[BreachExchange] The Types of Hackers & Why They Hack

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jul 13 15:14:28 EDT 2018


https://www.bleepingcomputer.com/news/security/the-types-
of-hackers-and-why-they-hack/

Originally, a hacker was defined as one who is enthusiastic about
computers, whether that be programming or getting into the guts of a
computer to see how it works. In current times, the term may describe a
person who attempts to gain unauthorized access to computers, with less
than honorable intentions, or the person who counters the bad intentioned
one. But, there is a pretty broad spectrum of hackers and a variety of
motivations for hacking.

While some hackers develop various types of tools and applications with
which people can secure themselves, others spend time painstakingly looking
for and reporting vulnerabilities and malware. Others still spend their
time creating malware and cooking up schemes to acquire other people’s
money.

Hence, a hacker may hack for malicious or favorable purposes, but even a
well-intentioned hacker can be led astray. Some hackers have admitted that
they hack because of the sense of power over others and the fame or
notoriety that can go along with a high-profile hack. Issues like low
self-esteem, poor impulse control and anger management problems can
exacerbate the descent into the world of predatory hacking.

In the beginning, most hackers were motivated by curiosity, learning and
challenges. In most cases there was no malicious intent. As technology
progressed, however, opportunities for financial gain through illegal
activity, burgeoned, from which arose criminal hacking enterprises which
are run similar to any other business.

1 - Script Kiddies & Other Novices – Script kiddies, referred to as skids
for short, have a low skill set and typically use code, written by others.
Script kiddies tend to lack motivation and rarely perform their own hacks,
preferring to utilize easy to use software. A script kiddie will usually
not progress beyond doxing and performing simple DDoS attacks on websites.

Green Hat Hackers are also newbie hackers, but unlike script kiddies green
hats have the drive to become more advanced hackers. Due to their
curiosity, they are self-motivated and spend hours learning, practicing and
improving upon their skills.

Blue Hat Hackers are vindictive script kiddies who hack as a way of
exacting revenge against their enemies.

2 - A Black Hat Hacker is generally a nefarious hacker, who hacks for
financial gain. Black hats also tend to enjoy the thrill of a challenge and
competition between black hats can be fierce. Black hat hackers may engage
in an assortment of hacking activities, including exploiting
vulnerabilities, computer intrusion, identity theft, vandalism of systems,
leaking of sensitive government or business information or the creation of
malware, including ransomware.

3 - White Hat or Ethical Hackers - Ethical hackers use their skills in
order to help individuals, businesses and government.  They counter
malicious hackers, find vulnerabilities that need to be patched, find newly
released malware, help protect computer networks and educate people on
securing themselves online--just to name a few of the activities white hat
hackers engage in.

4 - Gray Hat Hackers don’t customarily hack for financial gain, but their
intentions may be good or bad. For instance, when a gray hat hacker hacks a
website, they might tell the site owner about the vulnerability that
allowed the hack to take place. Or, the gray hat might publicize the hack,
in the name of hacktivism.

There is a fine line between hacker types, however, as someone may work as
a white hat by day and engage in black hat activities at night. Script
kiddies and white, black and gray hats can all be found in a hacktivist
collective, such as Anonymous. A black hat may engage in illegal activities
for a living, while also being involved in hacktivism, essentially as a
hobby. And, some black hat hackers move on to the ethical hacking arena as
can be seen at computer security conventions such as Black Hat and DEF CON.

5 - Hacktivists work to right perceived wrongs in the world. This may
involve DDoSing the websites of organizations accused of cruelty to
animals, terrorist websites, the websites of oppressive government regimes,
etc. It can also involve hacking the websites of governments with whom the
hacktivists disagree, in regard to policy. Leaking information, doxing,
reporting terrorist accounts on social media and raising awareness of
issues deemed important are also measures taken by hacktivists. For
instance, hacktivists have historically been vigilant in campaigning
against proposed legislation that threatens civil liberties—particularly in
regard to the 4th Amendment. Sometimes online activity is coordinated with
protests on the ground.

Collateral damage can result from hacktivism, as various "ops" are
well-intentioned, but not always well thought out, so innocent people can
end up being harmed.  Additionally, some hacktivists are driven less by the
desire to effect positive change in the world and more by fame seeking or
feelings of jealously or resentment in regard to their target. While there
are well-documented instances of hacktivism yielding positive results,
hacktivism sometimes morphs into predatory behavior.

The Economic Times describes this dilemma as:

“...the sense of idealism and an overwhelming belief in the power of
technology to set right the ills of the society is real and drives many
young coders. Hackers tend to have an acute, heightened sense of what is
right and what is wrong, and much of their behaviour is based on how they
interpret what they see as injustice or unfairness. This heightened sense
of social injustice is one of the characteristics that underpins many
hackers, but that can turn into something predatory.”

6 - Nation-State Hackers a.ka. Advanced Persistent Threats (APT) are those
who are employed by a government to engage in espionage, social
engineering, computer intrusion and/or embedding malware with the goals of
acquiring classified information and gaining advantage over another
government.

7 - A Malicious Insider may be a disgruntled employee, one hired by a
competitor in order to steal trade secrets from the competitor or a fired
employee who managed to pilfer sensitive company information before being
shown the door.

Currently, there is a significant shortage of hackers or cybersecurity
professionals who are employed by businesseses and governments, including
militaries.  This shortage is expected to continue well into the future and
businesses and governments are attempting to fill the void by engaging
elementary school children, offering funding for earning a degree in a
related field and paying high salaries in order to attract top talent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180713/b7b36e31/attachment.html>


More information about the BreachExchange mailing list