Why You Can't Spot a Hacker in the Crowd: Top 10 Things People Don't Know About Hackers

Dressed in a bespoke three-piece suit that appears to be tailored from Savile Row, Joseph Carson could be a high-powered executive who spends his days in boardrooms or Wall Street.

Instead, Carson is a "white hat" ethical hacker who looks for security vulnerabilities in the networks and websites of major companies. Serving as the chief security scientist at Thycotic, a Washington D.C.-based provider of privileged account management (PAM) solutions, he defies the stereotypical image of a hacker conjured by Hollywood screenwriters.

While hackers are portrayed as loners who don their ubiquitous black t-shirts underneath their hoodies to conduct nefarious acts such as changing a college student's grades or stealing a company's proprietary secrets to sell on the Dark Web, in reality many work for publicly traded companies as C-level executives and startup founders, are very social, are not Millennials and speak several languages.

The negative connotations associated with being a hacker or hacking is a fallacy.

"The primary driving force for change and new inventions in this field is hacking," said Chris Roberts, chief security architect at Acalvio, a Santa Clara, Calif.-based provider of advanced threat detection and defense solutions. "It is the simple ability to understand the status quo and be able to change it."

A hacker is someone who wants to change how things are done by finding a better method, said Jason Glassberg, co-founder of Casaba Security, a Seattle-based firm specializing in ethical hacking and software assurance.

"We are all hackers in our community," he said. "A hacker wants to add new features and services, democratize services and products and make the world better, safer, cheaper and more fair. Hackers are just like ordinary software testers or quality control engineers, except they test to see the result of failure, not success. A normal engineer tests to ensure their product works as designed. The hacker tests to see how it works when it is broken on purpose."

Here are the top ten things most people do not know about hackers.

More of What's Trending on TheStreet:

1. They look like you and me and don't all wear black or live in hoodies
1. They look like you and me and don't all wear black or live in hoodies

"They look like normal people," said Heather Howland, vice president at Preempt, a San Francisco-based provider of User and Entity Behavior Analytics (UEBA) solutions. "It's not like that classic 'Where's Waldo?' photo where he sticks out because of his red and white hat with the pom pom. He's just like everyone else."

In reality, hackers "are just like you -- not wearing a hoodie with a mask," said Carson.

However, many hackers do prefer wear darker-colored attire, because they travel often and are not always able to "stay in the best of shapes and black works to hide the extra padding we've accumulated -- temporarily in many cases," said Roberts. "Let's face it, you don't want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?"

The stereotypes need to be adjusted and while some hackers prefer to throw on a hoodie, because they are warm and comfortable to wear when they are out and about on physical penetration tests.

"However, most of us don't sit at the keyboard with the hood up, gloves on and our faces covered," he said.

2. Hackers are social, open-minded and accepting of all types of personalities
2. Hackers are social, open-minded and accepting of all types of personalities

Hackers today increasingly have to be extremely social and adept at picking up social cues in order to garner private information.

"Hackers today come from all walks of life and represent all races, genders and countries," said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company.

"As we see more and more attacks targeting people directly, rather than their computers, hackers must be incredibly eloquent, social, engaging and convincing in order to execute social engineering attacks that can grant them access to buildings or systems," he said.

Identifying a hacker by their dress or demeanor is a misconception.

"As cyber crime evolves into a formal business endeavor, so do the people who perform the work," Wenzler said. "There's simply no way to identify a hacker by how they appear anymore. Anyone can be a hacker, so it is imperative to remain vigilant and never assume someone is or isn't because they don't match a stereotype."

Hackers tend to be open-minded, accepting and non-judgmental, said Glassberg. "You will generally find they are more accepting of a wide range of diverse people than the U.S. population as a whole, from the LGBT community, to differences in religion, politics and economic theory," he said. "There are plenty of individuals in our field who are homosexual, bisexual and transgender. We accept them all - we don't consider gender labels or sexual orientation to be of any importance at all. What matters to us is skill. Either you have it, or you don't. Nothing else really matters, other than a person's ethos."

3. They would rather smoke pot than work for the FBI
3. They would rather smoke pot than work for the FBI

The FBI said it has trouble recruiting cyber security experts since many of them are partial to partaking to smoking marijuana. Former FBI Director James Comey told the Wall Street Journal in 2014 that the agency would have to relax its stance against cannabis in order to keep up with other hackers.

4. Hackers are not cookie cutter types
4. Hackers are not cookie cutter types

Many hackers are very social and speak several languages, said Carson.

"They are smart and sometimes rejected from what society accept, even though they have much to offer," he said. "They respect privacy. However, if you do not, they will take advantage of it."

Some hackers are older, and not all are Millennials.

"Perhaps even your grandmother or grandfather is one," said Carson.

One of the top hackers in the world is a former playboy model, according to Howland. After Adeanna Cooke discovered photos of herself posted without her permission, she was able to remove the photos after hacking into the website, according to an article in TechWorm.

The industry is still predominately male unfortunately, said Roberts.

"We don't want to be and we have alot of work to do to be better at inclusiveness and understanding barriers," he said.

More women are working in this industry each year, said Alex McGeorge, head of threat intelligence at Immunity, a Miami Beach-based offensive security firm.

"They will likely play an even bigger role down the road and some of the female white hats who stand out include the following: Natalie Silvanovich from Google Project Zero, Window Snyder from Fastly, Justine Bone from MedSec, Jennifer Steffens from IOActive, plus Skylar Rampersaud from our company, Immunity," he said.

5. The original hackers were good guys
5. The original hackers were good guys

Many hackers are working toward helping companies, its employees and consumers to avoid being victims of malware, phishing and other scams.

"They would hack computer software and hardware to make it better and faster," said Howland.

Many hackers are good guys and gals known as the "white hat" hackers who work globally to determine security vulnerabilities in websites or online services, said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training. "They report these online problems to companies who pay them 'bug bounties' of up to $30,000 for finding these holes in company cyber defenses."

Few industries are immune to the tens of thousands of security vulnerabilities which have been discovered and the bug bounties have been paid by major tech companies such as Google, Microsoft, Facebook and even by the Department of Defense in an authorized "Hack the Pentagon" program which found a security vulnerability within 13 minutes, he said.

The majority of hackers are "here to do good and like Robin Hood want to help people," Carson said.

6. They have corporate jobs, are married, have kids and do not live in the basement
6. They have corporate jobs, are married, have kids and do not live in the basement

"In fact, most hackers are professionals that more and more commonly are working for government agencies," said Wenzler.

But some are working for criminal organizations which have set up cubicles within office buildings and "provide their 'employees' with the same kind of benefits you'd expect from a legitimate corporation," he said. "There are still some hobbyists out there, but the trend is moving to treating cyber attacks as a business enterprise."

Hackers are not loners and tend to work in teams, said Archie Agarwal, CEO of ThreatModeler, a Jersey City, N.J.-based cybersecurity company. "This is true of both white hat hackers and black hat hackers," he said.

"Hackers are usually part of a tight, extended community," Agarwal said. "They may be spread out over hundreds or thousands of miles, but they remain close and keep in touch regularly. Carrying out a penetration test, vulnerability research or a network breach often requires teammates who can help distribute the load and offer different skills."

7. Many of us are self-taught
7. Many of us are self-taught

Hackers tend to have a "thirst for knowledge that goes beyond just technical/traditional geek things," said Roberts. "You would be be surprised if you engage us in conversation that we are typically well read, well versed and articulate if we could just work out how to converse with people sometimes."

8. They hail from every country
8. They hail from every country

Hackers are not only Russian, Chinese and North Korea, but they live and work from all countries, said Carson.

Due to the Hollywood and "English" mindset, the term hacker is often thought of as a white male in their 20s and "nothing could be further from the truth," said Roberts.

"The top country by scale is China, then followed by the U.S. and then we have a heap of other countries most of whom don't have the pale white skin associated with the typical hacker," he said.

9. It's Not Just About the Lulz
9. It's Not Just About the Lulz

Some of the more notorious hacking groups such as Anonymous and Lizard Squad have disrupted websites and other services "for the lulz," which means they found it amusing, said Wenzler.

"For a long time, hacking was viewed as a sort of digital graffiti, more along the lines of a prank rather than a serious crime," he said. "But today, most hackers are using malware like ransomware to extort millions of dollars from their victims, making this a very serious financial endeavor with huge sums of money at stake. While some hackers may still attack sites for fun, it's really all about the money now."

While some hackers are part of criminal enterprises, they are no longer after low-hanging fruit such as credit card numbers and Social Security numbers, which are sold for pennies on the dollar for large lists.

Medical records are not only popular, but also extremely valuable now on the Dark Web and cyber criminals also sell stolen passwords to Netflix, Amazon, Uber and other online accounts, said Agarwal.

"Airline miles and other rewards points are also valuable," he said. "Getting a backdoor Trojan on a home computer can turn that home computer into a recurring source of revenue for the hacker. They can add it to a botnet and then rent the botnet out to other criminals who want to perform DDoS attacks."

10. Hackers like to disassemble things
10. Hackers like to disassemble things

Cyber security experts tend to be curious and to seek solutions for a myriad of problems.

"We typically like to disassemble things to understand how they work, test them, see if we can improve them and then to work out how to reassemble," said Roberts. "It's in our blood and brains. I took the household vacuum cleaner apart when I was 8 to both see how it worked and to make a hovercraft…these days I do the same thing with companies and their tech."

Real hacking entails hard work that can be tedious because it involves sitting in front of a computer for hours and hours in order to analyze endless lines of code to find a singe usable bug, said Glassberg.

"You can spend days or weeks trying to write a good workable exploit," he said. "It's hard work and you have to do it because you love it, not because you want to be famous on the Internet for a week. It isn't like what you see in the movies. There are no video and music montages playing in the background."