SecurityTrails Blog · Mar 17 · by Sara Jelen

From heroes to deviants: Discussing the cultures of hacking with Gabriella Biella Coleman

Reading time: 17 minutes

When talking about hacker cultures, the media often blurs the lines between the act of hacking and criminality, inadventaly propping up stereotypes that plague the figure of the hacker.

In reality, hackers feed into a socially and politically significant subculture with unique social and behavioral norms, and enough space for both criminal and heroic actions (and a lot in between!). Throughout her career, Gabriella Coleman has been studying and bringing attention to important, but often overlooked, foundations of hacker communities — craftiness, humour and, oftentimes, strict ethical codes.

Gabriella Biella Coleman holds the Wolfe Chair in Scientific and Technological Literacy at McGill University. One of the first to dabble in the subject of hacker culture, Biella is an anthropologist, with her academic career focusing on the politics, culture, and ethics of hacking.

We met Biella while attending 36c3 where she was presenting her newest project, Hack_Curio: a video exhibition of hacker curiosities. Done in video format, the project aims to marry the cultural and political meaning of hacking with a dash of humor in each entry.


Often regarded as "the world's foremost scholar on Anonymous," you might've read Biella's popular books, "Coding Freedom: The Ethics and Aesthetics of Hacking" and "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." But today we're talking about Hack_Curio, how she found her place in the industry as an "outsider," her favorite hacker myths and contradictions, and what has changed since she released her first works.

SecurityTrails: You're currently based in Montreal, but you are originally from the US. What made you move to Canada and continue your research from there?

Gabriella Biella Coleman: The backstory of how I got here is a bit long and twisted, as backstories tend to be, but the upshot is my first permanent academic job was at New York University. I adored the job, but city living was challenging. NYC is terrific, but I found it to be a draining urban landscape that became a draining hellscape over the summer!

So when McGill, located in the French-speaking city of Montreal, advertised an anthropology job, I applied. Though I didn't get that job, I did land a different position that ended up being my dream job, providing resources for public outreach around technological and scientific issues.

As an anthropologist who studies computer hacking, a subculture that is larded with gross misconceptions and yet is so culturally and politically significant, it's been fantastic to be afforded the resources to spend a portion of my time educating the general public outside of the hacking community. I began experimenting with new mediums, like a hacker video museum/exhibit, to help change the conversation around the topic.

How did you discover your interest in hacker culture/open source movement, and what was the tipping point for you deciding to take your research and academic career in that direction?

Biella: Back in the 1990s everyone, from individual creators to corporations, treated patents and copyrights as sacred, untouchable legal instruments. At the time, few groups challenged this core logic; meaning, that without copyrights or patents, creators were unwilling to create.

Free software hackers were one of the few groups willing to release creative and technological artifacts without copyrights and patents. At the time, I was unaware of this movement. Thankfully, one of my friends was a free software developer who knew I would be interested in copyright alternatives and introduced me to the copyleft. I was floored and intrigued that geeky, engineering types had reinvented the law and wanted to learn more. Especially how this commitment to free software came to be and with what effect. That was the onramp that got me to one small corner of the hacker world, and I've never left.

The development of Free and Open Source Software is predicated on transparency, openness, and access. Most developers offered me their time and insight, sometimes quite generously.

Eventually, I learned free and open-source represented one neighborhood within the world of hacking and broadened my teaching of the subject to include piracy, phone phreaking, underground hacking, security, and hacktivism.

What was your experience when you started your fieldwork in the free and open source community and what was the reception you received as a sort of "outsider?"

Biella: Fieldwork is always psychologically excruciating to start. It's not easy to show up, say at some free software meeting, and try to explain what anthropologists do in general and what I specifically planned on doing, and then declare your intent to remain not for weeks or months, but a year or more.

I am pretty sure, at that point, most of the hackers I was working with had never interacted with an anthropologist. Truthfully, I was concerned about gaining access to the open-source community, so I volunteered at the Electronic Frontier Foundation to get an EFF email address. I figured people might respond more favorably to that affiliation than my graduate school one and I think I was right.

Even if the EFF email address likely helped open doors, my warm welcome probably had more to do with the ethical commitments of these technologists. The development of Free and Open Source Software is predicated on transparency, openness, and access. Most developers offered me their time and insight, sometimes quite generously.

