We often talk about what hackers do – but rarely look at a psychological profile of hackers. What drives them to spend whole days and nights breaking into other people's systems? What do they think? What do they feel when they succeed – or get caught?
Because who is the hacker, really – behind the code and the screen?
This article dives into a psychological profile of several types of hackers and the psychological, social and economic forces that shape them.
You'll learn not just what they do, but why they do it – and what that tells us about the threat we face.
From idealistic activists to professional cybercriminals and digital soldiers: here's a human understanding of cybersecurity's most talked about – but least understood – actors.
All people and names are fictional
The hacktivist – a sense of justice burning holes in the system
“This isn't about money. I hate power. I hate how it suffocates the truth. If I can leak just one document and make one CEO sweat – it'll all have been worth it.”
The name he uses online is root.revolt. He has a tattoo of an anonymous face, but not because he's part of Anonymous. He was 14 the first time he saw videos of police violence in Hong Kong.
Now he's 23 and has helped leak documents from an energy company that polluted drinking water in South America.
His drive? A mix of anger and duty. He believes he's doing the right thing. If he doesn't, who will?
The state hacker – the digital soldier with patriotism and a pension
“You can call it espionage – I call it defence. Other countries have done it for decades. We just do the same. With slightly better code.”
‘Dima' works in an anonymous concrete building somewhere in the world. Every morning he scans a USB stick for malware he knows is there. He sends reports up the chain and gets instructions back. He has a wife and a child. He knows he works for a state unit, but he never talks about it at home.
His motivation isn't hate. It's duty. A kind of quiet loyalty. His task isn't to create chaos – it's to secure an information advantage. He sees it as a job. And in a country with low pay and low freedom, it's one of the better ones.
Systematic crime – run like a business
“There's no difference between us and the marketing department. We just use exploits instead of ads.”
‘Nox' is 31 and runs a small group working with ransomware-as-a-service. They have accounting, chat support and onboarding for new affiliates. They don't pay tax, but they run everything else like a regular business.
He started as a freelancer in cybersecurity. He discovered there was more money in the illegal side. And less paperwork. For him, it's not evil, it's efficient.
They don't send threats. They send “friendly reminders” about payment. They have a PR strategy and post statements on forums “explaining their policy.”
The young individualist – when it starts as a game
“I didn't mean to do any harm. I just wanted to see if I could get in.”
‘Lukas' is 17, but operates under another name. He got tired of playing computer games and started messing with IT vulnerabilities. It started when he found a bug in his school's WiFi portal. Then it escalated quickly. Today he has access to three backend systems at a mid-sized Danish company.
He'd like to study computer science. But it's also pretty cool when someone on Discord writes about his latest “stunt”: “holy shit, that was sick.” It's not money, it's respect. A subculture where he gets likes and praise – and no adult understands it.
He hasn't stolen anything. Yet. But he knows he's crossed a line.
The lone wolf with a (dark) mission
“I just want to prove they can't control everything. That they're not untouchable. They think they're safe. They're not.”
He calls himself NullSaint. He has no group. He works alone. At night he breaks into university servers and leaves warnings, not malware. He calls them messages, but others would call them threats.
He has no income, no friends, and no authority he trusts. He's angry. Not just at the system, but at people in general. He believes he's delivering justice.
And if anyone asks whether it's extreme? Yes. But he doesn't feel extreme. He feels honest and free.
From hacker to advisor
The story of hackers who switch sides and become cybersecurity experts sounds almost like a movie – but in some cases it's reality.
A well-known example is Kevin Mitnick, who in the 1990s was one of the world's most wanted hackers. After several years in prison, he chose to use his knowledge on the right side of the law. He became a respected security consultant, founded his own company and wrote several books on social engineering and IT security. Mitnick passed away in 2023, but his name is still used as a reference when talking about human weaknesses in cybersecurity.
Another – more ambiguous – example is Sven Jaschan, a German teenager behind the Sasser worm in 2004. He was given a suspended sentence, but was hired shortly after by a German IT security firm. It sparked debate, and his subsequent career in the industry is sparsely documented. He's therefore rarely held up as a role model – but his story shows how technical skill and security often go hand in hand, even when it starts with breaking the rules.
Facts and trends:
- In 2020, an IBM report showed that 32% of their penetration testers had a background as former black hats.
