The term “hacker” is popularly associated with cybercriminals harboring malicious intentions, when in reality, it’s a lot more. A hacker can be anyone who utilizes their computer software and hardware knowledge to break down and bypass a computer, device, or network’s security measures. It’s popularly believed hacking is illegal on principle, which isn’t the case if a system owner willingly and knowingly grants access. In fact, many private entities and government agencies hire hackers to help maintain their system’s security.
There are two main factors that determine what type of hacker an individual is: their motives and legality of their actions. Hackers are divided into three types—white, black, and grey hat, a naming system that was derived from old western films, where the protagonists would always wear white hats and vice versa for villain characters.
1. Black Hat
Black hat hackers are normally responsible for creating malware, which is frequently used to infiltrate computerized networks and systems. They’re usually motivated by personal or financial gain, but can also participate in espionage, protests, or merely enjoy the thrill. Black hat hackers can be anyone from amateurs to highly experienced and knowledgeable individuals looking to spread malware, steal private data, like login credentials, along with financial and personal information. Upon accessing their targets and depending on their motives, black hat hackers can either steal, manipulate, or destroy system data.
2. White Hat
Also known as “ethical hackers,” they’re often employed or contracted by companies and governmental entities, working as security specialists looking for vulnerabilities. While they employ the same methods as black hat hackers, they always have permission from the system’s owner, making their actions completely legal. White hat hackers implement strategies like penetration tests, monitor in-place security systems, along with vulnerability assessments. Ethical hacking, the term used to describe the nature of a white hat hackers’ actions, can even be learned through independent sources, training, conferences, and certifications.
3. Grey Hat
As the name suggests, these individuals utilize aspects from black and white hat hackers, but will usually seek out vulnerabilities in a system without an owner’s permission or knowledge. While they’ll report any issues they encounter to the owner, they’ll also request some sort of compensation or incentive. Should the owner not respond or reject their proposition, a grey hat hacker might exploit the newfound flaws. Grey hat hackers aren’t malicious by nature, but do seek to have their efforts rewarded. Since grey hat hackers don’t have permission to access the system by its owner, their actions are ultimately considered illegal, despite any alarming findings they might reveal.
Filed Under: M2M (machine to machine)
People, not computers, create computer threats. Computer predators victimize others for their own gain. Give a predator access to the Internet — and to your PC — and the threat they pose to your security increases exponentially. Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access the information you really don’t want them to have.
How can hackers find me?
Anyone who uses a computer connected to the Internet is susceptible to the threats that computer hackers and online predators pose. These online villains typically use phishing scams, spam email or instant messages and bogus websites to deliver dangerous malware to your computer and compromise your computer security.
Computer hackers can also try to access your computer and private information directly if you are not protected by a firewall. They can monitor your conversations or peruse the back-end of your personal website. Usually disguised with a bogus identity, predators can lure you into revealing sensitive personal and financial information, or much worse.
What are things that a hacker can do to me?
While your computer is connected to the Internet, the malware a hacker has installed on your PC quietly transmits your personal and financial information without your knowledge or consent. Or, a computer predator may pounce on the private information you unwittingly revealed. In either case, they will be able to:
- Hijack your usernames and passwords
- Steal your money and open credit card and bank accounts in your name
- Ruin your credit
- Request new account Personal Identification Numbers (PINs) or additional credit cards
- Make purchases
- Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
- Obtain cash advances
- Use and abuse your Social Security number
- Sell your information to other parties who will use it for illicit or illegal purposes
Predators who stalk people while online can pose a serious physical threat. Using extreme caution when agreeing to meet an online “friend” or acquaintance in person is always the best way to keep safe.
How will I know if I've been hacked?
Check the accuracy of your personal accounts, credit cards and documents. Are there unexplained transactions? Questionable or unauthorized changes? If so, dangerous malware installed by predators or hackers might be the cause.
What can I do about computer hackers and predators?
When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Hackers and predators pose equally serious and but very different threats.
Protect yourself while online
- Continually check the accuracy of personal accounts and deal with any discrepancies right away
- Use extreme caution when entering chat rooms or posting personal Web pages
- Limit the personal information you post on a personal Web pages
- Carefully monitor requests by online “friends” or acquaintances for predatory behavior
- Keep personal and financial information out of online conversations
- Use extreme caution when agreeing to meet an online “friend” or acquaintance in person
Security Tips to Prevent Hacking
- Use a 2-way firewall
- Update your operating system regularly
- Increase your browser security settings
- Avoid questionable Web sites
- Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them.
