How are foreign intelligence services not black hats? They are stealing data in order to use it for any number of non-nice things. Not selling the data on the dark web doesn't bleach their hats.
They are definitely black hats. Intelligence services operating in foreign countries (physically or digitally) are by definition criminals, in that they are breaking the local laws where they are operating / accessing.
That they are doing it for a 'good cause' (often debatable) is somewhat irrelevant, that is a risk/reward calculation that the country/agency/spy needs to make themselves.
If a a friendly country of the Dutch government wants to access records of a Dutch company (Booking.com), there are numerous legal methods to access this data. What's instead happening is that the CIA hacks NL companies and the Dutch RIVM hacks American ones and they share information/metadata with each other so that they can make and end-run around the legal constraints of both nations.
>the CIA hacks NL companies and the Dutch RIVM hacks American ones and they share information/metadata
The AIVD is the Dutch intelligence service, the RIVM is the public health institute. I don't think even the most out-there of Dutch conspiracy theorists have accused the RIVM of hacking American companies on behalf of the CIA...
Both intelligence agencies and cyber-criminals can be considered threats, but they are quite different. Intel agencies would present a serious threat to confidentiality, but are very unlikely to threaten the integrity & availability of business systems.
Illegal activities done with good intention (and usually outcome) is what the term greyhat is for. It would be fair to argue that's the correct term here for government agency hackers but personally I don't have strong enough stance on the subject to say either way.
The examples of the 'good guy' spies carrying out 'bad intention' activities are legion, and so the conclusion that trusting any covert intelligence organization is a good idea is extremely flawed.
There's a fair argument to be made that they're grey hat. On the whole though I agree with you and you shouldn't give blanket trust to people performing these kinds of activities. I would just assign a bit different value to a black hat activity (illegal and/or harmful and only beneficial by accident if at all) vs grey hat activity (illegal and potentially harmful but attempting to be beneficial)
Unless you truly believe that interfering with the results of a free election is for the better of the participants of that election, no that's a black hat activity. There's nuance here since you have to think about perspective, no one is a villain in their own eyes, but personally I find the most useful perspective for the kind of hat to be from the victim.
This line of thinking comes from buying into the narrative that America (and west) is by definition good and so their activities are fine no matter what. They hack and steal data, we are ok with it. It's extremely dangerous.
If intelligence agencies are after you you’ve got way bigger problems than some fraudsters using your data for financial scams. It’s the same reason smart lock hacks don’t scare me… Anyone who is exploiting technology to gain physical access to my physical body is going to get me, regardless if I get hacked or not (e.g. thugs could just kick my door in, or wait outside and launch an ambush).
Even if a smart lock used ROT13 encryption, the easiest way to defeat it is still probably a mechanical attack. The state of mechanical security is a whole new level of weak.
My boss once bought a really expensive lock with a magnetic key. He was going on about how it was unpickable. When the key was forgotten one time, we found it could be opened by sticking scissors in and turning.
I'm not sure what the moral is. Your comment reminded me of this story.
My house has one sided locks all over it. Kids are constantly locking themselves out of rooms / bathrooms.
We use dry spaghetti to unlock them. Keep a few above door frame.
I remember watching a Saturday Morning Cartoon of the 1966 animated version of the Incredible Hulk, where the evil mad scientist build this amazingly secure super-duper fancy high-tech Hulk-Proof Door that he was sure there was no way the Hulk could possibly open.
So the Hulk just knocked a hole in his stone castle wall next to the door, and walked into the lab.
I hope at least the garage door, doors, and all your windows have 'circuit breaker'-style sensors (inside the window frame) that trigger the alarm when is activated.
Long time ago I had to upgrade my whole bloody alarm system of my old house because I wanted to insure a watch.
And if you ever accidentally lock yourself out, it's going to be a PITA. There's one good think about Kwiksets -- you don't always need to call a locksmith if you lock yourself out :)
I would assume most are hackers for hire. Just because their customers are goverments doesn't change the fact they're selling their wares and data found.
How are foreign intelligence services not black hats? They are stealing data in order to use it for any number of non-nice things. Not selling the data on the dark web doesn't bleach their hats.