黑客行为的分类重构 | 从代际划分到动机驱动的模型

斐夷所非

已于 2025-05-01 08:50:17 修改

阅读量422

点赞数 4

分类专栏： Cyber Security 文章标签：信息安全

于 2025-05-01 02:48:35 首次发布

本文链接：https://blog.csdn.net/u013669912/article/details/147637261

版权

Cyber Security 专栏收录该内容

6 篇文章

订阅专栏

注：机翻，未校。

The World of Hackers: Different Types Explained

黑客的世界：不同类型解析

BlackTechX
发布于 2024 年 8 月 19 日

Hackers are a diverse and complex group, each with their own unique motivations, methods, and ethical standards. Understanding the different types of hackers is crucial for navigating the intricate landscape of cybersecurity. In this comprehensive guide, we will delve into the various categories of hackers, exploring what sets them apart and the impact they have on the digital world.
黑客是一个多样化且复杂的群体，每个人都有自己独特的动机、方法和道德标准。了解不同类型的黑客对于在错综复杂的网络安全领域中导航至关重要。在这份全面的指南中，我们将深入探讨黑客的各种类别，探究是什么使他们彼此不同，以及他们对数字世界产生的影响。

1. White Hat Hackers

白帽黑客

White hat hackers, also known as ethical hackers, are the “good guys” of the hacking world. They use their skills to improve security systems and protect against malicious attacks. These individuals are often employed by companies to test the strength of their security measures and identify vulnerabilities before they can be exploited by malicious actors.
白帽黑客，也被称为道德黑客，是黑客世界中的 “好人”。他们利用自己的技能来改进安全系统，并防范恶意攻击。这些人通常受雇于公司，在恶意行为者利用安全漏洞之前，测试公司安全措施的强度并识别漏洞。

Key Points:

要点：

Motivation: Improve security, earn money legally, and contribute to a safer digital environment.
动机：提高安全性，合法赚钱，并为更安全的数字环境做出贡献。
Methods: Ethical hacking, penetration testing, vulnerability assessments, and security audits.
方法：道德黑客行为、渗透测试、漏洞评估和安全审计。
Legality: Legal, often contracted by companies to perform security testing.
合法性：合法，通常由公司签约进行安全测试。

Examples:

示例：

Bug Bounty Hunters: These hackers participate in programs where companies offer rewards for finding and reporting security vulnerabilities.
漏洞赏金猎人：这些黑客参与公司提供奖励以发现和报告安全漏洞的项目。
Security Consultants: Professionals who provide expert advice and services to enhance the security of organizations.
安全顾问：为增强组织的安全性提供专家建议和服务的专业人员。

2. Black Hat Hackers

黑帽黑客

Black hat hackers are the ones you typically hear about in the news. They break into systems for personal gain, to steal data, or to cause disruption. These individuals operate outside the law and often have malicious intent. Their actions can have severe consequences, including financial loss, data breaches, and reputational damage.
黑帽黑客是你通常在新闻中听到的那些人。他们为了个人利益、窃取数据或造成破坏而入侵系统。这些人在法律之外行事，并且往往有恶意意图。他们的行为可能会产生严重后果，包括经济损失、数据泄露和声誉损害。

Key Points:

要点：

Motivation: Personal gain, malice, financial fraud, and cyber espionage.
动机：个人利益、恶意、金融欺诈和网络间谍活动。
Methods: Malware, phishing, exploits, ransomware, and social engineering.
方法：恶意软件、网络钓鱼、漏洞利用、勒索软件和社会工程学。
Legality: Illegal, often resulting in criminal charges and severe penalties.
合法性：非法，通常会导致刑事指控和严厉惩罚。

Examples:

示例：

Cyber Thieves: Hackers who steal financial information, personal data, and intellectual property.
网络小偷：窃取金融信息、个人数据和知识产权的黑客。
Cyber Vandals: Individuals who deface websites, disrupt services, and cause chaos for malicious purposes.
网络破坏者：为恶意目的篡改网站、中断服务并制造混乱的个人。

3. Grey Hat Hackers

灰帽黑客

Grey hat hackers fall somewhere between white and black hats. They may hack into systems without permission but often report the vulnerabilities they find. Their actions can be motivated by curiosity, thrill, or sometimes personal gain. While their intentions may not be entirely malicious, their methods can still be illegal and unethical.
灰帽黑客介于白帽和黑帽之间。他们可能未经许可就入侵系统，但经常会报告他们发现的漏洞。他们的行为可能是出于好奇、刺激，有时也可能是为了个人利益。虽然他们的意图可能并不完全是恶意的，但他们的方法仍然可能是非法和不道德的。

Key Points:

要点：

Motivation: Thrill, curiosity, sometimes personal gain, and a desire to expose security flaws.
动机：刺激、好奇，有时是个人利益，以及揭露安全漏洞的愿望。
Methods: Similar to black hats, but often with less malicious intent. They may use exploits to gain unauthorized access but then report the vulnerabilities.
方法：与黑帽类似，但恶意意图通常较少。他们可能会使用漏洞利用来获得未经授权的访问，然后报告漏洞。
Legality: Often illegal, but sometimes tolerated if the hacker reports the vulnerabilities to the affected parties.
合法性：通常是非法的，但如果黑客向受影响的各方报告了漏洞，有时也会被容忍。

Examples:

示例：

Security Researchers: Individuals who discover and report vulnerabilities, sometimes without permission, to raise awareness about security issues.
安全研究人员：发现并报告漏洞的个人，有时未经许可，以提高对安全问题的认识。
Freelance Hackers: Hackers who offer their services to both legitimate and illegitimate clients.
自由职业黑客：为合法和非法客户提供服务的黑客。

4. Script Kiddies

脚本小子

Script kiddies are the amateurs of the hacking world. They use pre-written scripts and tools to attack systems without fully understanding how they work. Their actions are often driven by a desire to show off or cause chaos. While they may not possess advanced technical skills, their actions can still be disruptive and harmful.
脚本小子是黑客世界中的业余爱好者。他们使用预先编写的脚本和工具来攻击系统，而没有完全理解这些工具的工作原理。他们的行为往往是出于炫耀或制造混乱的欲望。虽然他们可能不具备高级技术技能，但他们的行为仍然可能具有破坏性和危害性。

Key Points:

要点：

Motivation: Show off, cause chaos, and gain attention.
动机：炫耀、制造混乱并获得关注。
Methods: Pre-written scripts, basic tools, and readily available hacking software.
方法：预先编写的脚本、基本工具和现成的黑客软件。
Legality: Illegal, but often ineffective due to their lack of technical expertise.
合法性：非法，但由于缺乏技术专长，往往效果不佳。

Examples:

示例：

DDoS Attackers: Individuals who use readily available tools to launch distributed denial-of-service attacks, overwhelming servers with traffic.
分布式拒绝服务（DDoS）攻击者：使用现成工具发起分布式拒绝服务攻击，用流量淹没服务器的个人。
Defacement Artists: Hackers who deface websites for attention or to make a statement.
网站篡改者：为了引起关注或表达某种观点而篡改网站的黑客。

5. Hacktivists

黑客活动家

Hacktivists use their hacking skills to promote a cause or make a political statement. They may deface websites, leak sensitive information, or launch DDoS attacks to get their message across. Their actions are often seen as a form of protest, aimed at raising awareness about social, political, or environmental issues.
黑客活动家利用他们的黑客技能来推动一项事业或发表政治声明。他们可能会篡改网站、泄露敏感信息或发起分布式拒绝服务攻击，以传达他们的信息。他们的行为通常被视为一种抗议形式，旨在提高对社会、政治或环境问题的认识。

Key Points:

要点：

Motivation: Political or social causes, activism, and raising awareness.
动机：政治或社会事业、积极行动和提高认识。
Methods: Website defacement, data leaks, DDoS attacks, and online protests.
方法：网站篡改、数据泄露、分布式拒绝服务攻击和在线抗议。
Legality: Illegal, but often seen as a form of protest and sometimes tolerated by the public.
合法性：非法，但通常被视为一种抗议形式，有时会得到公众的容忍。

Examples:

示例：

Anonymous: A decentralized international activist and hacktivist collective known for its online protests and cyber attacks against governments and corporations.
匿名者：一个分散的国际活动家和黑客活动家团体，以其针对政府和公司的在线抗议和网络攻击而闻名。
WikiLeaks: A non-profit organization that publishes news leaks and classified media provided by anonymous sources.
维基解密：一个非营利组织，发布由匿名来源提供的新闻泄密和机密媒体。

6. Cybercriminals

网络犯罪分子

Cybercriminals are in it for the money. They steal data, sell malware, and run all sorts of illegal operations online. These individuals are the mafia of the digital world, using their skills to commit crimes for financial gain. Their actions can have devastating consequences, including identity theft, financial fraud, and the disruption of critical infrastructure.
网络犯罪分子是为了钱。他们窃取数据、销售恶意软件，并在网上进行各种非法活动。这些人是数字世界的黑手党，利用他们的技能进行犯罪以获取经济利益。他们的行为可能会产生毁灭性的后果，包括身份盗窃、金融欺诈和关键基础设施的中断。

Key Points:

要点：

Motivation: Financial gain, organized crime, and cyber extortion.
动机：经济利益、有组织犯罪和网络勒索。
Methods: Ransomware, data theft, fraud, phishing, and malware distribution.
方法：勒索软件、数据盗窃、欺诈、网络钓鱼和恶意软件分发。
Legality: Illegal, often resulting in criminal charges and severe penalties.
合法性：非法，通常会导致刑事指控和严厉惩罚。

Examples:

示例：

Ransomware Gangs: Groups that encrypt data and demand payment in exchange for the decryption key.
勒索软件团伙：加密数据并要求支付赎金以换取解密密钥的团体。
Credit Card Fraudsters: Individuals who steal and sell credit card information for financial gain.
信用卡欺诈者：窃取并出售信用卡信息以获取经济利益的个人。

7. State-Sponsored Hackers

国家支持的黑客

State-sponsored hackers work for governments, using their skills to spy on other countries, steal secrets, or disrupt enemy systems. These individuals are the James Bonds of the hacking world, operating in the shadows to advance national interests. Their actions can have significant geopolitical implications, including espionage, sabotage, and cyber warfare.
国家支持的黑客为政府工作，利用他们的技能对其他国家进行间谍活动、窃取机密或破坏敌方系统。这些人是黑客世界中的詹姆斯·邦德，在幕后行动以推进国家利益。他们的行为可能会产生重大的地缘政治影响，包括间谍活动、破坏和网络战争。

Key Points:

要点：

Motivation: National interests, espionage, and cyber warfare.
动机：国家利益、间谍活动和网络战争。
Methods: Advanced persistent threats (APTs), espionage, cyber attacks, and information warfare.
方法：高级持续威胁（APTs）、间谍活动、网络攻击和信息战。
Legality: Often illegal, but backed by governments and seen as a necessary part of national security.
合法性：通常是非法的，但得到政府支持，并被视为国家安全的必要组成部分。

Examples:

示例：

APT28 (Fancy Bear): A Russian cyber espionage group believed to be associated with the Russian military intelligence agency (GRU).
APT28（奇幻熊）：一个被认为与俄罗斯军事情报机构（格鲁乌）有关的俄罗斯网络间谍组织。
APT40 (Leviathan): A Chinese cyber espionage group believed to be associated with the Chinese government.
APT40（利维坦）：一个被认为与中国政府有关的中国网络间谍组织。

8. Red Hat Hackers

红帽黑客

Red hat hackers are similar to white hats but take a more aggressive approach to stopping black hats. They actively hunt down and shut down malicious hackers, often using the same tactics against them. Their actions are driven by a desire to protect the digital world from malicious actors and to bring them to justice.
红帽黑客与白帽黑客类似，但在阻止黑帽黑客方面采取了更积极的方法。他们积极追捕并关闭恶意黑客，经常对他们使用相同的策略。他们的行动是出于保护数字世界免受恶意行为者侵害并将他们绳之以法的愿望。

Key Points:

要点：

Motivation: Stop malicious hackers, protect the digital world, and bring criminals to justice.
动机：阻止恶意黑客，保护数字世界，并将罪犯绳之以法。
Methods: Aggressive counter-hacking, offensive security measures, and vigilante justice.
方法：积极的反黑客行动、进攻性安全措施和私刑正义。
Legality: Often illegal, but seen as vigilante justice and sometimes tolerated by the public.
合法性：通常是非法的，但被视为私刑正义，有时会得到公众的容忍。

Examples:

示例：

Cyber Vigilantes: Individuals who take the law into their own hands to stop and punish malicious hackers.
网络义警：自行执法以阻止和惩罚恶意黑客的个人。
Hacker Hunters: Groups that actively seek out and expose malicious hackers and their activities.
黑客猎人：积极寻找并揭露恶意黑客及其活动的团体。

9. Blue Hat Hackers

蓝帽黑客

Blue hat hackers are individuals who are invited by companies to test their systems for vulnerabilities. They are often former black hats who have been hired to provide insights into security weaknesses. Their actions are driven by a desire to improve security and earn money through legitimate means.
蓝帽黑客是被公司邀请来测试其系统漏洞的个人。他们通常是曾经的黑帽黑客，被雇佣来提供有关安全弱点的见解。他们的行动是出于通过合法手段提高安全性和赚钱的愿望。

Key Points:

要点：

Motivation: Improve security, earn money, and contribute to a safer digital environment.
动机：提高安全性，赚钱，并为更安全的数字环境做出贡献。
Methods: Invited hacking, bug bounties, and security testing.
方法：受邀黑客行为、漏洞赏金和安全测试。
Legality: Legal, often contracted by companies to perform security testing.
合法性：合法，通常由公司签约进行安全测试。

Examples:

示例：

Bug Bounty Participants: Hackers who participate in programs where companies offer rewards for finding and reporting security vulnerabilities.
漏洞赏金参与者：参与公司提供奖励以发现和报告安全漏洞项目的黑客。
Security Consultants: Professionals who provide expert advice and services to enhance the security of organizations.
安全顾问：为增强组织的安全性提供专家建议和服务的专业人员。

10. Green Hat Hackers

绿帽黑客

Green hat hackers are newcomers to the hacking world. They are eager to learn and often seek mentorship from more experienced hackers. Their actions are driven by a desire to improve their skills and knowledge, and they may participate in ethical hacking activities to gain experience.
绿帽黑客是黑客世界的新手。他们渴望学习，经常向更有经验的黑客寻求指导。他们的行动是出于提高自己技能和知识的愿望，并且他们可能会参与道德黑客活动以获取经验。

Key Points:

要点：

Motivation: Learn and improve skills, gain experience, and contribute to the hacking community.
动机：学习和提高技能，获得经验，并为黑客社区做出贡献。
Methods: Seek mentorship, practice hacking, and participate in ethical hacking activities.
方法：寻求指导，练习黑客技术，并参与道德黑客活动。
Legality: Varies, often legal if done ethically and with permission.
合法性：各不相同，如果以道德方式并经许可进行，通常是合法的。

Examples:

示例：

Hacking Students: Individuals who are studying cybersecurity and practicing ethical hacking.
黑客专业学生：正在学习网络安全并练习道德黑客技术的个人。
Aspiring Security Professionals: Newcomers who are seeking to build a career in the field of cybersecurity.
有抱负的安全专业人员：正在寻求在网络安全领域建立职业的新手。

Understanding the different types of hackers is crucial for anyone involved in cybersecurity. Whether they are motivated by personal gain, political causes, or a desire to improve security, hackers play a significant role in shaping the digital landscape. Stay vigilant and informed to protect yourself and your systems from these diverse and often unpredictable actors.
对于任何参与网络安全的人来说，了解不同类型的黑客至关重要。无论他们的动机是个人利益、政治原因还是提高安全性的愿望，黑客在塑造数字格局方面都发挥着重要作用。保持警惕并了解相关信息，以保护自己和自己的系统免受这些多样且往往不可预测的行为者的侵害。

Hacker Generations, Subcultures and Hat Colours: A More Practical Approach to Classification

黑客代际、亚文化与帽子颜色：一种更实用的分类方法

Kevin Hosford
October 2021

Introduction

引言

An often-noted assumption associated with increasing adoption of information and communications technologies is the ever-increasing risk of complex cyber-intrusions (Jordan and Taylor, 2004; Wall, 2007; Seebruck, 2015; Yar and Steinmetz, 2019). In a bid to understand this growing digital phenomena, states and non-state security agencies, academics and journalists, have attempted to classify the actors involved. Operators of these acts are often categorised with the term “hacker”, with different variations often expanding into the concept of hat colour: ranging from the “good” white-hat hackers to the “bad” black-hat hackers, and grey for everything in-between (Yar and Steinmetz, 2019, p. 53). This over-simplification has created a difficult challenge to further understanding the motivational factors associated with the act of “hacking”.

随着信息和通信技术的日益普及，一个常被提及的假设是复杂网络入侵的风险不断增加（Jordan and Taylor, 2004; Wall, 2007; Seebruck, 2015; Yar and Steinmetz, 2019）。为了理解这一不断增长的数字现象，国家和非国家安全部门、学者和记者都试图对参与者进行分类。这些行为的实施者通常被归类为 “黑客”，并根据不同的变体扩展到帽子颜色的概念：从 “好” 的白帽黑客到 “坏” 的黑帽黑客，以及介于两者之间的灰帽黑客（Yar and Steinmetz, 2019, p. 53）。这种过度简化给进一步理解 “黑客” 行为背后的动机因素带来了巨大挑战。

Different aspects of hacking have, since early conceptions of the term, been identified using singular definitions which often associate specific transgressive acts of digital exploitation or more often, lumped together by numerous technology sectors using a “hat colour” approach in order to typologise actors. Advancements in technologies have, however, led these singular definitions and “spaghetti western” approaches to differentiate hacker impact and intentions to become an incompatible and outdated representation of hacking (Seebruck, 2015). This chapter argues that such simplistic models can present significant unintended consequences, poses a risk of undermining the severity imposed by acts of cyber-criminality, and fails to explain the complex and diverse range of activities associated with contemporary hacking and the motivational factors that drive these actions.

自 “黑客” 一词最早被提出以来，黑客的不同方面一直被用单一的定义来识别，这些定义通常与特定的数字利用违规行为相关联，或者更常见的是，被众多技术行业用 “帽子颜色” 的方法归类在一起，以对参与者进行分类。然而，技术的进步使得这些单一定义和 “意大利西部片式” 的方法在区分黑客的影响和意图时变得不兼容且过时（Seebruck, 2015）。本章认为，这种简单的模型可能会带来严重的意外后果，削弱对网络犯罪行为严重性的认识，并且无法解释与当代黑客行为相关的复杂多样的活动以及推动这些行为的动机因素。

This chapter, although exploring the fluidity of terms hacker and hacking, does not aim to provide yet another concise definition of either only to be added to an ever-increasing throng of unused definitions, but instead presents the history of the term hacker and explores how the motivation for hacking has evolved over time. As Windle and colleagues (2018, p. 8) have argued, such historical research can provide context for current debates and correct the entrenched misconceptions about both the past and the present of understandings pertaining to our understandings of hackers. This chapter builds upon this historical narrative and recent understandings to propose an extension to an existing typology developed by Seebruck (2015), itself an extension of the previous work of Rogers (2006) by identifying “cyberterrorism” as a distinct phenomenon of digital aggression that warrants further resource by acknowledging its distinctions within a typological framework of cyber malfeasance.

尽管本章探讨了 “黑客” 和 “黑客行为” 这些术语的流动性，但并不打算再提供另一个简洁的定义，以免被加入到不断增加的未被使用的定义行列中，而是呈现 “黑客” 一词的历史，并探讨黑客行为的动机是如何随着时间演变的。正如 Windle 等人（2018, p. 8）所论，这种历史研究可以为当前的辩论提供背景，并纠正关于黑客理解的过去和现在的根深蒂固的误解。本章基于这种历史叙述和最近的理解，提出了对 Seebruck（2015）开发的现有分类法的扩展，该分类法是 Rogers（2006）之前工作的延伸，通过识别 “网络恐怖主义” 作为一种独特的数字攻击现象，并在其网络恶意行为的分类框架中承认其区别，以进一步分配资源。

Defining Hacking

定义黑客行为

Many definitions have been produced (see: Clough and Mungo, 1992; Duff and Gardiner, 1996; Jordan and Taylor, 1998; Nissenbaum, 2004; Chiesa, Ducci and Ciappi, 2009; Al-khateeb et al., 2016) to understand and categorise hackers. The existence of competing definitions is common within any academic field, especially one which is relatively new and must continuously adapt to a rapidly changing environment such as technology.

为了理解并分类黑客，已经产生了许多定义（参见：Clough and Mungo, 1992; Duff and Gardiner, 1996; Jordan and Taylor, 1998; Nissenbaum, 2004; Chiesa, Ducci and Ciappi, 2009; Al-khateeb et al., 2016）。在任何学术领域中，存在竞争性定义是很常见的，尤其是在相对较新且必须不断适应快速变化环境的技术领域。

Tim Jordan and Paul A. Taylor has, however, noted that by the mid-1990s, hacking’s technological expertise was “equated largely towards illicit, illegal or unwanted computer intrusion” (2004, p. 5), adopting connotations such as “computer criminal” and “electronic vandal.” This criminogenic evolution of what the term entails can be partially considered a result of the amplification of its use within media and journalistic depictions which often associate the term with those committing criminal - and often unrealistic activities - through ICT (Internet Communications Technologies). This has made hacking synonymous with cyberattacks. That is, while different definitions are available, there is somewhat of a consensus that hacking is criminal, and hackers are criminals.

然而，Tim Jordan 和 Paul A. Taylor 指出，到了 20 世纪 90 年代中期，黑客的技术专长被 “主要等同于非法、违法或不受欢迎的计算机入侵”（2004, p. 5），并被赋予了 “计算机罪犯” 和 “电子破坏者” 等含义。这种对黑客行为的犯罪化理解部分可以被视为媒体和新闻报道中对这一术语的过度使用的结果，这些报道常常将黑客与通过信息通信技术（ICT）进行犯罪 —— 而且往往是不切实际的活动 —— 联系在一起。这使得黑客行为与网络攻击成为同义词。也就是说，尽管存在不同的定义，但人们普遍认为黑客行为是犯罪行为，黑客是罪犯。

The mercurial state of the term hacker and its practical term hacking contribute to the confusion and difficulties in establishing a consensual and uniformed definition and is evident throughout associated academic literature. These identities and their obscurities in which they are presented within a multitude of literature range from etymological accounts (Levy, 2010) to more populistic (Jordan and Taylor, 1998) with much of the literature emerging throughout the mid-1980s to late 1990s. While these provided interesting insights into the practices and etymology of hacking, they provide little critical observation of the phenomenon. Instead, they favoured more idealistic and somewhat mysteriously romantic observation of hacking subcultures. These non-critical observations, followed by an increasing public interest in computer technology through media depictions seen in early films such as War Games and more modern ones such as Mr Robot, contributed to the distortion of the public perceptions surrounding hackers and its affiliation with criminal intent (Wall, 2007). This furthered the mercuriality of the terms, making it increasingly difficult to establish a definitive definition.

“黑客” 这一术语及其实际术语 “黑客行为” 的多变性，使得建立一个共识性的统一定义变得困难重重，这种现象在相关的学术文献中表现得尤为明显。这些身份及其在众多文献中所呈现的模糊性，从词源学的描述（Levy, 2010）到更具大众化的描述（Jordan and Taylor, 1998），大量文献出现在 20 世纪 80 年代中期到 90 年代末期。尽管这些文献为了解黑客行为的实践和词源提供了有趣的见解，但它们对这一现象的批判性观察却少之又少。相反，它们更倾向于对黑客亚文化进行更为理想化且略带神秘浪漫色彩的观察。这些非批判性的观察，加上媒体对计算机技术的日益关注，以及在早期电影如《战争游戏》和现代电影如《黑客军团》中所呈现的图像，加剧了公众对黑客及其与犯罪意图相关性的误解（Wall, 2007）。这进一步加剧了这些术语的多变性，使得建立一个明确的定义变得愈发困难。

Yar and Steinmetz (2019, p. 54) note that inabilities to establish a consensus on hacking has provided free rein for governments, law enforcements, information security industries and media to actively construct their own definitions of hacking. Unsurprisingly, many of these state-constructed definitions of hacking a criminogenic status. This presumption of criminality contributes to the establishing of falsehoods and further skews assumptions towards hacking, which in-turn amplifies confusion in understanding characteristics associated with hackers and their actions.