During fieldwork, I was struck by how common joking was among hackers, and how many even embedded clever jokes or puns in technical artifacts.

Despite a warm welcome, when I published my dissertation and circulated it, some of the open-source hackers I heard back from told me they were "surprised they learned anything at all." But I understand the skepticism. Anthropologists tend to take a more open-ended approach and when asked about the nature of my project, I would tell people I am just trying to absorb everything. It was only after I produced the final product that these developers came to see what I was doing with my ethnography.

How do you present your commitment to freedom of information in your ethnographic work?

Freedom of information

Biella: As a professor with a steady salary, I can, in theory, give open access to my work. I've been fortunate enough to publish both my books with Creative Commons licenses. Still, I had to convince both of my publishers to forgo traditional copyright.

With my first book, Coding Freedom, my editor resisted until I explained that publishing a book on free software with traditional copyright is like printing a Hindu prayer book on leather. A lightbulb went off and he understood then how important it was to release the information freely, as that aligned with what I was writing about. It was also a fantastic way to give something back to my interviewees who had been so generous with their time.

With my second book on Anonymous, I reasoned with my editor on slightly different grounds. I explained it was going to be pirated anyway (it was Anonymous after all), so why not show a bit of goodwill and just release it under a CC license. The press graciously agreed, and remarkably, the book did quite well sales-wise.

Still, while I fully support and admire the current working alternatives to copyright and patents, I am not always opposed to these instruments. Some independent creators depend on selling their creative works to eke out a living, and copyrights are often essential to secure a living. Same goes for the independent inventors who might use patents. But there are many instances when it makes sense to release information as a public good for everyone to access.

That alternatives to copyrights and patents exist and that we can have serious conversations about when and why it makes sense to release or retain control is refreshing. This critical rethinking and set of substitutes are indebted to the contributions of free software hackers.

You are currently working on research that tackles the phenomenon of black hats turning a new leaf. The main differences between white, grey, and black hats are their sets of morals and ethics. How would you, in that context, describe former black hats becoming white hats?

Biella: Many of the former black hats who became leading security professionals followed strict ethical codes, even when they were breaking the law and entering into computer systems. Generally, they did not cause damage, steal information, or otherwise engender chaos — although mini-wars did erupt sometimes due to the leaking of sensitive information.

It certainly helps that many of these black hats developed the technical skills and knowledge that were otherwise hard to acquire in formal settings. Most academic computer science departments didn't teach security. Knowledge was acquired from experimenting and doing; from breaking into a system. I found the activities of many of the 1990s black hat groups, like TESO, ADM, THC, intensely pedagogical.

Still, even with superior technical skills, they had to convince the public that releasing information about vulnerabilities in a full disclosure manner was the right thing to do, while vendors like Microsoft railed against full disclosure and these hackers. Vendors did not want to assume responsibility for poorly written software. Hackers pushed and shamed software vendors, while also working with journalists to help communicate their good intentions to the public. Between their skills, the media work, and protocols around disclosing information, many successfully transitioned away from these secret intellectual societies, and helped usher in the security industry as we know it today.

Humor is an important part of hackers showing their "cleverness", as you discussed in your book, "Coding Freedom." Where do you think that mischief and humour in hackers' craftiness is derived from? What are some similarities between mindsets needed for hacking and for humour?

Biella: There likely isn't one source, but one thing does stand out - most early hackers, whether those who hailed from more traditional settings, like universities, or those from less conventional traditions, such as phone phreaking, had to, at minimum, bend or break rules and barriers in order to access the technologies. Some, like the phone phreaks, broke the law every single time they entered the phone system. Resources were scarce, scant, or just off limits for decades.

Coding Freedom

Groups of hackers and phone phreaks banded together, willing to go where they were not supposed to. This created a "crafty" mindset – a wiliness and willingness to engage with rule breaking. Hackers came to value craftiness and would revel and relish in the opportunity to be clever. During fieldwork, I was struck by how common joking was among hackers, and how many even embedded clever jokes or puns in technical artifacts. At the same time, this inclination toward craftiness is technically valuable as well.

Your newest project, Hack_Curio, beautifully encompasses the cultural and political meaning of hacking, with humour present in most, if not all, entries. What does Hack_Curio want to show us about hackers and hacker culture?

Biella: We'd like to get people to see hackers beyond the typical stereotypes around hacking; as more than a maniacally typing savior in a hoodie or a maniacally typing villain in a hoodie. In many cases there is a lot more to hacking, though I note in Hack_Curio, I do think a lot of hackers wear hoodies, because they can and they are comfortable :)


We want viewers to learn that hacking is bound by distinct traditions such as security, free software, and piracy, and this variability comes from regional differences as well. Even if many aspects of hacking are international (i.e. free software projects house people from all over the world, and conferences like the Chaos Communication Congress also attract people from different nations), other dimensions are regional. Hacking looks quite different from the perch of Germany, than the cliff of the United States.

Finally, we want to show how hackers have shaped our technical and political landscape, and showcase the promises, perils, and effects, both good and bad, of various hacker interventions. They have altered security practices, the field of journalism, activism, and much more.

Why did you choose video as your medium on this project?

Biella: While I am a big believer in the written word and reasoned arguments to change people's minds, we also have to recognize the limits of words and reason. Combining text with footage adds a rhetorical punch to your arguments. Video, especially as it's delivered easily online today, is a visual technology of persuasion. In my experience when using videos in class as a teaching tool, my students understand a point with more depth. It is also entertaining and I firmly believe if we want to persuade people of an argument or truth, entertainment is a handy vessel.

What can we expect from Hack_Curio in the future?

Biella: For now, I'd say a lot more content and from different parts of the world. We've published nearly 50 entries and videos. Now we are focusing on populating the site with about 50 more entries and we will try to draw in more from non-American sources in the next year. We are currently working with folks in Spain to find good material from there. I have some content from Germany and the Chaos Computer Club, and I'd like to find videos from Latin America.

In the far far future, we may publish long-form essays (5000-8000 words) on the topic of hackers, with the essay's argument hinged on videos already featured on the site. But that's a bit of a pipe dream right now.

What are your favorite hacker myths/misconceptions?

Biella: The most ridiculous one is that hackers are anti-social because they are hyper-social! This misconception is perhaps due to two things. One, even though pedagogy is intensely social (you have to get a lot of help from peers), getting stuff done requires solitude while staring at the computer. Two, if you are asocial, you can still thrive in hacker worlds and projects through your contributions—so there are loner types milling about. But go to any hacker meetup or conference, and you will soon discover that hackers like to hang out, both in person and online.

There are so many wonderful contradictions in hacker culture, what is your favorite? Mine would be, they feel like this exclusive club, separated from the outside world, yet they are such an inclusive community.

Biella: You nailed it. When I started research, I was caught off guard by the presence of these exclusionary-inclusionary social dynamics. On the one hand, attributes like weirdness, disability, and queerness were present and visible, as well as accepted in hacker circles. When I attended conferences and events — and I am well aware my experience is not universal or generalizable — I felt comfortable, accepted, and safe. In contrast to my professional world built on credentialing, many hackers are self-taught or learn from each other, so they don't care where, or if, you went to university. They tend to dole out respect based on what you do, say, and accomplish, and not on credentials.

Hacker culture

Still there are problems. While I feel comfortable at hacker conferences, it's undeniable that this domain is dominated by men. In this way, hackerdom mirrors entrenched patterns of exclusion, standard in western societies, but it also has its own cultural quirks and dynamics that exacerbate the problems. Until recently, hackers accepted the idea that intellectual debate benefited from an aggressive, blunt style of communication. Being a jerk was ok, so long as it was in the service of improving technology. Though more were courteous than mean, communicating aggressively was socially sanctioned and tolerated.

In the last decade or so, diversity advocates and critics have noted the problematic nature of this pattern, and the resoundingly alienating effects on others, especially newcomers. To their credit, many hackers have changed this, as well as other norms, to strive for a more inclusive social atmosphere. The tide has significantly shifted, and hackers are moving in the right direction to identify and rectify these issues.

Whether expunging known harassers and abusers, formulating expectations for conduct, or creating specific mechanisms to deal with problems that may arise during events, many hackers and their projects were ahead of the societal curve. A version of #metoo hit hacker circles before it gripped our Twitter streams. By then, many events, conferences, and spaces had already formulated expectations of acceptable behavior, while many academic events I was attending were lagging.

