Types of Hackers
The term ‘hacker’ has been defined in many different ways, from problem-solver to cybersecurity criminal. A common general definition is: a hacker is someone who uses IT and/or networking skills to achieve a goal.
The most common type of hacking is computer security hacking. Security hacking is the use of technical skills to break into computer systems, find bugs, or get the system to do something unintended.
Within the field of security hacking there are several classifications of hackers that can help us to better conceptualize the field of hacking.
These include different ‘hats’ that describe an individual’s hacking ethos: white, grey, or black.
There are also many different descriptors for different hacker archetypes. Hackers range from corporate engineers, to hacktivists, to criminals and nation-sponsored attackers. The tactics they use depend on who they are and why they hack.
Motivations and behaviors are an overlapping categorization that also describe the hacker landscape in a useful way.
In this article we discuss the most common types of hackers.
White Hat, Grey Hat, and Black Hat Hackers
Hackers are often referred to using different colored hats: white, grey, or black. The idea behind the colored hats actually comes from old Western films. The protagonist (good guy) would often wear a white cowboy hat while the antagonist (bad guy) would often wear a black hat.
White Hat Hackers
White hat hackers are often classified as ‘ethical hackers’. In general a white hat hacker will only hack for ethical purposes, at times and on systems that they have been given permission to hack on, and using only approved and legal methods.
Grey Hat Hackers
A grey hat hacker is someone who operates somewhere between the two extremes of white and black hats. Commonly this is someone who hacks for ethical purposes but may not adhere to other standards of white hat hackers. For example, a grey hat hacker might break the law for the purposes of researching a bug or security flaw.
There is debate regarding whether hacktivism is grey hat or black hat. Some argue that it must be black hat because hacktivism is definitively illegal. Others argue that it is grey because it is done for (arguably) ethical purposes.
Black Hat Hacker
A black hat hacker typically operates illegally, for personal profit and/or malice. Black hat hackers generally use their skills to steal credentials or personal information as well as gain control over sensitive information or systems.
Within the black hat hacker ‘community’ there is also diversity. For example, some ransomware attackers hold to higher ethical standards than others. Some groups have stated that they are willing to target only non-critical or relatively ‘safe’ targets while others are willing to target hospitals directly, putting patients at risk.
Red Team / Red Hat
The term ‘red team’ is used to describe a group of ethical (white hat) hackers who are paid to legally test a system or network. This is performed to help the owners of the system strengthen their security posture.
A red team will commonly work against a ‘blue team’, who represent the defenders of the organizational assets. The red team works for the sake of improving the blue team.
Blue Team / Blue Hat
The blue team defends the organization’s assets against attack, including those of the red team. Like their red team counterparts, the blue team is comprised of cybersecurity professionals.
The cat-and-mouse action of the red and blue teams combine to strengthen an organization’s security posture immensely.
Why Hackers Hack
People become hackers for many different reasons. The most common are financial, political, ideological, and because it’s fun or they enjoy it.
In hacking, the ‘why’ is often linked to the ‘who’. For example, if a group is only interested in monetary gain, it will almost always be a criminal group. The following is a list of the most common things that motivate hackers to do what they do.
Many people become hackers for financial reasons, and most seek to make money legally. But monetary gain is also one of the most prevalent motivations for many criminal hacking groups. We’ve all experienced or heard about credit card data breaches, ransomware attacks, and crypto-currency theft. These are just come of the ways that black hat hackers make money off their trade.
There are many politically motivated hackers and groups, who support a variety of political causes. Many seek to sway election results, as was the case during the 2016 US elections when Russian sources attacked the emails of members of the Democratic Party.
Politically motivated hackers also include both hacktivists as well as nation-sponsored hackers.
Hacktivists are individuals or groups who hack for political or ideological reasons.
The targets of hacktivists range from individuals to large corporations and governments. Hacktivists are involved in many different efforts, and there may be hacktivists on both sides of a conflict. They will often publicly admit to a hack to increase their publicity or raise awareness of their cause.
Many countries employ hackers for both offensive and defensive efforts. Nation-sponsored hackers are some of the most sophisticated and dangerous because of the level of support they have in the place that they live. Since they are funded and protected by their own country, they can often leverage a large amount of resource in order to attack their targets, without fear of retribution.
Nation-sponsored hackers commonly target foreign governments and infrastructure, political groups who oppose their own government, and large corporations.
The crusades may be long over, but people continue to fight for religious causes – both in-person and online.
For example, pro-ISIS hackers launched attacks on up to 19,000 French websites following the Charlie Hebdo shooting.
Hacking is Fun
This may be the last on the list, but many (including many or most ethical hackers) are motivated by the fact that hacking is fun.
Hacking is so much fun that it has become an e-sport. Unlike most sports and other e-sports, hacking directly develops specific skills that are in demand. The enjoyment of hacking and gamification through CTFs has revolutionized the field.
At times, the enjoyment of hacking can occlude the fact that a legal offense is being committed or that an action might have more serious consequences than desired. For example, crippling malware has been created and released ‘for fun’, and many individuals and organizations have been harmed because a hacker was just having fun.