00:03:27.199 That's your evidence. Logs and trails and. 72 00:03:27.159 --> 00:03:31.680 Things like traditional geographical profiling, the marauder versus commuter models, 73 00:03:31.960 --> 00:03:32.280 they just. 74 00:03:32.280 --> 00:03:35.800 Don't apply, not at all, because, like our sources point out, 75 00:03:35.800 --> 00:03:39.560 in cyberspace, distance doesn't really exist. Everything is, as they 76 00:03:39.639 --> 00:03:40.919 put it, a mouse breadth. 77 00:03:40.719 --> 00:03:44.599 Away a mouse breadth. I like that. So this is 78 00:03:44.680 --> 00:03:47.879 a huge question. How do you profile something so abstract? 79 00:03:48.199 --> 00:03:51.439 Well, the answer really needs a joint approach. You need 80 00:03:51.479 --> 00:03:54.319 the computer security experts to tell you the what and 81 00:03:54.360 --> 00:03:57.520 the how, what happened, how they got in the technical side, right, 82 00:03:57.800 --> 00:03:59.960 and then you need the criminal profiling skills to explain 83 00:04:00.120 --> 00:04:03.680 the why, why did the attack happen, and crucially what 84 00:04:03.800 --> 00:04:05.919 kind of attacker are we likely dealing with. 85 00:04:06.080 --> 00:04:08.960 So it's a combination of tech know how and behavioral 86 00:04:09.000 --> 00:04:10.360 science exactly. 87 00:04:10.400 --> 00:04:13.520 That dual perspective is absolutely crucial to get the full picture. 88 00:04:13.680 --> 00:04:17.319 Which makes perfect sense. Then why the Hacker's Profiling Project 89 00:04:17.319 --> 00:04:19.759 the HPP was started back in two thousand and four. 90 00:04:20.720 --> 00:04:24.439 It's described as like a first big step in really 91 00:04:24.560 --> 00:04:28.079 understanding this huge underground world of hacking, trying to sort 92 00:04:28.079 --> 00:04:31.279 out the different categories of hackers and you know, actual 93 00:04:31.480 --> 00:04:32.360 criminal attackers. 94 00:04:32.399 --> 00:04:33.879 And their approach was unique, wasn't it. 95 00:04:34.000 --> 00:04:37.839 Yeah, totally. They went directly to the source, focusing not 96 00:04:37.920 --> 00:04:40.240 on the how, but the why and the who. They 97 00:04:40.319 --> 00:04:42.720 even to use things called honeynets. 98 00:04:42.199 --> 00:04:44.079 Ah, the honeypots, bait. 99 00:04:43.959 --> 00:04:48.600 Systems exactly deliberately unprotected systems set up as bait basically 100 00:04:48.839 --> 00:04:51.839 to watch attacks happen live and gather data on how 101 00:04:51.879 --> 00:04:53.000 hackers actually. 102 00:04:52.639 --> 00:04:55.680 Behave smart So to really get a handle on hackers, 103 00:04:55.720 --> 00:04:58.879 it probably helps to look at how cybercrime itself has evolved, 104 00:04:59.199 --> 00:05:02.199 even how we think about crime has changed. Oh so well, 105 00:05:02.319 --> 00:05:05.079 Historically you had figures like Cesara Lombroso back in the 106 00:05:05.160 --> 00:05:07.959 late nineteenth century. He saw fraud as a kind of 107 00:05:08.160 --> 00:05:10.079 civilized metamorphosis of crime. 108 00:05:10.360 --> 00:05:11.800 Civilized metamorphosis. 109 00:05:12.040 --> 00:05:15.839 Yeah, like replacing primitive cruelty with lies and greed, a 110 00:05:15.879 --> 00:05:18.000 more advanced way to be criminal, I suppose. 111 00:05:18.160 --> 00:05:18.399 Okay. 112 00:05:19.040 --> 00:05:21.959 Then later Edward Sutherland came along and really challenged that 113 00:05:22.399 --> 00:05:26.120 he defined white collar crime offenses by respectable, high status 114 00:05:26.160 --> 00:05:29.759 people in their jobs, implying, you know, a breach of trust. 115 00:05:29.560 --> 00:05:33.000 Ah, the breach of trust angle that seems key for 116 00:05:33.040 --> 00:05:34.000 digital stuff too. 117 00:05:34.480 --> 00:05:38.759 Absolutely, this evolution in understanding crime from brute force to 118 00:05:39.040 --> 00:05:42.839 subtle deception and violating trust, it really sets the stage 119 00:05:42.879 --> 00:05:45.319 for how we profile digital offenses and. 120 00:05:45.360 --> 00:05:48.800 That white collar crime idea. It translates surprisingly well to 121 00:05:48.839 --> 00:05:51.199 the digital age, doesn't it. Our sources point out that 122 00:05:51.319 --> 00:05:56.120 even say, some big telecommunications companies can be offenders, not 123 00:05:56.160 --> 00:05:56.759 just victims. 124 00:05:56.800 --> 00:05:59.800 Oh definitely Yeah, taking over illegal markets for personal data, 125 00:06:00.000 --> 00:06:02.680 maybe using data for really invasive marketing campaigns. 126 00:06:02.759 --> 00:06:03.800 That blurs the line. 127 00:06:03.879 --> 00:06:05.920 And the Internet just changed everything completely. 128 00:06:05.920 --> 00:06:10.600 Think about it. Phishing, massive credit card fraud, identity theft viruses. 129 00:06:10.800 --> 00:06:13.519 None of that really existed before the Internet became widespread 130 00:06:13.920 --> 00:06:17.839 and the user base shifted dramatically. Early IT users, they 131 00:06:17.839 --> 00:06:20.800 were relatively few and pre technically aware. 