The stray sheep of cyberspace a.k.a. the actors who claim they break the law for the greater good

The development of cyberspace has brought about innumerable advantages for the mankind. However, it also came with several serious drawbacks; as cyberspace evolves, so does cybercrime. Since the birth of cyberspace, individuals, groups and whole nations have been engaging in computer-related offences of various significance and impact, trying to exploit systems’ vulnerabilities, disseminate malicious software and steal data or funds. The concept of a hacker has entered the collective consciousness and become an intrinsic element of popular culture. However, there are hackers, or rather, cyberspace actors, who challenge this common view. This paper presents three types of such people, namely hacktivists, members of cyber militias and Internet trolls. Although they all use the Internet to break the laws or rules, their internal motivations are not always utterly sinister; actually, some of them firmly believe that their actions are for the greater good. This paper is structured as follows: Firstly, the general profile of a hacker is presented. Then, the state of the art is outlined, concerning other papers dealing with the motivations behind cyber threat actors. Following that, the three aforementioned groups of cyberspace actors are contrasted with the profile of a ‘typical’ hacker. Then, the profiles of a typical representative for each of the group and their motivations are indicated, followed by the final conclusions.


Introduction
The development of cyberspace has brought about innumerable advantages for the mankind. However, it also came with several serious drawbacks; as cyberspace evolves, so does cybercrime. Since the birth of cyberspace, individuals, groups and whole nations have been engaging in computer-related offences of various significance and impact, trying to exploit systems' vulnerabilities, disseminate malicious software and steal data or funds. The concept of a hacker has entered the collective consciousness and become an intrinsic element of popular culture.
However, there are hackers, or rather, cyberspace actors, who challenge this common view. This paper presents three types of such people, namely hacktivists, members of cyber militias and Internet trolls. Although they all use the Internet to break the laws or rules, their internal motivations are not always utterly sinister; actually, some of them firmly believe that their actions are for the greater good. This paper is structured as follows: Firstly, the general profile of a hacker is presented. Then, the state of the art is outlined, concerning other papers dealing with the motivations behind cyber threat actors. Following that, the three aforementioned groups of cyberspace actors are contrasted with the profile of a 'typical' hacker. Then, the profiles of a typical representative for each of the group and their motivations are indicated, followed by the final conclusions.
The main contribution of this paper is concentrating on the hackers and actors who are 'the stray sheep' of cyberspace, i.e., the ones who are either misguided, ignorant or feel so strongly about something that they rationalise their actions, rather than 'typical' wrongdoers, who break the rules in full knowledge and with malicious intent.

Hackers
Based upon a review of the literature, there does not seem to be a universal scientific definition nor consensus on the term 'hacker' [1]. The today's mainstream usage of the word mainly refers to online criminals, understood as highly skilled individuals who are capable of subverting computer security to 'crack in'. Commonly, they are portrayed as bright, intelligent, curious loners and brilliant geeks who lack social and communications skills, though. Although some of the stereotypes have been partially confirmed scientifically [2], constructing the profile of a 'typical' hacker is in fact not possible, due to the fact that they may come from every background, may be driven by several distinct causes, work in an organised group or be lone wolves [3]. The researchers who study the intentions behind illegal cyber activities also do not seem to have come to the same conclusions. The most general set of motivations was described by [4] who divided them into three groups: malicious intent or vandalism, greed and the quest for challenge [5,6]. Nevertheless, not all the cyberspace actors whose actions fall under the umbrella of hacking fit the definition or the profile. The most distinct types of actors are hacktivists, internet trolls and the members of cyber militias.
The overview of the main distinctive features of the three groups is presented in Fig. 1:

State of the art
The scientists who have been dealing with the subject of the motivations that cyberspace actors are driven by have applied various ways of dividing and organising them. Li [5] reviews the motivations of illegal cyber activities in general, enlisting almost thirty reasons to break the law in cyberspace. However, the article does not organise them by the type of actor. Ablon [9] discusses the motivations of cyber threat actors as well as some ways they monetise the stolen data. In this paper, the four groups of cyber threat actors have been discussed, namely: cyberterrorists (theoretical), hacktivists, state-sponsored actors and cybercriminals. Thus, there is no distinction between the actors who break the law with malicious intent and those who may believe their actions can be justified. Sigholm [10] presents the various motivations of a large number of the non-state actors, excluding trolls. Ohlin et al. [11] discuss the motivations behind some of the actors; interestingly, hacktivists and 'patriotic hackers' are treated as two separate groups. This paper partially bases on a previous paper [8], which deals with raising the awareness of the less known cyberspace actorsnation states, hacktivists, cyberterrorists and trolls. Hereby, we discuss the hacktivists/trolls parts, which have been significantly extended and supplemented by adding the in-depth insights on the motivations of the actors. In addition to this, the motives behind the cyber militia members have been discussed. To the authors' best knowledge, the actors who believe they hack for the 'greater good' have not been collectively discussed yet.

Hacktivists
The term 'hacktivism' was coined by combining the terms 'hacking' and 'activism', in the early days of the World Wide Web [12] [13]. Back then, hackers mostly congregated on Usenet and message boards. As many of them were leftwing, anti-capitalist, anti-corporate idealists, their messing with people via the Internet soon switched to politically motivated hacks, inspired by diverse social and political issues [14]. This leads to a few groups rising to stardom, gaining international recognition and 'cyber-attacks are said to have entered a new phase' [15]. The methods they have employed are mostly basic, lack originality or sophistication [15]. Oftentimes, the tools and techniques involved are widely available and their deployment requires little to no technical skill [16]. The methods comprise: -Denial-of-service attacks, -Information theft, leaks and doxxing, -Website defacements, -Virtual sit-ins.
Additionally, hacktivists attempt other kinds of cyber sabotage, including Internet resource redirects and website parodies [11].
Research shows that hacktivists overwhelmingly favour attacking websites. It is so, as websites are often the most publicly facing aspect of a company or an organisation.
Hacktivists are said to prefer DDoS (distributed denial of service) attacks which lead to site crashes. Thus, hacktivists deny access to a particular service or website. In addition, this kind of attack may also mean a huge hosting bills the website owner is presented with [10,17].
When it comes to stealing data, hacktivists usually do it in order to expose sensitive files or records belonging to a target publicly over the Interneta method typically deployed to expose targets with something to hide, such as large corporations or governments [14]. This kind of activities is also related to the so-called doxxing. The word 'dox', meaning documents or 'docs', refers to the action of revealing private, often highly personal information that allows identifying someone, on the Internet. The data may comprise a person's real name, date of birth, phone numbers, addresses and so on. Hacktivists doxx their opponents, such as public figures, celebrities or individual members of targeted organisations, in order to intimidate them or bring embarrassment upon them. They also are known for website defacements, i.e., tampering with the site's appearance or data integrity. This can range from daubing 'political graffiti' across Internet to corrupting systems, e.g., manipulating polls and skewing online votings [18]. Finally, hacktivists resort to virtual sit-ins, i.e., voicing their opinions by simultaneously accessing a website multiple times, creating disruption of the target website. It is geared toward slowing down, or even crashing a target website, thus preventing access to its regular users [19].
The transporting of activism to the digital space has transformed it. As protesters became anonymous and their causes borderless, civil disobedience turned into disruption. The difference isnow, just a few skilled individuals are enough (or even enjoy more significant power) to cause more disruption with a single click than masses of people occupying streets [20].
Some of the most well-known hacktivists and hacktivist groups include the following (Tables 1 and 2).

Profile
Constructing the profile of a typical hacktivist is not that simple. This mixed group of people may consist of individuals ranging from script kiddies to professional black hats, from bored teens to rogue non-state actors and from lone cybervigilantes to cyber-groups [10]. 'They may range from local units composed of no more than a dozen persons to large transnational organisms with several satellite sub-groups' [11]. What they do have in common is that they are almost always personally anonymous, yet they seek a collectively distinguishable recognition [13]. Also, most of them connect through a variety of non-mainstream social networking services, such as forums and message boards like '4chan', wikis like 'Encyclopaedia Dramatica' or specific IRC channels [10]. As hacktivists often work alone, their attacks are extremely difficult to predict or even respond to quickly and whether they are a network administrator, a mid-level IT person or even a college student, there is no way of knowing in advance who they are or when they will strike [17].

Motivation
Hacktivism merges traditional political activism with the Internet; disgruntled individuals or groups use hacking to bring about political or social change, and cyberspace  • Muslim hacking collective • They have been targeting Amaq, the main online outlet and 'official' news agency of terror organisation ISIS/Daesh. They leaked the data of the Amaq's newsletter's subscribers and repeatedly took Amaq's website down [27] becomes the medium that allows them to express their discontent [3,21]. In addition to this, hacktivism can indirectly be utilised to reach hidden, underlying goals of political, military or commercial character; in some sense, hacktivists may be perceived as a cyberspace equivalent to the groups carrying out acts of civil disobedience, such as Greenpeace, and their actions, typically, have no lasting effect on their targets beyond reputation [11] [16]. Hacktivists (unlike typical cybercriminals) are usually not motivated with financial profit [17]. Rather, one may say they are motivated by a cause, 'burning rage inside them', no matter if they wish to embarrass celebrities, highlight human rights, wake up a corporation to its vulnerabilities or go after entities whose ideologies they do not find agreeable, who they feel do not align with their political views or practices [10,28]. Hacktivists may also steal and disseminate sensitive, proprietary or, sometimes, classified data in the name of free speech [10]. It is worth noting that, unlike most other hackers, hacktivists do crave publicity; this is why they often enter public, popular social media platforms, like Facebook, Twitter or YouTube. Hence, they are eager to, e.g., share the data they have stolen [15].

Internet trolls
Another kind of Internet actors are the so-called Internet trolls.
Although the idea of 'trolling' has been known for many years, there is a lack of academic consensus on the matter, owing to the fact it is a complex phenomenon [29,30]. Generally speaking, the term 'trolling' has been used to describe all types of malicious or harassing activities in the Internet, both verbal and behavioural ones, with the latter mostly happening in the sphere of online gaming [30,31]. However, beyond this basic agreement, almost every researcher has coined their own definition of trolling. For instance, Bishop [32] defines trolling as the 'act of posting a message (…) that is obviously exaggerating something on a particular topic', 'for the entertainment of oneself, others or both' [33]. Herring et al. [34] indicate that it 'entails luring others into often pointless and time-consuming discussions'. Another definition points it out that a troll 'posts a deliberately provocative message (…) with the intention of causing maximum disruption and argument' [35]. Cambria et al. [36] define trolling as 'emotional attacks on a person or a group through malicious and vulgar comments in order to provoke response'. Shachaf and Hara [37] call trolling 'repetitive, intentional and harmful actions that are undertaken in isolation and under hidden virtual identities (…) consisting of destructive participation in the community'. Hardaker [38] says trolling is 'the deliberate use of impoliteness/aggression, deception and/or manipulation (…) to create a context conductive to triggering or antagonising conflict'. Finally, Golf-Papez and Veer [39] define it as 'deliberate, deceptive and mischievous attempts that are engineered to elicit a reaction from the target(s), are performed for the benefit of the troll(s) and their followers and may have negative consequences for people and firms involved'. As one may notice, although the older definitions of trolling concentrated on stirring up discussions mostly for fun and amusement, the newer ones point it out that trolling aims to do emotional harm. The most recent ones emphasise the disruptive and deceptive nature of the acts of trolling. It may be thus stated that Internet trolling has become much more serious, harmful and potentially dangerous than it initially used to be. In fact, its potential as a tool of spreading deceptive and made-up content has already been utilised by many individuals and organisations. In the recent years, a new sub-group of trolls have caught the media's attention: the political trolls. They are usually 'user accounts whose sole purpose is to sow conflict and deception', their intent being 'to harm the political process and create distrust in the political system' [40]. Political trolls may be further divided into three groups: political bots masquerading as real users (spreading spam and harmful links), organised trolls (including hate and persecution campaigns) and the ones who spread 'fake news' [41]. Recently, the media have revealed several notorious cases of state-sponsored political trolling. For instance, before the 2016 US presidential elections, thousands of troll accounts injected false tweets or fake news in support or against certain candidates, aiming at creating discord and hate [42,43]. The accounts were traced back to Russia and allegedly funded by the Russian government [40]. Russian trolls were also highly active in Australia, in the years 2015-2017. Their actions included, e.g., spreading tweets undermining support for Australian government in the light of its response to the downing of flight MH17 [44]. In August 2019, Polish Deputy Justice Minister Łukasz Piebiak resigned after it had been revealed he allegedly arranged and controlled a hate campaign and sought to discredit judges who were critical of the government's judicial reforms; it was done by planting media rumours about the judges' private lives. The incident sparked a massive outcry in the country [45,46].

