TAGUIG CITY UNIVERSITY

The Ethics of Hacking: White Hat vs. Black Hat

A Final Project Presented to the Faculty of the Information Systems

Taguig City University, General Santos Avenue

Central Bicutan, Taguig City

In Partial Fulfillment of the Requirements for

PROFESSIONAL ISSUES in INFORMATION SYSTEM

By:

Ferrer, Jiovert A.

Pancho, King Angel Luis

Tulagan, Rovic H.

Submitted to:
Prof. Sofia Arquero

January 2025
 TAGUIG CITY UNIVERSITY
Table of Contents

INTRODUCTION

Definition of Hacking

Understanding Hacking Ethics

BACKGROUND AND CONTEXT

History

Key Terms and Concepts

Legal Framework

WHITE HAT HACKING

Definition and Role

Methods and Practices

Case Studies

BLACK HAT HACKING

Definition and Role

Techniques and Attacks

Case Studies

Contrasting Motivations and Perspectives

Public Perception and Misconceptions

Motivations of White Hat Hackers

Motivations of Black Hat Hackers

REFERENCES
 TAGUIG CITY UNIVERSITY
I. INTRODUCTION

Definition of Hacking

Hacking, in its simplest form, refers to the act of gaining unauthorized access to

computer systems or networks. In addition, rather than just accessing these networks,

hacking usually includes altering systems or security features to accomplish a goal

different from the original purpose of the system (Regali, 2024). In today's digital world,

hacking is often associated with illegal activities like stealing data or causing harm. The

term ‘hacking’ generally has a negative connotation as many people assume that all

hackers are bad, and they treat them with suspicion in the belief they have criminal

intentions. It is important to understand, though, that not all hackers are bad. Indeed,

many hackers are helping to protect us from the untrustworthy ones (Pietro, 2020).

Hackers are individuals with advanced technical skills who break into networks and

bypass security measures. While hacking is not inherently unethical, its morality depends

on the hacker's intent and methods. Hacking can be categorized into two primary types:

white hat and black hat. White hat hackers use their skills for ethical purposes, such as

improving cybersecurity and protecting sensitive information, whereas black hat hackers

exploit vulnerabilities for personal gain or malicious intent. Ethical hacking plays a vital

role in keeping the digital world safe, whereas malicious hacking poses serious security

threats.
 TAGUIG CITY UNIVERSITY

Understanding Hacking Ethics

In today’s interconnected world, hacking plays a critical role in shaping the digital

landscape. The rapid growth of technology and the increasing reliance on digital

infrastructure make the ethics of hacking more relevant than ever. Ethical hacking refers

to the actions carried out by white hat security hackers. It involves gaining access to

computer systems and networks to test for potential vulnerabilities, and then fixing any

identified weaknesses. Using these technical skills for ethical hacking purposes is legal,

provided the individual has written permission from the system or network owner,

protects the organization’s privacy, and reports all weaknesses they find to the

organization and its vendors (Fortinet, 2023). Conversely, unethical hacking poses

significant threats, including financial losses, breaches of personal data, and societal

disruption. Understanding the ethical dimensions of hacking is vital not only for fostering

a safer digital environment but also for addressing the societal perceptions and

misconceptions surrounding hackers.

This paper explores the ethical divide between white hat and black hat hacking,

examining their roles, motivations, and impacts. By analyzing their practices and societal

implications, it aims to highlight the importance of ethical hacking in promoting a secure

digital future while addressing the complexities of defining ethical boundaries in the field.
 TAGUIG CITY UNIVERSITY

II. BACKGROUND AND CONTEXT

History

The history of hacking dates back to the early days of computing, evolving alongside

advancements in technology. The term "hacker" originally referred to individuals who

exhibited exceptional programming skills and ingenuity. Over time, hacking has come to

encompass a wide spectrum of activities, ranging from ethical problem-solving to

malicious exploitation.

1960s-1970s:

The concept of hacking began in the 1960s with tech enthusiasts at institutions like MIT.

These pioneers, known as "hackers," were passionate about exploring and improving

computer systems. Early hacking was driven by curiosity and innovation, often centered

around the use of mainframe computers and programming challenges.

1980s:

During the 1980s, hacking began to take on a darker tone. Personal computers became

more accessible, and some individuals exploited vulnerabilities for personal gain or

disruption. High-profile incidents, such as the creation of viruses and unauthorized

access to networks, led to the introduction of the Computer Fraud and Abuse Act (CFAA)

in 1986 in the United States.