132 00:06:21.279 --> 00:06:23.040 They knew the risks debate. 133 00:06:23.160 --> 00:06:28.199 Today's users are as, the sources say, legion huge numbers, 134 00:06:28.639 --> 00:06:32.040 and many are unfamiliar with the jargon the attack techniques. 135 00:06:32.319 --> 00:06:35.519 They're vulnerable to misleading media hype too, So. 136 00:06:35.519 --> 00:06:39.160 An unaware target is basically de facto unprotected. 137 00:06:39.199 --> 00:06:41.040 That's how the sources put it. If you don't know 138 00:06:41.079 --> 00:06:43.000 the danger, you can't defend against it. 139 00:06:43.000 --> 00:06:46.800 It's also really interesting how digital theft is just fundamentally different. 140 00:06:47.319 --> 00:06:51.040 When someone steals a file online, it's not gone, is it. No, 141 00:06:51.279 --> 00:06:54.079 it's just copied, it's still there, Yeah, which makes detection 142 00:06:54.279 --> 00:06:56.439 incredibly hard, often really delayed. 143 00:06:56.519 --> 00:06:59.399 Yeah, like those big incidents with the Windows NT source 144 00:06:59.439 --> 00:07:01.920 code or the Cisco router code being stolen. The companies 145 00:07:02.000 --> 00:07:04.000 might not even know for ages exactly. 146 00:07:04.040 --> 00:07:06.879 And as the reasons why people did this stuff evolved, 147 00:07:07.079 --> 00:07:08.160 the way we talk about them. 148 00:07:08.079 --> 00:07:09.800 Changed too, right, Yeah, absolutely. 149 00:07:09.879 --> 00:07:12.079 You know. Back in the nineteen eighties, digital crimes were 150 00:07:12.079 --> 00:07:14.639 often just about destruction, wiping data, that. 151 00:07:14.600 --> 00:07:17.240 Sort of thing. Cure vandalism almost pretty much. 152 00:07:17.279 --> 00:07:19.720 But then in the nineteen nineties you got these intelligent, 153 00:07:20.319 --> 00:07:25.160 self replicating viruses, things like I Love You or Veronica. 154 00:07:25.519 --> 00:07:26.639 Oh, I remember those. 155 00:07:26.839 --> 00:07:30.319 They were huge, news huge, and with those the main 156 00:07:30.399 --> 00:07:33.839 objectives seemed to shift. It became more about attacker, notoriety, 157 00:07:34.279 --> 00:07:37.000 getting your name out there, making a splash, and. 158 00:07:36.959 --> 00:07:39.959 The terms we use change too. Hacker didn't always mean 159 00:07:40.040 --> 00:07:41.600 bad guy, not at all. 160 00:07:41.720 --> 00:07:44.920 Initially, hacker just meant like a computer enthusiast, someone who 161 00:07:45.000 --> 00:07:49.680 loved figuring things out, tinkerers exactly, But by the early eighties, 162 00:07:49.720 --> 00:07:53.639 you had younger programmers using those skills for more harmful things, 163 00:07:53.759 --> 00:07:56.600 breaking into military systems, writing viruses. 164 00:07:56.720 --> 00:07:57.839 So the meaning soured. 165 00:07:58.000 --> 00:08:01.000 It did, the term took on a negative con and 166 00:08:01.040 --> 00:08:04.160 that's when the term cracker was coined specifically to distinguish 167 00:08:04.199 --> 00:08:07.040 people using skills maliciously hacker versus cracker. 168 00:08:07.160 --> 00:08:10.839 You got it. So our sources also categorize these individuals 169 00:08:10.879 --> 00:08:12.279 right using colors, Yeah. 170 00:08:12.079 --> 00:08:14.279 The colors of the underground. It helps give a clearer 171 00:08:14.279 --> 00:08:16.399 picture of the different motivations and roles. 172 00:08:16.480 --> 00:08:18.160 Okay, break it down for us, all right. 173 00:08:18.519 --> 00:08:21.120 First you have the black hats. These are the folks 174 00:08:21.120 --> 00:08:25.319 who violate systems, often for personal game. They definitely cross 175 00:08:25.399 --> 00:08:29.160 the line into criminal acts for them stealing information, selling 176 00:08:29.199 --> 00:08:30.639 it that's just business. 177 00:08:31.199 --> 00:08:33.320 Sounds straightforwardly criminal it is. 178 00:08:33.679 --> 00:08:36.799 And what's particularly dangerous, the sources note is there are 179 00:08:36.840 --> 00:08:40.879 even legal black hackers, people who work on commission, maybe 180 00:08:40.919 --> 00:08:43.879 move to a country where destroying a specific system isn't 181 00:08:43.919 --> 00:08:46.279 technically illegal there and then do the damage. 182 00:08:46.320 --> 00:08:48.840 Wow, Okay, that's insidious. What's next? 183 00:08:48.919 --> 00:08:50.240 Then you have the gray hats. 184 00:08:50.519 --> 00:08:54.240 They often call themselves ethical hackers, sometimes ironically pink hats. 185 00:08:54.240 --> 00:08:57.399 They don't really want the black or white label. 186 00:08:57.279 --> 00:08:59.159 So somewhere in the middle kind of. 187 00:08:59.279 --> 00:09:01.240 They might have done an intrusions in the past, but 188 00:09:01.279 --> 00:09:04.919 maybe they've moved away from that. This group includes skill testers, 189 00:09:05.320 --> 00:09:09.080 people who find exploits create viruses, but don't necessarily see 190 00:09:09.080 --> 00:09:12.639 it as wrong. What's the motivation then, often targeting OS writers, 191 00:09:12.679 --> 00:09:16.159 maybe for security breaches they haven't fixed, and they can 192 00:09:16.159 --> 00:09:18.759 be volatile. They might switch sides if they feel ignored 193 00:09:18.960 --> 00:09:20.879 or aren't given credit for finding a flaw. 194 00:09:21.159 --> 00:09:22.600 Interesting and the white hats. 195 00:09:22.679 --> 00:09:23.840 White hats are the hunters. 