Yar 和 Steinmetz（2019, p. 54）指出，无法就黑客行为达成共识，使得各国政府、执法部门、信息安全行业和媒体得以自由地构建自己对黑客行为的定义。毫不奇怪，这些由国家构建的黑客定义大多具有犯罪性质。这种对犯罪性的假设助长了虚假信息的建立，并进一步歪曲了对黑客行为的假设，反过来又加剧了对与黑客及其行为相关的特征的理解混乱。

Labelling of Hackers

黑客的标签化

The presumption of criminality has extended impacts beyond conceptual confusion. Those who embrace or are unwillingly conformed into fitting the term and characteristics of hackers and their act of hacking are in-turn labelled as such. This labelling process, coined by Becker (1963, 2008) is the process by which criminality, deviancy and identity are socially produced as a means of grouping, with Yar and Steinmetz (2019, p. 53) suggesting that these social-products or “reactions” towards hackers and hacking groups cannot be understood separate to how they are socially constructed. Before using Becker’s labelling theory to observe hacker labels we should bring awareness that labels are not rigid constructs, but change with public, media and government depictions and reactions. This is evident when observing evolving perceptions of hackers and their skills and contributions towards the development of software programs, internet technologies (Hannemyr, 1999) and most notably the open-source movement (Ljungberg, 2000).

犯罪性的假设不仅造成了概念上的混乱，还产生了更深远的影响。那些接受或不情愿地符合黑客及其行为特征的人，反过来被贴上了这样的标签。这种标签化的过程是由 Becker（1963, 2008）提出的，是通过社会生产来对犯罪性、偏差性和身份进行分组的过程，Yar 和 Steinmetz（2019, p. 53）指出，这些社会产品或对黑客和黑客群体的 “反应” 不能与它们的社会构建方式分开理解。在使用 Becker 的标签理论来观察黑客标签之前，我们应该意识到标签并非固定不变的结构，而是随着公众、媒体和政府的描述和反应而变化的。这一点在观察黑客及其技能对软件程序、互联网技术（Hannemyr, 1999）的发展以及开源运动（Ljungberg, 2000）的贡献时表现得尤为明显。

The actions of hackers are often complex, difficult to understand and go unnoticed until the big spectacle which affects us personally or is big enough to be newsworthy. Consequently, society and its influencers such as state powers and media are free to interpret hackers and hacking in any means, often identifying hackers (or many within this area) as operating outside of standard society and law. This unchecked freedom to interpret hackers has led to what Wall describes as “the crystallization of the “super-hacker” stereotype as the archetypal cybercriminal” (Wall, 2007, p. 16) of which parallels the alienated conspiracy theories of organised crime research (Windle et al., 2018) with the conceived moral panics whereby the hacker is identified as an outsider, or “other”, who is not like “us”, often described as dangerous youths or foreigners attempting to “undermine our way of life”. These stereotypes reduce cyber-security practitioners’ ability to adequately extrapolate the seriousness of some acts, which can result in what Becker calls secondary deviance. Secondary Deviance examines the behavioural consequences of the standard society’s reaction and further labelling of an actor’s deviancy which has the negative effect of skewing self-conceptions and provoking retaliation to the applied label or alternatively, pursue the applied label by means of self-fulfilling prophecy thus creating a process of “deviancy amplification” (Young, 2009) in which leads to its own confirmation. That is, the states or media categorisation of all hackers as criminal, and therefore bad guys, may essentially nudge some hackers to conform to this label.

黑客的行为往往复杂难懂，直到影响到我们个人或足够引起新闻关注时才会被注意到。因此，社会及其影响力者，如国家权力和媒体，可以自由地以任何方式解释黑客和黑客行为，常常将黑客（或这一领域的许多人）视为在标准社会和法律之外运作。这种对黑客的无约束解释导致了 Wall 所描述的 “超级黑客” 刻板印象的 “结晶化”，成为典型的网络罪犯（Wall, 2007, p. 16），这与有组织犯罪研究中的孤立阴谋论相呼应（Windle et al., 2018），并引发了道德恐慌，黑客被认定为局外人或 “他者”，与 “我们” 不同，常常被描述为危险的青年或外国人，企图 “破坏我们的生活方式”。这些刻板印象削弱了网络安全从业者对某些行为严重性的准确评估能力，可能导致 Becker 所说的次级偏差。次级偏差考察的是标准社会对行为者偏差行为的反应及其进一步的标签化，这种负面效应会歪曲自我认知，并引发对所贴标签的报复，或者通过自我实现的预言来追求所贴的标签，从而形成一个 “偏差放大”（Young, 2009）的过程，最终导致其自我确认。也就是说，国家或媒体将所有黑客归类为犯罪分子，也就是坏人，这可能本质上会促使一些黑客去符合这一标签。

Brief Generational Overview of Hacker

黑客的简要代际概述

Hacker stereotypes, labels, and eventual folk devils (Cohen, 2002) has led to an array of attempts to consolidate the varying understandings and perceptions of hackers and the associated act of hacking, with many often adopting an etymological overview of these terms. A large corpus of this academic literature makes notable reference to Levy’s (2010) generational observation of hackers, originally published in 1984 it has retrospectively been identified as categorising the first three generations of hackers within Jordan and Taylor’s (2004) extension, which was itself an attempt to provide a more structured and linear generational overview and proceeded with an additional “second wave” of hackers. This generational typology has gained equal popularity in explaining the evolution of hacker subcultures as more dynamic and motivationally driven actors. The remainder of this section will examine the inclusion of first and second wave generational overviews of hackers in order to provide context for the emergence of new-aged forms of understanding hackers and its evolving nature in reflection to advancements in ICT.

黑客的刻板印象、标签以及最终成为民间恶魔（Cohen, 2002）导致了对黑客及其相关行为的各种理解和认知的整合尝试，其中许多尝试采用了这些术语的词源学概述。大量的学术文献都引用了 Levy（2010）对黑客的代际观察，最初于 1984 年发表，后来被追溯性地认为是在 Jordan 和 Taylor（2004）的扩展中对前三代黑客进行了分类，而 Jordan 和 Taylor 的扩展本身是试图提供一个更具结构化和线性的代际概述，并继续提出了额外的 “第二波” 黑客。这种代际分类法在解释黑客亚文化的演变方面同样受欢迎，被认为是一种更具动态性和动机驱动的行为者。本节的其余部分将考察第一波和第二波黑客的代际概述，以提供对新形式的黑客理解及其随着信息通信技术（ICT）的进步而演变的性质的出现的背景。

First Generation Hackers

第一代黑客

It should first be acknowledged that although highly cited as the first description of hacker subcultures and their emerging traits, American journalist Steven Levy’s generational overview of hackers and their respective subcultures described in his book; Hackers: Heroes of the Computer Revolution is purely anecdotal, based largely on the personal surface level observation of the developing hacker community. Levy provides a framework of ethical principles most important to the hacker subculture which could be viewed as a form of “Hackers Creed” (Levy, 2010, pp. 28–34). The creed:

首先需要承认的是，尽管美国记者 Steven Levy 在其著作《黑客：计算机革命的英雄》中对黑客亚文化和它们的新兴特征的代际概述被广泛引用为对黑客亚文化的首次描述，但这一概述纯粹是轶事式的，主要基于对发展中的黑客社区的个人表面观察。Levy 提出了对黑客亚文化最重要的伦理原则框架，可以被视为一种 “黑客信条”（Levy, 2010, pp. 28–34）。信条如下：

Access to Computers — and anything that might teach you something about the way the world works — should be unlimited and total. Always yield to the Hands-On Imperative!
计算机的使用 —— 以及任何能让你了解世界运行方式的东西 —— 应该是无限的、完全的。始终遵循动手操作的必然性！
All information should be free.
所有信息都应该免费。
Mistrust Authority — Promote Decentralization.
不信任权威 —— 促进去中心化。
Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.
黑客应该根据他们的黑客行为来评判，而不是像学位、年龄、种族或职位这样的虚假标准。
You can create art and beauty on a computer.
你可以在计算机上创造出艺术和美。
Computers can change your life for the better.
计算机可以让你的生活变得更好。

It is clear from the principles presented by Levy that first-generation hackers stood largely in opposition to the commercial and regulatory position of the growing computer revolution that was taking shape. This oppositional perspective can be observed within the second and third principle, in which the free unrestricted access to information has, as Levy (2010, p. 29) suggests, “allowed for greater overall creativity”. The concept of free and unrestricted access of information has been a consistent principle amongst computer-hackers since Stewart Brand’s infamous quote at the first Hackers Conference in 1984, in which speaking with the Co-founder of Apple inc. Steven Woznaik, Brand assured that:

从 Levy 所提出的这些原则来看，第一代黑客在很大程度上是反对当时正在形成的计算机革命的商业和监管立场的。这种反对立场可以在第二和第三原则中观察到，即对信息的自由无限制获取，正如 Levy（2010, p. 29）所指出的，“允许更大的整体创造力”。自 1984 年首届黑客大会以来，计算机黑客一直坚持信息的自由无限制获取这一原则，当时 Stewart Brand 与苹果公司联合创始人 Steven Woznaik 交谈时，Brand 保证说：

“On the one hand information wants to be expensive, because it’s so valuable. The right information in the right place just changes your life. On the other hand, information wants to be free, because the cost of getting it out is getting lower and lower all the time. So, you have these two fighting against each other.” (Baker, 2015, p. 80).

“一方面，信息想要变得昂贵，因为它非常有价值。正确的信息在正确的地方就能改变你的生活。另一方面，信息又想要自由，因为传播它的成本越来越低。所以，这两者在相互斗争。”（Baker, 2015, p. 80）。

Thus, from Levy’s observations and Wozniak’s comments on the directives of hackers and development of technologies, many hacker communities largely emerged from those desiring to exploit, explore and extend emerging technologies, with Levy’s breakdown of first-generation hacker sub-groups largely aligning with these ideologies.

因此，从 Levy 的观察和 Wozniak 对黑客的指导以及技术发展的评论来看，许多黑客社区主要是从那些渴望利用、探索和拓展新兴技术的人中产生的，Levy 对第一代黑客亚群体的划分与这些意识形态大致相符。

Original Hackers: In the early days of the 1950s and 1960s access to computer technology was often reserved for use within Military institutions and esteemed Universities such as MIT and Cambridge. During this period of computational discovery, however, the term hacker emerged to describe enthusiasts who frequently pushed the original intentions of computer technologies beyond their known boundaries, often through unorthodox operations (Shinder and Tittel, 2002, p. 52). These “original” hackers were, as described by Jordan and Taylor (Jordan and Taylor, 2004, p. 10) “pioneering computer aficionados who emerged in the earliest days of computing,” experimenting with large computer mainframes with their accessibility being described by Levy as a sort of “Priesthood” with “those privileged enough to submit data to those most holy priests were the official acolytes” (Levy, 2010, p. 6) with even those permitted to assist restricted from direct access to these machines. This restriction, and the limited time to utilise these machines led to those permitted to access developing numerous efficiencies in order to utilise the most out of their limited exposure. These efficiencies became known as “hacks” with the hackers deviant means of accessing these mainframes becoming “tolerated with grudging admiration” (Nissenbaum, 2004, p. 198) by those within the Priesthood.

