Tech Term: Hacker
The term “hacker” is possibly one of the best-known technology-related terms there is, thanks to popular culture. Properties like The Girl with the Dragon Tattoo and the Die Hard franchise have given the layman a distinct impression of what a hacker is. Unfortunately, this impression isn’t always accurate. Here, we’ll discuss what real-life hackers are like, and the different varieties there are.
In broad terms, a hacker is an individual that uses their computing and programming skills, sometimes cooperatively with others like them, to identify and exploit gaps in the protocols that protect computer systems. Their actions after that point can be used to classify them further.
There are three main classifications, with subtypes to specify different types of hackers more specifically.
The Types of Hackers
Black hat hackers are the first kind that you probably think about, as they are the bad guys of the hacking spectrum. They are the ones who use their computer skills to entrap their victims and steal information for their own benefit, largely contributing to the public perception of hackers as a whole. If someone is a black hat hacker, their work is motivated by personal gains, tends to take effect at the expense of others, and is illegal.
White hat hackers fall on the opposite side of the hacking spectrum, electing to use their skills to help businesses and other organizations keep their IT systems secure by seeking out weak points and vulnerabilities so that steps can be taken to fix these problems. White hat hackers also only operate by request - they will not hack your systems unless you ask them to try. In a way, if ISC were to run a penetration test on your business, we would be operating as white hat hackers.
As their name would suggest, gray hat hackers are a combination of black hat and white hat. While they avoid being classified as black hat by not personally profiting from a hack, they also aren’t white hat, as their hacks aren’t done with the permission (or knowledge) of their target. The vulnerabilities they find will sometimes be reported to the hacked organization or distributed online for others to take advantage of.
These are the amateurs, the hackers that rely on pre-written code to launch basic attacks on their targets. Their motivation is often to attract attention or to impress others, with no appreciation for why the codes they leverage work and no desire to learn.
Similar to a script kiddie, a blue hat hacker is an amateur who uses the code written by others to lash out against those who have wronged them in their eyes. Again, like a script kiddie, a blue hat hacker has no desire to learn how hacking works, they just want to use it as a means to a vengeful end.
A red hat hacker is a hacker that targets other hackers. Rather than reporting a discovered attack, as a white hat hacker would, a red hat hacker will instead attack back. With the goal of preventing black hat hackers from being able to hack, red hats will use cyberattacks and malware to take them out of commission.
The greenhorns of the hacking world, green hats are script kiddies who actually want to learn and improve. Always ready to ask questions of more experienced hackers and to learn all they can, green hat hackers are the ones who grow to be more skilled in the future.
These hackers are employed by a governing body to serve the state, stealing valuable information and targeting the enemies of a nation. These hackers have been known to strike out against key individuals and companies, as well as the opposing nation as a whole. Their status as a government agent provides them with considerable support and resources.
Again, acting either as an individual or as a part of a group, hacktivists leverage their abilities to act upon a deeply-held conviction. By putting their skills to use, hacktivists are able to damage entities who hold beliefs counter to their own, whether that entity is a business or a governing body. As one might image, their driving motivation is to encourage (or “encourage”) social change.
Instead of relying on hacking skills or borrowed codes, these hackers are those that use their status as an employee to gain access to a company’s confidential, invaluable data. Some act to appease a grudge they have fostered against their employer, while others are moles for one of the company’s rivals. Either way, these hackers are some of the most dangerous to the company, as their threats are the ones that usually aren’t seen coming.
Hackers Switching Hats
Complicating matters somewhat, a hacker’s hat isn’t forever. Many hackers have moved from the realm of black hat to gray. Samy Kamkar gained enough notoriety to earn a lifetime ban from the Internet after crashing MySpace with a worm at the tender age of 19 in 2005. However, his sentence was lifted after three years of good behavior. Today, Kamkar wears a gray hat, identifying vulnerabilities independently and reporting them to those who need to know.
However, the opposite case is equally possible, and shows that these considerations can be complicated. For example, In May 2017, Marcus Hutchins (AKA “MalwareTech”) was responsible for putting a stop to WannaCry but was arrested in August 2017 for allegedly writing and distributing the Kronos banking Trojan, potentially trading a white hat for a gray hat.
There are others, too. MIT professor Robert Morris created the first ever computer worm during his graduate studies at Cornell University, and was the first to be convicted under the Computer Fraud and Abuse Act as a result. A one-time member of the LulzSec Group that hacked the CIA and Sony, Mustafa Al-Bassam now works as a security adviser.
At the end of the day, hackers are more than just a black and white topic, and the lines get more and more blurred every day. What do you think? Is “hacker” a pejorative term, or is it more complicated than just that? Share your thoughts in the comments!