196 00:09:24.360 --> 00:09:29.200 They use their skills explicitly for good cooperating with authorities, 197 00:09:29.519 --> 00:09:33.399 working as security consultants, trying to strengthen defenses. 198 00:09:33.799 --> 00:09:37.519 The good guys essentially okay, but they're less sophisticated groups too, right, 199 00:09:37.799 --> 00:09:38.759 often younger. 200 00:09:38.559 --> 00:09:42.120 Yes, definitely there are the wannabe lamers. Our sources call 201 00:09:42.159 --> 00:09:45.600 this category amusing, which maybe is a bit harsh, but 202 00:09:45.879 --> 00:09:49.799 I do. You'd find them on like low profile forums 203 00:09:49.879 --> 00:09:53.960 publicly asking really basic questions. Yo, man was the b 204 00:09:54.240 --> 00:09:55.840 thirst Way teaser. 205 00:09:55.519 --> 00:09:57.960 Hack www dot Nasa dot gov. 206 00:09:58.360 --> 00:10:00.240 Things that show they don't really know what they' doing. 207 00:10:00.360 --> 00:10:02.720 Okay, so mostly harmless, maybe. 208 00:10:02.399 --> 00:10:05.440 Mostly annoying probably, But then you have script kitties. These 209 00:10:05.480 --> 00:10:08.639 are described as culturally advanced compared to the wannabes, but 210 00:10:08.720 --> 00:10:10.440 actually dangerous to systems. 211 00:10:10.440 --> 00:10:12.919 How so, if they're not super skilled. 212 00:10:12.679 --> 00:10:15.639 They use tools developed by others, stuff found on places 213 00:10:15.679 --> 00:10:19.039 like bug track mailing lists. Those are forms where vulnerabilities 214 00:10:19.080 --> 00:10:19.720 get discussed. 215 00:10:19.759 --> 00:10:22.960 Ah, so they don't need deep knowledge themselves exactly. 216 00:10:23.000 --> 00:10:25.399 They just use the tools to break in, often just 217 00:10:25.440 --> 00:10:27.919 to brag about it. They get called point and clickers 218 00:10:27.960 --> 00:10:31.919 because the attacks involve very little reasoning or study, just 219 00:10:32.039 --> 00:10:33.840 running a program someone else wrote. 220 00:10:34.039 --> 00:10:35.759 Still dangerous though, oh absolutely. 221 00:10:35.879 --> 00:10:38.639 Then beyond those you get into the more professional, specialized 222 00:10:38.679 --> 00:10:43.240 categories like who well, cyber warriors. These folks keep a 223 00:10:43.320 --> 00:10:48.840 really low profile. They might target less obvious systems, ISPs, universities, 224 00:10:49.240 --> 00:10:51.200 and they operate either for money or. 225 00:10:51.159 --> 00:10:52.639 Based on strong ideals. 226 00:10:52.919 --> 00:10:57.759 Okay, industrial spies highly skilled, purely motivated by money. Our 227 00:10:57.799 --> 00:11:00.919 sources say this category has seen an x spinal increase. 228 00:11:01.159 --> 00:11:03.519 Wow, and that includes insiders too. 229 00:11:03.519 --> 00:11:07.480 Yeah, often includes insiders employees illegally accessing sensitive company info 230 00:11:07.559 --> 00:11:08.320 for personal gain. 231 00:11:08.440 --> 00:11:10.039 That's a huge threat definitely. 232 00:11:10.279 --> 00:11:13.759 Then you have government agents. Often these are actually former hackers. 233 00:11:13.799 --> 00:11:15.360 Really government's hire hackers. 234 00:11:15.440 --> 00:11:21.080 Oh yeah, employed for espionage, counter espionage, monitoring other governments, individuals, 235 00:11:21.080 --> 00:11:26.200 strategic industries. This marriage between hacking and intelligence agencies goes 236 00:11:26.240 --> 00:11:28.039 back to the mid nineteen eighties. 237 00:11:27.720 --> 00:11:29.200 Apparently fascinating. 238 00:11:29.879 --> 00:11:34.200 And the last category military hackers. These are professional hackers 239 00:11:34.240 --> 00:11:38.120 working directly within a country's armed forces, ordered to hack 240 00:11:38.159 --> 00:11:42.120 as part of specific military strategies, fighting wars behind the 241 00:11:42.159 --> 00:11:43.559 scenes in the digital realm. 242 00:11:43.639 --> 00:11:47.840 It's a whole hidden battlefield. So with all these different 243 00:11:47.840 --> 00:11:53.279 types black hats, gray hats, script kitties, government agents, what 244 00:11:53.399 --> 00:11:56.679 do our sources say really drives them psychologically? I mean, 245 00:11:57.200 --> 00:11:58.200 beyond the stereotypes. 