最初的黑客：在 20 世纪 50 年代和 60 年代初，计算机技术的使用通常被限制在军事机构和像麻省理工学院和剑桥大学这样的著名大学中。然而，在这个计算技术探索的时期，黑客一词开始被用来描述那些经常突破计算机技术最初意图的爱好者，他们常常通过非传统的方式操作（Shinder and Tittel, 2002, p. 52）。这些 “最初的” 黑客，正如 Jordan 和 Taylor（Jordan and Taylor, 2004, p. 10）所描述的，“是在计算机早期出现的先锋计算机爱好者”，他们对大型计算机主机进行实验，而这些主机的可访问性被 Levy 描述为一种 “神职人员” 的特权，“那些有幸向这些最神圣的神职人员提交数据的人是官方的助手”（Levy, 2010, p. 6），即使是那些被允许协助的人也被限制直接接触这些机器。这种限制以及使用这些机器的有限时间，促使那些被允许使用的人开发出许多效率方法，以充分利用他们有限的接触机会。这些效率方法被称为 “黑客”，黑客通过非常规方式访问这些主机的行为被神职人员 “勉强容忍并带着几分钦佩”（Nissenbaum, 2004, p. 198）。

Hardware Hackers:
Identified as; “computer innovators who, beginning in the 1970s, played a key role in the personal computing revolution which served to widely disseminate and dramatically decentralise computing hardware” (Jordan and Taylor, 2004, p. 10). These hardware focused hackers would pioneer the convergence of computer technology to the home user, with groups such as the Homebrew Computer Club developing kits and even entire computer systems for those interested in taking part in the “computer revolution.” The emergence of these “hardware hackers” reminiscent to the original hackers of the previous generation albeit in a more materialistic ethos, also marked a divergence in ethical and moral ideology of Levy’s original creed. As technological discoveries made during this early generation were largely in pursuit of knowledge, there existed a subset of members within the Homebrew Computer culture that deviated morally in its use of these technologies. Exploring the more illicit exploitation of physical technologies the subculture known as Phreaking “alias Phreakers” emerged, this more deviant subculture adopted skills and knowledge learned within the Homebrew Computer culture to further their acts of transgression and manipulation. In focusing largely on the exploitation of telecommunication technologies, these “Phreakers” explored and discovered ways to manipulate these systems by recreating the audio frequencies used by telecommunication companies in order to route and direct calls (Turgeman-Goldschmidt, 2008, p. 383). Coleman (2012, p. 101) argued that Phreakers differed from the more scholarly originating ethics of the then university privileged Hacker subculture, by instead having a more rooted and transgressive morality (often due to their efforts in breaking of laws and exploitation of persons for information, known as social engineering). Phreakers such as John Draper aka. Captain Crunch (Coleman, 2012) manipulated the use of both physically and digitally generated frequencies in order to make free phone calls, duping telecommunication companies (Turkle, 2005) which Shinder (2002) identifies as an example of the very first instance of an electronic hack.

硬件黑客：
被定义为 “从 20 世纪 70 年代开始，这些计算机创新者在个人计算机革命中发挥了关键作用，这场革命广泛传播并极大地分散了计算机硬件”（Jordan and Taylor, 2004, p. 10）。这些专注于硬件的黑客开创了计算机技术向家庭用户融合的先河，像家用电脑俱乐部这样的组织为那些希望参与 “计算机革命” 的人开发了工具包甚至整个计算机系统。这些 “硬件黑客” 的出现让人想起上一代的原始黑客，尽管他们的伦理和道德观念与 Levy 最初的信条有所偏离。由于这一早期的技术发现主要是为了追求知识，家用电脑文化中存在一个道德观念偏离的亚群体，他们探索了物理技术的非法利用，形成了被称为 “电话飞客”（Phreaking，也称 Phreakers）的亚文化。这些更具反叛性的电话飞客利用在家用电脑文化中所学到的技能和知识，进一步进行越轨和操纵行为。他们主要专注于利用电信技术，通过重现电信公司使用的音频频率来操纵这些系统，从而路由和引导电话呼叫（Turgeman-Goldschmidt, 2008, p. 383）。Coleman（2012, p. 101）认为，电话飞客与当时大学特权黑客亚文化所倡导的学术伦理不同，他们有着更根深蒂固的反叛道德观（通常是因为他们努力打破法律并利用他人获取信息，即所谓的社会工程学）。像 John Draper（又名 Captain Crunch，Coleman, 2012）这样的电话飞客操纵了物理和数字生成的频率，以实现免费电话通话，欺骗电信公司（Turkle, 2005），Shinder（2002）认为这是电子黑客行为的第一个例子。

Software Hackers:
软件黑客：

The third generation of Hackers evolved from the previous generation of Original and Hardware focused hackers, in that now having the accessibility of computer technology, these young and emerging hackers had the means to focus more on the refinement of computer software (Jordan and Taylor, 2004, p. 10) with the intention of repurposing it to work on previously incompatible hardware or gain access to previously restricted features.

第三代黑客是从前一代的原始黑客和硬件黑客演变而来的，因为现在有了计算机技术的可访问性，这些年轻新兴的黑客有了更多专注于计算机软件改进的手段（Jordan and Taylor, 2004, p. 10），目的是将其重新用于以前不兼容的硬件上，或者获取以前受限的功能。

This new generation of hackers, also knowns as Game-Hackers (Wall, 2007) marked an increase in the “self-interest” of many hacking ventures that unlike previous generations such as hardware hackers who although sometimes made a profit for their creations, was only seen as a by-product to the decentralisation of computing hardware. This new and younger generation of hacker was motivated more in pursuit of, as noted by Mungo and Clough as; “a fast buck, and their instincts entirely commercial the most notable area of self-interest having emerged within the area of gaming software” (Clough and Mungo, 1992) as illustrated in the example of John Harris, who (using his programming knowledge) develop games that were near replicas of coin-based arcade games such as Pac-Man for the home computer (Levy, 2010). This motivational shift towards self-gain marked a significant deviation in the ethical values shared amongst the hacker subcultures. Within more modern times, a revitalisation of software hackers has emerged largely in response to an expansion of what many consider to be a “walled garden” approach to computer technologies and their ecosystems. Apple once considered an advocate of first-generation hackers now maintains strict oversight and control over its software and ecosystem under the promise of quality and support. For example, Mac OsX is proprietary software developed by Apple available and intended only for supported Apple hardware such as iMacs and Macbooks, however many within the hacking community actively maintain an unofficial port of Mac OsX capable of being installed on non-Apple hardware known casually as “Hackintosh” a play on Apple’s Macintosh branding (see: hackintosh.com), showing the ideals of first-generation hackers are still as vibrant and active today.

这一代新的黑客，也被称为游戏黑客（Wall, 2007），标志着许多黑客行为的 “自利性” 增加，这与前几代黑客（如硬件黑客）不同，尽管他们有时会从自己的创造中获利，但这只是计算硬件去中心化的副产品。这一代新的年轻黑客更多地受到经济利益的驱动，正如 Mungo 和 Clough 所指出的：“快速赚钱，他们的本能完全是商业化的，最显著的自利领域出现在游戏软件领域”（Clough 和 Mungo, 1992），以 John Harris 为例，他利用自己的编程知识开发了类似于街机游戏《吃豆人》的家用电脑游戏（Levy, 2010）。这种向自利动机的转变标志着黑客亚文化之间共享的伦理价值观发生了显著偏离。在更现代的时期，软件黑客的复兴主要是为了应对许多人认为的计算机技术和其生态系统所采取的 “封闭花园” 方式的扩展。苹果公司曾被认为是第一代黑客的倡导者，如今却以质量和支持为由，对其软件和生态系统进行严格的监督和控制。例如，Mac OsX 是由苹果公司开发的专有软件，仅适用于支持的苹果硬件，如 iMac 和 Macbook。然而，黑客社区中的许多人积极维护一个非官方的 Mac OsX 版本，可以在非苹果硬件上安装，俗称 “Hackintosh”，这是对苹果 Macintosh 品牌的戏谑（见：hackintosh.com），这也表明第一代黑客的理想至今仍然充满活力和活跃。

Second Generation Hackers

第二代黑客

Following from Levy’s generational overview of hacking, which although written as a non-academic piece, provides an essential etymological foundation to the understanding of cyberdeviance worth including. However, these accounts should also not be viewed as linear distinct subcultures confined to a chronological transitioning timeline but as a series of networked groups of which emerged throughout the development of technology discoveries and which allows its loosely associated members to flow freely, adopting attributes from the multiple generations often deviating into new hacking sub-generations. It is, for example, entirely possible that some would begin as first-generation hackers whose motivation shifts over time from one of ideological and/or intellectual to profit driven.

在 Levy 的黑客代际概述之后，尽管这是一篇非学术性作品，但它为理解网络偏差行为提供了必要的词源学基础，值得包括在内。然而，这些描述也不应被视为线性、明确的亚文化，它们并非局限于按时间顺序过渡的阶段，而是一个由多个网络群体组成的系列，这些群体随着技术发现的发展而出现，其松散关联的成员可以自由流动，从多个代际中吸收属性，常常偏离出新的黑客亚代。例如，完全有可能有些人最初是第一代黑客，其动机随着时间的推移从意识形态和 / 或智力驱动转变为以盈利为导向。

As with the very nature of the Internet, these newly forming hacker generations are as described by Jordan and Taylor as “second wave” hackers (2004, p. 11) who comprise of limitless ethical/motivational tenets of which they abide by (if any) and are limited only by the opportunities provided by their accessible technologies and knowledgeable skillset. The below sections will describe the second wave of hackers, a typological extension of Levy’s first three generations are outlined by Taylor and Jordan (2004, p. 12) and described as “four interrelated and intersecting groupings”, or in these renderings; further generational continuations of Levy’s previous overview.

正如互联网的本质一样，这些新形成的黑客代际被 Jordan 和 Taylor 描述为 “第二波” 黑客（2004, p. 11），他们所遵循的伦理 / 动机原则（如果有的话）是无限的，并且仅受到他们可访问的技术和知识技能集所提供的机会的限制。以下部分将描述第二波黑客，这是 Levy 前三代的类型学扩展，由 Taylor 和 Jordan（2004, p. 12）概述，并被描述为 “四个相互关联且相互交叉的群体”，或者在这些描述中；Levy 之前概述的进一步代际延续。

Hacking & Cracking: A continuation of Levy’s initial generations, Taylor and Jordan’s fourth generation of hacking embodies the transgressive nature involved in the unauthorised access and exploitation of ICT. Their descriptive overview provides an understanding of the transitional period which led to those within the hacking subculture creating and adopting the term “cracker” and provides a meaningful understanding of the differing motivational causes of hacking and attempts to change its appropriation with transgressive activities. The emergence of the term “cracker”, briefly used to describe the act of “cracking the code” occurred during an increase in both concerns and legislative actions taken in response to the increased awareness of hacking and its potential implications on public, government, and corporate institutions, the “Jargon file” (Raymond, 2003) a glossary of terms associated with the “hacker slang” was created by Raphael Finkel in effort to separate the transgressive behaviours as seen in the phreaking sub-culture from its more humble hacking of mainframe systems and defined the term hacker as;

黑客与破解：作为 Levy 最初几代的延续，Taylor 和 Jordan 所描述的第四代黑客体现了未经授权访问和利用信息通信技术（ICT）的越轨本质。他们的描述性概述提供了一个过渡时期的理解，这一时期导致黑客亚文化中的人们创造了 “破解者”（cracker）一词，并尝试改变其与越轨活动相关的应用。随着人们对黑客行为及其对公共机构、政府和企业可能产生的影响的认识不断增加，相关的担忧和立法行动也不断增加，“破解者” 一词应运而生，最初用来描述 “破解密码” 的行为。Raphael Finkel 创建了 “黑客术语词典”（Raymond, 2003），这是一本与 “黑客俚语” 相关的术语词典，目的是将电话飞客亚文化中的越轨行为与其最初对大型机系统的黑客行为区分开来，并将黑客定义为：

“a person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary”

“一个喜欢探索可编程系统的细节以及如何扩展其能力的人，与大多数用户不同，后者更倾向于只学习必要的最低限度的知识”

Finkel’s definition of hacking describes the act as being purely for the “hack-value” or as Finkel describes as; “the reason or motivation for expending effort toward a seemingly useless goal, the point being that the accomplished goal is a hack” (Finkel, no date) later coining the term “cracker” to represent actors who intercept and manipulate security systems, or as expressed within the Jargon File; “a malicious meddler who tries to discover sensitive information by poking around” (Coupland and Faye, 2001, p. 501) in hope that the adoption of this term, mainly by the media, would adjust perceptions of the hacking subculture. However, the lack of adoption of the term cracker by media outlets could be a means to not establish a homonym that could confuse the general public, as the term was and still is largely associated with the racial epithet directed towards Caucasian people and was famously used by Malcom X in his 1964 speech “The Ballot or the Bullet”, using the term “cracker” to refer to white Americans in a pejorative context.

