Meaning of Hacking and the Different Kinds of Hackers
Posted by JanWan
Last Updated: July 05, 2012

Meaning of Hacking and the Different Kinds of Hackers

When you hear news about hackers penetrating a website, your reaction will typically involve dilating pupils and astonishment -- if the website is your own, symptoms may include a big deal of swearing and deep hate for the hacking community as well.

What you probably don't know, though, is that not all hackers are doing this for their pure amusement: some of them may have done it without malicious intentions, some others even with the aim of improving your security system.

Despite what you may have heard, the meaning associated to the word 'hacking' is a positive one, and it mainly refers to the ability and desire to understand the inner mechanisms through which different components in the ICT world (typically computer programs) work. For this reason, even regular computer programmers are sometimes referred to as hackers.

However, it would be impossible to group all 'hackers' in a single category: the reasons that may bring someone to break a site (or computer program) security can be varied and span from noble intentions (security testing/improving by attack simulation) to not-so-noble ones (testing their programming ability, accessing secret information, or just doing it for the sake of doing it). or even for political reasons.

For this reasons, the hacker community usually distinguishes its members into the following groups, mainly based on the individual aim and ability:

CRACKERS (or Black Hat Hackers): those who will enter your computer just for the fun of it, or to prove their technical skills, which are usually mid to high level.

BLUE HAT HACKERS: A blue hat hacker is someone outside computer security consulting firms that are used to bug test a system prior to its launch, looking for exploits so they can be closed. The term has also been associated with a roughly annual security conference by Microsoft, the unofficial name coming from the blue color associated with Microsoft employee badges.

GRAY HAT HACKERS: A gray hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted (the color itself stands somewhere in between 'black' and 'white', the 'bad' and the 'good' guys).

WHITE HAT HACKER: A white hat hacker (sometimes referred to as 'ethical hacker') is someone who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to improve discovered security weaknesses, although many reserve the implicit or explicit threat of public disclosure after a "reasonable" time as a prod to ensure timely response from a corporate entity. The term is also used to describe hackers who work to deliberately design and code more secure systems. To white hats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, black hats may claim the lighter the hat, the more the ethics of the activity are lost.

SCRIPT KIDDIES: Script kiddie is a pejorative term for a computer intruder with little or no skill; a person who simply follows directions or uses a cook-book approach -- typically using other people's scripts and shellcodes -- without fully understanding the meaning of the steps they are performing.

HACKTIVIST (rare): A hacktivist is a hacker who utilizes technology to announce a political message. Web vandalism is not necessarily hacktivism.

These categories tend to have a 'closed' approach with one another, meaning white hatters will tend to stay away from black hatters, and vice versa -- which is mainly due to the fact that the single most important thing all these communities have in common is the central role of their 'online reputation'.




Other Hacking Types

1) Inside Jobs - Most security breeches originate inside the network that is under attack. Inside jobs include stealing passwords (which hackers then use or sell), performing industrial espionage, causing harm (as disgruntled employees), or committing simple misuse. Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breeches.

2) Rogue Access Points - Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.) Rogue APs are most often connected by well-meaning but ignorant employees.

3) Back Doors - Hackers can gain access to a network by exploiting back doors?'administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.

4) Viruses and Worms - Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.

5) Trojan Horses - Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.

6) Denial of Service - DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets).

Distributed DoSs (DDoS5) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

7) Anarchists, Crackers, and Kiddies - Who are these people, and why are they attacking I your network?

Anarchists are people who just like to break stuff. They usually exploit any target of opportunity.

Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit.

Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch.

Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.

8) Sniffing and Spoofing - Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.

Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

Sweet glad to see ma peeps