Cybercriminal Profile: From Hacker to Cracker... and Getting Younger

ITER CRIMINIS by Carmen Corazzini

We're wrong. We label anyone who commits computer crimes as a hacker , but nothing could be further from the truth. Hacker culture was born between the late 1950s and early 1960s, in the laboratories of the Massachusetts Institute of Technology (MIT). There, a group of young people passionate about technology began experimenting with software and hardware. They ended up, without even realizing it, creating a culture in itself. As often happens, what originated as a utopia ended up being violated, and the deviation of some has ended up distorting the whole.

They were forged on the basis of very strong values. They were an expression of creativity, curiosity, and collaboration around technology. Their original spirit had nothing to do with crime, but rather with free access to knowledge, the continuous improvement of systems, and the rejection of imposed hierarchies. They championed free information, distrusted authority, and promoted meritocracy. They created their own philosophy , which at times seems to have been tainted by increasingly younger and more self-centered groups of criminals.

It has happened to presidents, banks, companies, and public institutions. From Pedro Sánchez to Donald Trump , even Apple, Google, and Facebook are not spared. Even the Sinaloa Cartel recently used a cybercriminal to hack the FBI. Cybercrime is on the rise , and the profile of the wrongly named hacker has changed over the years.

It's all in the Jargon File . It's a glossary of terms created in the 1970s by computer scientist Raphael Finkel at Stanford University. It's a "cultural dictionary" for the hacker community, compiling words, jokes, customs, and values. This file helps distinguish the true hacker —defined as curious, creative, and collaborative—from the criminalized stereotype. Defining a computer criminal in this way would be a mistake. Within this same community, those who commit criminal acts are called crackers .

True hackers have a high intellectual curiosity, high scores in logical and creative thinking, low tolerance for boredom, cognitive flexibility, and often a tendency toward introversion. But when they use their skills for malicious purposes, Machiavellianism, narcissism, moral disengagement, and antisocial behavior come into play. They justify their actions because they interpret them as challenges. They seek notoriety to establish themselves in their community.

One of the most widely known models in cybersecurity is the color-coded hat classification, the so-called Hat Colors, which distinguishes three groups. The White Hat (ethical hacker) works with authorization to protect systems, detect vulnerabilities, or perform audits. They operate within the law and are key to the digital defense of governments, companies, or institutions. The Grey Hat (ambiguous hacker) is one who breaches systems without authorization, but not necessarily with malicious intent. They sometimes report discovered flaws in the expectation of a reward. Their ethics are ambiguous, but their actions can be useful for security. The Black Hat , the one we're interested in now, the criminal, is one who operates without authorization and for illicit purposes, such as data theft, fraud, sabotage, or espionage. They are the ones who make our headlines, and the ones whose profiles have changed the most.

While political, ideological, or even recreational motivations predominated in the past, a clear trend is now evident: very young hackers — often under 20 —who seek notoriety or quick financial gain. They are driven by phenomena such as cloud chasing, the search for fame or attention on the internet , which often precedes the monetization of the illicit activity carried out, for example, by selling data, extorting, or reselling access. One example is Alcasec , the most famous Spanish hacker.

He began his activity as a minor, and at 19 he was arrested for compromising databases belonging to the Justice Department , the Tax Agency, and other agencies, which made him a threat to national security . He taught himself with YouTube tutorials and claimed to have hacked platforms such as HBO, Burger King, and the Bicimad system. He did it mainly out of ego. Out of boredom. Last month he was sent back to prison as part of Operation Borraska , in which Rajoy's Secretary of State was also arrested.

In its early stages, Alcasec acted out of personal challenge and to feed his vanity . He stated in interviews and chats that many of his intrusions were out of boredom or simply to prove he could do it. He was seeking recognition. What wasted talent, because he would soon begin to professionalize himself to the point of monetizing data theft and trafficking . He went from being a true hacker to a cracker , a structured cybercriminal.

Before, they were driven, above all, by ideals. In some cases, they crossed lines to assert them, but at least they were motivated by something beyond fame and money. And that's why it's important not to conflate the two. This is a culture born of ingenuity, not abuse. Differentiating them is a way of distinguishing the talent that builds from the one that destroys.

The profile has changed because the new generations were born under the umbrella of the Internet, and they are more comfortable with it, but their youth and immaturity derail their purpose, and they turn from gambling to crime without considering the consequences. As criminal as they are talented, their skill can be transformed into cooperation for society. It would be useful to encourage a return to the pillars that forged them, a path in which, once again, education becomes a central axis.