Profile
As with hacktivists, the profile of a 'typical' troll is difficult to establish; this is mainly due to the fact that the definitions of a troll vary to a great extent. Even so, there are some common traits to be found, which repeat across numerous study results and papers on the matter. For example, researchers consistently refer to the 'dark tetrad', i.e., specific psychological traits that many Internet trolls possess. The tetrad is constituted by narcissism, psychopathy, Machiavellianism and everyday sadism. Narcissism is the excessive sense of self-love and selfadmiration, psychopathy means the absence of empathy, Machiavellianism is used to describe a detached, calculating, manipulative attitude, and everyday sadism means that a person enjoys cruelty that is present in everyday culture; the cruelty may be part of violent films or video games, or refer to real-life events, like police brutality. Of the four traits, it is sadism which is believed to be the most closely associated with trolling behaviours on the Internet. Oher studies suggest that cyber trolls are often characterised by low self-esteem, conscientiousness and internal moral values. The results of the study aimed at revealing the demographic of trolls suggest that a typical troll is male and lacks affective empathy. In addition, the so-called online disinhibition effect may contribute to some people becoming trolls. The idea behind it is that some people, if they think they are anonymous, tend to dissociate from the harassment [47,48].

Motivation
The motives of internet trolls also greatly vary and depend on the kind of troll. Papers suggest several possible motivations, such as everyday sadism, a need for attention, trying to boost one's low self-confidence, lack of empathy, a desire for amusement or simply the fact that trolls' victims differ from them. However, trolls in a way may also be fighting for their 'greater good', as one study suggested that trolls are motivated by the fact that their actions create a kind of online community. Engaging in hate speech and online harassment is a way of cementing or building the status in the group, gaining a sense of belonging. An alternative view suggests that part of the trolls are not atypical or antisocial; in fact, they are regular Internet users who simply engage in copycat behaviour, that is they mimic the trolling behaviours they are exposed to in social media. The motives for gaming trolls, besides the ones presented above, include responding to being trolled by other players, being bored or in a negative emotional state and wishing to win no matter what. In other words, they are motivated by personal enjoyment, taking their revenge on other trolls, or thrill-seeking [49,50]. Finally, it is also worth mentioning that studies have shown Internet trolls tend to rationalise their behaviour, i.e., downplay the consequences of their actions, and thus minimise their blame and hurt others without guilt, so againtheir motives may not be utterly mischievous, at least in their own eyes [47,48]. Just the oppositeeven if they might be perfectly aware of the fact that what they do is wrong, they feel their actions are justified, sometimes in a very twisted way.