Finkel 对黑客的定义将这一行为描述为纯粹是为了 “黑客价值”，或者正如 Finkel 所描述的：“为一个看似无用的目标付出努力的原因或动机，重点在于完成的目标本身就是一个黑客行为”（Finkel, 无日期）。后来，他创造了 “破解者” 一词，用来指那些截获和操纵安全系统的人，或者如 “术语词典” 中所表达的：“一个恶意的干扰者，试图通过四处窥探来发现敏感信息”（Coupland 和 Faye, 2001, p. 501）。他希望媒体主要采用这一术语，以改变对黑客亚文化的认知。然而，媒体没有采用 “破解者” 这一术语，可能是因为不想建立一个可能使公众混淆的同音异义词，因为这个术语过去和现在都与针对白人的种族侮辱性词汇密切相关，Malcom X 在 1964 年的演讲 “选票还是子弹” 中就曾使用 “cracker” 一词来贬义地指代美国白人。

Microserfs: Microserfs, a term originally coined by Douglas Coupland (Coupland & Faye, 2001) in his fictional analysis of US tech company Microsoft is, as described by Jordan & Taylor (2004, p. 12) as;

“Microserfs” 一词最初由 Douglas Coupland（Coupland & Faye, 2001）在其对美国科技公司微软的小说分析中创造，Jordan 和 Taylor（2004, p. 12）描述为：

“a phrase used to describe computer programmers who, while exhibiting various aspects of the hacker subculture, nevertheless have become co-opted into the structure of large corporate entities such as Microsoft.”

“用来描述计算机程序员的术语，这些程序员虽然表现出黑客亚文化的各种特征，但最终还是被像微软这样的大型企业所吸纳。”

Microserfs, a portmanteau of technology enterprise Microsoft and the term Servant, are depicted as “geekish” and obsessive (Jordan and Taylor, 1998, p. 493) individuals who use their knowledge and expertise of ICT and computer coding to establish and work within emerging and rapidly growing commercial tech-companies such as Microsoft and Apple, which if to be compared by their compliance to the previously mentioned Hackers-Creed, would however go against two core ethical tenets that all information should be free and to mistrust authority. This emerging generation of microserf hackers marked the rejection of the original hacker ethos and represented the integration of hacking within the corporate sphere as found in Sumner & Chambliss (2004, p. 488).

“Microserfs” 是微软公司和技术术语 “仆人” 的混合词，被描述为 “极客” 且痴迷的个体（Jordan 和 Taylor, 1998, p. 493），他们利用自己对信息通信技术和计算机编程的知识和专长，在微软和苹果这样的新兴且快速增长的商业科技公司中建立并工作。如果按照前面提到的黑客信条来衡量，他们的行为却违背了两条核心伦理原则：所有信息应该免费以及不信任权威。这一新兴的 “微仆” 黑客代标志着对原始黑客精神的背离，并代表了黑客行为在商业领域的融合，正如 Sumner 和 Chambliss（2004, p. 488）所发现的那样。

Free Software (Open Source) Movement: Counter to the commercialisation of the microserf hacking generation, the sixth generation which embodies both the collaborative open approach to software development and the ideological principles encompassed within the free software movement considered true of the tenets mentioned previously and focus on the development of freely accessible software that is both equal to and exceeds the capabilities of consumer level software. This generation of hacker grew from the rejection of commercially available software, labelling such as “bloated” and seeked to provide easily modifiable and comparable software for others to use freely (Jordan and Taylor, 2004, p. 12). Although this generation of hacker is often acknowledged of having occurred in response to the growing collective of “hacking as a work ethic” seen within the microserf generation, the motivational characteristics of the open source and free software generation has existed since the early 1960s as seen with IBM’s source releases of its operating systems and other programs for peer review. Further embodiment of this movement can be seen with the success of the GNU General Product License (GPL) established by Richard Stallman. As an avid hacker himself and upon seeing the fragmentation of hackings core ethical principles through and increased use of copyright and restrictive administrative software mechanisms (Willians, 2002, p. 145), Stallman established the GPL in 1989 as a unified copyleft license that ensured that software developed under this license remained both free and modifiable with further iterations of the license being introduced to prevent components registered under the license being exploited for commercial purposes. These further iterations also introduced the four defining characteristics of free software, a set of prerequisites necessary in order to retain the ethical principles as discussed within the ethical foundations of the hacker subculture. These four freedoms starting from zero as intended by the authors are as follows:

自由软件（开源）运动：与微仆黑客代的商业化形成对比，第六代黑客体现了软件开发的协作开放方法以及自由软件运动所包含的意识形态原则，这些原则被认为是前面提到的信条的真实体现，并专注于开发易于获取的自由软件，这些软件在功能上等同于甚至超过了消费级软件。这一代黑客的成长源于对商业软件的拒绝，他们将商业软件称为 “臃肿的”，并试图提供易于修改且可比较的软件供他人自由使用（Jordan 和 Taylor, 2004, p. 12）。尽管这一代黑客通常被认为是对微仆代 “黑客工作伦理” 的回应，但开源和自由软件代的动机特征自 20 世纪 60 年代初就已存在，如 IBM 发布其操作系统和其他程序的源代码供同行评审。这一运动的进一步体现可以看作是 Richard Stallman 所建立的 GNU 通用公共许可证（GPL）的成功。作为一名热情的黑客，Stallman 目睹了黑客的核心伦理原则因版权和限制性行政软件机制的增加而被碎片化（Willians, 2002, p. 145），于是在 1989 年建立了 GPL，这是一个统一的左版许可证，确保这些许可证的进一步迭代还引入了自由软件的四个定义特征，这是为了保留黑客亚文化伦理基础中讨论的伦理原则而必须满足的一组前提条件。这些自由从零开始，按作者的意图依次如下：

The freedom to run the program as you wish, for any purpose.
以任何目的运行程序的自由。
The freedom to study how the program works and change it so it does your computing as you wish. Access to the source code is a precondition for this.
研究程序的工作方式并对其进行更改以满足您的计算需求的自由。访问源代码是实现这一自由的前提条件。
The freedom to redistribute copies so you can help others.
重新分发副本以帮助他人的自由。
The freedom to distribute copies of your modified versions to others. By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
将您修改过的版本分发给他人的自由。通过这样做，您可以为整个社区提供从您的更改中受益的机会。访问源代码是实现这一自由的前提条件。

Source:

These freedoms were established in response to what Stallman viewed as a need to identify the philosophical differences the free software movement had to the open-source movement, a distinction often glossed over within academic research as seen with Jordan and Taylor (2004:12) where mentions of the concept of open source are made as a distinct generation, merging this conception with the ideologies of the free software movement without acknowledging the existence of this movement. However, in Jordan and Taylor’s defence, the open-source philosophy does indeed share many of the same principles as those found within the free software movement. However, amongst many purist hackers’ subcultures, the open-source movement is often defined as no more than a development methodology due to the emphasis on taking collaborative approaches to developing software as opposed to a social focus of freedom within the free software movement. Regardless, both the open source and free software movements openly express disagreement with the restricted and bureaucratic nature of commercial software development as found within the microserf generation.

这些自由是 Stallman 为了识别自由软件运动与开源运动之间的哲学差异而建立的，这种差异在学术研究中常常被忽视，如 Jordan 和 Taylor（2004:12）所见，他们将开源的概念作为一个独立的代际提及，将这一概念与自由软件运动的意识形态合并，而没有承认这一运动的存在。然而，为 Jordan 和 Taylor 辩护的是，开源哲学确实与自由软件运动中的许多原则相同。然而，在许多纯粹黑客亚文化中，开源运动通常被定义为一种开发方法论，因为其强调采用协作方式开发软件，而不是自由软件运动中的社会自由关注点。尽管如此，开源和自由软件运动都公开表达了对微仆代商业软件开发中受限和官僚性质的反对。

Hacktivism: Often occurring as a response to perceived injustice, exploitation, introduction of a highly contested policy or as Coleman (2012) notes as when one group is perceived to be gaining an unfair advantage over another, hacktivism is the use of hacking techniques to achieve social or political change (Jordan, 2001). Jordan and Taylor (2004:43) describe hacktivism political motivation as having emerged from what they describe as an anti-globalisation movement which although did not oppose globalisation in all its forms, but economic globalisation implemented by organisations such as the World Trade Organisation (WTO), the International Monetary Fund (IMF) and G8. Where previously described generations focused more on alternative approaches to countering an increasingly restrictive and controlling and increasing economically focused technological evolution, much of these approaches examined more creative alternatives as means of circumventing these restrictions often attempting to operate under the attention of the restricting force. Hacktivism on the other hand actively confronts these restrictions and depends on establishing an awareness of their actions, attempting to as Jordan and Taylor (2004:69) describe as translating the principles of direct action of activism into virtuality. As with previously described generations, with technological advancements comes evolution to how these actions are performed. Hacktivism in its current form can now be considered a part of the much larger multiplex of digital activism.

** 黑客主义 **：通常是对感知到的不公正、剥削、引入高度争议的政策或如 Coleman（2012）所指出的，当一个群体被认为比另一个群体获得不公平优势时的反应，黑客主义是使用黑客技术来实现社会或政治变革（Jordan, 2001）。Jordan 和 Taylor（2004:43）将黑客主义的政治动机描述为源自他们所说的反全球化运动，尽管这一运动并不反对全球化的所有形式，但反对由世界贸易组织（WTO）、国际货币基金组织（IMF）和八国集团等组织实施的经济全球化。与前面描述的代际不同，前面的代际更多关注于对抗日益限制性、控制性以及日益以经济为中心的技术演变的替代方法，许多方法考察了更具创造性的替代方案，作为绕过这些限制的手段，通常试图在限制力量的注意之下运作。而黑客主义则积极对抗这些限制，并依赖于建立对其行动的认识，试图像 Jordan 和 Taylor（2004:69）所描述的那样，将激进主义的直接行动原则转化为虚拟性。与前面描述的代际一样，随着技术的进步，这些行动的执行方式也在演变。如今的黑客主义可以被视为更大范围的数字激进主义复合体的一部分。

In their paper; From Clicktivism to Hacktivism: Understanding Digital Activism, George and Leidner provide a detailed exploration of digital activism and describe Hacktivism as part of a “digital gladiatorial” collection of activities, defining those operating within this leading hierarchy as change makers, not considered influencers nor affiliated to any specific political party (2019, p. 9), instead with groups composed of loose coalitions whom take strategic action towards making changes which impact society, government and organisations (ibid). More specifically, hacktivism involves direct targeted and resource heavy action against those both inside and outside of tech focused organisations. Although George and Leidner extend their overview of hacktivism to include three subsets; “cyberterrorism” (Denning, 2001), “civic hackers” (Schrock, 2016) and “patriotic hackers” (Lokot, 2017), the topic of cyberterrorism will be explored within the final section of this chapter as an independent phenomenon that exists alongside as a distinct category and not within the phenomenon of hacktivism, thus a brief overview will be limited to only civic hackers and patriotic hackers.

