Hacktivist or script kiddy? Know your 10 types of hacker

Understanding the different types of hackers and what motivates them can help you to identify the attackers you are most susceptible to and properly defend yourself and your organization

Different shapes and sizes
Credit: Thinkstock
Different shapes and sizes

Hackers, like the attacks they perpetrate, come in many forms, with motivations that range from monetary to political to ethical. Understanding the different types of hackers that exist and what motivates them can help you identify the attackers you are most susceptible to and properly defend yourself and your organization against cyberattacks. Travis Farral, director of security strategy at Anomali, outlines the top 10 types of hackers you should have on your radar.

[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

White hat hackers
Credit: Ben Kerckx
White hat hackers

These are known as the ethical hackers of the cyberworld. Comprised mostly of security researchers and operators, this category of hacker actively tracks and monitors threats. They may sinkhole domains and seize or takedown botnets. They may or may not operate completely within the law, but their intent is to stop malicious hackers. Those that operate outside the law are sometimes referred to as Grey Hats.

Cybermercenaries
Credit: Thinkstock
Cybermercenaries

These are the arms dealers of the cyberworld, serving as a third-party aide to other attackers. In some cases, cybermercenaries are lumped in with the loosely defined APT (advanced persistent threat) bucket.

Nationalist hackers
Credit: Thinkstock
Nationalist hackers

State-allowed and state-enabled, these actors may not be nation-states themselves, but they're not prosecuted for their activities, which often further their state’s agenda. Some of this group’s intrusions are also lumped into the APT bucket.

Organized criminals
Credit: Thinkstock
Organized criminals

These are groups that are very efficient with monetizing their gains. They have a well-established supply chain where different tasks are often supplied by different individuals (spam operations, backdoor operations, carding operations, hosting operations). The “Business Club,” which includes the ZeuS author Slavik (Evgeney Bogachev) and PCI intrusion actor Dmitri Smilanets, falls into this group.

Repeat offenders
Credit: Pixabay
Repeat offenders

These are people or groups like LulzSec and Sabu, or actors like th3J3st3r, that have gained some skill and have some connections to loosely monetize their gains, but they don’t have the well-oiled criminal connections that other groups have.

Hacktivists
Credit: Zaimful
Hacktivists

These are the larger groups like the various Anon-sects that want to make a statement through common techniques, such as DDoS attacks or web defacements. They are typically motivated by ideology or politics, with the aim of embarrassing or exposing their target.

Nation-state actors
Credit: Thinkstock
Nation-state actors

These are the true military and intelligence apparatus. They have giant budgets and long-running persistent programs, but are usually focused on true intelligence and military objectives. The tools used by these groups can be extremely complex, but may be simple since these groups play to the level of their victim, not wanting to burn expensive tools and exploits unnecessarily. These are often the truly advanced or extremely persistent attacks in the APT bucket.

Disorganized criminals
Credit: Tookapic
Disorganized criminals

These are people like the ShadowCrew, with Gonzalez and Stephen Watt. They have some skills, are loosely organized, and have some capability to monetize their gains.

Script kiddies
Credit: Thinkstock
Script kiddies

These are the common criminals of the cyberworld. Think of it as attention-seeking, rebellious teenager petty theft. Script kiddies are actors who often have very little skill. They hang out on message boards, might try to write a RAT once or engage in a DDoS with Anonymous here and there, but often can’t monetize their gains. The old web defacement hackers that focused on getting their name out would fall into this category.

The insider threat
Credit: Thinkstock
The insider threat

Never underestimate the power of a disgruntled employee. The insider threat, also known as the malicious insider, can be an employee with a grudge or a whistleblower who takes advantage of their access to steal sensitive information. 

RELATED: How to eliminate insider threats