 TAGUIG CITY UNIVERSITY

1990s:

The expansion of the internet in the 1990s brought a surge in hacking activity. Hackers

like Kevin Mitnick became infamous for breaching corporate and government systems.

This era also saw the rise of "hacktivism," where groups like Anonymous used hacking to

promote political or social causes. The commercialization of hacking tools further blurred

ethical lines.

2000s:

As cybersecurity threats grew, so did the recognition of ethical hackers, also known as

"white hat" hackers. These professionals use their skills to identify and fix security

vulnerabilities, often working for organizations or as independent consultants.

Conversely, "black hat" hackers pursue malicious objectives such as theft, disruption, or

espionage.

2010s and Beyond:

Modern hacking has become increasingly sophisticated with the rise of advanced tools

like AI, machine learning, and zero-day exploits. Cybersecurity has become a global

priority, with ethical hacking playing a crucial role in protecting digital infrastructure.

International cooperation and ethical guidelines are essential as technology continues to

advance.
 TAGUIG CITY UNIVERSITY

Key Terms and Concepts

To navigate the complex ethical dimensions of hacking, it is essential to understand

fundamental terms and concepts that define the practice:

 Vulnerabilities: Weak points in a system or network that hackers exploit to gain

unauthorized access. These can result from flawed software, poor configuration,

or human error.

 Exploits: Techniques, scripts, or software tools designed to take advantage of

vulnerabilities. Exploits are the mechanisms by which hackers bypass security

measures.

 Penetration Testing: A controlled method used by ethical hackers to assess the

security of a system by simulating potential cyberattacks. This practice helps

organizations identify and address vulnerabilities before malicious hackers can

exploit them.

 Cybersecurity: The practice of protecting systems, networks, and data from

digital attacks, theft, or damage.

 Cybercrime: Criminal activities that involve computers or networks, such as

hacking, identity theft, or online fraud.

 TAGUIG CITY UNIVERSITY
These concepts are central to the hacking discourse, as they help differentiate between

ethical and unethical practices. Understanding these terms also fosters a deeper

appreciation of how ethical hacking contributes to cybersecurity.

Legal Framework

The legal framework surrounding hacking varies widely across jurisdictions, reflecting

differing cultural attitudes and technological advancements. Nonetheless, most countries

criminalize unauthorized access to computer systems and networks to protect individuals

and organizations from harm.

In the United States, the Computer Fraud and Abuse Act (CFAA) of 1986 serves as

the cornerstone of anti-hacking legislation. The CFAA criminalizes a range of activities,

including unauthorized access, data theft, and the use of computer systems for malicious

purposes. It has been amended multiple times to address evolving cybersecurity

challenges, ensuring its continued relevance in the digital age.

In the Philippines, hacking and cybercrime are primarily governed by the Cybercrime

Prevention Act of 2012 (Republic Act No. 10175). This law defines and penalizes

various forms of cybercrime, including illegal access, data interference, and identity theft.

It also establishes mechanisms for law enforcement to investigate and prosecute

offenders while upholding the rights of individuals affected by cybercrime. The law

emphasizes collaboration between the public and private sectors to strengthen

cybersecurity measures. Additionally, the Philippine government actively promotes digital

literacy and cybersecurity awareness to reduce vulnerabilities and foster a culture of

responsible online behavior.

 TAGUIG CITY UNIVERSITY
Ethical hacking operates within these legal frameworks to enhance security. White hat

hackers—those who engage in hacking with proper authorization—play a critical role in

strengthening defenses against cyber threats. They often obtain certifications, such as

the Certified Ethical Hacker (CEH) program, which ensure adherence to strict codes of

conduct and industry standards. These certifications not only validate technical expertise

but also emphasize the ethical responsibilities of hackers, reinforcing trust between

cybersecurity professionals and the organizations they serve.

Furthermore, international initiatives, such as the Budapest Convention on

Cybercrime, promote collaboration among nations to address cross-border cyber

threats. These agreements underscore the importance of ethical hacking in a globalized

world, where cyberattacks often transcend national boundaries. By fostering

cooperation, they enhance the collective ability to combat cybercrime while promoting

ethical practices in the hacking community.

 TAGUIG CITY UNIVERSITY

III. WHITE HAT HACKING

DEFINITION AND ROLE

White hat hacking refers to ethical hacking practices where security professionals

use their skills to improve cybersecurity with explicit permission from system owners.

Unlike malicious hackers, white hat hackers help organizations identify and fix

vulnerabilities before they can be exploited by bad actors.

