Get A Quote
Written by Cyber Threat Intelligence Unit on 19 April 2023

Honor Among Thieves: where did the code go?

Once upon a time thieves had a code of honors. This code of justifications criminals would tell themselves to justify their behaviors. Some of these codes were well known throughout history. For example, Robin Hood only stole from the rich, organized crime did not touch children or wives and thieves do not steal from each other. These codes also impacted public opinion. Robin Hood became a hero for the poor. Organized crime was left alone by the public, more often than not, until they broke that code. 

Hackers followed the same trajectory. Some hackers will go down in history as heroes. We can think of Edward Snowden who risks everything for his personal convictions and the group Anonymous who reveal much guarded secrets, in the way to be a kind of counter power. There was a period where hackers were seen often as modern-day heroes for democracy and truth. The reality is much grimmer nowadays in 2023. Which left a lot of us to ponder did greed corrupt the code? In the seeking of financial gains, did hackers go too far? Did they change or do we have new hackers named threat actors? The answer is that some did go too far but threat actors went too far and that has a cost. 

Attacking critical infrastructures especially hospital during covid left a bad taste in people’s mouth. There are hard lines that cannot be crossed if hackers want public sympathy, and this was one of them. Attacking profitability is one thing, playing with innocent human lives is another.

Older hackers will remember the time when the Code would forbid attacks related to public safety, children, health, and education.

Let’s talk about how this is possible. How can hackers attack hospital knowing human death might be the result of their actions? Distance is partially the answer. The further someone is from their victim the easier it is mentally to justify their actions. The distance between actions and consequence is important. The justification can be something like “It’s only lines of code”. They do not see the results in the field, in the middle of an operation room stuck inside a patient blind with no tools to help surgeons. Without seeing the consequence, threat actors can deny the responsibility they have in human death. 

Reputation is everything online. With a good reputation better business can be conducted. The same is seen in offline life. Threat actors without code of conduct or lines could be at risk of gaining a bad reputation. It’s important to keep in mind that ransomware needs the collaboration of their victims for payment. Reputation plays a role. If a group has a reputation for not giving back data, they won’t last long in business. Previous victims also play on reputation: who did they target? What did they do afterwards? As much as being seen as ruthless might be good for business, punching down has never been seen as good for business. That’s why organizations spend a lot of money to avoid scandals. This week, Lockbit’s reputation took multiple hits. The most notorious ransomware groups, understood as professional, now becoming the butt of a joke. Perhaps bringing back order and control might be better for business. 

The cyber landscape feels like the Wild West where no rules and code are enforced. After the explosion of minable cryptomoney, we saw the raising of new actors, without any skill, wanted to “invest” in ransoming through RaaS services. These groups seem to only see potential gains over the hackers’ code of ethics. But in the mist of that chaos, small events appearing make us think that perhaps a code of ethics might be re-emerging. Lockbit apologized to SickKids Toronto and Home& Heart Health inc for the hack and gave them back their data for free and told them they banned their affiliate, as they are a RaaS. According to the Lockbit rulebook for affiliate “It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed. It is allowed to steal data from any medical facilities without encryption, as it may be a medical secret and must be strictly protected in accordance with the law. If you can't pinpoint whether or not a particular medical organization can be attacked, contact the helpdesk”. This suggests that there are still some ethics even in the leading RaaS group.  Certain ransomware groups also have rules that include not attacking hospitals. Now are those rules always followed by affiliates, most likely not! 

On the podcast Darknet Diaries episode 132, a convicted Darkweb vendor talks about his code of ethics while selling drugs, nothing to harm and kill people and when he needed physical addresses, he would use convicted sex offenders’ address to ensure no children or adult be traumatized by SWAT at 6 am. These are details that tease a possible return of ethics in hackers. It’s also important to remember not all hackers are bad. Ethical hackers choose to use their skills for protection over destruction. All threat actors are hackers but not all hackers are threat actors and that is important to remember. Some of us still work to protect this world. 

There is no way to know how things will continue to change and grow. But I hope human kindness finds its way back into the code of honors of hackers and threat actors. 

Related Posts