Cyber militia
Cyber militias are defined as 'a group of volunteers who are willing and able to use cyber-attacks in order to achieve a political goal' [51]. The definition also encompasses the ways the members of a militia contact and gather: 'the members communicate primarily via Internet and, as a rule, hide their identity'. The anonymity is usually achieved by adopting hacker aliases. Cyber militias may be permanent or be formed ad hock. The definition emphasises the fact of the members being volunteers, as they participate in the cyber militia of their own free will. They are not contractually obliged to it. Usually, they do not receive any money for their actions (there are exceptions to this; sometimes the leaders of a cyber militia are paid salaries [52]). In addition to this, a member of a cyber militia decides upon their level of commitment. They may also leave it whenever they wish. This is the main difference between the members of cyber militias and the people who join a government-run cyber-attack unit. Ottis [51] also indicates that the word 'political' in the aforementioned definition 'refers to all aims that transcend the personal interest of the volunteer. This includes religious views, nationalistic views, opinions on world social order etc.' [51,53]. According to the researcher, most cyber militias meet the following criteria: -The communication within a militia is centralised; the communicating, planning and coordinating a cyberattack campaign usually relies on on-line forums and instant messaging services. -Usually, there is no direct state support or control of the militia. If there is direct state support, the unit should be considered an organic part of the state rather than the cyber militia. -The members are loosely connected in real life; the leadership/core group may be personally acquainted, but the rest of the members usually do not know any other members, or know a few of them.
Forum posts allow identifying the roles certain members play in the militia. They can be divided into two categories: 'officer' rolesleaders, trainers, suppliers, etc., and 'soldiers' and 'camp followers'. The leaders motivate to act, coordinate actions and give the directions of attacks. The trainers give instructions of all kinds, including the ones concerning reconnaissance and attacks, as well as covering them. The suppliers are responsible for providing scanners, malware, attack kits, etc. 'Soldiers' are the ones who take active part in attacks. They usually remain quiet on the forum or are ordered to report the results of their actions. Lastly, the camp followers follow the forum threads out of curiosity but do not take part in any campaigns [51].
One of the most well-known cases of the employment of cyber militia is Estonia, where volunteer hackers were recruited to respond to cyber-attacks. Those civilian defence corps grew out of the aftermath of a 2007 attack, when banking, government, news and other websites were taken online and the authorities put the blame on Russian operatives. According to experts, the attacks have been one of the worst cases of state-sponsored warfare to date. Although the Estonian cyber militia hackers are mostly civilians, they have been trained to handle this kind of assaults on hospitals, banks and military bases, as well as on, e.g., voting systems. Their commander says that the threat is taken as a given. His militia consists of all kinds of white-hat types, including amateur IT workers, economists, lawyers and so on. Some of their actions include running drills with troops, doctors and air traffic controllers, and gauging officials' responses to realistic attacks, for example, by sending out e-mails with sketchy links or dropping infected USB sticks. Allegedly, a CD labelled with a picture of Russian porn star in a bathing suit proved very effective bait for military officials. As a result, at present, the country's military computers turn off after having detected an unknown disc or USB drive. Officially, the militia is part of Estonia's national guard. Estonian's cyber militia has inspired many security officials elsewhere, including countries like France, Latvia and the USA [52].
China has also relied heavily on cyber militias. According to researchers, the collective membership of cyber militias in China has already amounted to over 10 million people. Most probably, the goal of the cyber units is to provide logistic support and rear area security for active duty unitssimilarly to militias in general. One of the most well-known faces of the Chinese cyber militias are the infamous, popular, nationalismdriven 'patriotic hackers' [54].
In the United States of America, one of the cyber militia, Missouri National Guard Team, has recently launched a nonprofit organisation in order to share their network security monitoring system 'built by cyber warriors for cyber warriors' [55]. In Ohio, a bill has been introduced that is going to create a civilian cyber militia, the task of which would be to protect the state's critical government agencies and election systems. If the bill is passed, a new volunteer unit would be created under the authority of the Ohio adjutant general and operate at the same level as National Guard. The Ohio Cyber Reserve would recruit 'individuals who are interested in improving Ohio's cyber posture'.
In India, in 2011, Information Technology Minister Kapil Sibal called for a community of ethical hackers to help defend Indian networks. Reportedly, India has been considering using patriotic hackers for offensive operations, too [56].
There is a lot of controversy surrounding cyber militia. Although experts enlist the possible positive outcomes of employing the 'members of the cyber militia, recruited among a pool of civilians with the requisite forensic and IT skills', it is feared that the members of militias may use their skills and knowledge against other states with no authorisation, or even turn them back on home networks. Militias may also ignore orders, especially during a crisis. As Segal sums it up, 'patriotic geeks might be the answer to a lot of policy challenges. But in terms of cybersecurity, it may be best to either bring them completely into the fold, or keep them at arm's length' [56].