Security professionals conduct authorized penetration testing to identify vulnerabilities in

computer systems. Through simulated attacks, they assess whether systems can be

compromised, allowing organizations to proactively discover and address weak points

before malicious actors can exploit them. After conducting these assessments, they

develop comprehensive reports detailing any security issues discovered. The findings

help organizations strengthen their defenses and ensure their systems comply with

relevant security regulations and legal requirements.

METHODS

Security testing encompasses several key methodologies, beginning with network

scanning that utilizes specialized tools to map out network infrastructure and identify

open ports. Teams also conduct social engineering assessments to evaluate staff

adherence to security protocols and measure human vulnerability. Web application

 TAGUIG CITY UNIVERSITY
testing forms another crucial component, focusing on discovering potential exploits in

websites and web-based applications. Security professionals analyze password policies

and evaluate password strength to ensure robust access controls. They also perform

thorough access control testing to verify that user permissions and authentication

mechanisms are properly implemented and maintained.

PRACTICES

Security assessment involves multiple comprehensive approaches, starting with

vulnerability assessments that methodically examine systems to identify security

weaknesses. Penetration testing takes this further by simulating actual cyber attacks to

evaluate the effectiveness of existing security measures. Regular security auditing plays

a vital role through detailed reviews of system configurations, access controls, and

established security policies. Throughout this process, network analysis provides crucial

insights by monitoring traffic patterns and detecting potential security concerns before

they can be exploited.

CASE STUDIES

New York Times Case (2002)

The 2002 New York Times security incident, uncovered by Adrian Lamo, stands

as a pivotal moment in the history of ethical hacking and corporate network security.

Lamo, who would later become known as the “Homeless Hacker” due to his nomadic

lifestyle, discovered significant vulnerabilities in the New York Times’ internal network
 TAGUIG CITY UNIVERSITY
while conducting unauthorized but non-malicious security testing. Through his

investigation, he identified several critical security flaws that exposed the newspaper’s

internal systems, including access to their private intranet and, most alarmingly, their

internal database containing sensitive information. The scope of the vulnerability was

staggering – Lamo gained access to personal information including thousands of social

security numbers, contact details, and other confidential data belonging to prominent

public figures, employees, and contributors to the newspaper. This level of access

highlighted the serious implications of inadequate security measures at major

corporations during the early 2000s.

What distinguished Lamo’s actions from malicious hacking was his immediate response

upon discovering these vulnerabilities. Rather than exploiting the information for

personal gain or causing damage to the systems, he chose to responsibly disclose his

findings directly to the New York Times. His approach exemplified the principles of ethical

hacking, demonstrating how security researchers could help organizations identify and

address potentially devastating security weaknesses. The newspaper’s initial response

was mixed – while they appreciated the information about their security vulnerabilities,

the unauthorized nature of Lamo’s testing raised legal and ethical questions that would

later need to be addressed. This case highlighted the complex relationship between

security researchers and corporations during a time when the boundaries of ethical

hacking were still being defined. The case continues to serve as an important reminder

of both the critical importance of robust security measures and the potential value of

working collaboratively with security researchers to identify and address vulnerabilities

before they can be exploited by malicious actors.

 TAGUIG CITY UNIVERSITY
HackerOne -U.S. Department of Defense Challenge (2016)

The "Hack the Pentagon" Initiative, launched in 2016 through HackerOne, marked
a revolutionary shift in how the U.S. Department of Defense approached cybersecurity.
The program attracted an impressive roster of 1,400 ethical hackers, each vetted
through rigorous background checks, bringing together some of the brightest minds in
cybersecurity to test the Defense Department’s digital infrastructure. These security
researchers came from diverse backgrounds, ranging from professional penetration
testers to talented amateurs, all united in the mission to strengthen national security
through their technical expertise. The results of the program exceeded all expectations,
with participants uncovering 138 legitimate and unique security vulnerabilities that had
previously gone undetected by traditional security measures. These findings ranged from
minor configuration issues to critical vulnerabilities that could have potentially exposed
sensitive military information or systems. The Department of Defense moved swiftly to
address these vulnerabilities, implementing fixes and improvements to their security
infrastructure.