246 00:11:58.279 --> 00:12:00.679 Yeah, that's the million dollar question, isn't it. The media 247 00:12:00.720 --> 00:12:03.519 image is often way off. Our sources point to this 248 00:12:03.679 --> 00:12:08.639 really important historical document, the Hacker Manifesto, written by someone 249 00:12:08.679 --> 00:12:10.879 called the Mentor back in nineteen eighty six. 250 00:12:11.000 --> 00:12:12.799 The Hacker Manifesto. What does it say? 251 00:12:13.039 --> 00:12:15.879 It really reveals a core part of the hacker identity, 252 00:12:16.039 --> 00:12:19.159 this constant search for challenges, a passion for breaking limits 253 00:12:19.159 --> 00:12:19.840 that seem. 254 00:12:19.679 --> 00:12:21.799 Impossible, pushing boundaries exactly. 255 00:12:22.120 --> 00:12:24.799 But it also expresses a lot of sort of adolescent 256 00:12:24.879 --> 00:12:29.039 anger and resentment towards the status quo towards adults, authority figures, 257 00:12:29.080 --> 00:12:33.879 feeling misunderstood, deeply misunderstood. Yeah, and because of that, many 258 00:12:33.919 --> 00:12:38.039 find this incredibly strong sense of belonging, this unconditional solidarity 259 00:12:38.360 --> 00:12:40.080 within the hacker community itself. 260 00:12:40.200 --> 00:12:42.759 That quest for challenge you mentioned, it sounds a lot 261 00:12:42.799 --> 00:12:45.039 like that psychological concept of flow. 262 00:12:45.399 --> 00:12:48.720 Oh. Absolutely six on Mahale's idea of flow, that state 263 00:12:48.759 --> 00:12:53.080 where you're totally absorbed thoughts and feelings, working together, clear goals, 264 00:12:53.120 --> 00:12:56.399 skills matching the challenge, immediate feedback, and. 265 00:12:56.320 --> 00:12:58.080 It makes you want to tackle harder things. 266 00:12:58.240 --> 00:13:02.200 Precisely, it pushes into jewels to seek greater complexity, constantly 267 00:13:02.200 --> 00:13:05.360 increase their skills. That fits the hacker drive perfectly. 268 00:13:05.759 --> 00:13:08.000 So besides the challenge, what else motivates them? 269 00:13:08.279 --> 00:13:08.519 Well? 270 00:13:08.559 --> 00:13:12.919 A huge one is just inquisitiveness, an inexhaustible thirst for knowledge, 271 00:13:13.000 --> 00:13:16.960 as the sources put it, curiosity, intense curiosity. Many see 272 00:13:16.960 --> 00:13:21.080 themselves almost like scientists, using computers as microscopes to understand 273 00:13:21.080 --> 00:13:24.039 how systems work, and crucially then sharing that knowledge. 274 00:13:24.039 --> 00:13:25.519 Sharing is key for many. 275 00:13:25.559 --> 00:13:29.159 Yes, they see the Internet as this inherently democratic tool, 276 00:13:29.600 --> 00:13:34.240 something that cuts across class, ethnicity, gender, skin color, a 277 00:13:34.320 --> 00:13:35.200 level playing. 278 00:13:34.919 --> 00:13:37.159 Field interesting any other motives? 279 00:13:37.639 --> 00:13:40.240 Yeah, for many, it's also just fun in games, the 280 00:13:40.320 --> 00:13:43.120 thrill of getting into a system, though interestingly they often 281 00:13:43.120 --> 00:13:46.200 get bored once they're inside unless they have a specific goal. 282 00:13:46.559 --> 00:13:47.600 Bored after breaking in. 283 00:13:47.840 --> 00:13:51.360 Yeah, the challenge was getting in, and some apparently even 284 00:13:51.360 --> 00:13:53.360 get a thrill from the idea of getting caught. 285 00:13:53.679 --> 00:13:56.320 Wow. Okay, risk takers. 286 00:13:55.919 --> 00:13:59.639 Definitely and another powerful driver, especially for maybe the gray 287 00:13:59.720 --> 00:14:03.279 or way hats, is this idea of fighting for freedom 288 00:14:03.480 --> 00:14:04.320 and making the. 289 00:14:04.240 --> 00:14:05.440 PC world safer. 290 00:14:05.960 --> 00:14:08.600 How So, they want to defeat what they see as 291 00:14:08.639 --> 00:14:12.159 communication monopolies. They believe the public is often misinformed, maybe 292 00:14:12.159 --> 00:14:14.200 by big companies or governments. 293 00:14:13.879 --> 00:14:17.159 So they see themselves as what whistleblowers. 294 00:14:17.000 --> 00:14:21.320 Kind of maybe defenders of basic human rights, using their intellect, 295 00:14:21.399 --> 00:14:25.120 their courage to fight against censorship, against those hiding information. 296 00:14:25.360 --> 00:14:28.919 And for this group, sharing knowledge freely is paramount. 297 00:14:29.039 --> 00:14:31.759 Yes, for many, freely sharing what they discover is the 298 00:14:31.759 --> 00:14:33.960 fundamental principle of hacker ethics. 299 00:14:34.240 --> 00:14:36.480 Okay, hacker ethics, what does that actually entail? 300 00:14:36.600 --> 00:14:36.879 Now? 301 00:14:37.080 --> 00:14:41.360 Our sources mention things like not damaging systems. Right. 302 00:14:41.759 --> 00:14:44.960 The ideal, according to these ethics is that true hackers 303 00:14:45.080 --> 00:14:48.159 strive not to damage or crash the systems they penetrate. 304 00:14:48.679 --> 00:14:52.039 They might modify log file, sure, but only to erase 305 00:14:52.120 --> 00:14:55.759 their traces, covering their tracks exactly. And the other key 306 00:14:55.799 --> 00:15:00.159 principle is sharing discoveries freely without payment. That commitment to 307 00:15:00.200 --> 00:15:04.279 information freedom is why something like industrial espionage is considered 308 00:15:04.360 --> 00:15:05.679 totally contrary. 