Security

Red hat hacking: Understanding the vigilante hacker

Ray Fernandez

Jul 17, 202310 min read

Red hat hacking: Understanding the vigilante hacker (Header image)

Hackers wear many “hats.” There’s black hat hacking, but there’s also white hat, green hat, blue hat, red hat, and others. Some do it for the money. Others seek to cause havoc and damage or are just looking for a thrill. Some are out for revenge, while still others fight for justice. And it’s not uncommon for a hacker to exchange one “hat” for another. So which of the above describes red hat hacking?

Out of all the different types of hackers, red hat hackers are unique and particularly interesting. They face the risks and dangers from both sides of the law, tending to rub government and companies the wrong way while also upsetting black hat hackers. They may even dangerously stir the beehives of international criminal groups that go digital. So what are these red hack hackers up to that demands so much attention?

What is red hat hacking?

A red hat hacker, also known as a “vigilante hacker,” uses their skills against cybercriminals and organizations that do not meet their own moral values or high standards of justice. Like any vigilante, they act outside of the law and are willing to break the rules if necessary in order to get what they want. Overall, red hat hackers are driven by a sense of justice and the desire to build a safer, more just, and more accessible world — based on their standards.

Due to the nature of their work, red hat hackers require secrecy and anonymity, and they must possess advanced computer abilities, a deep understanding of current events and international history, and strong research skills. They are not motivated by fame, although they may seek some kind of recognition for their work or the issues they fight for. They are also not motivated by financial gain.

Usually, such hackers work alone, but they may occasionally team up to combine resources. They may attack or track cybercriminals, breach companies and government organizations to leak data, and even patch up security flaws. They are also known for using cybercriminal techniques against them, including DDoS attacks, beacons, malware, and others. White hat hackers cannot do such things because it’s illegal to use such tools.

The most famous red hat hacker organization is Anonymous. Described by some as freedom fighters and by others as cyberterrorists, Anonymous mainly focuses on hacking government organizations. These red hat hackers commonly attack and take aggressive action against black hat hackers as well.

A Guy Fawkes mask, the symbol of the red hat hacker collective Anonymous
The Guy Fawkes mask has become a symbol of the Anonymous collective

What goals do red hat hackers have?

In the world of hacking, there are red hat hackers and black hat hackers. The red hats are the good ones, and the black hats are the bad ones. The rules of this game are that red hat hackers will do everything they can to defeat black hat hackers. It could be seen as a free public service.

The goals of red hat hackers include:

  • They aim to stop the bad hackers: Black hat hackers set out to cause chaos in the world and misery to individual victims. Red hat hackers are determined to stop this by interfering with their crimes and stopping them from achieving their objectives.
  • They believe they are helping law enforcement: Many red hat hackers see what they are doing as dealing with problems that law enforcement fails to resolve. They believe that their mission is a just cause and that their actions are helping to undermine cybercrime.

Is red hat hacking illegal?

An image of a shadowy figure using a laptop.
Image by Cliff Hang, Pixabay.

All forms of hacking are illegal — unless someone has given the hacker prior permission to hack into their systems to test their security protocols. This is called penetration testing. Unless that permission is explicitly given, the hacking is illegal. This means hackers — regardless of what color of hat they’re wearing — run the risk of arrest and punishment.

It’s also worth noting that, although they consider their actions to be honorable and just, red hat hackers can end up causing more harm than good. Their actions may have unforeseen and unintended consequences. In other words, the intention of doing good does not justify the act.

Red hat vs. blue hat hacking

Just when you thought there were only 2 types of hacker hats, along comes a third: blue hat hackers. Blue hat hackers are those who are hired by companies to hack into systems and unreleased products to find security vulnerabilities and bugs. This type of hacking is called penetration testing, and it is completely legal because it occurs with the clear permission of the company being hacked.

Red hat hackers, on the other hand, are not employed by their targets, and they do not have permission to carry out their activities. They exist to aggressively go after black hat hackers.