- Platforms like HackerOne, Bugcrowd and Synack make it possible to earn legitimate money from hacking via bug bounties.
- The U.S. Department of Defense has hired both ex-hackers and teenagers for its Hack the Pentagon programmes.
Being a hacker is (also) a job
Not all hackers are driven by ideology, ego or thrill-seeking. For many, it's just work. Particularly in parts of the world with high unemployment and poverty, hacking becomes a livelihood.
“I send emails. People click. We get access. We take what we need. It's not personal.”
‘Uddin' is 20 and lives in a suburb of Lagos. He works 10 hours a day from an internet café-like office. He knows what he's doing. But he doesn't call it crime.
For him, it's his third career change. Before that he worked in telemarketing – but this pays better.
Facts:
- In 2023, Recorded Future reported on hacker factories, where young people are recruited directly from schools or online communities.
- According to the World Bank, cybercrime is one of the fastest-growing sources of income in certain low-income countries – often because the alternative is worse.
In these cases, hacking becomes a survival strategy, not an ideological act. And with that comes a completely different logic and morality.
Behaviour and psychology: what they understand about us – and what we don't understand about them
A psychological profile of hackers shows how everything from motivation to methods depends on the type. Hackers exploit people. Not just software. They know we click when we're tired. That we trust emails from the boss. That we use the same password in three places. But what do we actually know about them?
“People think we're just nerds in hoodies. But we understand you better than you understand yourselves.”
It's about behavioural psychology. Social manipulation. And the ability to think like the user – and exploit it.
Social engineering: digital manipulation
Hackers exploit our trust, our busyness and our habits.
A classic trick isCEO fraud: An email from the “boss” asks for a quick transfer. It's written in the right tone, with the right signature – and it lands when the finance employee is most under pressure.
A study from Verizon showed that over 80% of all successful data breaches start with social engineering.
Cognitive weaknesses: our psychological back doors
Hackers know that humans have built-in biases:
- Authority bias: We trust emails from superiors.
- Confirmation bias: We read what we expect – and miss the red flags.
- Time pressure: We react faster (and worse) under time pressure.
The best attackers build their attacks around our behaviour – not against our systems.
Hacking as a sport: world championships in cybersecurity
Yes, world championships in hacking really exist – and the participants don't call it cybercrime. They call it Capture The Flag. Even at competitions like DEF CON, you can clearly see how the psychological profile of hackers plays in.
Every year, the world's sharpest security minds gather for competitions like DEF CON CTF in Las Vegas, Pwn2Own, and European Cyber Security Challenge. Here you can clearly see how the psychological profile of hackers plays in. They break into simulated systems, find vulnerabilities, hijack access – and do it all legally.
“It's not about destroying anything. It's about finding what others overlook. Understanding how things can go wrong – before they do.”
That's how a Danish participant describes his motivation.
What does that show us?
- The most advanced attacks often begin as intellectual challenges.
- Many participate in competitions as a way into professional security careers.
- And maybe most importantly: the best defenders have often thought like attackers first.
It also shows us that the line between “the good” and “the bad” hacker isn't fixed. It's fluid. Context, purpose and values decide which hat you wear.
Conclusion: when we see hackers as people, it changes our defence – and we get better at spotting them.
Throughout this article we've met the hacktivist, who sees themselves as a digital activist. The state-sponsored operator who's just “doing his job”. The young, curious individualist. And the lone wolf with their own ethical code.
They're different – but they're all human. Not just code in the dark, but individuals with motives, backgrounds and a reality that shapes their actions.
And precisely because they're human, they can be understood. And that's our strength.
We can't always predict the next attack. But we can begin to understand which types of hackers are at play – and why they choose the attacks they do. We can learn from their psychology, not just their tactics. And that makes us far better equipped to build awareness, security culture and resilience.
When we understand the hacker's world, ours becomes a little less vulnerable, because we can turn their behaviour against them in exactly the same way they try with us. But at the same time, we can also understand the necessity of strong cyber defence in our companies. Because to the question of whether any of the types we've covered here will stop hacking their way into our systems just because we ask them to, the answer is simple enough: no.
They don't stop for many different reasons, personal as well as “necessary” – and that's why we have to stay as many steps ahead as we can.
We build our platform (also) on understanding the hacker – if you'd like to know what advantages that gives you and your company, get in touch.