What is a Red Hat Hacker?

Freelance Operators of the Security Industry

Red baseball cap on a small desk

Introduction

Who are the individuals known as Red Hat Hackers? Not to be confused with the tried-and-true Red Hat Linux OS (which everyone in security is familiar with), a Red Hat is a class of security professional working for the greater good while operating outside of conventional bounds.

What sets the Red Hat apart from other ethical hackers is that the Red Hat may choose to engage directly with a Black Hat target, with or without reporting the target to law enforcement or intelligence agencies.

Engaging a criminal target directly without support requires advanced skills in programming, software architecture, and social engineering, in addition to an understanding of the law at local, state, national, and international tiers.

Code of Conduct

The key defining characteristic of the Red Hat is a generally positive moral and ethical disposition towards others. The same curiosity that drives any hacker to explore is focused on the honing and practice of the craft and the swift execution of any tactics necessary to right some wrong.

Due to the nature of work involved, bending and breaking the law when necessary is a way of life. The advantage that a Red Hat has in the case of taking down an illegal entity (such as a remote organization attacking some resource in your home country) is that action can be taken immediately and explained later (assuming there is any trace left).

The topic of ethics as pertaining to the computer industry is a very complex and nuanced one, especially at planet scale. There are many cases in which an individual may choose to engage in activity which is technically illegal but obviously moral from a human standpoint, such as injecting noise into a target system which contains personal data that cannot be erased easily.

In general, the point of inflection for a red hat hacker to engage a target is when some human rights violation has been found. This action can take the form of anything from erasing one’s own personal record in a remote system to launching a full counter-attack to defend some local resource.

Tactical Advantage

Criminal activity is reported daily to agencies such as the Federal Bureau of Investigation in the United States of America. Unfortunately, these agencies are often at max capacity due to the complexity and depth of the internet increasing beyond the capabilities of any one agency.

This limitation is exploited daily by malicious actors with full knowledge that their own criminal activities may go undetected or unreported for months or even years, and that once they are discovered, the legal takedown process can be protracted indefinitely while the malicious actor rallies support.

A capable independent operator is able to leverage the malicious actor’s own social exploit, creating a fallback chain in which any investigation into the attack will reveal the malicious actor’s intent and trail of evidence which has now been placed directly in the trail of investigation.

Combining this tactic with knowledge of the law and the ability to work with and influence law enforcement professionals enables a skilled practitioner to take down a threat of virtually any size, since each move can be executed in a way that places the burden of defense upon the malicious actor up-front.

Actions can be taken against the malicious actor with less fear of jail time than vice-versa, giving the independent operator a tactical advantage.

Skills and Experience

Organizing and executing efforts on-the-fly at this scale requires extensive training and preparation, and in general these skills require a lifelong dedication to the craft itself and not necessarily just the pursuit of money, as the pursuit of money without honor is in direct opposition to the hacker ethos.

Since working on large-scale operations in this manner requires out-of-the-box thinking at every stage and may require relocation and/or infiltration of a target network, the skills required extend far beyond general hacking.

Some of these skills include:

• Proficiency in at least a dozen languages on the TIOBE Index
• Programming Paradigms, 12-Factor App, Genchi Genbutsu
• Metaprogramming, Reflection, and Self-modifying Code
• Electronics Engineering, System Design, Computation Theory
• Neurolinguistic Programming, Social Engineering, Leadership
• Navigation, Reconnaissance, Espionage, Multilingualism
• Physical Fitness, Hand-to-hand Combat, Infiltration

These skills allow a Red Hat to engage enemies using a combination of virtual and physical tactics while relocating to evade law enforcement or corporate security as necessary. Creating the illusion of launching a much larger attack than what is actually happening, or one from an institution with more authority, has an added effect of inducing the malicious actor into a state of surrender, since fighting back carries the risk of being detected by law enforcement agents who are generally more concerned with stopping crime than with stopping civilians who attack criminals.

Conclusion

The Red Hat is a unique player in the security community, combining the skills and ethics of other hats while treating the law as a starting point from which to operate. The skills and experience required for this classification of hacker often places these individuals in close contact with defense and intelligence sectors, however it should be noted that cooperation with these agencies will generally bring positive results, and security experts are often hired as contractors within the security community.

typical logo used to identify red hat hackers

This creates opportunities for Red Hats to work across industry sectors and governments at will, sometimes performing the job first and asking for permission later (or never). Typical jobs include security auditing (both physical and virtual), quality assurance, training, software architecture, reverse engineering, and other exciting and rewarding work (which also pays well when available).

While not a requirement, some industry certifications can help to obtain certain positions of employment or authority for added tactical advantage. Since the Red Hat does not play by rules and is often ahead of the industry, this individual likely possesses skills in areas prior to their adoption by the security community, so certifications are more of a nice-to-have.

Are you interested in computer security, software engineering, leadership, and other topics relevant in the 21st century? Follow me for more information and examples of how to implement cutting-edge solutions for common issues.

Thanks for reading!

~8_bit_hacker