Security Blog

Hackers – who are they?

Computer hacker sitting by old computer

For the past several years, hackers have been a hot topic in the media. Hackers seem to be a dominant topic not only in the news but also in the entertainment industry. In movies, ‘the hacker antagonist’ has been a recurring theme – the villain is then often a powerful hacker that seems to be able to hack anything. But what is a hacker really? There are various classifications of hackers in the cyber security world. I will go through some of them in this post.

The most basic categorization is the colored hat scheme, derived from old westerns:

White hats

These are the good guys. They can be ethical hackers that hack organizations only to inform them of their security flaws and give advice on how to remedy them. The following link provides a good example of a white hat that pointed out a XSS vulnerability in TweetDeck:

Cyber security consultants can either be categorized as white hats or blue hats. They will help with the identification and correction of organizations security flaws. Furthermore, they can consult or audit with regards to regulatory compliance, but only if they get paid.

Grey hats

Grey hats tread a fine line between good and evil. They can, for example, hack an organization without permission, and then demand payment or work in exchange for not disclosing the organizations security flaws. A student at my former university got beaten up by hired thugs for trying to do this.

I personally also put hacktivists in this category. Hacktivists hack people/organizations that violate their ideological beliefs. The most popular hacktivist group is called Anonymous. They are a worldwide phenomenon and the poster boys for hackers in general, wearing their trademark Guy Fawkes’ masks.

Black hats

These are the cruel hackers, some of them downright evil. There are different sub-categories of Black hats:

Script kiddies: These are amateurs (noobs) that get no respect from the hacker community. They will download software that other people have made and use it for hacking. Script-kiddies can’t program, hence the reason why many people consider them wannabes.

Organized crime hackers: These people hack purely for monetary reasons. They may be part of a mafia or another kind of crime syndicate. The will hack in pursuit of, e.g., cardholder data, secret information to be used for blackmail or to get an unfair advantage on the stock market.

Con artists/ social engineers: Who said hacking only requires technical skills? Why crack passwords using brute force scripts when you can simply trick people into giving it to you? Social engineering is about hacking people’s brains by using psychological tricks or simply exploiting vulnerable people like the elderly. They use a technique called phishing, giving victims a false sense of trust and incentive, which leads them to disclose usernames, passwords, credit card details, etc. A common method is sending emails to potential victims with an attachment that contains malware. Another method is creating websites that look legitimate (spoofing websites) and require that you create an account with your email and a password. It is very common for people to use the same password for many accounts, meaning that the password that was given to the site will be the same one as for the email account. The email account will be hacked shortly afterwards, if this is the case.

Insiders: Perhaps the greatest of enemies is the enemy within. People are given all sorts of responsibilities and access when working for organizations. Sometimes that can lead to problems. According to Verizon 2016 Data Breach Investigations Report, 1/5 of security breaches are done by insiders. It is therefore paramount to retain logs, enforce access control, maintain separation of duties and remove access from terminated employees.

Governments: It is no secret that there are governmental agencies that hack allied, neutral and hostile countries in order to get useful information and political advantages. Know thy friend, know thy enemy.

Hackers that that do it for the lulz: There are many hackers that hack purely for the sake of getting a rise out of people – trolling or schadenfreude. Hacking has also become like a sport, where status is earned from causing mischief and chaos. Some people just want to see the world burn.

 

  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100
  • info@24solutions.com