309 00:15:05.320 --> 00:15:08.799 To hacker ethics, because it's about selling information, not freeing 310 00:15:08.840 --> 00:15:12.039 it precisely. But you mentioned earlier sometimes this ethic doesn't 311 00:15:12.080 --> 00:15:15.440 quite match reality, like with sharing discoveries. 312 00:15:15.600 --> 00:15:18.240 Yeah, that's where it gets nuanced. While the idea of 313 00:15:18.279 --> 00:15:21.279 a shared ethic is powerful, the reality is described as 314 00:15:21.480 --> 00:15:26.080 quite abstract and definitely not uniform. Well, there's this ongoing 315 00:15:26.159 --> 00:15:30.000 debate within the community itself, like full disclosure releasing vulnerability 316 00:15:30.000 --> 00:15:34.399 details immediately to the public versus responsible disclosure telling the 317 00:15:34.440 --> 00:15:36.639 software vendor first, giving them time to fix it. 318 00:15:36.720 --> 00:15:39.240 Ah. Okay, So even they don't agree on the right. 319 00:15:39.080 --> 00:15:43.000 Way exactly, that ethical debate is very much alive and kicking, 320 00:15:43.080 --> 00:15:45.799 showing it's not some monolithic code everyone follows. 321 00:15:46.240 --> 00:15:49.879 And what about the stereotype the antisocial nerd in the basement. 322 00:15:50.080 --> 00:15:53.080 Yeah, the sources push back hard against that. They say 323 00:15:53.159 --> 00:15:58.360 many hackers are surprisingly well normal normal, sociable, good students, 324 00:15:58.440 --> 00:16:02.240 They have friends, play sports, social lives. The studies painting 325 00:16:02.279 --> 00:16:05.919 them as antisocial drug abusers often based on very limited 326 00:16:05.960 --> 00:16:07.639 segments of the community, not. 327 00:16:07.840 --> 00:16:10.399 The whole picture doesn't more complex much more. 328 00:16:10.759 --> 00:16:14.399 Although for some computers definitely do serve as an escape 329 00:16:14.480 --> 00:16:19.679 route escaping what uncomfortable realities, maybe divorced parents, feeling oppressed 330 00:16:19.720 --> 00:16:23.200 at school, maybe avoiding street gangs. They find refuge in 331 00:16:23.240 --> 00:16:24.240 the virtual. 332 00:16:23.840 --> 00:16:25.720 World in a sense of belonging. 333 00:16:25.399 --> 00:16:28.480 A huge sense of belonging in the underground community. It 334 00:16:28.559 --> 00:16:31.879 often becomes their main allegiance, a core part of their identity. 335 00:16:32.000 --> 00:16:35.480 But it's not just about escaping negative situations. Right. There's 336 00:16:35.480 --> 00:16:38.200 that story about Animore starlt pure Heart. 337 00:16:38.320 --> 00:16:41.200 Right, that's a great counter example. She was the first 338 00:16:41.200 --> 00:16:44.600 woman to win the cyber Ethical Survivor title at Defcon, 339 00:16:44.840 --> 00:16:46.120 a major hacker. 340 00:16:45.879 --> 00:16:47.840 Conference, and her story is different. 341 00:16:47.919 --> 00:16:48.480 Very different. 342 00:16:48.799 --> 00:16:52.240 Her parents actually encouraged her interest in computers. They helped 343 00:16:52.240 --> 00:16:55.279 her develop an ethical sense around it, talked openly with 344 00:16:55.320 --> 00:16:56.159 her about hacking. 345 00:16:56.399 --> 00:16:58.639 So the family environment can be a huge factor. 346 00:16:58.919 --> 00:17:02.759 Absolutely highlights how that environment can really shape whether someone's 347 00:17:02.759 --> 00:17:06.240 path goes towards ethical hacking or darker stuff. 348 00:17:06.480 --> 00:17:10.640 And within the underground itself, how do social relationships work. 349 00:17:11.279 --> 00:17:13.720 Well, it often acts as this haven, a place where 350 00:17:13.720 --> 00:17:18.519 you're judged purely on your skills, your knowledge, not your ethnicity, 351 00:17:18.880 --> 00:17:21.000 not your social class, not how much money you have. 352 00:17:21.200 --> 00:17:23.400 Meritocracy based on tech skills. 353 00:17:23.119 --> 00:17:27.880 Pretty much, and that environment really fosters free information sharing, mentorship. 354 00:17:28.279 --> 00:17:31.160 You gain respect through what you know and what you contribute, 355 00:17:31.400 --> 00:17:32.160 not through wealth. 356 00:17:32.200 --> 00:17:35.319 Okay, and the substance abuse link you said the stereotype 357 00:17:35.359 --> 00:17:36.079 is mostly wrong. 358 00:17:36.319 --> 00:17:38.880 Yeah, the sources are quite clear. Most hackers do not 359 00:17:38.960 --> 00:17:43.359 abuse hard drugs or excessive alcohol. Clearheadedness is actually valued. 360 00:17:43.440 --> 00:17:45.480 You need to be sharp to do this stuff well. 361 00:17:45.599 --> 00:17:48.200 But it can be a factor sometimes it can. 362 00:17:48.359 --> 00:17:51.559 But often after they stop hacking, maybe due to getting 363 00:17:51.599 --> 00:17:55.279 caught or being exposed, the hacking itself can become almost 364 00:17:55.279 --> 00:17:57.200 like an addiction, a hacking dependency. 365 00:17:57.359 --> 00:17:57.599 Really. 