在他们的论文《从点击主义到黑客主义：理解数字激进主义》中，George 和 Leidner 详细探讨了数字激进主义，并将黑客主义描述为 “数字角斗士” 活动的一部分，将在这个领先层级中运作的那些人定义为变革者，而不是被视为影响者或隶属于任何特定政党的人（2019, p. 9），而是由松散联盟组成的群体，他们采取战略性行动，对社会、政府和组织产生影响（同上）。更具体地说，黑客主义涉及对技术中心组织内外的那些人进行直接的、有针对性的、资源密集型的行动。尽管 George 和 Leidner 将他们的黑客主义概述扩展到包括三个子集：“网络恐怖主义”（Denning, 2001）、“公民黑客”（Schrock, 2016）和 “爱国黑客”（Lokot, 2017），但网络恐怖主义的主题将在本章的最后部分作为独立现象进行探讨，它作为一种独特的类别与黑客主义现象并存，因此简要概述将仅限于公民黑客和爱国黑客。

Civic Hacking: Within increasingly information and communication rich societies, the emergence of civic hackers of which the Open Science Foundation describes as those “deploying information technology tools to enrich civic life, or to solve particular problems of a civic nature, such as democratic engagement” (Hogge, 2010, p. 10) involving members of the general public living within urban environments using their technical computer coding development skills to better their immediate environment. Many of those who align with civic hacking ethos will encourage a more collaborative approach not often seen in other hacking subgroups by sharing their creations and hacks freely and publicly as open-source projects on digital repositories such as Github to allow others to use and modify their creations for their own specific purpose and need. An example of such tool is “vTaiwan” developed by civic hacking group “g0v”, a collective of independent developers who unhappy with the lack of transparency and non-participation of the general public within policy decision making created vTaiwan, a mixed-reality, scaled listening exercise allowing politicians to listen to public debate on numerous issues within their communities, allowing politicians to take on board discussions and comments made during these debates when making policy decisions (The Guardian, 2020).

公民黑客：在信息和通信日益丰富的社会中，公民黑客的出现被开放科学基金会描述为那些 “使用信息技术工具丰富公民生活，或解决特定的公民问题，如民主参与” 的人（Hogge, 2010, p. 10），涉及生活在城市环境中的普通公民，他们利用自己的计算机编程开发技能来改善他们所处的环境。许多认同公民黑客精神的人会鼓励一种在其他黑客亚群体中不常见的更具协作性的方法，他们将他们的创作和黑客行为作为开源项目在数字存储库（如 Github）上自由公开地分享，以便其他人可以使用和修改他们的创作以满足他们自己的特定目的和需求。这样的工具的一个例子是由公民黑客组织 “g0v” 开发的 “vTaiwan”，这是一个由独立开发者组成的集体，他们对公众在政策决策中的缺乏透明度和不参与感到不满，创建了 vTaiwan，这是一个混合现实的、规模化的倾听练习，允许政治家倾听社区内众多问题的公众辩论，让政治家在制定政策时能够采纳这些辩论中的讨论和评论（《卫报》，2020）。

Patriotic Hacking: Non-state sponsored hackers who focus their efforts on what they perceive to be in the best interest of the state, using this patriotism as a means of legitimising their actions with Lokot (2017, p. 16) arguing that patriotic hackers “present themselves as a legitimate element of a greater strategic narrative in the conflict” often targeting enemy countries and their citizens (George and Leidner, 2019, p. 11). Patriotic hacking can be considered a politically ideological phenomenon in that the motivations of conducting hacks are often conducted in order to maintain or return to previously established beliefs and retain a status-quo associated with their country and its political sphere. This differs from civic hacking which focuses largely on implementing improvements to communal infrastructure, quality of life and transparency of which can be shared with differing nations and nationalities, as opposed to patriotic hackings more nationalist orientated actions and sense of patriotism. For example, the US hacker known as “th3j35t3r” (leetspeak for “The Jester’') targeted Wikileaks whom at the time were distributing leaked confidential information of government documents known as “The United States diplomatic cables leak”, taking down the site for an extended period for what was perceived as attempts to endanger the lives of US troops, “other assets” & foreign relations (Wong, 2010).

爱国黑客：非国家资助的黑客将他们的努力集中在他们认为符合国家最佳利益的事情上，利用这种爱国主义作为合法化他们行动的手段，Lokot（2017, p. 16）认为爱国黑客 “将自己呈现为冲突中更大战略叙事的合法组成部分”，经常针对敌对国家及其公民（George 和 Leidner, 2019, p. 11）。爱国黑客可以被视为一种政治意识形态现象，因为进行黑客攻击的动机通常是为了维护或回归之前建立的信念，并保持与他们国家及其政治领域相关的现状。这与公民黑客不同，公民黑客主要关注实施对社区基础设施、生活质量以及透明度的改进，这些改进可以与不同的国家和民族共享，而爱国黑客的行为更具民族主义导向，并带有更强的爱国主义情感。例如，美国黑客 “th3j35t3r”（“The Jester” 的网络用语）攻击了维基解密，当时维基解密正在分发被称为 “美国外交电报泄密” 的政府机密文件。他使该网站长时间瘫痪，因为他认为这种行为可能会危及美国军队、“其他资产” 以及外交关系（Wong, 2010）。

Both Levy and Taylor & Jordan’s generational overview of hacking subcultures provide a clear linear outline of the various motivations and evolutions of hackers, which can exist within a multiplex of societal generations not restricted to technology limitations. However, within the more corporate setting, these variations often make it more difficult to allocate resources along the multivariable landscape that the numerous hacker subcultures introduce. Thus, there existed a need to simplify hacking motivations, which led to the introduction of hat colours as discussed.

Levy 和 Taylor 与 Jordan 的黑客亚文化代际概述提供了一个清晰的线性轮廓，展示了黑客的各种动机和演变，这些动机和演变可以存在于一个不受技术限制的社会多代群体中。然而，在更偏向企业的环境中，这些变化往往使得在众多黑客亚文化所引入的多变量环境中分配资源变得更加困难。因此，出现了简化黑客动机的需求，这导致了 “帽子颜色” 的引入，如文中所述。

The Etymology of Hat Colours

帽子颜色的词源

During the emergence of Microserfs who still viewed themselves as part of the underground hacker community, these now working and legitimised professionals within the “InfoSec” community, established the use of “Hats” in effort to provide a simplified distinction between the ethical and moral motivation of the hacker while also making it compatible with the corporate adoption of hacking as a work ethic: reminiscent of the categorisation in the USA of labour into white and blue collar workers. The concept of hacking groups distinguished by “hats” establishes its origins from old spaghetti westerns (the bad guy wears a black cowboy hat, and the good guy wears a white hat). These distinctions according to Raoul Chiesa, Stefania Ducci, and Silvio Ciappi (2009, p. 47) were developed; “spontaneously in the hacker underground to quickly identify a hacker’s approach and use of *their skills for constructive or destructive ends…”.

在微仆出现期间，这些人仍然将自己视为地下黑客社区的一部分，这些现在在 “信息安全” 领域工作并被合法化的专业人士，建立了 “帽子” 的使用，以简化区分黑客的道德和伦理动机，同时使其与企业对黑客作为工作伦理的接受相兼容：这让人想起美国将劳动分为白领和蓝领工人的分类。用 “帽子” 区分黑客团体的概念起源于老式意大利西部片（坏人戴黑色牛仔帽，好人戴白色帽子）。根据 Raoul Chiesa、Stefania Ducci 和 Silvio Ciappi（2009, p. 47）的说法，这些区分是 “在黑客地下社区中自发形成的，以快速识别黑客的方法以及他们将自己的技能用于建设性或破坏性目的……”。

Later, a third “gray-hat” was introduced largely due to confusions amongst hacker communities and private industries regarding the degree of involvement and how much information was released in the form of public disclosure of exploits and vulnerabilities when discovered by independent hacker groups. A notable member nicknamed “Weld Pond” of the hacker group “L0pht” which would later become a well-recognised grey hat group within hacker circles and forums discusses the term as follows:

后来，由于黑客社区和私营行业对独立黑客团体发现漏洞和弱点时公开披露的程度以及涉及程度存在混淆，引入了第三种 “灰帽”。黑客组织 “L0pht” 的一位名叫 “Weld Pond” 的知名成员，该组织后来成为黑客圈子和论坛中公认的灰帽团体，对这一术语进行了如下讨论：

First off, being grey does not mean you engage in any criminal activity or condone it. We certainly do not. Each individual is responsible for his or her actions. Being grey means you recognise that the world is not black or white.

首先，灰色并不代表你从事任何犯罪活动或纵容它。我们当然不会。每个人都要对自己的行为负责。灰色意味着你认识到这个世界并非非黑即白。

Is the French Govt infowar team black hat or white hat?
法国政府的信息战小组是黑帽还是白帽？

Is the U.S. Govt infowar team black hat or white hat?
美国政府的信息战小组是黑帽还是白帽？

Is a Chinese dissident activist black hat or white hat?
中国的异议活动人士是黑帽还是白帽？

Is a US dissident activist black hat or white hat?
美国的异议活动人士是黑帽还是白帽？

Can a black hat successfully cloak themselves as a white hat?
黑帽能否成功伪装成白帽？

Can a white hat successfully cloak themselves as a black hat?
白帽能否成功伪装成黑帽？

Could it be that an immature punk with spiked hair named “evil fukker” is really a security genius who isn’t interested in criminal activity?

一个名叫 “evil fukker” 的留着尖刺头的不成熟朋克，会不会其实是一个对犯罪活动不感兴趣的网络安全天才？

Typically, a white hat would not fraternize with him. Seems like there is a problem if you are going to be strictly white hat. How are you going to share info with only white hats?

通常，白帽是不会与他交往的。如果你要严格当一个白帽，似乎会存在问题。你将如何只与白帽分享信息？

What conferences can you attend and not be tainted by fraternizing with black hats?

你可以参加哪些会议而不被与黑帽交往所玷污？

The black hats are everywhere. We don’t want to stop sharing info with the world because some criminals may use it for misdeeds.

黑帽无处不在。我们不想因为一些罪犯可能会利用这些信息做坏事就停止与世界分享信息。

Source: https://www.ddth.com/showthread.php?200-ENG-White-Hat-Black-Hat-Grey-Hat

This introduction of a middle-ground term was to represent those outside of the simplified distinction of bad or good hackers as represented by black and white hats, or more simply; someone in the middle. Thus, these distinctions can be summarised as follows:

这种引入中间术语的做法是为了代表那些处于黑帽和白帽所代表的好坏黑客简化区分之外的人，或者更简单地说；处于中间地带的人。因此，这些区分可以总结如下：

White-hat hackers: Attempt to identify vulnerabilities within computer, software and network systems with the goal of securing and improving future iterations in effort to prevent exploitation. White-hat hackers are often associated as those within the corporate, commercial and increasingly government sectors who identify themselves as adopting the ethical and moral ideology equal to those of first wave hackers, in that they use their knowledge of computer systems and network exploitation for both philanthropic and security purposes, however white-hat hackers act counter to first wave ideology by operating under commercial and closed systems of superiority.

白帽黑客：试图识别计算机、软件和网络系统中的漏洞，目的是确保安全并改进未来的版本，以防止被利用。白帽黑客通常被视为那些处于企业、商业以及越来越多的政府部门中的人，他们认为自己采用了与第一代黑客相同的伦理和道德观念，即他们利用自己对计算机系统和网络利用的知识来实现慈善和安全目的。然而，白帽黑客的行为与第一代黑客的观念背道而驰，因为他们是在商业和封闭的优越系统下运作的。

Black-hat hackers: Those partaking and intent on committing online transgressive activities are often labeled as black-hat hackers by those identifying themselves as white-hat hackers. These hackers use their extensive knowledge of computer systems and network technologies to exploit vulnerabilities with the possible intent of conducting criminal acts and are often considered cybercriminals who adopt advanced computer exploitation skills often associated with hacking and phreaking cultures.

黑帽黑客：那些参与并意图进行在线越轨活动的人通常被那些自称为白帽黑客的人标记为黑帽黑客。这些黑客利用他们对计算机系统和网络技术的广泛知识来利用漏洞，可能的目的是进行犯罪行为，他们通常被认为是网络罪犯，他们采用了与黑客和电话飞客文化相关的高级计算机利用技能。

Grey-hat hackers: Hackers with no immediately identifiable motivations or lacking corporate or institutional backing are often identified as “grey-hat” hackers by those within the white-hat hacker sub-group, however. As with the transnational nature of ICT and network technologies, the fluidity of ethical behaviour and what can be considered morally virtuous across the world has led to an increase in the use of this term by those who may be identified within and loosely outside the microserf generation when associated with secondary generation hackers.

灰帽黑客：那些没有立即可以识别的动机或缺乏企业或机构支持的黑客通常被白帽黑客亚群体识别为 “灰帽” 黑客。然而，由于信息通信技术和网络技术的跨国性质，以及伦理行为的流动性和在全球范围内什么是道德高尚的不确定性，导致这个术语的使用增加，那些可能被识别为与第二代黑客相关的微仆代内外的人会使用这个术语。

Although the mentioned distinction of using hat shades is a frequently adopted and discussed approach to differentiating “bad or good” and at a later stage “middle-ground” hacker within the private corporate sectors approach to computer and network security and its commercialisation. These distinctions suffer from oversimplification and provide little to represent the broad and varied nature of those within hacking’s diverse range of topics and subcultures, of which, includes Web sites, publications, and conferences attended by thousands of people throughout the world (McQuade, 2009). Furthermore, the concept of hacking as a work ethic has been discussed previously by Turkle (2005) and by Chiesea et al (2009) however, these discussions do not warrant further analysis due in part to their overtly romanticising discourse of hacker subculture with the latter falling within sensationalistic views of “criminal profiling” more fitting of a semi-fictional novella. Therefore, a need to more accurately categorise hackers by both their capabilities and motivational drive exists if information security professionals are to better assess the risks posed by this evolving phenomenon.

尽管使用帽子颜色来区分 “坏人或好人” 以及后来的 “中间地带” 黑客是私人企业部门在计算机和网络安全及其商业化方面经常采用和讨论的方法，但这些区分存在过度简化的缺陷，并且无法充分代表黑客在其广泛多样的主题和亚文化中的广泛和多变的性质，其中包括网站、出版物以及全世界数千人参加的会议（McQuade, 2009）。此外，黑客作为一种工作伦理的概念之前已经被 Turkle（2005）和 Chiesea 等人（2009）讨论过，然而，这些讨论并不值得进一步分析，部分原因是他们对黑客亚文化的过度浪漫化描述，后者甚至落入了 “犯罪画像” 的夸张观点，更适合一部半虚构的小说。因此，如果信息安全专业人士想要更好地评估这一不断演变的现象所带来的风险，就需要更准确地根据黑客的能力和动机来对黑客进行分类。

Typologising Hackers by Sophistication and Motivations

按复杂性和动机对黑客进行分类

Several authors have previously identified the need to establish a more robust and structured understanding of cyber attackers and criminal computer hackers (Landreth, 1985; Hollinger and Lanza‐Kaduce, 1988; Chantler, 1995; Rogers, 2006; Seebruck, 2015) often noting that many existing typologies fail to address the rising increase of socially and ideologically motivated hacking such as hacktivism. This section will introduce and outline a pre-existing typological model that captures the multiplex of motivational drives of hackers, their weighted value and the level of computational sophistication they present, describing each element of the typological model and later extending this model to include cyberterrorism as a distinct category, with justification of extending and not establishing a new typology aligning within Seebrucks’ (2015) views where he cites Mirkovic and Reiher (2004), noting that “as typologies continue to grow and be refined over time” it is relevant to summarise recent discussions and case studies, and then infuse this information with previous categorisations of hackers, akin to a software update.

一些作者之前已经指出需要建立一个更强大、更有结构的对网络攻击者和犯罪计算机黑客的理解（Landreth, 1985; Hollinger 和 Lanza‐Kaduce, 1988; Chantler, 1995; Rogers, 2006; Seebruck, 2015），通常指出许多现有的分类法未能解决日益增加的社会和意识形态动机的黑客行为，如黑客主义。本节将介绍并概述一个现有的分类模型，该模型捕捉黑客的多种动机驱动因素、它们的加权价值以及他们所表现出的计算复杂性水平，描述分类模型的每个元素，并在后面将这个模型扩展到包括网络恐怖主义作为一个独立的类别，扩展而不是建立一个新的分类法的理由与 Seebruck（2015）的观点一致，他引用了 Mirkovic 和 Reiher（2004），指出 “随着分类法随着时间的推移不断增长和完善”，总结最近的讨论和案例研究，然后将这些信息与黑客的先前分类结合起来是相关的，类似于软件更新。

What is a Typological Model (Typologies)

什么是分类模型（分类法）

When attempting to classify various phenomena such as those considered criminally transgressive, researchers often refer to two basic categorisation tools: typologies and taxonomies (Smith, 2002). Researchers will often use both terms synonymous with one another however both have distinct characteristics worthy of description. To simply explain, typologies conceptually separate a given set of items (often known as traits) multidimensionally lending further towards deductive concepts rather than taxonomies more empirical and measurable classifications. Typologies as a tool do not lend themselves as enticing within more corporate settings of a cybersecurity operations as the demand for predictive and readily available measurable models and graphs offered by empirical taxonomies are often highly desired over conceptualisation, whereas typological models are often based on arbitrary or ad hoc criteria, favouring descriptive rather than explanatory or predictive, and are frequently subject to the problem of reification (Bailey, 1994, p. 34). However, regardless of its lack of corporate lure, Typologies offer several benefits within areas of cybersecurity, in that it provides the researcher the means of bringing order out of chaos (ibid:33). The enormous complexities of network systems and IT infrastructures makes them exceptionally vulnerable to a well-executed attack, and where a taxonomy may aid in the reporting of incidents and allocation of resources to a specific part of infrastructure to minimise said risk and are often readily available from many infrastructure dashboards, the classification of threats offered by typologies allows for greater understandings and organisation of all variables to identify the types of threats and prioritise addressing them (Friedman and Hoffman, 2008) providing a clearer picture of the cyber adversaries. This is especially important as greater numbers of cyber adversaries emerge all with differing motivations, intentions and skill sets making the need to understand what the possible intended objective of these adversaries are or could possibly be. Therefore, the need for a typological model that captures the nuances of hacker motivations, skills and allows for a greater degree of flexibility to allow a continuous stream of updates exists, of which Rogers’ (2006) and later updated; Seebrucks (2015) Weighted Arc Circumplex Model was chosen.

在尝试对各种被视为犯罪越轨行为的现象进行分类时，研究人员通常会参考两种基本的分类工具：分类法和分类学（Smith, 2002）。研究人员通常会将这两个术语互换使用，但它们都有值得描述的独特特征。简单来说，分类法是概念上的，多维度地分离一组给定的项目（通常被称为特征），更倾向于演绎概念，而不是分类学更实证、可测量的分类。作为一种工具，分类法在网络安全运营的更企业化环境中并不那么吸引人，因为实证分类学所提供的预测性和易于获取的可测量模型和图表通常比概念化更受青睐，而分类模型通常基于任意的或临时的标准，倾向于描述性的而不是解释性的或预测性的，并且经常受到物化问题的困扰（Bailey, 1994, p. 34）。然而，尽管它缺乏企业吸引力，分类法在网络安全领域提供了几个好处，因为它为研究人员提供了从混乱中带来秩序的手段（同上：33）。网络系统和信息技术基础设施的巨大复杂性使它们特别容易受到精心策划的攻击，而分类学可能有助于报告事件，并将资源分配到基础设施的特定部分以最小化风险，并且通常可以从许多基础设施仪表板中轻松获取，而分类法所提供的威胁分类允许对所有变量进行更深入的理解和组织，以识别威胁类型并优先处理它们（Friedman 和 Hoffman, 2008），从而提供对网络对手的更清晰的画面。随着越来越多的网络对手出现，他们都有不同的动机、意图和技能集，理解这些对手可能的意图目标变得尤为重要。因此，需要一个能够捕捉黑客动机、技能的细微差别，并允许持续更新的分类模型，因此选择了 Rogers（2006）的加权弧环形模型，并在后来由 Seebruck（2015）进行了更新。

Overview of Seebrucks Circumplex Model

Seebruck 环形模型概述

Arguing that earlier hacker typologies are no longer compatible to explain the complex and diverse range of activities associated with the term today, Seebruck (2015) identified that hacking has evolved to include a wider subset of motivational factors and identified that an additional two categories “hacktivist” and “crowdsourcing” must be included alongside initial cyber-actors proposed by Rogers (2006, 2010) in effort to better capture increases in ideologically motivated hacking.

Seebruck（2015）认为，早期的黑客分类法已不再适用于解释当今与该术语相关的复杂多样的活动，他指出黑客行为已经演变出更广泛的动机因素，并且除了 Rogers（2006, 2010）最初提出的网络行为者外，还必须包括 “黑客主义” 和 “众包” 这两个额外的类别，以更好地捕捉意识形态动机的黑客行为的增加。

Further modifying Rogers two-dimensional typology, Seebrucks included the addition of an ideology categorisation alongside weighted arcs in effort to better illustrate the multi-varied motivational factors that contribute to the various hacker typologies. For example, if the hacktivist category were to be mapped within the limitations of Rogers two-dimensional map (Rogers, 2006:100), it would correctly illustrate hacktivism within the ideology category as this would be its main motivational factor. However, Seebrucks argues that utilising this technique would provide an over-simplification, resulting in the loss of additional attributing information such as prestige, recreation and revenge. By including the addition of weighted arcs as illustrated in the circumplex model Seebrucks attempts to circumvent this limitation.

Seebruck 进一步修改了 Rogers 的二维分类法，增加了意识形态分类以及加权弧，以更好地说明对各种黑客分类产生贡献的多种动机因素。例如，如果将黑客主义类别映射到 Rogers 二维地图（Rogers, 2006:100）的限制范围内，它将正确地在意识形态类别中展示黑客主义，因为这是其主要动机因素。然而，Seebruck 认为，使用这种技术将导致过度简化，从而丢失其他属性信息，如声望、娱乐和报复。通过在环形模型中增加加权弧，Seebruck 试图规避这一限制。

As illustrated in the presented model, the inclusion of weighted arcs reveals secondary (recreation), tertiary (prestige), and quaternary (revenge) motivations. The levels of which these motivational factors contribute is illustrated by the density of which the arc is displayed, with higher motivational factors illustrating increased density. Benefits of the above model in practice allows for greater insight into the motivations behind real-world acts of online criminality.

如所展示的模型所示，加权弧的加入揭示了次要（娱乐）、第三（声望）和第四（报复）动机。这些动机因素的贡献水平由弧线显示的密度表示，动机因素越高，密度越大。上述模型在实践中的好处是能够更深入地洞察现实世界中网络犯罪行为背后的动机。

Modifying Seebrucks Circumplex Model to include Cyberterrorism

修改 Seebruck 环形模型以包括网络恐怖主义

As previously mentioned, technology and the methods of interaction with such technologies evolve, so too does our growing understanding and discoveries of which should be woven to existing knowledge as refinements over time (Mirkovic and Reiher, 2004; Seebruck, 2015). To update this pre-existing typology, we actually return to a previous category “cyberterrorism” omitted by Seebruck.

如前所述，随着技术以及与这些技术的互动方式的演变，我们对这些技术的理解和发现也在不断增长，这些理解和发现应该随着时间的推移被整合到现有的知识中，作为对现有知识的完善（Mirkovic 和 Reiher, 2004; Seebruck, 2015）。为了更新这个现有的分类法，我们实际上回到了 Seebruck 之前遗漏的一个类别 “网络恐怖主义”。

Discussed by Meyers et al, Cyberterrorism is as they describe considered “the most dangerous and skilled of all cyber adversary classes” (2009:10). Engaged in state-sponsored information warfare, cyberterrorists conduct targeted attacks meant to destabilize and destroy essential cyber assets and information. As the nature, motivations and targets of cyberattacks evolved however, this description of cyberterrorism exists in a state of dissension concerning its true definition, of which warrants a separate discussion altogether. Therefore, to avoid this definitional ordeal similarly seen within terrorism studies (Sageman, 2014:571) a more recent definition developed by Jordan J. Plotnek and Jill Slay (2021) will be adopted and briefly discussed.

