The purpose of this post is to try and explain the difference between different types of Hackers in plain English.
The term hacker is a generic term, just like the term “Car”. There are many different types of Cars, and there different types of Hackers.
- The modern generic term for someone who attempts to access web applications, computer networks or systems without permission. Their motivations are various but could include boredom, curiosity, hacktivism. Financial gain or revenge.
- The original term for a Hacker. Originally Hackers were just curious about technology and the way it worked and like to take things apart to see how they worked. A Cracker was someone that attempted to break into computer systems. A some point and for some reason in the past the term Cracker was replaced with the term Hacker.
- Black Hat
- A Non Ethical Hacker who performs actions without permission and whose actions are considered illegal quite often with Malicious intent to destroy or deface website and data.
- White Hat
- An Ethical Hacker, normally a Cyber Security professional that only attacks systems that they have prior written permission to attack. Their goal is to break into systems and report their findings to the system owner so it can be remediated and secured against future Black Hat hackers. OIC Solutions offers a White Hat hacker service for testing your web applications and infrastructure security and you can contact us here.
- Grey Hat / Gray Hat
- A mix of a Black Hat and a White Hat hacker. Usually they are professionally employed as security experts but for unknown reasons they also undertake criminal black hat hacks. Grey Hat hackers lack the malicious intent of a true Black Hat. I will sight Mr Robot as a good example of a Grey Hat hacker.
- A Portmanteau of Hack and Activism. Their skill levels vary from individual to individual. Their motivations generally focus around social change or promotion of a political agenda. So tend to focus their attacks around resources that are in opposing positions to their personal agenda.
- Social Engineer
- A hacker who attempts to hack people rather than systems directly. Using custom created malicious payload in the form of Office documents, PDFs and Links, their goal is to entice the victim into doing something against their discretion that will allow the hacker access to some resource. Social Engineering attack are on the increase as Computer become more secure, the weakest link in the chain is the person at the keyboard. Social Engineers play on two basic human emotions. Fear of losing something and Greed. Kevin Mitnick is the most famous Social Engineer and has written many books. I brought his book The Art of Deception at Singapore Airport in 2003 and couldn’t put it down. That book had a profound effect on me and sparked my interest in Cyber Security my long term desite to be a Cyber Security Professional. Now 15 years later I have my own Cyber Security Consultancy which you can contact here.
- Script Kiddie
- A low skilled hacker who only uses tools such as Metasploit and public exploits written by other more skilled hackers. Make no mistake, a Script Kiddie can still break into systems and cause tremendous damage.
- Advanced Persistent Threat (APT)
- These hackers are highly skilled and well funded. Usually the term APT means Government funded hackers. They generally use their hacking skills against targets that their own governments foreign policy do not agree with. One of the most famous suspected APT attacks was the Stuxnet attack against Iranian nuclear reactors enrichment devices. APTs develop their own Zero Day exploits. A Zero Day exploit is a new undocumented non public exploit against a system or application.