Perhaps the most significant long-term impact of the “Hack the Pentagon” program was
how it transformed the military’s approach to cybersecurity testing. The success of this
initial program led to the establishment of permanent bug bounty programs across
various military branches, including the Army, Air Force, and Marine Corps. This
institutionalization of ethical hacking programs represented a fundamental shift in military
cybersecurity strategy, moving from a purely defensive posture to one that actively
engages with the security research community. The program has since become a model
for other government agencies and private organizations, demonstrating how controlled,
crowdsourced security testing can effectively complement traditional security measures.
The initiative not only improved the immediate security posture of military systems but
also helped bridge the gap between government agencies and the ethical hacking
community, creating lasting partnerships that continue to enhance national cybersecurity
efforts today.
 TAGUIG CITY UNIVERSITY
IV. BLACK HAT HACKING

Definition of Black Hat Hacking

Black Hat Hacking refers to the act of engaging in unauthorized cyber activities
aimed at exploiting weaknesses in computer systems, networks, or software for
malicious reasons. Individuals who participate in such activities are called Black Hat
hackers. These hackers often seek to compromise systems, steal data, cause
disruption, or engage in other forms of cybercrime, all while operating outside the
boundaries of the law. In contrast to White Hat hackers, who use their skills for ethical
purposes like securing systems, Black Hat hackers are driven by personal, financial, or
political motivations, causing harm to individuals and organizations alike. The term
"Black Hat" is derived from old Western movies, where the antagonists were portrayed
wearing black hats, symbolizing their malevolent nature. In the digital age, Black Hat
hackers are considered the "bad actors" in the cybersecurity realm, given their malicious
use of technology.

Black Hat hacking encompasses a wide range of illegal activities, from unauthorized
data breaches to more sophisticated attacks. The individuals involved often disregard
ethical standards and legal frameworks, taking advantage of vulnerabilities in digital
infrastructure to carry out their harmful intentions.

Role of Black Hat Hacking

Black Hat hackers occupy a highly harmful position within the domain of
cybersecurity, engaging in a range of illicit activities that exploit vulnerabilities in systems
and networks. One primary role they fulfill is the identification and exploitation of
security weaknesses in software, hardware, or network infrastructures. These
vulnerabilities often arise from inadequate coding practices, outdated systems, or
improper security configurations. Once such vulnerabilities are identified, Black Hat
hackers can gain unauthorized access to critical systems, enabling them to steal, modify,
or destroy sensitive data. This breach of security can have substantial repercussions,
including financial loss, reputational damage, and legal liabilities for the targeted entities.
 TAGUIG CITY UNIVERSITY
Furthermore, Black Hat hackers contribute to the growing phenomenon of cyber
espionage, which involves infiltrating private or governmental networks to extract
valuable, confidential information. This may include trade secrets, intellectual property, or
classified government data, which may be sold, used for competitive advantage, or
leveraged to advance geopolitical interests. In cases where nation-states are involved,
cyber espionage can have significant implications for national security and international
relations, as the stolen information can undermine political stability or give one party an
unfair advantage in global affairs.

Some Black Hat hackers also operate within the framework of Hacking-as-a-Service
(HaaS), offering their expertise, tools, and resources to other cybercriminals who wish to
execute illegal activities. This service may involve renting out botnets for DDoS attacks,
providing exploit kits to target software vulnerabilities, or offering malware for data theft
and disruption. By enabling less technically skilled individuals to engage in cybercrime,
the HaaS model expands the reach of Black Hat hacking activities and complicates
efforts to trace and prevent such attacks.

The dark web plays a pivotal role in the facilitation of Black Hat hacking operations. This
anonymous online environment provides a marketplace where stolen data, hacking
tools, malware, and other illicit services can be exchanged. The dark web allows hackers
to buy and sell tools and resources that aid in the execution of cyberattacks, making it a
critical component of the infrastructure supporting cybercrime. Through this network,
cybercriminals are able to collaborate, expand their operations, and evade detection by
law enforcement agencies.

Techniques and Attack

Phishing
Phishing is one of the most widely used methods of Black Hat hacking. It involves
tricking individuals into revealing sensitive information, such as usernames, passwords,
and credit card details, by impersonating a trustworthy source. Hackers often use emails,
text messages, or phone calls that appear legitimate, making the victim believe they are
communicating with a reputable company or service. For example, an email might claim
 TAGUIG CITY UNIVERSITY
to be from a bank, asking the recipient to click a link and log in to verify their account. In
reality, the link leads to a fake website where the victim unknowingly submits their
personal details. Phishing attacks often rely on social engineering techniques, exploiting
the victim’s trust or urgency, such as threats of account suspension or promising
rewards.

Exploiting Zero-Day Vulnerabilities

Zero-day vulnerabilities are security flaws in software or hardware that are unknown to
the manufacturer or vendor. These vulnerabilities are termed “zero-day” because the
software provider has zero days to address or fix the flaw before hackers begin
exploiting it. Black Hat hackers often use these vulnerabilities to gain unauthorized
access to systems, install malware, or steal data. Exploiting zero-day flaws is especially
dangerous because there is no patch or defense mechanism in place to prevent the
attack until the vendor becomes aware of the vulnerability. This makes zero-day exploits
highly valuable in the underground hacking community, as they provide a window of
opportunity to breach secure systems undetected.

Denial of Service (DoS) Attacks

A Denial of Service (DoS) attack is an attempt to make a computer, network, or service
unavailable to its intended users by overwhelming it with excessive traffic or requests. By
consuming the system's resources, the hacker prevents legitimate users from accessing
the service. In a Distributed Denial of Service (DDoS) attack, the hacker uses multiple
compromised devices, forming a botnet, to launch the attack. This makes it harder for
security teams to mitigate the attack, as the traffic comes from numerous sources,
masking the origin. DDoS attacks are often used to disrupt businesses or political
entities, cause financial loss, or make a statement. These attacks can also be a form of
extortion, where the hacker demands a ransom in exchange for stopping the attack.

Malware
Malware, short for malicious software, is designed to damage, disrupt, or gain
unauthorized access to systems and data. Different types of malware are used for
 TAGUIG CITY UNIVERSITY
various malicious purposes, including viruses, worms, spyware, and ransomware. One of
the most notorious forms of malware is ransomware, which encrypts a victim's files and
demands a ransom payment for the decryption key. This can cause significant financial
damage to both individuals and organizations, as access to critical data is blocked until
the ransom is paid. Malware can be delivered through infected email attachments,
malicious websites, or social engineering tactics. Once installed on a victim’s device,
malware can remain hidden, gathering sensitive information or causing long-term
damage.

Man-in-the-Middle (MitM) Attacks

A Man-in-the-Middle (MitM) attack occurs when a hacker intercepts and manipulates the
communication between two parties without their knowledge. This can happen in real-
time, such as when a hacker intercepts data being transmitted over an unsecured Wi-Fi
network. For example, on an open Wi-Fi network in a coffee shop, a hacker can intercept
and read sensitive information like login credentials, credit card numbers, or private
messages. In some cases, the attacker may modify the data being exchanged, such as
altering financial transactions or injecting malicious content into email messages. MitM
attacks are particularly dangerous in situations where users rely on insecure or public
networks for communication, and the victims may not realize that their data is being
compromised.

Social Engineering
Social engineering is a tactic that manipulates human behavior rather than relying solely
on exploiting technological weaknesses. Black Hat hackers use social engineering to
manipulate individuals into revealing confidential information, granting access to secure
systems, or performing actions that compromise security. This can include tactics such
as impersonating legitimate employees or creating fake personas to gain trust. Phishing,
which has been mentioned earlier, is a form of social engineering. Another common
practice is pretexting, where a hacker invents a scenario to obtain information. For
example, they may pretend to be a technician who needs to verify an employee's login
 TAGUIG CITY UNIVERSITY
details for maintenance purposes. The hacker exploits human psychology—such as
trust, curiosity, or fear—to bypass security measures.

Creating Botnets
A botnet is a collection of compromised computers or devices that are controlled
remotely by a hacker. These devices, often infected by malware, are referred to as
“zombies,” and the hacker can use them to perform large-scale attacks or tasks. Botnets
are commonly used in DDoS attacks, where the hacker orchestrates the traffic from
thousands of compromised devices to overwhelm a target system. Botnets can also be
used for spreading malware, launching email spam campaigns, or even mining
cryptocurrencies using the power of infected devices. One of the challenges in detecting
botnets is that the compromised devices are often spread across many different
locations and may be controlled through various command-and-control (C&C) servers,
making it difficult to trace and dismantle the network.

Keylogging
Keylogging involves the use of malicious software or hardware to track and record the
keystrokes made by a user on their device. Hackers use keyloggers to capture sensitive
information such as usernames, passwords, personal identification numbers (PINs), or
credit card details. Keyloggers can be installed on a victim’s system through malware,
which is often spread via phishing emails or malicious downloads. In some cases,
keyloggers can be installed through physical devices that connect to the victim’s
keyboard. Since keyloggers operate in the background, users are usually unaware that
their every keystroke is being recorded. This information can be used by hackers to steal
identities, commit fraud, or gain unauthorized access to systems.

