Lesson 13 - Types of Attackers
Attackers are individuals or groups who attempt to exploit vulnerability for personal or financial gain. Attackers are interested in everything, from credit cards to product designs and anything with value.
Amateurs - These people are sometimes called script kiddies (or skiddies for short) in the hacking community. They are usually attackers with little or no skill, usually using existing tools or instructions found on the Internet to launch attacks. Some of them are just curious, while others are trying to demonstrate their skills and cause harm. They may be unexperienced and using basic tools, but the results can still be devastating.
Hackers - This group of attackers break into computers or networks to gain access. Depending on the intent of the break-in, these attackers are classified as white, gray, or black hats (more on that later on in this lesson).
Organized Hackers - These hackers include organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers. Cyber criminals are usually groups of professional criminals focused on control, power, and wealth. The criminals are highly sophisticated and organized, and they may even provide cybercrime as a service to other criminals. Hacktivists make political statements to create awareness to issues that are important to them. State-sponsored attackers gather intelligence or commit sabotage on behalf of their government. These attackers are usually highly trained and well-funded, and their attacks are focused on specific goals that are beneficial to their government.
"Hats" of Hackers
White hat - An ethical computer hacker, or a computer security expert, who specializes in different testing methodologies to ensure the security of an organization's or person's servers or software. These attackers break into networks or computer systems to discover weaknesses so that the security of these systems can be improved. These break-ins are done with prior permission and any results are reported back to the owner.
Black hat - A hacker who violates computer security, laws and takes advantage of any vulnerability for little reason beyond personal, financial, political gain or for maliciousness.
Gray hat - This term refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker. A gray hat is a kind of combination of black and white hat hackers. Some gray hat hackers publish the facts about the vulnerability on the Internet so that other attackers can exploit it.