Profile
Ottis [7] has distinguished three models of cyber militia: the Forum, the Hierarchy and the Cell. The models refer to the operating principles of the militia, and the properties and relationships between the members of cyber militia.
The Forum consists of people who do not know one another in real life but are interested in a particular subject, meet online in a web forum, IRC channel, social network and interact there. The place is easily accessible over Internet, easy to find and provides visibility to the agenda of the group; it may be also used to recruit new members. The Forum mobilises in response to an event that is important to its members; it is more ad-hoc than permanent. It forms quickly; its attacks are hard to analyse and counter. However, as it comprises mostly of people inexperienced in cyber-attacks, it is highly reliant on the instructions and tools provided by the more experienced members of the Forum. Moreover, due to the nature of the utilised communication channels, it is relatively easy to infiltrate and de-anonymise.
Another model of a volunteer cyber force is a hacker cell. It encompasses several hackers who perform attacks on a regular basis; this may last over extended periods of time. The members are experienced in the use of cyber-attacks, some of them may be even involved in cybercrime. They are likely to know one another in real life; the cell is often built on mutual trust. The Cell, in response to a long-term problem, may exist for a long period of time but is able to mobilise very quickly and difficult to infiltrate.
Finally, the Hierarchy is the most organised model, suitable, e.g., for state-sponsored groups. The model resembles other military units, with sub-units specialised in some specific task or roles (like reconnaissance, infiltration, breaching and training). As the actions of a state-sponsored militias are attributable to the state (by definition), it is crucial that the militia is able to be controlled. However, it must be noted that not every cohesive group that adopts a command structure is sponsored by the state. State-sponsored militias may also require identified membership. The militias of this type may exist for a long time, even if no conflict occurs, and engage in training and recruitment in the 'peacetime'; if they are sponsored by the state, apart from money, they may expect infrastructure, cooperation with law enforcement or intelligence community.

Motivation
In order to engage in cyber militias' activities, a person must be driven by patriotism, or at least concerned about the matters of a particular nation. They may also be motivated by political reasons, e.g., strongly oppose a foreign country's governmental policies or disagree with them. Ottis [7] also suggests that some hackers engaged in cyber militia are confident in their skills and proud of their achievements. Some of them, after performing an attack, may even leave their aliases or affiliations, in order to claim bragging rights and thus boost their ego [7].

Nation-state actors
It must be noted that when speaking about the cyberspace actors who believe they do good, one could also mention the nation-state actors. This kind of actors has been presented in detail in [8,[57][58][59]. However, this paper does not categorise nation-states as the 'stray sheep', as they are aware of what they are doing and their actions are deliberate, calculated and planned. With the nation-state actors, the ethical issue is of a different nature. Although their nation may grant them the right by law to carry out their undertaking, what they do might be strictly illegal in other countries, especially the ones they act against.

Discussion and conclusions
The presented kinds of cyberspace actors do differ from the image of a hacker-cybercriminal that has become mainstream owing to news items and pop culture in general. All of the actors rationalise their actions in various ways and are able to pinpoint their motives and reasons behind them, despite the fact the cyber-attacks they carry out are objectively illegal. Their actions might spark even more controversy, as substantial part of their activities are generally of lawless nature. Thus, they divide the public opinion. The actors themselves often claim their actions are for the greater good, e.g., in order to encourage better security or a more responsible custodianship of personal data, but does the fact that they wish to raise awareness about a particular matter and bring about some kind of social or political change make them 'good'? Some people actually applaud vigilante hackers who take the law into their own hands; is it enough to explain their actions, though? [14,15]. Actually, how people categorise hacktivists, trolls and cyber militia members depends mostly on whether they sympathise with the same causes they do [20]. As Lohrman [60] describes this moral and ethical dilemma: 'There is an evolving definition of right and wrong regarding hacking. For example, I may think that Edward Snowden stealing NSA records was wrong. However, I may also agree that the information he disclosed was valuable to society to help protect online privacy. Although I do not believe that the ends justify the means, millions of Americans now believe that Snowden was a hero. Bottom line, they think his illegal actions were justified' [60]. However, what if the hackers' targets are not only faceless institutions, businesses and governments but also 'regular' individuals, and then, what was meant to be transparency turns into harassment [20]? With all the three discussed groups, there is the tension caused by the fact that what seems to be right to do, does not necessarily have to be legal or ethical. Ironically, sometimes perfectly legal actions are not ethical, or just the oppositepeople may tolerate the law being broken if they believe the cause is worth it. However, the three groups vary in the intensity of these tensions, the balance between the ethics, morality and law, and the severity of the possible damage and harm their members are capable of doing.

Limitations and further work
This paper bases on a comprehensive review of recently published literature, including scientific articles, as well as various other sources. However, cyberspace is fickle and one might soon witness major shifts in the ecosystem, whether they be related to technical advancements or global political situation. The matter needs constant monitoring, following trends and drawing conclusions anew, in order for the divisions, names and drawn profiles to stay up-to-date and relevant. Thus, it has been planned for the research presented in this paper to be continued, and the changes in the ecosystem reported accordingly, if they do happen.

The implications for cybersecurity
The today's cyberspace is a complex and complicated ecosystem. Lumping the various cyber threat actors together might prove to be as unwise as underestimating the threat in general. Being aware of the various motives of the actors, the forces that drive them, the ways they form groups, etc., is also significant from the cybersecurity's point of view. Cybersecurity and cybercrime are forever and inherently connected; one cannot exist without the other [61]. For cybersecurity experts, being one step ahead of wrongdoers requires knowing as much as possible about them; for instance, being of the ways in which political trolls or hacktivists congregate could be enough to infiltrate them and get the information on the actions they are planning; being profoundly knowledgeable about the attack vectors they apply helps adopt the speediest or most comprehensive solutions. Lastly, not all the hackers are equally dangerous; some of them are rather more of a nuisance than a real threat. Encouraging increased awareness of the matter amongst cybersecurity experts may in turn help them produce the most appropriate response and eventually contribute to creating a safer, more friendly cyberspace.

Final conclusions
This paper has attempted to construct the profiles of 'typical' hackers who are not driven by malicious intents and present the motivations behind the cyberattacks they perform. However, it is not possible to paint a simple, black and white image of the matter due to its remarkably diverse and complicated nature. Cyberspace is constantly developing. As a consequence, the future will surely bring even more difficult situations and ethical dilemmas related to hackers. It seems unavoidable, even if they break into systems with the best intentions.
Apart from the dilemmas of purely ethical nature, there is also the question of penalising certain behaviours in cyberspace. Even if people agree with the hackers' ideology or sentiment, and rationalise their actions, the law is the law and crime is to be punished. This issue does not only pose a considerable challenge for policymakers and law enforcement but also creates another ethical dilemma; there might not be a simple answer to. As it turns out, some hackers might be inflicting considerable harm to others, and yet, they will be warmly applauded for that. In cyberspace, the 'greater good' sometimes is a surprisingly relative concept.
Funding Open Access funding enabled and organized by Projekt DEAL. This work is funded under SIMARGL project, which has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No. 833042.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.