Practice safe email and virus/malware protocols
- Don't open messages from unknown senders
- Immediately delete messages you suspect to be spam
- Make sure that you have the best security software products installed on your PC:
- Use antivirus protection
- Get antispyware software protection
Guard Yourself Against Dangerous Online Threats
An unprotected computer is like an open door for computer hackers and predators. To take it a step further, protect your computer from hackers by using a spam filter or gateway to scan inbound email or instant messages. Products like Webroot AntiVirus and Webroot Internet Security Complete thwart dangerous malware before it can enter your PC, stand guard at every possible entrance of your computer and fend off any spyware or viruses that try to enter, even the most damaging and devious strains. While free anti-spyware and antivirus downloads are available, they just can’t keep up with the continuous onslaught of new malware strains. Previously undetected forms of malware can often do the most damage, so it’s critical to have up-to-the-minute, guaranteed protection.
Webroot offers complete, cloud-based protection from viruses and identity theft for all your devices, without slowing you down. Click the link to learn more about all of our internet security solutions for the home.
By
A hacker is an individual who uses computer, networking or other skills to overcome a technical problem. The term also may refer to anyone who uses their abilities to gain unauthorized access to systems or networks in order to commit crimes. A hacker may, for example, steal information to hurt people via identity theft or bring down a system and, often, hold it hostage in order to collect a ransom.
The term hacker has historically been a divisive one, sometimes being used as a term of admiration for individuals who exhibit a high degree of skill and creativity in their approach to technical problems. However, the term is also commonly applied to individuals who use this skill for illegal or unethical purposes.
Hacker was first used in the 1960s to describe a programmer or an individual who, in an era of highly constrained computer capabilities, could increase the efficiency of computer code in a way that removed, or hacked, excess machine code instructions from a program. It has evolved over the years to refer to someone with an advanced understanding of computers, networking, programming or hardware.
Hackers use technical skills to exploit cybersecurity defenses. Ethical hackers test for cybersecurity vulnerabilities and may take up hacking as a profession -- for example, a penetration tester (pen tester) -- or as a hobby. The end goal is often to gain unauthorized access to computers, networks, computing systems, mobile devices or internet of things systems. Many professional hackers use their skills to determine security holes in enterprise systems and then advise where companies should boost their security defenses to keep threat actors out.
Results can also be deleterious: Malicious hackers may steal login credentials, financial information and other types of sensitive information.
Many hackers aim to exploit either technical or social weaknesses to breach defenses. Technical weaknesses may include vulnerabilities in software or other exploitable weak spots. To exploit social weaknesses, hackers may attempt to manipulate social outcomes through false pretenses, such as impersonating a co-worker or other individual to gain financial or login information. Hackers may also use their technical skills to install dangerous malware, steal or destroy data, or disrupt an organization's services.
Hackers of all types participate in forums to exchange hacking information and tradecraft. There are numerous hacker forums where ethical hackers can discuss or ask questions about hacking. Many of these hacker forums offer technical guides with step-by-step instructions on hacking.
In contrast, forums and marketplaces serving threat actors or criminal hackers are often hosted on the dark web and provide an outlet for offering, trading and soliciting illegal hacking services.
Criminal hackers, who sometimes lack technical skills, often use scripts and other specifically designed software programs to break into corporate networks. This software may manipulate network data to gather intelligence about the workings of the target system. These scripts can be found posted on the internet for anyone, usually entry-level hackers, to use. Hackers with limited skills are sometimes called script kiddies, referring to their need to use malicious scripts and their inability to create their own code. Advanced malicious hackers might study these scripts and then modify them to develop new methods.
In the past, the security community informally used references to hat color as a way to identify different types of hackers, usually divided into five main types. A few of these terms have been replaced to reflect cultural changes.
- Ethical hackers or authorized hackers -- previously known as white hat hackers -- strive to operate in the public's best interest rather than to create turmoil. Many ethical hackers who work doing pen testing were hired to attempt to break into the company's networks to find and report on security vulnerabilities. The security firms then help their customers mitigate security issues before criminal hackers can exploit them.
- Threat actors or unauthorized hackers -- previously known as black hat hackers -- intentionally gain unauthorized access to networks and systems with malicious intent. This includes stealing data, spreading malware or profiting from ransomware, vandalizing or otherwise damaging systems, often in an attempt to gain notoriety. Threat actors are criminals by definition because they violate laws against accessing systems without authorization, but they may also engage in other illegal activity, including corporate espionage, identity theft and distributed denial-of-service (DDoS) attacks.
- Gray hat hackers fall somewhere between ethical hackers and threat actors. While their motives may be similar to those two groups, gray hats are more likely than ethical hackers to access systems without authorization; at the same time, they are more likely than threat actors to avoid doing unnecessary damage to the systems they hack. Although they aren't typically -- or only -- motivated by money, gray hat hackers may offer to fix vulnerabilities they have discovered through their own unauthorized activities rather than using their knowledge to exploit vulnerabilities for illegal profit.
