What is a hacker?
To ensure I don't hit any nerves of any hackers I have included the Wikipedia community based definitions of what a security hacker and computer hacker is. I'm covering hacking in the information technology space in this article, not other types of hacking like bio-hacking which I think it's far more dangerous and a whole other topic.
My interpretation of computer hackers & security hackers:
Security hacking can be used for "good" or "bad" security purposes, depending on what your point of view is. I think a "bad" hacker is someone who intends to hurt others financially or in other ways. Law enforcement or nation states can conduct hacking, and depending on your point of view as reader, these entities can do "good" or "bad" hacking activity. This activity usually involves hacking into devices that are connected to a network and/or the "internet".
Computer Hacking can be for research, scientific, security, law enforcement, malicious means for either "good" and "bad" purposes and doesn't necessarily need to be security hacking related like hacking a solution for quantum computing or hacking your own system design to improve it. It is usually not network related but related to hacking a piece of technology, whether a computer or something else.
The Wikipedia definitions!
Wikipedia defines a security hacker as "someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the "computer underground."
It also states that "Longstanding controversy surrounds the meaning of the term "hacker". In this controversy, computer programmers reclaim the term hacker, arguing that it refers simply to someone with an advanced understanding of computers and computer networks and that cracker is the more appropriate term for those who break into computers, whether computer criminals (black hats) or computer security experts (white hats). A 2014 article noted that "... the black-hat meaning still prevails among the general public"
But the term computer hacker has a much wider meaning according to Wikipedia: "A computer hacker is a computer expert who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term hacker has become associated in popular culture with a security hacker – someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be unavailable to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques in order to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN, or the dark web) to mask their identities online, posing as criminals themselves. Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. Oppositely, hacking and cyber-attacks are used extra- and illegally by law enforcement and security agencies (conducting warrantless activities), and employed by State actors as a weapon of both legal and illegal warfare."
I think computer hacking can also include companies that reverse engineer other companies designs or change a design to make a unique design for the hardware or software that they themselves build - either legally or illegally. But we are focusing in this article on security computer hacking - we are not covering physical hacking of physical things (eg: hacking a human cell to change its properties). We are focusing on security hacking in cyberspace or initiated from the local network or from the internet.
Before we find out the top countries where security hackers come from, let's examine their types below... There is certainly a wide variety of flavours of security hackers for different purposes.
Types of Security Hackers
Black Hat - Typical hacker in the news & are the biggest risk to your business. Motivated by financial gain. Their goal is to get into your business, steal bank details, confidential data and money. The stolen resources are used for extortion, sale on the black market or as their own gain.
White Hat - They are the opposite of black hat hackers, wanting to help businesses & support them in their cyber defence either for free or as a paid job. A company or individual who helps protect your business. Cyberkite is like a white hacker, they help defend your business data.
Grey Hat - They are driven by personal enjoyment. They know all the things white and black hat hackers know and they aren't particularly interested in attacking or defending you. They usually just have fun breaking defenses for the challenge. They rarely do anything harmful - means they hack and move on. They make up the majority of all hackers.
Blue Hat - They are bent on revenge and are aggressive. They don't exist unless you create them. So it does pay to have business ethics and play fair with customers and other parties. Because who knows, you don't play fair, you anger them very much and turn one of them into a blue hat hacker. Their thoughts are: "Grrrr, I'm gonna make them pay!". They usually use off the shelf code to attack adjust it for their use. They then use this code for revenge against a business or individual.
Red Hat - The crusader of cyberspace. They are the superhero vigilantes, judge, jury and executioner. Their goal is to eliminate a black hat hacker in cyberspace. They use the Black hat arsenal of cyber weapons against them. But you don't know they exist as they are like the famous comics superheroes. Benefit to your business is they work to protect you like white hat hackers.
Green Hat - Beginner hackers starting out. They are learning to be fully fledged hackers. They test out code for learning. They usually don't attack a business and learn from experienced hackers on online communities to learn from them. That is why they are called green as they aren't a threat to your business.
Script Kiddie - They are neither of the other types. Sounds like an innocent hacker but their purpose is to cause chaos and disrupt as much as possible. They are not interested in stealing. They are focused on scripting and code but don't develop their own software. A common attack from them is DoS (Denial of Service) or DDoS (Distributed Denial of Service). So they use any type of attack that can cause your business chaos, damage your reputation or cause you to lose customers.
