In movies and fiction, the hacker tends to be the anti-hero: morally ambiguous and inexplicably capable of making computers obey.
In reality, hackers exist on a spectrum from the ethically upright and benevolent all the way to the villainous and malicious.
For the average person, it’s important to understand the difference between the types of hackers and how to protect against the associated threats. It’s also helpful to break the stereotype of a disaffected teenager in a basement surrounded by monitors. Hackers come in all shapes, sizes, and affiliations.
In this article, we’ll cover the different types of hackers and the most common threats. By the end, you will feel more confident about what modern hacking looks like and how it can affect your life.
Hackers: From Innovators to Criminals
The origins of “hacking” are benign, akin to a child taking apart a toy and modifying it to behave in a new way. Modern software engineers talk about “clever hacks” where they use unconventional or non-linear solutions to achieve a desired or innovative result.
Curiosity is a core motivation of most hackers, followed by a fascination with technological creativity. These can turn into a hobby, a legitimate career, or criminal behavior—but the act of learning about a computer system or piece of software and modifying it isn’t inherently wrong.
The earliest activity that we might still consider “hacking” happened after the invention of the telephone, when young operators would switch telephone lines to play tricks on customers.
Nearly 100 years later, in the mid-1960s, a man named John Draper figured out how to make free long-distance calls by mimicking high-pitched frequency triggers that were built into the phone system. This practice was dubbed “phreaking.”
As computerized networks such as Arpanet emerged, so too did the practice of testing those networks for vulnerabilities, thus penetration testing or “pentesting” was born. The specialists tasked with finding and documenting bugs or openings in an otherwise secure system are an example of ethical or “white-hat hackers.” We’ll cover this nomenclature in more depth in the next section.
On the other end of the spectrum, in 1986 an employee at the Lawrence Berkeley National Laboratory by the name of Clifford Stoll identified and uncovered what is considered to be one of the first documented computer break-ins, carried out using a telephone modem connection. The hacker was a West German who was selling the data he collected to the KGB.
Forty years later, the spread and advancement of digital technology has been met with increasingly sophisticated hacking methods, carried out by cybercrime gangs as well as nation-states.
In a perverse reflection of the legitimate economy, the cybercrime underworld has its own buyers, sellers, and service providers. They coordinate attacks and monetize their efforts through extortion, reselling data, or tools to other individuals or groups.
In the next section, we’ll examine some of the labels given to various types of hackers, including the affiliations and motivations associated with each label.
Types of Hackers: The “Hat” Nomenclature
The same way that a person might “wear a lot of hats” to indicate the various roles they play in a job, hackers are commonly identified using a color of hat as a metaphor. This terminology is useful for the general public, even if hackers use it sparingly for themselves, if at all.
We’re also seeing a blurring of the lines between so-called hacktivism and truly malicious behavior intended for financial gain. This is due to the tendency of some hackers to resist definition, labels, and explicit affiliation. They may carry out benevolent acts one day and illegal ones the next.
For the purpose of this article, we’ll focus on the three main categories.
Black-Hat Hackers
A black-hat hacker engages in cybercrime as their primary activity; one might picture the Penguin and his top-hat from Batman to remember that a “black hat” is worn by a person who seeks to do harm to others.
They may focus on a single type of attack, such as phishing, or they may be adept at a wide range of hacking methods. A black-hat hacker usually tries to steal data, money (including cryptocurrency), or disrupt a service in exchange for a ransom.
Hacking groups with ties to nation-states, such as Fancy Bear, the Lazarus Group, APT41, and Pioneer Kitten, may be classified as black-hat hackers by the United States and its allies, while their activities may fall more in the category of cyberespionage or cyberwarfare.
Black-hat hackers actively pursue high-value targets such as financial institutions and their customers, with the intent to steal money directly or extract data that can lead to financial rewards.
Common tactics they employ include phishing, ransomware, pig butchering, malware, and identity theft.
White-Hat Hackers
White-hat hackers operate legitimately and with appropriate visibility to the authorities.
They are ethical cybersecurity professionals who may work as employees, contractors, or independent business owners offering services for sale.
