Skip to main content
Version: Next

Hacker types

Hacker​

  • An individual who uses their computer and technical skills to gain access to systems and networks.
  • πŸ€— A common theory is that a hacker meant initially anyone who possessed skills and knowledge and determination to solve problems in a creative way.
    • There are arguments against it never was a benign term and the malicious connotations of the word were a later perversion is untrue.

Black hat hackers​

  • πŸ“ Uses knowledge and skills to discover and exploit security vulnerabilities for financial gain or other malicious reasons
  • Bad guys
  • No regard of law & regulations etc.
  • Activities include stealing personal and financial information or shutting down websites and networks
  • E.g. bank robbing

White hat hackers​

  • Also known as ethical hackers
  • πŸ“ Uses knowledge and skills to improve a system's security by discovering vulnerabilities before black hats do.
  • Will not break laws and regulations
  • Scope is determined by the client
  • E.g.
    • Publish vulnerabilities
    • Do penetration tests
    • ❗Participate in bounty programs to claim rewards.
      • Benefiting financially from hack is not illegal

Ethical hacking​

  • Also known as white hat hacking
  • Performed by security specialists to help companies identify vulnerabilities in their networks and systems.
    • Helps them analyzing and strengthening their system and network security
    • Allows for creating preventive measures that should prevent any future security breaches as well as protect data and information stored in the system.
  • Difference from black-hat hacking:
    • Hacking with permission of system owner
    • They remain compliant to the law
    • Purpose is to prevent hackers from breaking into systems and networks.
  • Flow
    1. Find vulnerabilities
    2. Assess problems & threats about them
    3. Offer solutions e.g. you can do to fix this
    4. Inform within the company
  • Ethical hackers should ask themselves when evaluating a system: (also companies asks often "why would we fix it?" in three questions)
    • What is it that an attacker can see on this network/system?
    • What could the attacker do with that knowledge?
    • Are there any traces of attempted attacks on the system/network?

Ethical hacking scope​

  • No test should be performed without appropriate permissions and authorization.
  • Test results should be kept confidential
  • Only those tests that the client requested should be performed

Grey hat hackers​

  • Also known as grayhat, gray hat, gray-hat, grey hat, greyhat or grey-hat hackers.
  • πŸ“ Might break laws, regulations and ethical standards but do not have explicitly malicious indent.
  • Middleground; Not as bad as black, not as ethical as white hackers.

Suicide hackers​

  • πŸ“ Perform attacks for a cause despite the risk of being caught and prosecuted.
  • E.g. they'll know for sure that they'll get caught but they still attempt the hack for a "cause".

Script kiddies​

  • πŸ“ Inexperienced hackers who don't have enough knowledge or skills to perform hacks on their own
    • Instead, they use tools and scripts developed by more experienced hackers.
  • Dangerous because running the closed-sourced tools on one's own system is a big risk.

Cyber terrorists​

  • Money is not the priority, but to destroy stuff.
  • Influenced by religious or political beliefs.
  • πŸ“ Goal is to promote fear, unrest and disruption.

State sponsored hackers​

  • πŸ“ Recruited by governments
  • Gain access to classified information of other governments
  • Information source can be governments, individuals or corporations.

Hacktivists​

  • πŸ“ Break into government and corporate systems out of protest.
  • Promotes political or social agenda.
  • E.g. steal and leak data on public domain