Neophyte - A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.
Law enforcement - Various law enforcement agencies can conduct hacking to catch criminals such as the recent ANOM encrypted chat app multi-agency Operation Trojan Shield or Operation Ironside which intercepted mullions of chats across a number of years.
Organized criminal gangs - groups of hacker that conduct organized criminal activities for profit. Wikipedia states: "These criminals hold computer systems hostage, demanding large payments from victims to restore access to their own computer systems and data. Furthermore, recent ransomware attacks on industries, including energy, food, and transportation, have been blamed on criminal organizations based in or near a state actor — possibly with the country’s knowledge and approval. Cyber theft and ransomware attacks are now the fastest-growing crimes in the United States. Bitcoin and other cryptocurrencies facilitate the extortion of huge ransoms from large companies, hospitals and city governments with little or no chance of being caught."
Top 10 Countries where security hackers come from
This data is hard to come by, so the estimations I have listed below are estimations and should be viewed as such. I have shown 2013, 2016 and 2019 data to show an evolution the scene, and yes China has been and is the top country where hackers come from. The other reason why these numbers are estimations is that they are based on reported traffic and not necessarily include dark web activity. But overall the rankings are fairly reflective of what's happening.
On average the latest top 10 countries where hackers come from are:
And the top 10 countries where hackers come from over the years:
1. China - Approx 41.4%
1. China - 27.24%
2. U.S.A. - 10%
2. USA - 17.12%
3. Turkey - 4.8%
3. Turkey - 10.24%
4. Russia - 4.4%
4. Brazil - 8.6%
5. Taiwan - 3.8%
5. South Korea - 7.47%
6. Brazil - 3.4%
6. India - 6.67%
7. Romania - 3.4%
7. Spain - 6.32%
8. India - 2.3%
8. Thailand - 5.85%
9. Italy - 1.6%
9. Japan - 5.55%
10. Hungary - 1.4%
10. Russia - 5.14%
% of hacking traffic
% of hacking traffic
Why are these countries at the top?
In 2013 China took the top spot for the top spot of being the biggest hotbed of hackers in the world and it has remained so in 2016 and 2019. I think it will remain so for long time to come. Why is that? It has one of the most sophisticated hacker networks or groups in the world. Some of these groups are maintained by The People's Liberation Army of China. What's also contributed to such a large army of hackers is the endorsement of cybersecurity awareness especially among the youth. The other reason is that China has around a billion people. Chinese Information Operations and Information Warfare includes the concept of “network warfare”, which is roughly analogous to the United States concept of cyber-warfare. Foreign Policy magazine provided an estimated range for China's "hacker army" personnel, anywhere from 50,000 to 100,000 individuals in addition to other groups and individuals. I think the the Chinese hackers are "patient visionaries & social engineering experts". Their favourite targets are Asia, the Pacific and Australia.
The typical Chinese cyber attack uses viral SMS message with a link to collect or install software to monitor keystrokes looking for any access to bank accounts. It is interesting to note that large share of the Chinese cybercrime infrastructure is located outside the country most likely because of tough state legislations. The other aspect we should also consider that in the last 20 years China has rapidly adopted and outpaced the western countries with the latest technology - for example the city of Shenzhen is considered the electronics capital of the world. Also China's ambitions cannot be dismissed as a thirst for acquiring intellectual property to advance both in corporate and government sectors. The other is it's thirst for surveillance of it's citizens and people of other countries - yes that's right, according to the Human Rights Watch article in April 2021 the surveillance program includes for example spying on American online uses. Will the the government there take a more active role in reducing and enforcing cyber crime? Time will tell.
As at 2013 they were the 2nd largest warehouse of hackers with such major hacker groups as Anonymous it takes a huge effect on the world with cyberattacks. One of the most famous US hackers were Kevin Mitnick who used to be a black hat hacker but is now a White or Red Hat hacker. In 1995 Kevin was arrest and sentenced to five years in prison for various computer and communications-related crimes. By 2019 their ranking has dropped down to 9th.