Case studies of notable red hat hacks

A dark photo of a man using a laptop.
Image by Noshad Ahmed, Pixabay.

It is extremely difficult to come up with real-life red hat hacks that have taken place simply because they are not advertised. Red hat hackers live in the shadows and do not publicize what they have done. Drawing attention to themselves and seeking publicity and praise would not be to their advantage. The legality of what they are doing is questionable and morally ambiguous.

The other issue is that it can often be difficult to distinguish between certain types of hacks. Was that computer intrusion a red hat or a black hat? Everyone will have different opinions on the subject, making case studies of real-life red hat hacking events a challenge, to say the least.

However, we can talk hypothetically about the types of black hat hacks out there that the red hat hackers are likely fighting against.

Ransomware: This is when a black hat hacker manages to get a virus onto a company system — usually via an infected email attachment — and locks the company system down completely, making information retrieval impossible. The black hat hacker demands that a payment be made (usually cryptocurrency) before a certain deadline, or they will remotely wipe the system. But if the money is paid, a decryption key will be provided.

Taking down dark web marketplaces: The dark web is rife with drug dealers, weapons traders, hitmen, identity thieves, and various types of organized crime. Online marketplaces that sell drugs, guns, and stolen personal data, such as credit cards, could likely be disrupted and taken down by red hat hackers.

Stopping infrastructure hacks: Many black hat hackers disrupt ordinary everyday life simply because they can. They get a kick out of it. This includes hacking into poorly protected infrastructure systems, such as power grids and traffic lights, and disabling them. Red hat hackers are likely to go after these types of hacking incidents, too.

What kind of tools and techniques are used by red hat hackers?

Ironically, the tools used by black hat hackers and red hat hackers alike are freely available on the internet for anyone to use, including free, open-source tools that can be easily modified to fit individual needs. There are likely a few elaborate homemade tools in use, although hackers will obviously have the technological know-how to make them if necessary.

Although creating a comprehensive breakdown of red hat hacker tools and techniques is impossible due to the secretive nature of these activities, a general list can be drawn up.

The Tor browser and a VPN

It goes without saying that the last thing any hacker wants is to be detected by the very people they are trying to take down. We can reasonably infer that they will be using the Tor browser and a virtual private network (VPN) to hide their location. A VPN can be something like ClearVPN.

Wireshark

Wireshark is an example of the kind of free, open-source software mentioned earlier. It is designed to analyze traffic on a computer network and detect potential security vulnerabilities.

Malware tools

This will be one of those exceptions when hackers will make their own custom-made tools — or use one made by fellow hackers. Malware tools will be used to infect black hat hackers’ websites, such as dark web marketplaces, to sow havoc and bring down the sites.

DDoS

A distributed denial of service (DDoS) attack is when a site is hit by massive amounts of traffic, forcing it to slow down to crawl and eventually crash. Hackers achieve this through the use of a botnet, which are hundreds or perhaps thousands of malware-infected computers throughout the world. This is why red-hat hacking is seen as controversial, blurring the lines of legality.

The characteristics of a vigilante hacker

There are certain characteristics that are fundamental for being a red hat hacker. These define not just their skills but their personality, beliefs, strengths, and weaknesses. Let’s dive into what it takes to be a red hat hacker.

Intelligence

The combination of skills and resources needed to be a red hat hacker implies that these individuals are highly intelligent. They are like chess masters who possess a balance of abilities ranging from coding to social engineering to constant problem-solving.

Advanced computing skills

Obviously, red hat hackers boast advanced computing skills. This is not the type of hacker who’s using plug-and-play malware or code-generating apps. To be able to track and shut down cybercriminals or infiltrate a digital government organization, advanced computing skills are a must. And while these skills can be self-taught, red hat hackers may gain their digital knowledge by attending universities.

A strong moral compass

Justice, ethics, and morality are at the heart of red hat hacking. Every action they do is motivated by the desire to “make things right.” While everyone has their own moral code, only some act accordingly, and very few are willing to put themselves in harm’s way or break the law in pursuit of justice.

A chameleon’s personality

Not only must red hat hackers master the art of camouflage, but they need to be extremely patient and dedicated. Efforts like attacks, security patches, or the downfall of cybercriminal organizations challenge even the top minds of international law enforcement and cybersecurity professionals. Red hat hackers fight fire with fire, matching these minds to outsmart them and beat them at their own game. They can move slowly if needed but can attack with tremendous speed when required.

Culture and knowledge

Red hat hackers’ skills don’t end at a keyboard. To do what they do, they need to stay on top of the news while maintaining inside-out knowledge of institutions, governments, and legal frameworks. Research in international history and an intimate understanding of world cultures are essential for their operations. A deep understanding of the world gives meaning to a red hat hacker. 

A fearless spirit

While it might be impossible to pick a red hat hacker out from a crowd, only a fearless and unique person would engage in the activities listed above. This personality separates red hat hackers from ordinary people.

Sign promoting Mr.Robot, a popular show about red hat hacking
Sign promoting Mr.Robot, a popular TV series about red hat hackers. Source: Wikimedia Commons

How are red hat hackers different?

An online search for famous white, gray, or black hat hackers yields extensive results. But try doing the same for red hat hackers, and you will see just how few hits you get. This not only speaks to how skilled and secretive red hat hackers can be, but how rare they are. 

More than any other type of hacker, red hat hackers draw from a deep bag of technical tools and tricks. They will bend or break laws if necessary, use the same tools cybercriminals use, and turn to the security side to use their resources. This makes the red hat hackers’ playbook and toolkit perhaps the broadest in the hacking world. But how do they really stack up against other types of hacking?

Red hat vs. black hat hacking

Black hat hackers are cybercriminals, plain and simple. These individuals break laws to cause damage and steal or destroy digital assets. They may be motivated by financial gain, recognition, or revenge. Black hat hackers are known for working in small, medium, and large groups, even forming transnational criminal groups, and are linked to terrorist organizations, international ransomware, nation-state cyberattacks, and drug cartels.

The red hat hacker’s moral code puts them at the complete end of the spectrum compared to cybercriminals. Plus, red hat hackers mostly work alone and are devoted to stopping cybercriminals, not working with them.

Red hat vs. white hat hacking

White hat hackers are the polar opposite of black hat hackers. White hat hackers work to make digital systems safe. Plus, white hackers are employed by organizations and have contracts with them. Therefore, even when running exploits, they operate strictly within the bounds of international law.

While white hat hackers are usually motivated to build a better world through digital security, red hat hackers seek to build that world through justice. A red hat hacker’s main goal is not to violate laws, but they will do so if necessary. Additionally, they don’t work for established organizations.

It’s worth noting that even before the days of the internet, hacking was an underground culture not fully accepted by society. White hat hackers seek to legitimize the hacking culture. But red hat hackers need the secrecy of staying underground to do their job. In this way, red hat hackers are more closely connected to the early days of hacking.

Red hat vs. gray hat hacking

If any two types of hackers share common ground, it’s red and gray hat hackers. Like red hat hackers, gray hat hackers aren’t afraid of breaking the law if necessary. They also share a strong desire to build a better world through digital security and digital actions. However, there are lines that gray hat hackers do not cross. Those lines include going after cybercriminals and being willing to intentionally and maliciously cause harm. If they cross one of these lines, they become red hat hackers.

The hacking community gives greater recognition to gray hat hackers, and they often seek to improve their reputation by showing off their skills and pointing to discovered vulnerabilities. These motivations are not in the mindset of a red hat hacker.

Vigilantes have existed in some form or another throughout human history. In our age, they have gone digital and are now known as red hat hackers. And while it’s easy to sympathize with red hat vigilantes who are just as eager to go after criminals that inflict suffering and pain as they are to expose governments, we can’t forget that these individuals, unfortunately, operate outside of the law.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.