Meyers 等人讨论了网络恐怖主义，他们将其描述为 “所有网络对手类别中最危险和最有技术的”（2009:10）。参与国家资助的信息战，网络恐怖分子进行针对性攻击，旨在破坏和摧毁关键的网络资产和信息。然而，随着网络攻击的性质、动机和目标的演变，网络恐怖主义的这种描述在其真正定义上存在争议，这本身就需要单独进行讨论。因此，为了避免在恐怖主义研究中类似的定义困境（Sageman, 2014:571），将采用 Jordan J. Plotnek 和 Jill Slay（2021）最近开发的一个定义，并简要讨论。

The definition of cyberterrorism developed by Jordan J. Plotnek and Jill Slay (2021) was developed using a updated variation of a pre-existing taxonomy (Al Mazari et al., 2016) that included breaking down existing definitions derived from previous cyberterrorism literature and extracting their main keywords preceded by organising these keywords into defined categories (actors, motive, intent, means, effect, target) and later being simplified to identify duplicates & synonyms which would then allow for a standard frequency analysis for plotting. Using metrics retrieved from this analysis, Plotnek and Slay were able to identify keyword importance and conflict allowing them to compare within a modern context. Upon analysis and having reached a saturation of satisfying the six defined categories, Plotnek and Slay developed the following definition concerning the phenomenon of cyberterrorism:

Jordan J. Plotnek 和 Jill Slay（2021）开发的网络恐怖主义定义是基于一个现有的分类法（Al Mazari 等人，2016）的更新变体，该分类法包括从之前的网络恐怖主义文献中分解现有定义，并提取其主要关键词，然后将这些关键词组织成定义好的类别（行为者、动机、意图、手段、影响、目标），并进一步简化以识别重复项和同义词，从而可以进行标准频率分析以绘制图表。通过从这种分析中获取的指标，Plotnek 和 Slay 能够识别关键词的重要性并解决冲突，使他们能够在现代背景下进行比较。在分析并满足六个定义类别的饱和度后，Plotnek 和 Slay 开发了以下关于网络恐怖主义现象的定义：

“Cyber terrorism is the premeditated attack or threat thereof by non-state actors with the intent to use cyberspace to cause real-world consequences in order to induce fear or coerce civilian, government, or nongovernment targets in pursuit of social or ideological objectives. Real-world consequences include physical, psychosocial, political, economic, ecological, or otherwise that occur outside of cyberspace.” (Plotnek and Slay, 2021)

“网络恐怖主义是由非国家行为者精心策划的攻击或威胁，意图利用网络空间造成现实世界的后果，以引发恐惧或胁迫平民、政府或非政府目标，以实现社会或意识形态目标。现实世界的后果包括身体、心理社会、政治、经济、生态或其他方面的影响，这些影响发生在网络空间之外。”（Plotnek 和 Slay, 2021）

This developed definition contrasts the previously described definition of cyberterrorism presented by Meyers et al. and instead omitting the element of state-sponsorship which was omitted by Seebruck whom instead merged state-sponsorship into the category of “cyber warrior”, thus when viewing Seebrucks circumplex model alongside the development of Plotnek and Slay’s newly developed definition we see cyberterrorism placement as a unique category in itself, warranting inclusion as no pre-existing category exists currently. Thus, cyberterrorism based on the definition developed by Plotnek and Slay exists along the following motivational dividers of Sebrucks circumplex model in the following ways in order of their weight:

这个新开发的定义与 Meyers 等人之前描述的网络恐怖主义定义形成对比，并且省略了 Seebruck 省略的国家资助要素，Seebruck 反而将国家资助合并到了 “网络战士” 类别中。因此，当我们把 Seebruck 的环形模型与 Plotnek 和 Slay 新开发的定义结合起来看时，我们可以看到网络恐怖主义作为一个独特的类别存在，值得被纳入，因为目前没有现有的类别存在。因此，基于 Plotnek 和 Slay 开发的定义，网络恐怖主义存在于 Seebruck 环形模型的以下动机分隔符中，按其权重顺序如下：

Ideology The core motivation of cyberterrorism is the strong ideological basis in which cyberterrorists act. These ideologies can be religious, political, or a mixture of both which similar to its offline counterpart “terrorism” allows cyberterrorists to use their ideologically‐ based moral framework as legitimacy to targets those they view actively going against or pose a threat to their existing ideology justifying their decision to attack (Drake, 2007).

意识形态是网络恐怖主义的核心动机，网络恐怖分子的行为有着强烈的意识形态基础。这些意识形态可以是宗教的、政治的，或者是两者的混合，与线下的 “恐怖主义” 类似，网络恐怖分子可以利用其基于意识形态的道德框架作为合法性依据，针对那些他们认为积极反对或对其现有意识形态构成威胁的目标，从而为其攻击行为提供正当理由（Drake, 2007）。

Profit To conduct highly complex and disruptive cyberattacks of a considerable scale a large volume of resources is required in the form of monetary capital. This capital is difficult to materialise without state-sponsorship therefore is often derived from more illicit means often borrowing techniques similarly seen in more traditional crimes (Windle et al., 2018) however, possibly focusing more on their online variations such as money scams, spam, online drug sales, and similar.

利润为了进行大规模的复杂且具有破坏性的网络攻击，需要大量的资金资源。如果没有国家资助，很难获得这种资金，因此通常会通过更非法的手段获得，通常会借鉴在传统犯罪中常见的技术（Windle 等人，2018），但可能更多地关注其在线变体，如诈骗、垃圾邮件、在线毒品销售等。

Revenge As methods of cyberattacks expand and become more readily accessible, more often we are seeing an increase in the role of revenge motivated cyber-attacks. This revenge, although may be inspired by ideological belief, can be motivated to act as the sense of responsibility in avenging a perceived injustice experienced by the attacker and their community.

报复随着网络攻击方法的扩展和变得更容易获取，我们越来越频繁地看到报复性网络攻击的作用增加。这种报复行为虽然可能受到意识形态信仰的启发，但可能是出于为攻击者及其社区所经历的不公正行为复仇的责任感而采取的行动。

Prestige Like terrorism, cyberterrorism operates within a theatre and requires spectacle with Cowen (2006) noting that “ideology alone does not serve as a complete explanatory variable” and that the “prestige” of the group provides a beneficial component to their decision to continue. Equally, the recognition of online hacker groups such as cyberterrorist often rely on prestige as a means of amplifying their goals and be viewed as a legitimate force. This is often achieved through the public release of states, use of unique identifying code parameters like a calling card, and word of mouth amongst online forums.

声望与恐怖主义类似，网络恐怖主义在舞台上运作，需要制造轰动效应。Cowen（2006）指出，“意识形态本身并不能作为一个完整的解释变量”，而且该组织的 “声望” 对其继续采取行动的决定提供了有益的成分。同样，像网络恐怖分子这样的在线黑客组织通常依赖声望来放大他们的目标，并被视为一股合法的力量。这通常是通过公开发布声明、使用类似名片的独特识别代码参数以及在网络论坛中的口口相传来实现的。

These four describe motivations based on the homogenized definition of cyberterrorism developed by Plotnek and Slay allows for the plotting within Seebrucks circumplex model as illustrated using the purple arcs and weighted accordingly. The inclusion of cyberterrorism and developments of the homogenized definition also displaces a previous category “cyber warriors” as shown in the updated circumplex model.

这四种动机基于 Plotnek 和 Slay 开发的网络恐怖主义的统一定义，允许在网络恐怖主义的环形模型中进行绘制，如图中紫色弧线所示，并相应地进行了加权。网络恐怖主义的纳入和统一定义的发展也取代了之前的 “网络战士” 类别，如更新后的环形模型所示。

This displacement is due to cyberterrorism’s distinction of being non-state funded, thus based on Seebrucks description of cyber warriors being state-funded and with numerous nations conducting strategized cyber-attacks in the form of cyber warfare with as many as 97% of espionage-related data breaches involving state-sponsored actors (Widup et al., 2015; Pratley, no date). This evolution of state-sponsored cyber-attacks now distinguishes profit as a noncritical role within the cyber warrior category as groups conducting such cyberattacks under this category are more likely recruited or possibly coerced by a nation state to conduct these operations. Further the cyber warrior category now adopts the “prestige” motivation which similarly to a nation states military force is often utilised as a means of perceived sophistication and strength acting as a possible deterrent for future attacks from opposing nations or non-state groups.

这种取代是由于网络恐怖主义的非国家资助的特点，根据 Seebruck 对网络战士是国家资助的描述，以及许多国家进行网络战形式的有策略的网络攻击，多达 97% 的间谍相关数据泄露涉及国家资助的行为者（Widup 等人，2015；Pratley，无日期）。这种国家资助的网络攻击的演变现在将利润视为网络战士类别中的非关键角色，因为进行这种网络攻击的群体更可能是被国家招募或可能被迫进行这些行动。此外，网络战士类别现在采用了 “声望” 动机，这与国家的军事力量类似，通常被用作一种被感知的复杂性和力量的手段，作为防止来自对立国家或非国家集团未来攻击的可能威慑。

Conclusion

结论

The evolution of hacking and those who “hack” has as discussed, included a long list of intricate motivations, ideologies and behaviours. From its more mundane expression of creativity (Levy, 2010) and pursuit of knowledge to highly complex and targeted attacks (Jordan and Taylor, 2005) which have resulted in a wide spectrum of opinions and literature of what hacking exactly is including the true intentions of hackers. However, hacking as a method has been continuously misrepresented or oversimplified. This chapter explored hacking as a generational development, of which mirrors technological developments and how each generation had defining motivational characteristics. Later showing that with the introduction of Microserfs, and the privatisation of hacking much of the previously discussed “hacking culture” was ignored and instead replaced with an overly simplistic model with hacker motivations being characterised as hat colours (black, white and grey) and placed within three limited categorisations (bad, good and in-between) which currently is not fit for purpose nor illustrates its complexities. To circumvent this oversimplification, Seebrucks (2015) circumplex model, a typological model of hacker categories, motivations and skills was adopted and refined to include the emerging threat of cyberterrorism as a unique independent category separate to hacktivism using Plotnek and Slay’s (2021) taxonomy of cyberterrorism as the primary definition, itself an amalgamation of previous definitions. This in turn allows for the placement of cyberterrorism within Seebrucks circumplex model and for the refinement of a pre-existing category “cyber warrior” based on current understandings of state-funded hacking. The now updated circumplex model is an inclusive typology of hacker types that identifies motivation and sophistication as important elements for risk assessment and further research into the continuously evolving phenomenon.

如文中所述，黑客行为及其实施者的发展历程包含了复杂的动机、意识形态和行为。从其较为平凡的创造力表达（Levy, 2010）和对知识的追求，到高度复杂且有针对性的攻击（Jordan 和 Taylor, 2005），这些都导致了对黑客行为的定义以及黑客的真实意图存在广泛的看法和文献。然而，黑客行为作为一种方法，一直被持续地误解或过度简化。本章探讨了黑客行为作为一种代际发展，反映了技术发展以及每一代黑客所具有的定义性动机特征。随后指出，随着微仆的出现以及黑客行为的商业化，之前讨论的 “黑客文化” 被忽视，取而代之的是一个过度简化的模型，黑客的动机被用帽子颜色（黑、白和灰）来描述，并被置于三个有限的分类（坏、好和中间）之中，这显然已经不适合当前的用途，也无法体现其复杂性。为了避免这种过度简化，我们采用了并完善了 Seebruck（2015）的环形模型，这是一个关于黑客类别、动机和技能的分类模型，通过采用 Plotnek 和 Slay（2021）的网络恐怖主义分类法作为主要定义，将网络恐怖主义作为一个独特的独立类别纳入其中，与黑客主义分开。这一定义本身是对之前定义的整合。这反过来又使得网络恐怖主义能够在 Seebruck 的环形模型中得到定位，并且根据对国家资助黑客行为的当前理解，对现有的 “网络战士” 类别进行了细化。现在更新的环形模型是一个包含黑客类型的分类学，它将动机和复杂性视为风险评估和进一步研究这一持续演变现象的重要元素。