As at 2013 they had the 3rd largest stash of hackers. It packs a sizeable punch of cyberattacks in the world. It also have a large network of hackers acting in the interests of the Turkish government and they often are targeted towards organisations in Europe and the Middle East. Since 2016 they have dropped below 10th place. Economic issues and political difficulties means that hackers might be focusing on other means of income.
In 2013 they were the 4th largest collection of hackers but for some reason Russia's cyberattack traffic had been falling by 2016 to 10th spot, then by 2019 they were the 3rd. So they remain at the top. Apart for independent groups and individuals the Russian government has been involved (although not claiming responsibility) in major cyberattacks against western nations. For example, UK's National Cyber Security Centre (NCSC) said that most likely state sponsored hackers from Russia targeted organisations trying to develop a coronavirus vaccine in UK, US and Canada. There is a long standing relationship between Russian hackers and the Russian government according to the Washington Post article from June 2021. Russian hackers have a strict rules of engagement. One of those rules is "Don't target Russia or friendly states". It's even hard wired into the ransomware they create with code that checks the location, so if you are located in Russia or Syria or for example if you have Russian language keyboard installed, in that case you're all good. And a simple explanation is this - if you attack where you eat you are going to get a knock on the door from the FSB. The other issue is the western sanctions are creating economic difficulties for more people there and young Russians are heading into illegal security hacking to earn an income. Ransomware is Russian hackers speciality. Such groups as DarkSide and REvil are ransomware-as-a-service groups which means they are just intermediaries between the victim and the actual hackers whether it's state sponsors or otherwise.
In 2013 they were the 5th largest place of residence for hackers. Being a relative country of China but it contains a large collection of hackers. But since 2016 they have dropped below 10th place for some reason or the hackers there have gotten stealthier. Given the difficulty of mainland Chinese hackers dealing with Chinese state strict legislation I suspect Chinese hackers have infrastructure in Hong Kong and Taiwan (my guess).
In 2013 they were the 6th largest accumulation of hackers and it's South America's largest country. But by 2016 they were 4th on the ranking then spiking up to 2nd place in 2019. Brazil's ransomware attacks account for 10.64% of the global ransomware attacks. Regulatory and enforcement measures have been insufficient to prevent these attacks. Why have they grown in capabilities? Instituto Igrape article from 2018 says its a mix of increasing population and access to the internet grew to more than 66% in 2016. There is indication that Brazil is the Iceland of South America where Brazilians want greater digital rights, universal access and net neutrality. This has created inconsistencies in law enforcement related to cyber attacks. In my opinion Brazilian authorities conduct token enforcement (eg: Operation Hashtag during 2016 Olympic Games). Brazil is young on the internet and as a country will need to workout ways to better enforce cyber attacks to prevent being the next hotbed of spam and attacks. And from history we know how hard it is to shake that perception in the world. Brazil will continue to be the "maestro of South America". Brazilian hackers usually take inspiration from Russians and turn to new markets and fresh developments. I would not be surprised if Russian and Brazilian hackers work together on projects.
In 2013 they were the 7th highest hacker traffic country in the world. In recent years up to around 2013 an isolated town of Ramnicu Valcea became a hacker central in Romania due to international cybergangs it is home to and it was called Hackerville. One famous Romanian hacker was Guccifer. But since 2016 they have dropped below 10th place propably due to government crackdown. Independent.ie article states that in 2021 the suspected main player in "Hackerville" was extradited to Ireland and his name is Gheorghe Adrian Gherghe. Also over the past few years the Romanian authorities have been dismantling the "Hackerville" in the remote town of Ramnicu Valcea.
In 2013 Indian became the 8th most populous army of hackers and tourists have been known to be the victims of cyber attacks. The top 5 hackers in India are Vivek Ramachandran, Ankit Fadia, Sunny Vaghela, Trishneet Arora, Sai Satish. There is also a ripe community of "hackers-for-hire" firms in India. But by 2016 Indian hacking activity has jumped to 6th place. Mint article in 2021 said that India has become the "hack-for-hire hub". Same article states: "A May 2020 Google Threat Analysis Group (TAG) report highlighted an interesting emerging trend: that these “hack for hire" operations are now increasingly being mounted under the aegis of formally registered firms. 'Many are based in India,' the report said." And there is another problem, the article elaborates "Security researchers in India often do not get the same respect in the country as global counterparts, which drives them to the dark side.". Indians digital transformation and access by the population to the internet will increase and as open of the most populous nations next to China, it will have a high place in the rankings for years to come due to a trend of overseas moving the IT help desks back to onshore and overseas hackers hiring entire hacking-as-a-service (HaaS) teams to avoid responsibility. I am yet to see Indian authorities taking this problem seriously and having the resources such as security researchers and white hat hackers on the cybercrime law enforcement teams.
