Most people are familiar with the concept of white hat hackers and black hat hackers, who are separated along ethical lines. Black hat hackers violate computer security for the wrong reasons, while white hat hackers do it for ethical reasons, such as showing the world some systems are not secure enough. There are actually several other types of “hats,” as well, such as gray hats (in between white and black) and green hats (newbies). Today, I’d like to introduce another type of hat: a transparent hat.

Hacking requires a deep understanding of computer systems. Hackers must understand the hardware level, have intimate knowledge of the system and have special, esoteric skills, such as being able to write assembly language programs under special constraints or understanding obfuscated programs.

Transparent hat hackers do not hurt computer systems for malicious causes, nor do they do it for the right cause. In fact, they do not hurt any systems at all. Instead, transparent hat hackers design and solve difficult mathematical problems that are related to the cyberdomain and enhance their abilities in ways that would help develop the cyberdomain.

Let me provide some examples.

Example No. 1

Thinking outside the box, here is a program I wrote for the IEEEXtreme 5.0 competition:

Given a seven-digit number, make an exercise from it whose result is 100. You may use the four basic math operations and parentheses between digits such that the result is a valid exercise whose result is 100. Note that you must use all the digits, keep the order of the digits and you are not allowed to combine several digits into a number.

Thus, the solutions “5x5x4,” “5x5x4+0x1x5x5” and “5x(5+5+1+0)+45” are not valid for the number 5551045, while the solution “5x(5+5+1+0+4+5)” is.

Your task is to write a program that, given a seven-digit decimal number, finds an exercise whose result is 100. You must keep the original digits in order and add characters from the following six-character alphabet: “+-x/().” So far, it is a straightforward task that requires some programming skills and some optimization to solve it fast enough. However, here comes the interesting part — the validity is checked using the following script:

[expand title=”Click to see the answer”]

A zero exit code is considered a valid solution. If you pay close attention to the scoring script, for example, you would see a way to fool it and solve the input “5750004,” which is unsolvable by the definition above but solvable by tricking the script.


Example No. 2

What does the following program do?

[expand title=”Click to see the answer”]

This 81-bytes-long 8086 assembly program can run on a Dos-Box and demonstrates some card magic. Can you understand it?



Example No. 3

The task here is to beat the robots in this shooting game. Download the game, run it and try to win. [NOTE: Clicking this link will start a program download]

Solving a math exercise (Example No. 1), reverse engineering card tricks in assembly (Example No. 2) or finding bugs in a computer game (Example No. 3) does not directly cause any harm to a computer system, doesn’t hurt anyone’s privacy, is not considered a crime and even isn’t considered to be a zero-day exploit. However, these exercises do teach you the skills needed for hacking. Example No. 1 shows you how to think outside the box and bend the rules of the system, while Example No. 2 shows you how to reverse engineer packed code that uses undocumented Microsoft operating system interrupts and appreciate the compression of data into code. Example No. 3 shows you how to look for common programming errors that tend to appear in real-life software and create security problems used by all types of hacking experts. And taken all together, these 3 examples reveal that hackers may not necessarily wear either white or black hats.

More from Threat Intelligence

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read -   April 27, 2023 Update This article is being republished with modifications from the original that was published on April 14, 2023, to change the name of the family of malware from Domino to Minodo. This is being done to avoid any possible confusion with the HCL Domino brand. The family of malware that is described in this article is unrelated to, does not impact, nor uses HCL Domino or any of its components in any way. The malware is…

15 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

An IBM Hacker Breaks Down High-Profile Attacks

5 min read - On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

5 min read