366 00:17:57.720 --> 00:18:00.359 Yeah, And when that's taken away, some might turned to 367 00:18:00.440 --> 00:18:03.759 substances to try and replicate those sensations fill that void. 368 00:18:03.880 --> 00:18:08.359 Wow, that's a really interesting perspective. And what about their 369 00:18:08.440 --> 00:18:10.880 view on authority you mentioned resentment earlier. 370 00:18:11.039 --> 00:18:14.240 It's a very particular view. Hackers often see the main 371 00:18:14.359 --> 00:18:19.079 superpowers in their world, the hacker community itself, governments, and 372 00:18:19.119 --> 00:18:24.160 the wider Internet community as ideally existing in an equal relationship, 373 00:18:24.279 --> 00:18:28.359 equal how horizontal, peer to peer, no one group dominating 374 00:18:28.400 --> 00:18:32.880 the others. They equate that kind of structure with true democracy. 375 00:18:32.400 --> 00:18:34.119 And control of information is central to that. 376 00:18:34.359 --> 00:18:36.880 Absolutely, for many of them, the real crime isn't the 377 00:18:36.920 --> 00:18:39.279 act of hacking itself, what is it then, but rather 378 00:18:39.400 --> 00:18:41.400 hiding the truth. That's a direct quote, and it's a 379 00:18:41.400 --> 00:18:44.319 powerful conviction shaping how they see the world and their 380 00:18:44.359 --> 00:18:44.920 place in it. 381 00:18:45.000 --> 00:18:48.200 Okay, So the HPP project, the Hacker Profiling Project, didn't 382 00:18:48.240 --> 00:18:51.920 just talk about these ideas. They gathered actual data right 383 00:18:51.920 --> 00:18:53.759 from hackers themselves, exactly. 384 00:18:53.839 --> 00:18:56.880 They didn't just theorize. They went out and gathered data 385 00:18:57.039 --> 00:19:01.799 using extensive questionnaires, distributed them global, even at underground events 386 00:19:01.880 --> 00:19:03.240 hacker conferences and such. 387 00:19:03.319 --> 00:19:05.519 So they got input from the community directly. 388 00:19:05.279 --> 00:19:08.279 Yeah, allowing them to trace general hacker profiles by cross 389 00:19:08.319 --> 00:19:12.119 referencing lots of different sources, real data from the source, and. 390 00:19:12.079 --> 00:19:15.000 The results were surprising. 391 00:19:14.599 --> 00:19:17.079 Quite surprising, Yeah, especially regarding age. 392 00:19:17.160 --> 00:19:19.960 That stereotype of the young teenage hacker, the kid in 393 00:19:19.960 --> 00:19:22.880 the basement, right, the data kind of shatters that. Yes, 394 00:19:22.880 --> 00:19:25.160 there's a large number in the ten twenty age bracket, 395 00:19:25.240 --> 00:19:27.720 but there was also a significant percentage in the thirty 396 00:19:27.720 --> 00:19:30.400 five to forty group, and even forty one forty. 397 00:19:30.119 --> 00:19:31.640 Five really older hackers. 398 00:19:31.799 --> 00:19:34.880 Yeah, the average age was actually twenty seven for females 399 00:19:34.920 --> 00:19:37.799 and twenty five for males in their sample. It suggests 400 00:19:37.839 --> 00:19:40.359 that many who started years ago are still very much active. 401 00:19:40.359 --> 00:19:42.200 It's not just a phase for everyone. 402 00:19:42.359 --> 00:19:45.559 That is surprising. What about socioeconomic status did that fit 403 00:19:45.599 --> 00:19:46.519 the stereotype? 404 00:19:46.759 --> 00:19:49.920 Not really either. A majority of the interviewees said they 405 00:19:49.920 --> 00:19:53.279 were from upper middle forty four percent or lower middle 406 00:19:53.319 --> 00:19:55.759 thirty seven percent class backgrounds. 407 00:19:55.440 --> 00:19:58.000 So not confined to one economic group. 408 00:19:58.279 --> 00:20:02.279 Yep. It really seems to cut a across different societal lines, 409 00:20:02.400 --> 00:20:05.119 not just you know, disenfranchised youth or anything like that. 410 00:20:05.160 --> 00:20:07.119 And where they lived. Does everyone live in big cities? 411 00:20:07.440 --> 00:20:10.200 Well a lot, due forty five percent were in large 412 00:20:10.279 --> 00:20:14.240 urban areas, but interestingly, twenty one percent lived in very 413 00:20:14.240 --> 00:20:15.200 small towns and. 414 00:20:15.200 --> 00:20:16.759 Villages, small towns. How does that work? 415 00:20:16.839 --> 00:20:21.039 It really shows how information and communication tech itself enables this. 416 00:20:21.200 --> 00:20:24.559 It sparks interest in people who historically would have found 417 00:20:24.599 --> 00:20:28.319 it really hard to even access the systems or equipment needed, 418 00:20:28.920 --> 00:20:31.519 geography becomes less of a barrier. 419 00:20:31.640 --> 00:20:34.559 Makes sense. What about education? Are they all college dropouts? 420 00:20:34.640 --> 00:20:38.359 Well, the data showed a significant drop in university graduates 421 00:20:38.400 --> 00:20:42.440 who continue hacking, and many hackers expressed a dislike for 422 00:20:42.440 --> 00:20:46.400 formal schooling why they found it not very stimulating or 423 00:20:46.440 --> 00:20:49.079 felt they learned nothing new. But at the same time, 424 00:20:49.200 --> 00:20:53.039 they're clearly smart and skills exactly. They describe themselves as inquisitive, 425 00:20:53.079 --> 00:20:56.160 they have high technical skills. It points to this profound 426 00:20:56.279 --> 00:20:59.400 love for self directed learning outside of traditional classrooms. 