Originally, a hacker was defined as one who is enthusiastic about computers, whether that be programming or getting into the guts of a computer to see how it works. In current times, the term may describe a person who attempts to gain unauthorized access to computers, with less than honorable intentions, or the person who counters the bad intentioned one. But, there is a pretty broad spectrum of hackers and a variety of motivations for hacking.
While some hackers develop various types of tools and applications with which people can secure themselves, others spend time painstakingly looking for and reporting vulnerabilities and malware. Others still spend their time creating malware and cooking up schemes to acquire other people’s money.
Hence, a hacker may hack for malicious or favorable purposes, but even a well-intentioned hacker can be led astray. Some hackers have admitted that they hack because of the sense of power over others and the fame or notoriety that can go along with a high-profile hack. Issues like low self-esteem, poor impulse control and anger management problems can exacerbate the descent into the world of predatory hacking.
In the beginning, most hackers were motivated by curiosity, learning and challenges. In most cases there was no malicious intent. As technology progressed, however, opportunities for financial gain through illegal activity, burgeoned, from which arose criminal hacking enterprises which are run similar to any other business.
1 – Script Kiddies & Other Novices – Script kiddies, referred to as skids for short, have a low skill set and typically use code, written by others. Script kiddies tend to lack motivation and rarely perform their own hacks, preferring to utilize easy to use software. A script kiddie will usually not progress beyond doxing and performing simple DDoS attacks on websites.
Green Hat Hackers are also newbie hackers, but unlike script kiddies green hats have the drive to become more advanced hackers. Due to their curiosity, they are self-motivated and spend hours learning, practicing and improving upon their skills.
Blue Hat Hackers are vindictive script kiddies who hack as a way of exacting revenge against their enemies.
2 – A Black Hat Hacker is generally a nefarious hacker, who hacks for financial gain. Black hats also tend to enjoy the thrill of a challenge and competition between black hats can be fierce. Black hat hackers may engage in an assortment of hacking activities, including exploiting vulnerabilities, computer intrusion, identity theft, vandalism of systems, leaking of sensitive government or business information or the creation of malware, including ransomware.
3 – White Hat or Ethical Hackers – Ethical hackers use their skills in order to help individuals, businesses and government. They counter malicious hackers, find vulnerabilities that need to be patched, find newly released malware, help protect computer networks and educate people on securing themselves online–just to name a few of the activities white hat hackers engage in.
4 – Gray Hat Hackers don’t customarily hack for financial gain, but their intentions may be good or bad. For instance, when a gray hat hacker hacks a website, they might tell the site owner about the vulnerability that allowed the hack to take place. Or, the gray hat might publicize the hack, in the name of hacktivism.
There is a fine line between hacker types, however, as someone may work as a white hat by day and engage in black hat activities at night. Script kiddies and white, black and gray hats can all be found in a hacktivist collective, such as Anonymous. A black hat may engage in illegal activities for a living, while also being involved in hacktivism, essentially as a hobby. And, some black hat hackers move on to the ethical hacking arena as can be seen at computer security conventions such as Black Hat and DEF CON.
5 – Hacktivists work to right perceived wrongs in the world. This may involve DDoSing the websites of organizations accused of cruelty to animals, terrorist websites, the websites of oppressive government regimes, etc. It can also involve hacking the websites of governments with whom the hacktivists disagree, in regard to policy. Leaking information, doxing, reporting terrorist accounts on social media and raising awareness of issues deemed important are also measures taken by hacktivists. For instance, hacktivists have historically been vigilant in campaigning against proposed legislation that threatens civil liberties—particularly in regard to the 4th Amendment. Sometimes online activity is coordinated with protests on the ground.
Collateral damage can result from hacktivism, as various “ops” are well-intentioned, but not always well thought out, so innocent people can end up being harmed. Additionally, some hacktivists are driven less by the desire to effect positive change in the world and more by fame seeking or feelings of jealously or resentment in regard to their target. While there are well-documented instances of hacktivism yielding positive results, hacktivism sometimes morphs into predatory behavior.
The Economic Times describes this dilemma as:
“…the sense of idealism and an overwhelming belief in the power of technology to set right the ills of the society is real and drives many young coders. Hackers tend to have an acute, heightened sense of what is right and what is wrong, and much of their behaviour is based on how they interpret what they see as injustice or unfairness. This heightened sense of social injustice is one of the characteristics that underpins many hackers, but that can turn into something predatory.”
6 – Nation-State Hackers a.ka. Advanced Persistent Threats (APT) are those who are employed by a government to engage in espionage, social engineering, computer intrusion and/or embedding malware with the goals of acquiring classified information and gaining advantage over another government.
7 – A Malicious Insider may be a disgruntled employee, one hired by a competitor in order to steal trade secrets from the competitor or a fired employee who managed to pilfer sensitive company information before being shown the door.
Currently, there is a significant shortage of hackers or cybersecurity professionals who are employed by businesseses and governments, including militaries. This shortage is expected to continue well into the future and businesses and governments are attempting to fill the void by engaging elementary school children, offering funding for earning a degree in a related field and paying high salaries in order to attract top talent.