Hackers are often treated as socially inept, however, they are more often problem solvers, turning to technological and sociological interventions for issues of governance. Some people often (incorrectly) suggest hacker projects or spaces can't deal with these problems because they are volunteer-driven. Then I remind them that many of these projects have already dealt with the problems, while other institutions, such as universities, with fully operating human resources departments have failed to act decisively and handle known abusers until quite recently.

It's vital to recognize that this sort of work never ends. Some of the hardest problems afflicting hacker circles are due to either structural issues (typically around the law or education) or, on the other side of the spectrum, barely conscious forms of implicit bias that shape how we judge others and their work.

What role and responsibility do hacker projects or associations have in combating structural issues and implicit biases that will shape who gets allowed in and who stays in? These are the questions we should be asking. It is worth recognizing that even as you shift micro-cultures, structural issues and implicit biases will continue to create barriers, and these are ripe for tackling.

One last point that merits our attention is the surge in reactionary and regressive movements, which have support from some geek adjacent communities like gamers. Any gains in inclusion will invariably come with backlashes. New generations of geeks and hackers might be exposed to noxious currents that will creep into the hacker world and eat away at the many gains of the last decade. Vigilance against these movements is particularly important.

Finally, grappling with challenges, whether structural barriers, implicit bias, or the threat of neo-reactionary movements, should be built on acknowledging how far hacker communities have come. There is a lot to be proud of, even if there is more to do.

Now, 15 years since the book Coding Freedom was released, has anything changed? What were some changes in the community itself, and the publics' perspective of hackers?

Biella: Since there are a number of changes, I'll highlight one related to my research. Hacking's political edge has always been quite sharp. Whether it concerns hackers advocating for security in an era when it was ignored, or breaking intellectual property law to rebuild it for access, hackers have challenged and changed society and politics in innumerable ways. But most members of the general public were unaware of these currents. When Wikileaks appeared, their high profile leaks inaugurated the period of hacking becoming more geopolitically significant and known to the general public. Whereas once my father had no idea who Richard Stallman or Phil Zimmerman were, he could now go on and on about Julian Assange or, more recently, Russian hackers. While misconceptions and stereotypes still abound, the public has more concrete examples of hacker activity to draw on than ever before.

And an important question: What is your favorite hacker movie?

Biella: That's a tough question, as there are many I quite enjoy, such as War Games, Sneakers, and Hackers. It's easier for me to pick the worst one and that would have to be Black Hat, which I describe as a (terrible) love story masquerading as a hacker film.

But if forced to choose, it would be the German flick, Who Am I: No System is Safe, written by Jantje Friese and Baran Bo Odar. Since I don't want to give away any spoilers, I'll limit myself to four general reasons it's my top pick.

First, the film features four different types of hackers - a programmer, a social engineer, a hardware hacker, and a dare-devil vulnerability hunter. The film's showcasing of technical diversity means it's already a step above many hacker films.

Second, the plot — exciting enough to leave you on the edge of your seat — doubles as a meta-commentary on hacking. For hackers, that's quite exciting. I'd love to say more but can't, so you will have to watch it to see what I mean.

Third, the director managed to represent chatting on IRC in a cool way that involves trains, tricksters, and masks. It's the only time I've ever seen anonymous chatting portrayed in a way that captures its spirit.

Finally, the film is brimming with historical references to hacker history that touches on Anonymous, Kevin Poulsen, Chaos Computer Club, and other cybersecurity legends. They clearly had a great consultant and knew their stuff.

You can find Biella on her Twitter account and her website, and make sure to visit Hack_Curio for different hacker videos such as the video of "Joybubbles" Joe Engressia showing his perfect pitch, Steve Balmer going crazy on stage at a Microsoft Conference and even Putin comparing hackers to artists.

After a little break from our interview series, we're now back to bringing you industry thought leaders, with unique backgrounds and areas of expertise, discussing, sharing, and supporting important topics in cybersecurity.

In the next few weeks we are preparing more interviews and until then, catch up on the other ones on our blog we did previously, if you haven't already. Feel free to let us know if there are experts you would like to see featured in our series.

Sara Jelen Blog Author

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.

Subscribe to the SecurityTrails newsletter
Sign up for our newsletter today!

Get the best cybersec research, news, tools,
and interviews with industry leaders