Types of hackers

As mentioned earlier, there is a specific image attached with the term hacker. However, in real life, hackers are categorized into various categories depending on the type of actions they perform. In the coming sections, we will explain the different types of hackers, what kind of experience they require, and what the legal aspects related to each type are.

White hat hackers

Aim: Defending the business and assets of an organization from external and malicious attacks.

White hat hackers refer to cybersecurity experts or penetration testers whose goal is to test the security of information systems. They are also called ethical hackers or the good guys. Their intention is to defend against malicious hackers, which will be discussed in a moment. White hat hackers use the same tools and technologies and have the same expertise regarding breaking into systems. The only difference lies in their intention. Their goal is to enhance the strength of the system and protect it from outside attacks.

This book aims to help you to become an ethical hacker and help improve the security of the system. Becoming a successful ethical hacker requires years of expertise in learning technologies, understand the thinking process of hackers, and patience. Cybersecurity analysts and penetration testers are some of the highest-paid jobs in the field of computer science.

Black hat hackers

Aim: Breaking into the system with malicious intentions.

Black hat hackers are usually criminals whose motive is to either get financial gain or cause harm to someone with personal, institutional, or national objectives. Black hat hackers try to hide their identity as much as possible; they mostly use pseudonyms to identify themselves. Hacking with malicious intentions is illegal in most countries. Black hat hackers are very hard to detect in a system unless they choose to reveal themselves. A lot of the time, they maintain remote access to systems without the actual owner of the asset knowing about their presence. They are also very good at covering their tracks. Most of them only reveal themselves when the damage has been done. A lot of the time, black hat hackers are a part of different criminal organizations. This makes them even more difficult to capture.

In strict terms, black hat hacker refers to someone whose primary objective is financial gain. The term black hat hacker is derived from the fact that in old western movies, the bad guys would often wear black hats, thus the convention of using black hat for hackers gained popularity.

Gray hat hackers

Aim: Personal motivations or for fun.

The real world is not binary and neither are hackers. Gray hat refers to hackers that operate in somewhat muddy territory. They have the same skillset as white hat or black hat hackers; however, their motivation is usually not financial. Gray hat hackers like to play around with systems just for the sake of fun and enjoyment. Most of the time, they are harmless and even expose the system vulnerabilities to the people responsible. They break into the system just because they can.

Gray hat hackers also like to snoop around systems testing their strengths, and once they discover potential weaknesses, they usually notify the administrators and offer their services for correcting the issues with a service fee. This is a way for them to make money. The legality of this practice is questionable; however, for some, this is a way to earn a handsome amount of money.

As mentioned earlier, the boundary between gray hat hackers and black hat hackers is quite fuzzy. You should be very careful with it. A single mistake or miscalculation can cause significant issues. There is also the danger of gray hat hackers eventually crossing into black hat category.

These are the three main categories of hackers. However, in real life, there are also other terms used that can fall into one of these categories depending on who you ask. It's hard to classify them into a single category, so they will be mentioned separately in the following section.

Nation-state hackers

Aim: Attacking the cyber assets of an enemy.

With the increased dependence of countries on computer-based systems, the need to both protect and attack cyber systems is becoming extremely important. With conventional means of warfare becoming more and more potent and limited in nature, the use of cyber warfare is gaining significance. Nation-state hackers is a term used for a team of hackers focused on damaging the cyber assets of an opposing country.

The history of nation-state or state-sponsored hackers goes back to the early times of computing. Countries have been using hacking as a means of achieving their strategic objectives for a long time. The job of state-sponsored hackers is to penetrate the enemy systems, gain information, plant backdoors for remote control, and even destroy their critical infrastructure. Several high-profile attempts have been made in this aspect and the threat is very real. Just imagine what would happen if an enemy state were to take control of someone's nuclear plant. This plot is not out of some science fiction movies. This has happened in real life as well.

Take the example of the Stuxnet virus, which infected the Iranian nuclear facilities. Stuxnet was a very complicated malware that infected the Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems are used for the monitoring and control of large-scale industrial systems. The virus exploited a vulnerability in the programmable logic controllers (PLCs) used in the facility. The malware was very discreet and only became active if the target system was the Iranian nuclear facility. Even though it infected a large chunk of computer systems, it mostly remained dormant and only activated itself when it reached its intended target. According to most researchers, the complexity of the attack indicated that it was not the job of some criminal organization but a team of highly specialized programmers requiring months of development. These types of resources are often only at the disposal of national-level hackers. Stuxnet took control of the centrifuge speed control signals and starting spinning centrifuges at such high speeds that it eventually led to a breakdown. Stuxnet also intercepted speed status messages going to the SCADA systems so it would make it seem like centrifuges were operating at normal speeds while in reality, they were spinning at far higher speeds. This made Stuxnet very hard to detect and it stayed undetected for quite some time, hampering the nuclear progress in the facility, before finally being detected in 2010.