While a white-hat hacker may conduct surreptitious activities as part of a pentest or other research, they reveal their findings in an effort to improve security systems and protect people from cybercriminals.
Some white-hat hackers have always operated on the straight and narrow. Others may have started out as black-hats and changed allegiances thanks to an encounter with law enforcement.
Gray-Hat Hackers
Ethically ambiguous, a gray-hat hacker may operate on both sides of the law, conducting unauthorized pentests and reporting their findings in hopes of receiving a reward.
The conduct of gray-hat hackers is questionable because they often prefer to operate semi-anonymously, making it hard to verify that they aren’t doing anything malicious.
Other Types of Hackers
The white, black, and gray categories offer a simple way to signal the intent of a given hacker, but there are many subcategories based on tactics, specializations, and targets.
Here are a few of the more common subtypes:
Red-Hat Hackers
A red-hat hacker is a digital vigilante who pursues black-hat hackers, working to foil their attacks and disable their networks. They may use malicious tactics, but without personal gain.
Blue-Hat Hackers
A “white-hat” hacker who has been contracted specifically to test a system or piece of software prior to its public release. For the sake of conducting a realistic test, they may use all the tools and tactics available to black-hat hackers, but stop short of stealing money or exposing data on the dark web.
Green-Hat Hackers
A newly minted hacker who doesn’t have advanced skills, but is motivated to improve. They may cause harm or chaos as a result of their efforts, but their intent isn’t malicious.
Hacktivists and State-Sponsored Hackers
Hacktivism is a conjunction of the words “hacker” and “activist,” indicating a person who uses the tools and methods of hacking to make a political, social, or cultural statement. Strictly speaking, hacktivism is illegal, even if the perpetrators consider their efforts to be morally good and in the public interest.
In the case of hackers working in coordination with nation-states, their activities may fall into the category of espionage or cyber-warfare. They may attack critical civilian infrastructure and public services such as municipalities, hospitals, schools, local law enforcement agencies, and basic internet access.
Hackers’ Most Efficient Tools
The most important weapon in a black-hat hacker’s toolkit is the human mind.
Not their mind, but yours and the mind of every potential cybercrime target. The majority of successful attacks happen because a human is deceived or complicit—allowing the hackers to access data and systems that are normally protected.
Hackers also rely on economies of scale.
Cloud-based computing technology allows them to alternate between precisely targeted attacks and brute force methods, without leaving the comfort of their home or installing expensive hardware. They only need a small number of successes to justify the expense of their entire operation.
Due to the ease of working anonymously in the digital realm, they have far less to fear from law enforcement than criminals who work on the streets. Black-hat hackers can remain unidentified when registering public domains, including lookalike domains. They also use domain generation algorithms to rapidly spin up a domain and abandon it before law enforcement can intervene.
Often, by the time a fraudulent domain gets reported to the authorities, there is little they can do to hold the hackers responsible or anticipate what they’ll do next.
Thankfully, with proper training and cybersecurity measures, most companies and institutions can protect themselves from all but the most determined black-hat hackers.
A Hacker’s Worst Nightmare
Cybercriminals aren’t magicians.
They just prey on people who lack the knowledge or technical awareness to spot an attack when it’s happening. They rely on the fact that human beings have a tendency to avoid tedious tasks such as password hygiene and software updates.
In the case of financial institutions, any bank using a .com domain is relatively easy to spoof, using lookalike emails and webpages. Only the most vigilant and sharp-eyed users or employees are likely to catch suspicious details.
That’s why a .Bank domain is so important. It sets up a hardened line of defense against cybercriminals who are hoping for an easy mark. You don’t need an invincible security system; you just need to send a clear message for hackers to look for easier prey.
Thankfully, it also sends a positive message to your customers: they will know that any domain that isn’t .Bank isn’t their bank. Your domain is your frontline security, so it’s essential to make it the centerpiece of your bank’s security transformation.
.Bank domains are only available to institutions that complete our multi-step process to verify their identity and ensure proper security requirements are implemented. They can’t be faked, and our rigorous process can’t be sidestepped. If you’d like to learn more about how a .Bank domain can protect your bank from hackers of any variety, schedule a .Bank consultation today.
