If you follow current mass media such as newspapers, news broadcasts, or social media, IT security incidents by attackers or hackers are always reported. Unfortunately, little differentiation is made between these hackers in reporting, because there are clear differences – similar to football – according to which they can be categorized. Different types of hackers are presented below. The classification is based on two common categories. On one hand, this is based on the know-how and resources available to them, and on the other hand, according to their modus operandi.
Hackers - classification according to know-how and resources
A script kiddie - The District League
A script kiddie is someone who has an affinity for IT and a rudimentary knowledge base about processes in systems and computer networks. An in-depth understanding of the relationships between different protocols is not yet available. In order to carry out his deeds, a script kiddie depends on ready-made tools and exploits, which he adapt if necessary. The motives of the script kiddie are rarely monetary but are based on activism or malicious glee. The damage he can cause himself depends very much on external circumstances, such as the tools at his disposal and the state of his target’s infrastructure. Even if the technical possibilities are limited, nowadays a script kiddie can fall back on more experienced attackers who offer their skills in the form of various services and thus above all indirectly cause greater damage.
The Technical Attacker - The Premier League
The Technical Attacker is a person with profound knowledge in IT, often also with a corresponding education. He is able to find vulnerabilities himself and write appropriate exploits for them or adapt existing exploits. The chaining of several exploits into a so-called exploit chain in order to completely compromise a system is within the scope of his abilities. He is also familiar with exploiting the human factor to reach his goal. As an additional motive to those already mentioned for the script kiddie, he now also has a strong monetary interest. His skills allow him, alone or as part of a group, to make his skills available to others as a service provider or to act directly as a perpetrator. The news of successful phishing campaigns and Ransomware attacks in recent years is clear evidence of this. Technical attackers represent the broadest spectrum of the level of potential attackers and, based on their expertise, can use a wide variety of attack vectors to achieve their short- or long-term goals.
Industrial espionage or State / Nation Sponsored Hackers - The Champions League
These are technical attackers who not only have excellent knowledge and skills, but are also supported by additional human and material resources – either by companies or by state institutions or organisations. Their goals are primarily long-term and do not relate to their own monetary advantage, but to information gain and manipulation, as well as economic damage and damage to the image of their target. This is not limited to attack vectors based on IT, for example, people can be smuggled into the company as regular employees or as employees of a business partner or supplier in order to create further opportunities with intelligence resources.
Hackers - categorization according to the modus operandi
The White Hat Hacker - The Defender
White hats are those hired by companies to have their IT infrastructure checked for malware and potential vulnerabilities as part of penetration tests. In doing so, they use the same methods that a black hat would use, thus giving companies the opportunity to protect themselves from the very same. However, they always stay within the bounds of the law.
The Gray Hat Hacker - The midfielder
The Grey Hat differs from the White Hat in that it does not ask for permission before attacking websites or penetrating internal networks – similar to the Black Hat, but without its malicious intentions. Even though these actions are not approved by companies in principle, they are sometimes tolerated because of the helpful information they provide. Grey Hats often give the following reasons for their actions: Curiosity and enjoyment of technology and the challenge, gaining recognition and notoriety in the IT security industry, and lastly, the assumption of creating awareness that the Internet is a dangerous space to do business.
The Black Hat Hacker - The Striker
The Black Hat stands outside the law with their activities and pursues their goals only for their own benefit and to the detriment of their victims.
They are the origin of many malware and malware kits that enable others to create malware. Likewise, they offer their know-how and skills as a service to other criminals.