Who is a Black Hat Hacker?
A black hat hacker is a person who attempts to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons. Their sole intention is to monetize your IT systems using ransomware, cryptojacking, rootkits, and trojans.

Black hat hackers can inflict major damage on both individual computer users and large organizations by stealing personal financial information, compromising the security of major systems, or shutting down or altering the function of websites and networks.

Why Black Hat?
The symbology of the good guy wearing a white hat and the bad guy wearing a black hat goes back to the early Westerns. In fact, it goes all the way back to 1903 and a twelve-minute short, The Great Train Robbery, directed by Edwin S. Porter.

The video stars Justus D. Barnes, who played one of the outlaws. In a famous sequence from the end of the film, he empties his pistol straight at the camera, effectively taking potshots at the audience.

The black hat hacker is a digital outlaw taking potshots at your cybersecurity defenses.

How Black Hat Hackers Operate
Black hat hackers have extensive knowledge about breaking into servers and computer networks. They can discover – and share amongst themselves – vulnerabilities in software and operating systems that can be exploited to allow them to gain access to the network or to plant malware in the system.

Some black hat hackers are the authors of malware, Distributed Denial-of-Service (DDoS) software, and other tools that assist hackers.

Their motivation is almost always financial, although hacking groups like Anonymous see themselves as social justice vigilantes. They attack organizations as a form of activism. Industrial espionage is another reason hackers attack systems.

Gary McKinnon Case
Sometimes, the motivation is a desire to whistle-blow. This was the motivation behind the famous case of Gary McKinnon. Between February 2001 and March 2002, he hacked into 97 NASA and U.S. military computers, looking for evidence of UFOs. He was convinced it existed but was being repressed. He thought he was going to prove UFOs were real and that the U.S. military had access to alien technology.
A small portion of hacking is conducted by newcomers who want to break into any system they can. They want to prove they have the skills to be taken seriously in the hacking fraternity. But by far, the majority of black hat activity is motivated by financial gain.

Black hat hackers will try to find hitherto unnoticed vulnerabilities in operating systems, protocols, and software packages. If they can then devise an exploit that capitalizes on this weakness and allows them to perform a cybercrime, all the servers and networks that use that operating system, software package, or protocol are effectively defenseless against that new attack.

A security patch must be devised, released, and applied to the affected systems to remove the vulnerability. This is what is known as a zero-day exploit.

A black hat hacker may use the exploit themselves, or they may sell it on the Dark Web. Zero-day exploits can change hands for hundreds of thousands of dollars.

It is possible to classify and sub-classify threat actors and cybercriminal factions ad infinitum, but it is at least worth pointing out that not all cybercriminals are hackers.

Many cybercriminals use readily available malware kits, attack software, Cybercrime-as-a-Service, and proof of concept code that demonstrates how to exploit new vulnerabilities. They don’t have the knowledge or expertise to detect and weaponize vulnerabilities or to write malware themselves.