In 2013 they were the country with 9th most number of hackers in the world As the nation digitized it increased the number of hackers in Italy. For example a 25 year old Italian man pleaded guilty in 2013 for defacing NASA websites and 60 other Italian websites. Since 2016 onwards they have dropped off the top 10 most likely because of the Europol joint cyber crime law enforcement activity.
In 2013 they were the country with the 10th largest number of hackers. Although its a small country in size and population it has a large hacking network. South Korea nearly beat Hungary for this position. Although since 2016 South Korea briefly jumped up to 5th position. Hungary dipped below 10th since 2016 most likely due to government law enforcement and Europol cracking down on cybercrime groups and individuals.
Polish, not in the top 10 in 2013 or 2016 have now grown in influence and were ranked as 4th country where hackers come from in 2019. Why is that? Internet access has become available, more affordable and access to technology has grown as Poland has been recording for over 50 years of Communism. When I was a kid in Poland in the early 1990's computers were very hard to get and very expensive, but as Polish economy started recovering from Communism it gave kids access to computers and as those kids have grown up and newer generations have come in, again like in Russia, hacking has become a means of income for some of the young people. Also according to one incident in 2020 where Polish/Swiss police & Europol uncovered one of those groups operating in Poland and Switzerland called InfinityBlack who were conducting large quantity of financial attacks in Switzerland. In recent years the Polish economy has struggled and this has most likely intensified all the wild cyber attacks coming out of Poland. In 2019 Poland joined Europols cyber-crime taskforce (J-CAT) and they have done some joint high profile dismantling of hacker and cyber criminal groups operating in Poland. According to the Global Government Forum article in 2019 the head of the Cybercrime Bureau of the Polish National Police Headquarters, Mariusz Lenczewski said: “Fighting cyber-crime every day becomes more and more difficult. Only close international co-operation will allow law enforcement agencies to succeed in this fight. We are happy that we could become a member of the J-CAT and undertake new challenges alongside specialised experts from around the world.”. I suspect Polish hacking community will keep growing getting their own unique mix of specialities. Hopefully this will mean that Polish rise in hacking may not last and may eventually drop to below 10th place.
From 2019 onwards Iran has risen as a notable hub of hacking activity. Why? Majority of the hacks are state based in what appears as efforts to disrupt western interests. In a 2020 AFR article it states: "Iran's cyber troops have long been among the world's most capable and aggressive, disrupting banking, hacking oil companies, even trying to take control of a dam from afar, while typically stopping short of the most crippling possible actions, say experts on the country's capabilities." State run cyber attack campaigns to further the interests of Iran will continue to be a problem for western countries and western nations.
Since 2019 Vietnam has risen to 8th largest hacking community. Why? DarkReading article in 2019 says that "Vietnam's one-party government has committed to aggressive economic growth and has been investing in domestic technology development. With the country seeking ways to gain an advantage over regional economic powerhouses like China, Japan, and South Korea, there has been an increase in cyber espionage activity targeting multinationals, IntSights said." Also since Vietnamese Internet Censorship Law was put in place the government's new cyber offensive unit called Force 47 which comprises 10,000 members has been cracking down on such communities as the Hacker Vietnam Association (HVA), a Vietnamese hacking website which had a variety of topics, hacking, carding and other topics to help hackers flourish. Other websites have popped up to replace it and looks like the hacking community is angry with the heavy handedness of Force 47. Looks like a showdown will keep brewing between these groups. The other increasing activity is hacking groups targeting western citizens to get things like their cryptocurrency wallets, bank accounts and other juice data.
