You must have heard the word ‘hacker’ multiple times in cybersecurity. The organizations have trained security staff to take care of cybersecurity threats. Hacking is generally referred to as someone gaining access to your network and systems by unauthorized means. But hacking is not always unethical; however it is associated mostly with a crime. Hacking could be performed with different intentions; however, it could be meant to steal data from systems, corrupting them, disruptions, testing system vulnerabilities and so on.
In today’s article we would venture more in detail about what hacking in general means, what are the different types of hackers and what is their purpose for hacking.
History of Hacking
The history of hacking dates back to the 1960s and it started at MIT’s (Massachusetts Institute of Technology) artificial intelligence lab. Initially hacker word was associated with positive significance for a person who was good at computers and pushed computer programs to perform beyond normal functioning standards. From 1970s the image of a person called hacker has changed drastically, John Draper of 70s who built a blue box used to make phone calls for free to year 2000 where attacks were launched on yahoo, Amazon, and eBay resulting in denial of services for users.
Types of Hackers
Let’s do some deep dive to understand how in cyber security hackers are not just all that black and white but come in a variety of colours.
White Hat Hacker
White hats are good guys hired by organizations and government agencies as information security analysts, cyber security researchers, threat hunters, penetration testers etc. They work as independent consultants or freelancers also. White hat hackers deploy similar hacking techniques as of black hat hackers but with permission from system owners.
White hackers hack to :
- Find and fix vulnerabilities in system before black hat hackers get them and exploit
- Development of tools which can detect cyber attacks and block or mitigate them
- Strengthen overall security posture of the organization (both at hardware and software level)
- Build security software such as Malware detection and prevention software, anti-spyware, honeypots , firewalls etc.
Black Hat Hackers
Black hat hackers are the bad guys who use their technical skills to blackmail others. They have the skill and expertise to break into computer systems without permissions, exploit vulnerabilities and bypass security controls. One of the most famous black hackers is Kevin Mitnick.
They do lot of illegal activities with the ulterior motive to make money:
- Send phishing emails and SMS
- Write, distribute, and sell malware like viruses, worms, trojan horses etc.
- Deploy cyber attacks like distributed denial of service (DDoS) to slow down or crash websites
- Doing political and corporate espionage
- Exploit leaky databases and vulnerabilities
- Sell financial and personally identifiable information on Dark web
- Financial fraud and identity thefts
- Deploying cyber threats such as brute force attack, scareware, botnets, man in middle attacks, malvertizing campaigns
- Launching ransomware attacks using spyware to encrypt, lock, steal, modify and delete data
Grey Hat Hackers
Grey hat hackers fall between black and white hat hackers. The intentions are good but the route taken is always not ethical with their hacking techniques. Sometimes they penetrate your websites to look for vulnerabilities without the consent but will not cause any harm.
They expose vulnerabilities to draw the owner’s attention. And often launch attacks similar to white hat hackers and expose security loopholes into the system but will not do any harm. Gray hackers charge fee sometimes for :
- Fixing vulnerabilities or bugs
- Strengthen overall security posture of organization
- Recommend solutions to fix or patch vulnerabilities
Grey hat hackers release vulnerabilities information in public post systems. In many cases they reach out to affected organizations and let them know about vulnerabilities. If companies do not respond quickly, hackers may choose to disclose information publicly even if vulnerability is not attended to. Grey hats motive is publicity, popularity and recognition they want to gain in the cyber security community.
Red Hat Hackers
Red hackers like their counterparts’ white hat hackers have noble intentions but they take extreme steps and sometimes illegal measures to achieve the end objective. They act like pseudo robin hoods of the cyber security world and may take the wrong path to achieve the right goal. Red hackers do :
- Infect bad hacker systems with malware
- Launch DDoS attacks
- Use tools to gain access to hacker computer to destroy it
Blue Hat Hacker
They don’t care about money or fame. They hack to take personal revenge for a real or perceived notion against a person, employer, organization or governments. Blue hackers use malware and deploy various types of cyber-attacks on intended targeted systems and cause harm to their data, websites and servers.
Blue hat hackers use various hacking techniques to bypass authentication mechanisms to gain unauthorized access to targeted email and social media profiles. Sometimes they engage in doxing or steal confidential information and release it in public to damage the reputation of its targets.
Another community of blue hat hackers are security professionals working outside organizations. Companies often invite them to test new software and find security vulnerabilities in them before its release. They perform penetration testing and deploy various harmless cyber-attacks. Such conferences are often organized by Microsoft to test its Windows programs.
Green Hat Hacker
Also known as amateur hackers. Their main focus is on acquiring knowledge and honing their skills. Whether their intentions are malicious or they aspire to become ethical hackers, they possess the potential to be hazardous. Through experimentation with different cyberattack methods and utilization of various forms of malware, they may inadvertently cause irreparable harm. Inexperienced hackers are often oblivious to the potential repercussions of their actions or how to rectify a failed attack.