427 00:20:59.400 --> 00:21:00.319 They learn what they. 428 00:21:00.200 --> 00:21:00.720 Want to learn. 429 00:21:00.920 --> 00:21:05.519 Okay, and motivations. Did the data confirm that curiosity factor? 430 00:21:05.720 --> 00:21:06.160 It did. 431 00:21:06.400 --> 00:21:10.319 Thirty percent cited inquisitiveness as their number one reason for hacking, 432 00:21:10.880 --> 00:21:12.480 just wanting to know how things. 433 00:21:12.240 --> 00:21:14.319 Work, and any other major reasons. 434 00:21:14.480 --> 00:21:16.920 Yeah, A notable fourteen percent said they do it for 435 00:21:17.000 --> 00:21:20.839 the good of the final users, actively looking for weaknesses 436 00:21:20.839 --> 00:21:23.359 and systems to try and make them safer for everyone. 437 00:21:23.759 --> 00:21:25.559 The ethical hacker motivation again. 438 00:21:25.519 --> 00:21:28.440 Seems so and for those who don't fear being arrested, 439 00:21:28.480 --> 00:21:31.799 which is quite a few, the top reasons they gave 440 00:21:31.960 --> 00:21:35.559 were fascinating, what were they? Thirty six percent cited the 441 00:21:35.599 --> 00:21:40.480 inadequacy of investigators. Basically, they think law enforcement can't catch them, 442 00:21:40.799 --> 00:21:44.160 and thirty five percent pointed to their own precautions and 443 00:21:44.200 --> 00:21:47.680 technical devices. They think they're too clever or well. 444 00:21:47.559 --> 00:21:51.039 Hidden, confidence or maybe arrogance, probably a bit of both. 445 00:21:51.359 --> 00:21:54.200 This next stat is really striking to me. Eighty percent 446 00:21:54.200 --> 00:21:56.599 of the responders don't think they're damaging anyone with what 447 00:21:56.640 --> 00:21:58.880 they do. Yeah, eighty percent, even though eighty one percent 448 00:21:58.920 --> 00:22:01.119 admit that what they're doing is legal in their country. 449 00:22:01.160 --> 00:22:04.680 It highlights this huge disconnect, doesn't it a core paradox? 450 00:22:04.960 --> 00:22:08.279 They see their actions as non malicious even while knowing 451 00:22:08.279 --> 00:22:09.200 they're breaking the law. 452 00:22:09.480 --> 00:22:14.000 Their internal ethical compass is just different from the legal one. 453 00:22:14.079 --> 00:22:17.680 Very different, And that probably explains why traditional deterrence don't 454 00:22:17.720 --> 00:22:18.400 always work. 455 00:22:18.960 --> 00:22:22.680 Right, because this study also found that law seemed pretty unsuccessful. 456 00:22:22.680 --> 00:22:23.920 As deterrence didn't. 457 00:22:23.640 --> 00:22:25.000 It largely unsuccessful? 458 00:22:25.079 --> 00:22:28.279 Yeah, fifty five percent of hackers who said they'd stopped 459 00:22:28.640 --> 00:22:31.680 only stopped temporarily. They went back to it after a break. 460 00:22:31.680 --> 00:22:33.839 So stopping wasn't permanent for most. 461 00:22:33.839 --> 00:22:34.440 Not at all. 462 00:22:34.559 --> 00:22:37.480 And even among those who claimed to have stopped, seventy 463 00:22:37.559 --> 00:22:40.799 nine percent admitted they still dabbled in hacking occasionally. 464 00:22:41.000 --> 00:22:42.960 Wow. So it's really hard to give up. 465 00:22:43.039 --> 00:22:45.359 It suggests the challenge isn't just about the fear of 466 00:22:45.440 --> 00:22:49.680 legal consequences. It's tapping into something deeper, some ingrain drive, 467 00:22:49.839 --> 00:22:51.839 or maybe even that dependency we talked about. 468 00:22:51.920 --> 00:22:54.799 What about online identity? The use of. 469 00:22:54.799 --> 00:22:58.079 Nicknames also interesting. Fifty six percent said they use more 470 00:22:58.160 --> 00:22:59.279 than one nickname or. 471 00:22:59.240 --> 00:23:01.839 Handle okay, multiple aliases, yeah. 472 00:23:01.519 --> 00:23:02.079 And get this. 473 00:23:02.880 --> 00:23:06.720 Of those using multiple nicknames, sixty five percent admitted to 474 00:23:06.759 --> 00:23:09.440 feeling like they have more than one personality. 475 00:23:08.920 --> 00:23:11.039 Multiple personalities, like a disorder. 476 00:23:11.279 --> 00:23:14.119 No, the study is careful to say it's not about 477 00:23:14.279 --> 00:23:17.359 mental illness in that clinical sense. It's more about creating 478 00:23:17.359 --> 00:23:22.119 these distinct online personas, like an armor almost that protects 479 00:23:22.119 --> 00:23:26.400 their real identity and lets them operate differently online digital. 480 00:23:26.079 --> 00:23:30.000 Mask makes sense, and their social circles. Do their families 481 00:23:30.039 --> 00:23:31.519 know mostly know? 482 00:23:31.880 --> 00:23:34.920 A surprising sixty eight percent of parents were reportedly not 483 00:23:35.079 --> 00:23:37.079 aware of their children's hacking activities. 484 00:23:37.160 --> 00:23:40.240 Sixty eight percent. That's huge. Are they mostly loaners? 