Temptation, fear, and the moment you choose not to hack.
When people talk about hackers, images of digital chaos often come to mind—individuals who deliberately break into systems for profit, fun, or ideology. But behind many of these stories lies something deeper: psychology, internal conflicts, and choices made on the edge of what’s permissible. One former member of the underground hacking scene has chosen to speak out about his past, explaining why it's not just technical skill that matters, but the ability to know when to stop.
In the mid-2000s, he was involved in numerous operations, gaining access to major servers and infrastructures across different industries. However, his goal wasn’t destruction or total control of the networks. What mattered most to him was not losing control over his own actions and surroundings. If an outcome wasn't predictable, he preferred not to interfere. In his view, this is what separates hackers who explore from those who pursue chaos for its own sake.
One such episode occurred in 2008. Alongside a friend, he gained access to an ISP server through remote desktop — it was surprisingly easy, as the password matched the username. The server hosted software for managing satellite terminals. Among the devices listed were the then-popular HN7000S and DW7000 modems, operating through VSAT systems. This kind of technology is used for communication in remote areas and often supports businesses, governments, and even military units.
Instead of exploiting the infrastructure to inject malware or take over satellite channels, the hackers chose not to risk it. Their refusal to exploit the system was deliberate — the level of uncertainty was too high, and even a small mistake could lead to serious consequences. In the end, the server was only used to store illegal content — a sort of compromise between temptation and restraint.
Another incident occurred in the early 2000s, when the group gained access to a banking infrastructure. At the time, many institutions still used outdated protocols like Telnet, which transmitted data in plain text. The hackers connected to one such bank via terminal access using admin credentials. It turned out they had entered the bank’s Security Operations Center (SOC), located inside the data center. From that point on, they had access to almost the entire internal network.
Ironically, this all happened because the administrator was simply idle, browsing explicit websites instead of monitoring the systems. The hackers had the opportunity to steal money, tamper with the systems, or extract confidential data. But they didn’t. Instead, they simply observed, capturing traffic packets for later analysis. The money in the bank, as the narrator recalls, was insured — but behind it stood real people, their time, work, and hopes. This was one of those moments when the awareness of real damage outweighed the lure of profit.
However, avoiding consequences wasn’t always possible. In 2009, in an attempt to expand a botnet, they tried deploying a malicious firmware update to widely used DSL modems. A Python script automated the process of uploading the modified firmware to vulnerable devices. In theory, this would create a distributed network of controlled nodes. In practice, everything went wrong. Lacking proper understanding of the hardware architecture and original code structure, the new firmware ended up bricking the devices — they wouldn’t turn on and couldn’t be restored.
As a result, more than 100,000 modems in Brazil were rendered unusable. This campaign became one of the first known examples of a Phlashing attack — a form of denial of service where devices are physically damaged via faulty firmware updates. According to the hacker, the consequences didn’t immediately sink in. At the time, they just thought the experiment had “failed” and moved on to the next target. The responsibility for the broken devices and people cut off from the internet wasn’t taken seriously.
Over time, as he matured, his perspective began to change. He increasingly questioned whether every vulnerable service really deserved to be hacked. Many in the hacking community justify their actions by claiming to “teach” system owners how to secure their setups. But in reality, such reasoning often masks a simple desire for ego-boosting and thrills. Choosing not to attack becomes a sign of maturity, not weakness.
He emphasizes that the ability to hack does not justify the act itself. Hacking without purpose, without awareness of consequences, and without the willingness to take responsibility — that’s not strength, but a mere illusion of it. True power lies in the ability to stop.