A Hacker Handbook: Who Are the Bad Guys?

Thursday, January 19, 2012

Kelly Colgan


By Ondrej Krehel, Identity Theft 911

Back when the Internet was a baby, and I was taking my first steps in network security, hackers were a fairly homogeneous lot.

Sure, some were scamming businesses for personal gain, but most were simple graffiti artists – breaking into popular websites to splash around some MS Paint. It was a way to rebel and earn credibility within the computer community.

As the Internet has grown up, so have hackers. Here’s a quick rundown of who they are:

  • Hacktivists — These hackers aren’t driven by self-interest; they’re part of a social movement. Many groups, like LulzSec and Anonymous, are trying to do right – or what they perceive as right – to perceived wrongs. It’s vigilante justice wrought by the hive mind. They seemingly get a lot of press, especially after high-profile attacks and apparent support of Occupy Wall Street.
  • White Hats — Beyond hacktivists, there are old school white hats and black hats. (At least their names sound old school.) The white hats are essentially security professionals who use hacker skills such as penetration testing to test network security.
  • Black Hats — They’re doing the same thing as the white hats, but for gain and fame.
  • State-Sponsored Hackers — The last 10 years have seen the rise of state-sponsored hackers. Their handiwork was recently seen in the RSA data breach, which resulted in attacks on defense contractors Lockheed Martin and Northrup Grummon. They are government agents of militaries and intelligence services taking the war online.
  • Corporate Hackers — And there are corporate versions of these hackers, too. Their aim is to break into businesses systems to steal proprietary information or sabotage competitors. Of all the hacker types, these are the ones we’re least likely to hear about because it’s not in any company’s interest to announce that its secrets were stolen.

There are other kinds, too. The script kiddies, the vandals, the cyber terrorists – but the scale of their attacks seems to be dwindling, generally, compared to recent hacktivist and state-sponsored reports.

Why should you care about all this? Well last time we talked about a holistic security system. One component was threats. Knowing the type of hacker that could be targeting your data moves you one step closer to protecting it.

Ondrej Krehel, Chief Information Security Officer, Identity Theft 911 Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.

Possibly Related Articles:
Network Access Control
Information Security
Enterprise Security Anonymous Hacktivist hackers Black Hat White Hat Ethical Hacking Lulzsec AntiSec Ondrej Krehel
Post Rating I Like this!
Javvad Malik I'm also add organised criminals to the list as significant players. The guys who are in it primarily for the money.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked