different subcategories of hackers. This is mainly due to
conflicting ideologies, whereby certain groups calls
themselves by a specific name, or call others a specific name,
in order to emphasize that they do not agree with the
ideologies of others.
The generic word ‘hacker’ therefore, although referring to
those who have technical knowledge and are able to gain
unauthorized access to computer systems, is rather vague and
does not distinguish between those who use different
methods or believe certain things.
Instead, separate names have emerged in order to distinguish between groups, and to
indicate that not all hackers follow the same rules or ideologies. One way in which thiscan be seen, as discussed previously, is the distinction between hackers and crackers, as
advocated by Eric S. Raymond in The New Hacker’s Dictionary.
In this book Raymond compiled a glossary of hackers’ computer programming jargon, but
those from the hacking community feel that this book is too biased by Raymond’s own
view of hacking as a malicious practice.
Rather than following the dichotomy of hacker/cracker that Raymond suggested, the
general hacking community feels that this is too reductive and instead advocate a wider
list of name to reflect the spectrum of beliefs and practices of the large hacking
community.
One subcategory of hackers is known as ‘white hat hackers’ and they break through
computer security without a malicious motivation. Examples of why this might be done
include doing so to test one’s own security effectiveness, or when doing work developing
computer security software.
These breaches of security can occur whilst
performing vulnerability assessments of computer
software as part of a contractual agreement, and is
therefore legal. In this way, the slang term ‘white hat’
references an ethical hacker who does so for positive
reasons, in order to protect rather than destroy. There
are recognized organizations, such as The
International Council of Electronic Commerce
Consultants, who provide training and certificates for
this area of ethical hacking.
On the other hand, there are ‘black hat hackers’ who breach computer security systems
simply to be malicious, or to gain profit. These hackers are the ones who are also
sometimes referred to as crackers. This subcategory form the cliché hackers who are often
depicted in films and television, and represent the elusive and little-understood computer
criminal who the public fears.
These types of hackers violate computer security in order to destroy, change or steal
information, or to prevent authorized users from being able to access the system. In this
way they can cause disruption, waste time, and cause distress, but they can also steal
significant amounts of money or access confidential information.
Generally a black hat hacker will spend time looking for and discovering faults in
programs, or weaknesses in computer systems, but rather than alert the public to these
problems they exploit them for personal gain or simply for fun. Once they have accessed a
computer system, they can consequently make adjustments that prevent somebody with
authorized access from using the system and thus the black hat hackers retain control.
Lying somewhere between the two, not quite a white hat hacker and not quite a black hat
hacker, is the gray hat hacker. This is somebody who without being asked to searches the
Internet for systems with a weakness or security flaw, and will then notify the
administrator and offer to rectify the problem for a fee.
In this way they are not as good as a white hat hacker (because they are demanding a fee,
and their services were never requested) but they are also not as bad as a black hat hacker
because they do not exploit these weaknesses in order to wreak disruption of steal data.
Another way in which gray hat hackers might respond to their discovery of a security
weakness is to publish their findings online, so that the general public has access to the
information.
In this way they are not performing malicious hacking themselves, but they are publishing
the information, which leaves their subject at risk of a security breach. This type of
hacking is illegal and also considered unethical, whether or not the gray hat hacker has
breached security for personal gain, because they have gained unauthorized access to data
and have left the system susceptible to hacking by malicious blat hat hacker groups.
As well as these three main classifications for hacking, which differentiate hackers based
on their motivation and what they do about the information they discover, there are
various other specific types of hacker. There is a social hierarchy amongst hackers, who
are recognized based on their skill.
The highest of these statuses is the elite hacker,
and sometimes form into elite groups such as the
‘Masters of Deception.’ On the other end of the
scale is a script kiddie, who is still learning and
has not yet developed their skills with breaching
security systems. A script kiddie uses automated
tool written by others, and is therefore simply
following a code provided by a more skilled,
black hat hacker, and not having to work it out themselves. Usually a script kiddie does
not really have any knowledge or understanding of the complicated underlyingtechnological concepts, and simply follows a plan provided by a more experienced hacker.
Even less experience than a script kiddie is a neophyte, who is a completely new hacker
who has very little knowledge of computer technologies or the logic and concepts behind
hacking. A blue hat refers to somebody who is used by computer security consulting firms
but is not actually a part of the company; the blue hat is used to test a system prior to its
launch to determine whether it has sufficient security or will be susceptible to hacking.
A hacktivist (a combination of the words ‘hacker’ and ‘activist’) is a hacker who uses their
knowledge of technology and their hacking skills in order to broadcast a political, social or
religious message. Hacktivism itself has two subcategories: cyber terrorism (where
websites are damaged or services cannot be accessed) and freedom of information
(making information available to the public that was previously either undisclosed or
stored in an encrypted format.)
Groups of hackers working collectively can include organized criminal gangs, and cyber
warfare of nation states. The different subcategories of hackers are indicative of the
various ideologies, motivations and techniques that are present in the hacking community.
No comments:
Post a Comment