Types of Hackers

White Hat: Ethical Hackers

White hat hackers are hackers that are hired or contracted by companies to find vulnerabilities in internal systems, this is also called a penetration test. These hackers are given a scope, this defines what systems the hacker can attack.

Example of a Scope:

• Company A hires Penetration Tester X to run a test on its web server. Company A, in writing, tells X that they may use any public facing resources (such as Company A‘s Website), but may not enter the company’s internal network or compromise employee credentials. Thus, giving a clear picture of what systems X can attack.

A large part of penetration testing is the six phases used as a step-by-step guide to accessing a system.

Penetration Testing Phases:

1. Planning – This is the stage where the hacker(s) are given the scope of the assignment, meet with the client and discuss expectations and goals of the test.
2. Reconnaissance – During the recon phase, the hacker(s) are tasked with gaining as much information as possible. This is done using manual recon sources such as Google searches, Google dorking, social media, etc or automated recon tools such as Recon-ng, Maltego, The Harvester, and many more.
3. Scanning – In the scanning phase, the goal is to find vulnerabilities. Depending on the scope of the test, this can mean running port scans on hosts using NMAP, finding directories on a web application using Dirbuster, etc.
4. Gain Access – Using the vulnerabilities found in the scanning phase, the hacker(s) will exploit the systems to make their way towards the goal that was defined during the planning phase. This could be gaining access to a database, obtaining administrator credentials, etc.
5. Maintain Access – This step may be prohibited in the scope of the test as maintaining access often requires installing a backdoor or stealing credentials. Many companies (rightfully so) do not want the ability to remotely access their systems, only to know that it is possible.
6. Reporting – The final step is when the company and the hacker(s) meet up and discuss the findings and what can be done to mitigate the threats introduced by those vulnerabilities.

There are also multiple types of penetration tests. This includes Black Box, Gray Box, and White Box. This color designation is separate from the one used for the “hat” categories of hackers.

Black Box:

• Penetration Testers are given little to no information.
• Network Recon may be required. (depending on the scope)
• All penetration testing phases may be required. (planning, reconnaissance, scanning, gain access, maintain access [this step may go against the scope], reporting)

White Box:

• Penetration Testers are given ample information.
  • For software tests – source code may be given
  • For network security tests – network map and netblocks may be given
  • For internal test – credentials and physical maps may be given
• Due to amount of given information, tasks may need to be delegated among a team of testers.

Grey Box:

• Given minimal information.
• Due to the amount of information, the tester is able to focus on a specific task.
  • Ex: Tester X is given the SSID and Security key and is asked to map devices on that network.

Black Hat: Malicious Hackers

Black hat hackers are on the opposite side of the coin as the white hat. While the white hat hackers are building the defenses to protect businesses, black hat hackers are trying to bypass the systems put in place by ethical hackers. The goals of these hackers are based on personal gain, money, power, etc.

These hackers have almost the exact same process as white hat hackers. Those steps are planning, reconnaissance, scanning, gaining access, maintaining access, but the one difference is instead of reporting, they pillage. Once they find the intended goal of the attack (user database, credit cards, passwords, etc.) they steal (pillage) that information and cover their tracks on the way out.

Here are some examples of Black Hat hacks/hackers:

• Kevin Mitnick – “The Worlds most famous hacker”
• Home Depot Breach (2014) – 56 million payment cards compromised
• Citibank Hack (1994) – First online bank robbery
• The Conficker Worm (2008-Current) – Infected millions of systems in over 190 countries
• Max Ray ‘ICEMAN’ Vision – Stole 1.8 million Credit Card numbers and ran a drone smuggling business from prison

Grey Hat: The Middle Ground Hackers

Grey hat hackers have the skills of a White Hat hacker but violate the law by breaking into systems like a Black Hat hacker. The difference between Black and Grey Hat hackers is the motivation. Black Hats hack for personal gain, Grey Hats hack to find vulnerabilities and help those affected (without being hired as a White Hat).

It has become harder for Grey Hat hackers to disclose vulnerabilities to companies due to how common it has been to prosecute those hackers. This is because breaking into a system is illegal regardless of intentions.

Script Kiddie: Newbie Hackers

Script Kiddies are generally hackers that are still developing the skills to write their own programs and thus, use programs that are downloadable and easy to use to run their exploits. They are generally motivated by the thrill of the hack or the reaction of their peers.

Common tools used by Script Kiddies:

• Wireshark
• Metasploit
• Social Engineering Toolkit
• Online DDoS tools
• Nmap
• and other tools that are easy to learn the basic functions

These may also be used by Security Professionals but, Script Kiddies use them without understanding how they work or the possible backlash that can come from using it on someone else’s network.

Nation State Actors: Government Threat Protection

CISsecurity defines Nation-State Actors as those who “aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information. They may be part of a state apparatus or receive direction, funding, or technical assistance from a nation-state”

In other terms, Nation State-Sponsored Hackers are those funded or directed by a government body to target other nations’ private or public sectors to gain, change, or destroy information.

Nation-State threats on the US usually come from one or more of the countries Iran, North Korea, China, and/or Russia.

Hacktivist: Activism Hackers

Hacktivism is the use of hacking to promote social/political change, usually promoting freedom of speech, information, or human rights.

The biggest Hacktivism group that most people inside (and even outside) the field of technology know of is Anonymous. Anonymous uses hacking to promote the freedom of the general population. Some examples of this include:

• War on ISIS – After the Paris terror attacks (2015) Anonymous declared war on ISIS
• War on Russia (2022) – After Russia invaded Ukraine, Anonymous took down Russian news sites and leaked databases of Russian government employees
• Project Changology (2008) – Anonymous combats Scientology’s use of internet censorship to promote their ideologies