Case Studies
 TAGUIG CITY UNIVERSITY
Black hat hacking refers to unethical and illegal activities conducted by hackers who
exploit vulnerabilities for malicious purposes, such as data theft, causing damage, or
financial gain. Below are some notable case studies involving black hat hackers:

1. The Sony Pictures Hack (2014)

In November 2014, Sony Pictures Entertainment was breached by a hacking group
known as the “Guardians of Peace” (GOP). This attack was believed to be politically
motivated, with the hackers leaking sensitive corporate data, including emails, personal
information about employees, and unreleased movies. Sony faced severe reputational
damage due to leaked emails that revealed internal company secrets and disparaging
remarks about actors and executives. The attack led to significant financial losses,
estimated at over $100 million. Personal data of over 47,000 individuals, including actors
and employees, was compromised. North Korea was suspected of being behind the
attack, although the country denied involvement. The hackers used malware to infiltrate
Sony’s networks and took control of the company’s systems. They wiped out critical data
and used it to blackmail the company into compliance with their demands.

2. The Target Data Breach (2013)

Hackers gained access to Target's internal systems during the 2013 holiday shopping
season, compromising credit card information, debit card data, and personal details of
approximately 40 million customers. The breach affected tens of millions of customers
and led to significant financial losses for Target, estimated at $162 million in direct costs.
The breach prompted class-action lawsuits and regulatory scrutiny. The attackers gained
access to Target’s network through a third-party vendor, exploiting a vulnerability in its
security systems. Once inside, the attackers used malware to capture card data from
point-of-sale terminals.

3. The WannaCry Ransomware Attack (2017)

The WannaCry ransomware attack targeted computers running Microsoft Windows,
exploiting a vulnerability in the operating system. The malware encrypted files on
infected machines and demanded a ransom in Bitcoin to restore access. The attack
 TAGUIG CITY UNIVERSITY
affected hundreds of thousands of computers in over 150 countries, including healthcare
organizations, government agencies, and private businesses. The NHS (National Health
Service) in the UK was severely impacted, with many hospitals forced to cancel
appointments and divert patients. The financial cost of the attack was estimated to be
between $4 billion and $8 billion. WannaCry exploited a vulnerability in the Windows
operating system (EternalBlue), which was allegedly discovered by the NSA and leaked
by a hacking group called the Shadow Brokers. The ransomware spread rapidly across
networks, encrypting files and demanding a Bitcoin ransom for decryption

4. The Yahoo Data Breach (2013-2014)

Yahoo experienced two massive data breaches, one in 2013 and another in 2014, which
compromised personal information from over 3 billion user accounts. Sensitive
information like names, email addresses, phone numbers, security questions, and
passwords were stolen. Yahoo’s reputation was severely damaged, and the breach was
only publicly disclosed in 2016, years after the incident occurred. Verizon
Communications, which was in the process of acquiring Yahoo, reduced its acquisition
price by $350 million due to the breach. The attackers, believed to be state-sponsored
hackers from Russia, used phishing techniques to gain access to Yahoo’s internal
network. They managed to steal sensitive data, and it is thought that the hackers may
have used the information for espionage or other political objectives.

5. The Operation Shady RAT (2006-2011)

Operation Shady RAT (Remote Access Tool) was a widespread cyber espionage
campaign attributed to a state-sponsored hacking group. It targeted government
agencies, corporations, and NGOs worldwide, stealing sensitive information over several
years. The attack affected multiple countries and organizations, including government
entities, defense contractors, and international NGOs. Sensitive information about
military, governmental, and corporate operations was stolen. The hackers used spear-
phishing emails containing malicious attachments to gain access to targeted systems.
Once inside, they used RAT tools to monitor the networks and exfiltrate sensitive data
over long periods.
 TAGUIG CITY UNIVERSITY
Conclusion
These case studies illustrate the far-reaching consequences of black hat hacking. The
attackers' motives can range from financial gain to political or ideological goals, and their
methods vary from exploiting vulnerabilities and malware deployment to sophisticated
social engineering tactics. The impact on victims—whether businesses, individuals, or
governments—can be devastating, leading to financial losses, reputational damage, and
even geopolitical tensions. These incidents highlight the importance of strong
cybersecurity measures and the need for continuous vigilance in a connected world.