- Red hat hackers, also called eagle-eyed or vigilante hackers, are similar to ethical hackers. Red hat hackers intend to stop unethical attacks by threat actors. While red hat hackers may have a similar intent to ethical hackers, they differ in methodology, as red hat hackers may use illegal or extreme courses of action. Often, red hat hackers will deploy cyber attacks toward the systems of threat actors.
- Blue hat hackers, also known as vengeful hackers, use hacking as a social weapon. Frequently, it is used as a means for revenge against a person, employer or other organization. Hackers who post personal and confidential data online to ruin reputations or attempt to gain unauthorized access to email and social media accounts are classified as blue hats.
- Script kiddies are amateur, inexperienced hackers who attempt to use pre-written scripts in their hacking efforts. Often, these are fledgling hacking enthusiasts who cause little damage.
- Hacktivists are organizations of hackers that use cyber attacks to affect politically motivated change. The purpose is to bring public attention to something the hacktivist believes might be a violation of ethics or human rights. Hacktivism attacks may attempt to reveal evidence of wrongdoing by publicizing private communications, images or information.
While the technological basis of these techniques is constantly evolving to keep up with developments in cybersecurity, the following common hacking techniques are persistent:
- Phishing. The criminal hacker creates a fraudulent email that appears to come from a legitimate organization and prompts the user to open it. Users are then tricked into entering their login credentials and disclosing other personal information, such as birth date, Social Security number or credit card details.
- Viruses and malicious code. A hacker inserts malicious code, including worms and Trojan horses, into website files, often with the intent to steal cookies that track a user's online activity.
- User interface (UI) redress. This technique, also known as clickjacking, creates a fake UI and link on top of an authentic webpage and tricks the user into clicking on the link. The threat actor can then take access of the user's computer without their knowledge.
- DoS and DDoS. These techniques make it impossible for users to access their computer systems, networks, services or other information technology (IT) resources. Typically, a criminal hacker uses this technique to crash web servers, systems or networks by disrupting the normal flow of traffic.
- Domain name system (DNS) cache poisoning. This technique, also known as DNS spoofing, exploits DNS clients and web servers by diverting internet traffic to fake servers.
- Structured Query Language (SQL) injection. This technique adds SQL code to a web form input box in order to gain access to unauthorized resources and data.
- Keylogger injection. A keylogging program is injected into the user's system as malware to monitor and record each of the user's keystrokes. This enables the threat actor to steal personally identifiable information, login credentials and sensitive enterprise data.
- Brute-force attack. These attacks commonly use automated tools to guess various combinations of username and password until they find the correct combination.
While many famous technologists have been considered hackers -- including Donald Knuth, Ken Thompson, Vinton Cerf, Steve Jobs and Bill Gates -- threat actors are more likely to gain notoriety as hackers in mainstream accounts. Gates was also caught breaking into corporate systems as a teenager before founding Microsoft.
Some notorious threat actors include the following:
- Anonymous is a group of hackers from around the world who meet on online message boards and social networking forums. They mainly focus their efforts on encouraging civil disobedience and unrest via DoS attacks, publishing victims' personal information online, and defacing and defaming websites.
- Jonathan James gained notoriety for hacking into multiple websites, including those of the U.S. Department of Defense and National Aeronautics and Space Administration, as well as for stealing software code when he was a teenager. In 2000, James became the first juvenile -- he was just 16 years old -- to be incarcerated for computer hacking. He committed suicide in 2008 when he was 25 years old.
- Adrian Lamo hacked into the systems of several organizations, including The New York Times, Microsoft and Yahoo, to exploit their security flaws. Lamo was arrested in 2003, convicted in 2004, sentenced to six months of home detention at his parents' home and two years' probation, and ordered to pay about $65,000 in restitution.
- Kevin Mitnick was convicted of a number of criminal computer crimes after evading authorities for 2 ½ years. Once one of the Federal Bureau of Investigation's Most Wanted for hacking into networks of 40 high-profile corporations, Mitnick was arrested in 1993 and served five years in a federal prison. After his release, he founded a cybersecurity firm to help organizations keep their networks safe.
While not all types of hacking are considered malicious, the presence of threat actors necessitates strong cybersecurity defenses for enterprises, especially those dealing with sensitive information. Breaches in security can cause financial loss, as well as irreversible damage to an organization's reputation.
This guide on data security touches on the different types of data security, best practices and tips for building a security strategy. As remote work can increase cybersecurity risks, it is important to manage cybersecurity accordingly in the new digital age.
- Key lessons from an ethical hacker
- UK gets first millionaire ethical hacker
- Practice Certified Ethical Hacker exam questions
- DOJ indicts additional WannaCry conspirators
- Hackers Stole Customers' License Numbers from Geico in Months-Long Breach