485 00:23:40.319 --> 00:23:43.920 Many operate alone fifty five percent, but a significant chunk 486 00:23:43.960 --> 00:23:46.839 thirty eight percent work both alone and in groups. 487 00:23:46.880 --> 00:23:49.920 Sometimes in these groups, do they know each other in 488 00:23:49.920 --> 00:23:50.519 real life? 489 00:23:50.759 --> 00:23:53.680 Often not within the groups, thirty percent of members had 490 00:23:53.680 --> 00:23:56.160 never met each other face to face there never, and 491 00:23:56.200 --> 00:23:58.519 fifty four percent don't even live in the same city 492 00:23:58.599 --> 00:24:01.440 or country as their hacking partners. They rely heavily on 493 00:24:01.599 --> 00:24:04.519 encrypted communication chat, IRC, Internet relay chat. 494 00:24:04.559 --> 00:24:08.400 That kind of thing, truly a global virtual underground way. 495 00:24:08.440 --> 00:24:10.759 One last set of findings that really caught my eye 496 00:24:10.799 --> 00:24:12.319 about sharing information. 497 00:24:12.039 --> 00:24:13.200 Ah, yeah, the sharing piece. 498 00:24:13.480 --> 00:24:16.400 Fifty nine percent said they do warn the cystant administrator 499 00:24:16.400 --> 00:24:20.640 after finding a breach, assuming they didn't intentionally damage anything. 500 00:24:20.359 --> 00:24:24.400 Right nearly sixty percent, which fits that helping security motive 501 00:24:24.480 --> 00:24:24.680 for some. 502 00:24:24.960 --> 00:24:28.960 But then maybe the most surprising stat for me, fifty 503 00:24:29.039 --> 00:24:33.519 three percent state they never share their discoveries with anyone else. Yeah, 504 00:24:33.680 --> 00:24:38.039 over half. That directly contradicts that core hacker ethic of 505 00:24:38.039 --> 00:24:39.920 free information exchange we talked about. 506 00:24:40.000 --> 00:24:41.000 It absolutely does. 507 00:24:41.079 --> 00:24:43.880 It challenges that principle head on, and only thirty two 508 00:24:43.920 --> 00:24:46.440 percent said they'd inform their own group after warning the 509 00:24:46.480 --> 00:24:47.400 sissiedmund So. 510 00:24:47.440 --> 00:24:50.359 Much for solidarity and free knowledge sharing in practice for many, 511 00:24:50.400 --> 00:24:51.119 at least. 512 00:24:50.880 --> 00:24:54.400 It suggests a much more complex, maybe more individualistic, or 513 00:24:54.440 --> 00:24:58.440 even competitive dynamic going on than the stated ideals might suggest. 514 00:24:58.759 --> 00:25:00.640 It's not all communal building. 515 00:25:00.839 --> 00:25:03.640 Wow. Okay, so this deep dive, it really paints a 516 00:25:03.640 --> 00:25:06.240 picture of a hacker world that's far more complex, much 517 00:25:06.240 --> 00:25:09.400 more nuanced than the usual caricatures we see in movies 518 00:25:09.519 --> 00:25:10.079 or the news. 519 00:25:10.519 --> 00:25:14.799 Absolutely, from those surprising historical roots in Jack the Ripper 520 00:25:14.799 --> 00:25:19.039 profiling all the way to the intricate motivations the different subcultures, 521 00:25:19.319 --> 00:25:21.720 it's clear you have to look way beyond just the 522 00:25:21.720 --> 00:25:23.720 technical skills to understand who hackers are. 523 00:25:23.920 --> 00:25:29.000 Yeah, we've seen that they're often driven by this incredible curiosity, right, 524 00:25:29.119 --> 00:25:32.400 a desire to challenge authority, sometimes a profound belief in 525 00:25:32.400 --> 00:25:34.519 information freedom. 526 00:25:34.519 --> 00:25:38.200 But it's a world also profoundly shaped by anonymity, by 527 00:25:38.200 --> 00:25:42.960 this constantly shifting ethical landscape, and that inherent tension between 528 00:25:43.000 --> 00:25:46.759 security and access, between locking things down and wanting knowledge 529 00:25:46.799 --> 00:25:47.440 to be free. 530 00:25:47.759 --> 00:25:49.680 So here's something to think about as we wrap up 531 00:25:50.279 --> 00:25:53.079 in a world where technology is becoming as one of 532 00:25:53.119 --> 00:25:56.319 our sources. Beautifully put it an organic extension of our 533 00:25:56.359 --> 00:25:57.200 thoughts and words. 534 00:25:57.319 --> 00:25:59.000 Yeah, that's a powerful phrase. 535 00:25:58.799 --> 00:26:01.640 It really is. So in that world, how do we 536 00:26:01.799 --> 00:26:04.880 as a society figure out how to foster the positive 537 00:26:04.920 --> 00:26:08.599 sides of this that relentless curiosity, the drive for knowledge 538 00:26:08.839 --> 00:26:11.720 while still addressing the very real dangers that come from 539 00:26:11.799 --> 00:26:13.079 the darker corners of hacking. 540 00:26:13.200 --> 00:26:15.559 That's the critical question, isn't it. How do you nurture 541 00:26:15.599 --> 00:26:17.279 the good without enabling the bad? 542 00:26:17.680 --> 00:26:21.119 Exactly what stands out most to you listening today about 543 00:26:21.160 --> 00:26:24.920 the true motivations and the messy ethical landscape of this 544 00:26:25.079 --> 00:26:27.759 digital underground, something to definitely keep thinking about.