Corporate spies

Aim: To get a competitive edge.

A lot of business value of companies lies in the intellectual property (IP) they own. This IP sometimes defines the worth of a company. In recent years, companies have been subject to corporate attacks, where attempts have been made to steal their IP. With increased competitiveness in the business world, corporate espionage is becoming a daily occurrence. Companies are subject to attacks from corporate hackers, who aim to steal sensitive information, including IP, business plans, patents, financial data, and customer data, to gain a competitive edge. These attacks can come from competitors directly or they can hire professional hackers for this purpose.

These types of hackers usually fall in the black hat category. However, due to the nature of hacks, they are sometimes classified into a category of their own. The only difference in corporate hackers is that their primary target is usually their competitor, while in other cases the target could be anyone.

Hacktivists

Aim: To make a political/social statement.

Hacktivist is a term combining the words activist and hacker. These types of attacks are usually carried out in order to make a political statement. The aim of these hackers is to make a call for social change or to bring attention to some issue. In contrast to black hat hackers, who try to be as discreet as possible, hacktivists try to gain maximum attention while hiding their real identity. Their goal is to spread their message to the masses. In the majority of hacktivism cases, there is no financial motivation for the hackers. They use the same tools and techniques as other hackers. Hacktivism is the digital equivalent of a political protest. With changing political dynamics, politics is making inroads into the digital space and hacktivism provides a pathway for some people to make their statement.

Hacktivists use different methods to attract attention. Sometimes they disrupt services, for example, carrying out a DoS attack on a company or government website. Other times, they gain access to critical and sensitive information and leak this classified information to the public, causing significant embarrassment for the government or company. One of the major leaks in recent years is the WikiLeaks fiasco.

One thing that should be noted here is that from a legal perspective, there is no difference between hacktivism and black hat hacking. Even if you are participating in some activity for a noble cause and you get caught, you will be tried for the same crimes as a black hat hacker. Therefore, a lot of hackers tend to stay anonymous and use pseudonyms for their activism.

One of the most famous hacking organizations associated with hacktivism is Anonymous. They have allegedly carried out numerous attacks against different governmental organizations to state their sympathy to a cause or opposition to certain legislation. Anonymous calls itself a decentralized organization with people coming together to support a common cause. They have often been dubbed as freedom fighters and the Robin Hood of the digital paradigm. The decentralized nature of this collective means that it has become very hard to crack down on it:

Figure 1.6 – Emblem associated with Anonymous

Different individuals and small organizations have claimed responsibility for managing the operations of this organization; however, the true nature of this organization remains a mystery. There are other organizations as well, such as LulzSec and Fancy Bear, whose operations are much more dedicated in nature and have caused significant difficulties for cybersecurity professionals.

Script kiddies

In cybersecurity spaces, the term script kiddie refers to beginner hackers who do not have in-depth knowledge about cybersecurity or hacking in general. They often tend to use prebuilt tools for hacking purposes much like a black box approach. They don't essentially know how the hacking tool works internally but they just use it. Script kiddies sometimes lack programming knowledge to build their own tools and rely on existing tools for hacking purposes. The term script kiddie comes from the fact that they use pre-built scripts or programs to carry out attacks.

Script kiddies often acquire a hacking tool such as a reverse shell and deploy it by watching internet tutorials. Their goal is not to learn the process but the final objective, which is to take control of the target system. As long as the tool works, they are not interested in how it works.

A common mistake often made by cybersecurity professionals is to not take script kiddies seriously. A well-deployed attack even from a script kiddie can cause huge damage to the assets. For an attacker to carry out a successful attack, they do not have to know every detail of the script they are using. Just the right angle of attack is sufficient to carry out a successful attack. There are a huge number of tools available online both free and paid that could help someone to carry out attacks. There are hacking organizations that make these tools especially to sell them to script kiddies for carrying out attacks. So, do not think that someone with little knowledge about developing tools is not a threat. In fact, they are as much of a threat as an experienced hacker. The success of an attack depends on both the attacker as well as the tools used.