Skip to main content
feature image for 'NSO Group is White Hat, Really'

Chances are you hate-clicked your way onto my blog, look­ing for a com­ments sec­tion where you can yell at me to let me know I’m wrong. But be­fore you do that let’s first talk clas­si­fi­ca­tion, shall we.

What is your clas­si­fi­ca­tion based on?

There are two co­ex­ist­ing ways in which most seem to un­der­stand and ex­plain the hacking hat con­cept’, they’re both pretty flawed. When you ask some­one to ex­plain white/​black hats they will prob­a­bly tell you that white hats are de­fen­sive, while black hats are of­fen­sive, this ex­pla­na­tion falls apart fairly quickly once you ask them if so called ethical” pen­testers and red team­ers are black hats and peo­ple hard­en­ing the se­cu­rity of ran­somware gangs are white hats. This is be­cause even the peo­ple ex­plain­ing it as such ac­tu­ally clas­sify hack­ers into groups based on their (the ob­servers) per­sonal value sys­tem, those who are or work for the good peo­ple” (the good” gov­ern­ments, lo­cal cor­po­ra­tions, law en­force­ment, peo­ple on their side of the po­lit­i­cal spec­trum) are white hats and those work­ing for the bad/evil peo­ple” (other gov­ern­ments, or­ga­nized crime, lo­cal re­sis­tance groups, for­eign state ac­tors) are black hats. It’s easy to see how this way of clas­si­fy­ing is highly sub­jec­tive and leads to col­li­sions.

This clas­si­fi­ca­tion can­not be ab­solute

One thing that should be clear by now is that any clas­si­fi­ca­tion of hack­ers into black and white hats needs to be rel­a­tive to the sys­tem a hacker is a part of. Which is how we very quickly come to how I clas­sify hack­ers into hats:

White hats are hack­ers who work within or in sup­port of a sys­tem, they gen­er­ally do so with­out con­se­quences and usu­ally legally, though not nec­ces­sar­ily. Black hats are hack­ers who work out­side or against the sys­tem, gen­er­ally with even­tual con­se­quences and of­ten il­le­gally, though not nec­ces­sar­ily.

White hats and black hats are not uni­ver­sal good and evil, I mean how could they be when the con­cepts of good and evil are sub­jec­tive and not the same ac­cross the world. Of course this clas­si­fi­ca­tion is still based on the val­ues within a given sys­tem and has to be viewed with that con­text in mind. It should now be clear to you why I con­sider NSO Group (and Corporate Intelligence in gen­eral) white hat and how that is the only proper way to view them in that clas­si­fi­ca­tion.

What good is that clas­si­fi­ca­tion though?

It’s ab­solutely use­less and al­ways has been, the clas­si­fi­ca­tion in white and black hats serves no one other than the sys­tem and those in power, it’s their way of clas­si­fy­ing hack­ers into good and evil from their point of view. The more you un­der­stand about this clas­si­fi­ca­tion the less use it brings. Letting hack­ers (and peo­ple in gen­eral) clas­sify them­selves into cat­e­gories based on their val­ues and goals is way more use­ful for dis­course about good” and evil” hack­ers.

You’re still wrong and I still want to yell at you!

Feel free to do so on Twitter or Mastodon.