If you are a tech savvy person, you may have been called a “hacker” at some point by someone less technical. Maybe you’ve heard of growth hackers and life hacks. These are not the droids we’re looking for.
The word “hack” in computer systems goes back to the 1950’s at M.I.T. when the model railroad club was cutting wires and messing with electrical systems. Shortly after, the word “hack” grew to mean “working on a tech problem in a different, presumably more creative way than what’s outlined in an instruction manual.” (Source: New Yorker).
In modern times, there is more to hack than ever—and the word “hacker” will never be the same.
What is a Hacker?
A computer hacker is someone that tries to find or solve problems within devices or networks. If we want the popular definition, a hacker is someone that attempts to gain unauthorized access to a computer or network.
Most cybersecurity attacks follow phases that look like this:
- Reconnaissance and research
- Scanning for weakness
- Gaining access
- Sustainment via backdoors
- Steal data or inject payload
- Obfuscate and cover tracks
This process can be coordinated by a single person, a hacking team, or a “movement” with a goal in mind. There can be many reasons why hackers hack, and not all of them are bad.
White Hat Hackers
White hat hackers are also known as ethical hackers. They usually specialize in:
- penetration testing,
- breaking into protected systems, networks, websites or any other web application to assess and evaluate their security stand;
- identifying gaps and vulnerabilities to come up with a patch.
Their ultimate goal is to understand the mind and intents of a black hat hacker to stay ahead of threats or identify how attacks are performed.
Some white hat hackers have regular day jobs. They usually work to improve systems, structures, or codes for specific companies or organizations. For example, plugin and theme developers might count on white hackers to keep their products secure around the clock.
Most white hat hackers will have the mindset of a black hat hacker with an ethical core. This trait makes them perfect to create evolving strategies to fight zero-day attacks and vulnerabilities in the wild.
Here are a few types of white hat hackers.
Bug Bounty Hunters
Bug bounty hunters are hackers who look for vulnerabilities. They perform penetration tests for companies and can earn a lot of money for doing so.
Bug hunters look for security holes so that the businesses they work for can patch the website vulnerabilities before it is explored. We can say that they are competing with black hat hackers to obtain access into websites and systems.
According to quora.com, the largest bug bounty on HackerOne was $1 million.
Red Team vs. Blue Team
Cybersecurity can be seen as a war strategy. So just like in war games, cybersecurity companies hire pentesters or separate their staff into red and blue teams to imitate attack techniques.
This is a strategic defense approach, meant to assess the effectiveness of an internal security team. These cybergames make an organization and its online assets more secure by being tested.
Black Hat Hackers
Unlike white hats, a hacker is considered “black hat” when they have malicious intentions. These hackers intend to destroy, modify or steal in the quest for personal gain.
The term “black hat” is also popular in digital marketing. For example, an SEO professional may try unethical or dishonest ways of getting better rankings. Scammers will trick vulnerable people into paying for something they don’t need.
When it comes to hacking, not all black hats work the same way. Some may be specialized in areas like vulnerability exploitation, brute force, DDoS attacks, or SEO spam (to name a few).
Social Engineering Hackers
While this type of hacker doesn’t deal with vulnerable computers, their attacks are becoming a bigger threat every day in the digital world.
Social engineers use lies and sociology to exploit weaknesses in human behavior. We see this with the rise of text message spam, phishing emails, and fraudulent phone calls.
If you’ve ever followed behind someone to enter a building that you should have been buzzed into, you’ve committed an act of social engineering. You know it is unlikely that anyone is going to confront you about tailgating, but you are effectively gaining unauthorized access to the building.
Pentesters and white hats may use social engineering as part of their methods to test an organization’s security. Some of the best hackers in the world will do reconnaissance on an organization to identify targets and trick those people via email, on the phone, or social media.
You get an email, it looks legitimate, and you open the attachment. While the malware is in the attachment, the attack vector that caused the company to get hacked was the person who didn’t know better.
As hackers get more sophisticated, expect social engineering to play a bigger role. It won’t be long before security training becomes mandatory for anyone with access to a computer.
Hacktivists are people, groups, or movements trying to make a statement. These hackers will look for means to bring attention to a certain agenda.
Hacktivists often attack companies they disagree with. There are DDoS tools that are intended to be used by a large group of hacktivists, using the combined power of their computers and botnets to take down a target website.
Another hacktivist tactic is defacement. This involves adding malicious images to the website homepage and other important pages. Beyond the embarrassment, the effects can include loss of traffic, revenue, and trust in your brand.
These hacktivists usually target:
- Politics and government issues;
- Environmental and world change motivations;
- Religious and cult movements;
- Cultural ideologies;
- Social causes;
- Foreign affairs and others.
Cyberterrorists work with terrorist organizations to exfiltrate data from military and government targets. They may also cause panic by disrupting public systems or infrastructure. Sometimes this can overlap with hacktivism, and specifically refers to a hacker with political motivations.
According to the United States Federal Bureau of Investigation, cyberterrorism is any:
“premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combat targets by sub-national groups or clandestine agents.”
In the hacker world, new hackers are known as script kiddies. These hackers are just starting to learn and flex their skills. These hackers are known as skiddies, skids or script kiddies.
These newbie hackers usually can’t write elaborate scripts or exploits on their own yet. They often rely on existing tools and scripts to attack web applications or networks. They have one goal in mind: impress other hackers or friends in their community.
Their favorite attack is usually website defacement: it is easy to perform, allows them to claim responsibility, and gives them credibility among their peers.
Today anyone with access to the internet can become a hacker. It doesn’t mean that all of them have the same intent, speed of learning or overall capacity to produce a sophisticated attack, but it is certainly not keeping many of them from trying.
As a website security company, our goal is to make the internet a safer place. That is why we research to create resources and content to keep you up-to-date on this ever-changing world of information security.
*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Juliana Lewis. Read the original post at: https://blog.sucuri.net/2019/11/how-many-types-of-hackers-are-there.html