What does a white hat hacker actually do?

Jan 23, 2018.

Which weak points in IT systems will cyber criminals exploit in the future? Security expert and white hat hacker Marc Ruef addresses these questions. We interviewed him about “trends” in cyber crime.

What does a "white hat hacker" do?

Marc Ruef: Traditionally, a white hat hacker has been someone who searches for weak points in systems and informs manufacturers and users about them. In doing this, he actively helps improve the quality of a product, and thus security.


What is the difference between a white hat hacker and a grey or black hat hacker?

Marc Ruef: Black hat hackers are very egotistical – they keep the weaknesses they discover secret for as long as possible and exploit them for their own gain. What they do is not necessarily a crime. They can create advantages for themselves, such as in a contest. With grey hat hackers, it’s a slippery slope between publishing the weaknesses they uncover and keeping them secret for themselves. They seem to think it’s ok to play around for a while with weak points they find and maybe even exploit them a little to their own advantage.


Are hackers connected with each other?

Marc Ruef: In the hacker scene, a lot of importance is attached to being well connected. Just like in the professional world, the person who has the best connections is a step ahead of everyone else.


How did you come to specialise in this area?

Marc Ruef: Already as a kid I was interested in computers and computer security. I started by developing encryptions and programming viruses, because I was fascinated by the exotic concepts that lay behind them. Eventually I turned my hobby into my profession. Even today, I still develop malware, for instance, for client projects.


How do you keep up to date in the hacker scene?

Marc Ruef: For several years now, I’ve headed up our in-house research department, which addresses today’s latest issues and, even more importantly, issues of the future. Cyber security is no longer just a matter of malware, firewalls and encryption. We are very much involved in subjects like blockchains, drones, self-driving cars and artificial intelligence.

One of our units focuses on the infiltration and observation of criminal markets in the dark net, where we try to gain an insight into the market dynamics and actors so we can anticipate future developments and activities. The motto of our research department is thus “Know the Future”. For example, we have developed a model for calculating the prices of weak points found in the future.


What trends, if any, are there in cyber crime?

Marc Ruef: Cyber extortion has been on the rise in recent years. A cyber extortionist demands payment from the victim, typically a company, under threat of some malicious activity, such as a large-scale DDoS attack. DDoS stands for “distributed denial of service”. This means a company’s resources, like a server or website, are targeted and purposely flooded with messages, connection requests etc., causing the resource to slow down or even crash, so that legitimate users system are denied service. Ransomware is also a topic dominating the media. This type of malware infects systems and encrypts files so they are inaccessible. The victim must pay a ransom in order to have access restored to the files.

In both cases, criminals are becoming more and more sophisticated. From the perspective of the criminal, plenty of optimisation potential exists. For example, until now, ransomware has demanded the same amount of ransom from all its victims, e.g. USD 300. In May 2017, WannaCry was able to collect around USD 70,000 this way within about 100 hours. In future, however, ransomware will be able to recognise the context of the infection. Then, the ransom demanded of private people will still only be USD 300, for example, while larger companies and organisations will have to pay in the order of USD 30,000, or even USD 300,000. Thus, the spoils of cyber criminals’ attacks will massively increase.



About our expert:

Marc Ruef has been working in the area of cyber security since the mid 1990s. In 2002, he co-founded a specialised consulting firm, scip AG. He is a lecturer at several technical colleges and universities, has authored a number of books on cyber security, and is one of the most frequently read German-language authors in his field.