V. Contrasting Motivations and Perspectives

Public Perception and Misconceptions

 TAGUIG CITY UNIVERSITY
The public's understanding of white hat and black hat hacking is often shaped by
media portrayals and widespread misconceptions regarding their respective motivations.
Several misconceptions persist in relation to white hat hacking. One of the most common
misunderstandings is the erroneous assumption that all hackers, regardless of intent, are
inherently dangerous. This perspective fails to distinguish between ethical hackers and
their malicious counterparts. Furthermore, the role of ethical hackers is often reduced to
mere system intrusions, neglecting their primary function of identifying and rectifying
vulnerabilities to prevent exploitation. In addition, since much of their work occurs behind
the scenes, white hat hackers frequently do not receive the same level of attention as
black hat hackers.

Conversely, black hat hackers are typically perceived as individuals engaging in

unauthorized hacking activities with the intent to exploit system vulnerabilities for
personal gain or to cause harm, such as through theft, data breaches, or cyber
sabotage. Public perception generally associates black hat hackers with criminality,
viewing them as skilled individuals who exploit their knowledge for malicious purposes.
High-profile cybercrimes, such as identity theft, ransomware attacks, and data leaks, are
often attributed to black hat hackers. While financial motives are frequently cited as the
driving force behind black hat hacking, their actions may also be politically or
ideologically motivated.

The fundamental differences between white hat and black hat hackers can be
understood through their respective intents, actions, and outcomes. White hat hackers
are motivated by the goal of enhancing security and protecting systems, operating within
legal and ethical frameworks to identify and address vulnerabilities. In contrast, black hat
hackers are driven by personal gain, causing harm through illegal activities. The
consequences of white hat hacking are generally positive, leading to strengthened
security systems, while black hat hacking results in damage, loss, and other harmful
outcomes. Public perception typically associates white hats with protection and black
hats with criminality, although the broader concept of "hacking" is often conflated with
 TAGUIG CITY UNIVERSITY
malicious intent, obscuring the distinction between ethical and criminal hacking
practices.

Motivations of White Hat Hackers

A primary motivation for white hat hackers is a strong ethical responsibility.

These hackers are often driven by the desire to prevent harm and to safeguard the
digital infrastructure that underpins modern society. Their work is rooted in the belief that
identifying and mitigating vulnerabilities before they can be exploited by malicious actors
serves a greater societal good. By identifying weaknesses in systems, white hat hackers
help prevent cybercrimes, such as data breaches, identity theft, and financial fraud, and
thereby contribute to the protection of individuals, organizations, and even national
security. This sense of duty is a defining characteristic of ethical hacking, as white hat
hackers view their actions as a means of securing critical assets from exploitation.

Financial incentives also serve as an important motivator for many white hat hackers.
In recent years, many organizations have implemented bug bounty programs that
reward individuals for identifying and reporting vulnerabilities in their systems. These
programs offer financial compensation, thereby recognizing the skills of ethical hackers
and encouraging them to proactively identify security risks. This financial reward system
aligns with the broader goals of cybersecurity by providing hackers with a tangible
incentive to help organizations enhance their security posture. Moreover, these
programs serve to foster a collaborative relationship between organizations and the
ethical hacking community, where both parties benefit from the discovery and resolution
of vulnerabilities.

Another significant motivation for white hat hackers is intellectual curiosity and a
passion for problem-solving. The process of ethical hacking involves a combination of
technical expertise and creative thinking, as hackers often need to reverse-engineer
systems and identify hidden vulnerabilities. Many ethical hackers are intrinsically
motivated by the intellectual challenge of uncovering weaknesses and developing
solutions. This problem-solving aspect of hacking offers personal satisfaction and a
sense of accomplishment that goes beyond financial or career-related incentives. For
 TAGUIG CITY UNIVERSITY
these individuals, the act of identifying and resolving security issues is a rewarding and
intellectually stimulating endeavor that fuels their passion for cybersecurity.

The legal and institutional support for white hat hacking also plays an important role in
shaping their motivations. Unlike black hat hackers, who operate outside the law, white
hat hackers typically work with the full authorization of the organizations they assist.
Many companies and government agencies have formalized processes for ethical
hackers to identify and report vulnerabilities, often offering legal protections to ensure
that these hackers are not subject to prosecution for actions taken in good faith. This
legal backing not only provides a sense of security but also reinforces the legitimacy of
white hat hacking as a professional activity, motivating individuals to continue their work
within the boundaries of the law.

Motivations of Black Hat Hackers

Black hat hackers are individuals who engage in illegal activities, typically for personal
gain, profit, or ideological motives. One of the primary motivations for these hackers is
financial profit. They may exploit vulnerabilities in systems to steal sensitive information,
such as credit card numbers, personal identification data, or corporate trade secrets,
which can be sold on the black market. Ransomware attacks, in which hackers demand
payment in exchange for unlocking systems or data, are a common example of this
motivation.