Everyone is familiar with the famous Nigerian prince scams (or more widely known in various forms as advance-fee scam). Even my grandpa once feel for that. But that was a long time ago. But in recent years Nigeria has come back to top 10th hacking activity. In a LSE blog article in 2021 Dr. Uche Igwe outlines the reasons why Nigeria is rising as a hub of hacker activity. The article explains: "You do not need to travel far across Nigeria to see a generation of young people lost in the world of cybercrime and ostensibly inspired by the likes of Hushpuppi. You will find them in many Nigerian cities like Lagos, Benin and Owerri, and even up to Accra, Johannesburg, Dubai and Kuala Lumpur. It is from these remote locations that young opportunists try to launch phishing and ransomware attacks, including malicious spams, all over the world. Often when they try to escape criminal justice, they easily stand out with their characteristic way of dressing and brazen lifestyle."
Nigerian authorities have conducted useful operations over the years but they are insufficient for the large task and doesn't address the underlying causes leading young people to black hat hacking rather than white hat hacking. Black hat hacking skills are easily transferable to white hat hacking as a job for companies and as startups so I would like to se young Nigerian cybersecurity startups grow to large companies employing all these smart young people as white hat hackers. Dr. Igwe explains the problem with cyber enforcement in Nigeria: "While the Nigerian Cybercrime Prevention and Provision Act 2015 has been a useful deterrent, it has been largely inadequate in preventing the vulnerability of major institutions like banks. Real-time coordination has been a challenge and made early detection and prevention difficult and insufficient. Furthermore, some unscrupulous law enforcement agents still try to take advantage of the legislation to harass young people, connive with perpetrators to procure hasty plea bargains in order to benefit from the proceeds of their crime." So it is crucial for governments to invest well in cyber law enforcement with private and government partnerships.
Since 2019 Germany has risen to top 10 in hacker activity. German hackers have started focusing on critical infrastructure such as power grids and water suppliers according to an Euronews article in 2019. But there is another trend, young hackers or hacktivists rising to use hacking as a way to make political statements. An example of that is a 20 year old man who admitted to police that he was behind one of the country's biggest breaches with over 1000 public figures data leaking out. Such activities would most likely have increase since 2020 given there has been a lot of bored young people under lockdown. Similar to Poland this may be a temporary rise and may be clamped down by Europol cyber crime unit (J-CAT).
And out of interest....lets see what countries have the best cyber defence measures to fight cyber warfare and cyber crime.
Top 11 most powerful cyber defence nations in the world
The governments are beefing up their cyber defences to protect themselves, their citizens and businesses from the hacker attacks and state based cyber warfare.
How was this determined? Math.
Formula: National Cyber Power Index (NCPI) = The Belfer National Cyber Power Index (NCPI) measures 30 countries’ cyber capabilities in the context of seven national objectives, using 32 intent indicators and 27 capability indicators with evidence collected from publicly available data. Check out the NCPI 2020 report from the Harvard Kennedy School - Belfer Center.
And but wait.....there's more....
Top 10 security hackers of all time
And a little more....
History of Cybersecurity & Security Hacking
The first internet security hacker: The first hacker to gain media attention was Robert Tappan Morris back in 1989. He released the first Denial of Service (DoS) attack caused by a worm Morris had developed at Cornell University the year before. He was basically working on a digital version of a nuclear weapon. Robert said he didn't plan to cause harm but wanted to highlight the security flaws but sadly because of a fault in the code the worm replicated too much and caused extensive damage which went on for days, OOOPSS!!!!
About Cyberkite Cybersecurity
If you're an organisation or business you surf the net use caution and seek the support and advice of a professional Cybersecurity provider to help secure your business like Cyberkite. If you live in Australia and you're a small business or organisation you can learn more about our Cybersecurity products and services here. You can also book a free Cybersecurity Check which a short 30 minute discussion on what you currently have in terms of your IT security and how Cyberkite can help to enhance those protections.
The 7 Top Hacking Countries (Slideshow)
Vietnam Rises as Cyberthreat (2019)
Mass surveillance in China - Wikipedia
List of top hackers - Wikipedia
List of major hacker groups - Wikipedia
List of major cyberattacks - Wikipedia
Chinese cyberwarfare - Wikipedia
Cyberwarfare in the United States - Wikipedia
Cyberwarfare by Russia - Wikipedia
Top 10 Most Notorious Hackers of All Time (Kaspersky)