The need for authority and control is another important motive. Black hat hackers may
target important infrastructure, big businesses, or government organizations in an effort
to disrupt operations or establish their dominance. By breaking into well-known targets,
they become well-known in the hacker world and demonstrate their proficiency in getting
past sophisticated security measures. Along with disrupting commercial operations,
these hackers may also seek to destroy a company's brand or erode trust in a certain
system or organization.

VI. REFERENCES
 TAGUIG CITY UNIVERSITY
Regali, V. (2024, October 14). The History of Hacking: Evolution of hacking 1960's to
Today. GradSchools.com.

https://www.gradschools.com/degree-guide/evolution-of-cmmputer-hacking

Not all hackers are criminals, and some of the good guys can earn a million dollars.
(2020, March 2). Cyber Defense Magazine.

https://www.cyberdefensemagazine.com/not-all-hackers-are-criminals/?
fbclid=IwZXh0bgNhZW0CMTEAAR3JyzWlrG06xo_R7kJCSq6lk9_M-
LmANy0yGlOv8TfbJUasvFxMMOBwv5M_aem_Fwkm9FXlMou7VXyliQWysA

What is hacking? types of hacking & more | Fortinet. (2023). Fortinet.

https://www.fortinet.com/resources/cyberglossary/what-is-hacking?
fbclid=IwZXh0bgNhZW0CMTEAAR1TgkC-aMfMUvnXMqq-
vbA4F7Ik8lgiam2KYHF5tBr1vRtDEHzc2ScnEs4_aem_GBRY58GvWyN5BnSPFkvaCQ

9-48.000 - Computer Fraud and Abuse Act. (2022, May 19).

https://www.justice.gov/jm/jm-9-48000-computer-fraud

Republic Act No. 10175 | GOVPH. (2012, September 12). Official Gazette of the
Republic of the Philippines.

https://www.officialgazette.gov.ph/2012/09/12/republic-act-no-10175/

Fruhlinger, J. (2024, June 11). Certified Ethical Hacker (CEH): Certification cost, training,
and value. CSO Online.

https://www.csoonline.com/article/571133/certified-ethical-hacker-ceh-certification.html

Action against Cybercrime. (2025, January 2). Digital Governance.

https://www.coe.int/en/web/digital-governance/cybercrime

White hat hackers: Techniques, tools, and how to become one. (2023).
https://www.hackerone.com/knowledge-center/white-hat-hacker
 TAGUIG CITY UNIVERSITY
Kahn, J. (2004, April 1). The Homeless Hacker v. The New York Times. WIRED.
https://www.wired.com/2004/04/hacker-5/

U.S. Department of Defense. (2016). Fact sheet: Hack the Pentagon pilot program.
Department of Defense. Retrieved from
https://dod.defense.gov/Portals/1/Documents/Fact_Sheet_Hack_the_Pentagon.pdf

What is a Black-Hat Hacker? (2018, August31)

https://www.kaspersky.com/resource-center/threats/black-hat-hacker

D’Andrea, A., & D’Andrea, A. (2024, October 29). Black Hat Hacking Keeper Security
Blog – Cybersecurity News & Product Updates.

https://www.keepersecurity.com/blog/2024/10/29/what-is-a-black-hat-hacker/

Young, K. (2021, November 1). Cyber case Study: Sony Pictures Entertainment Hack.
Cover Link Insurance - Ohio Insurance Agency.

https://coverlink.com/case-study/sony-pictures-entertainment-hack/

Young, K. (2021b, November 1). Cyber case study: Target Data Breach. CoverLink
Insurance - Ohio Insurance Agency.

https://coverlink.com/cyber-liability-insurance/target-data-breach/

Ransomware WannaCry: All you need to know. (2020, June )

https://www.kaspersky.com/resource-center/threats/ransomware-wannacry

Yahoo Inc Data breach: What & how it happened? | Twingate. (2019).

https://www.twingate.com/blog/tips/Yahoo%20Inc-data-breach

Operation Shady RAT—2006 (2017). In Auerbach Publications eBooks (pp. 71–80).

https://doi.org/10.120/9781315155852-16

Quora. (2019, July 25). Why hackers and hacking are often misunderstood. Forbes.
 TAGUIG CITY UNIVERSITY
https://www.forbes.com/sites/quora/2019/07/25/why-hackers-and-hacking-are-often-
misunderstood/