Security for Web-based mail: A case study (Types of hackers sidebar)

[back to Security for Web-based mail: A case study]

Script Kiddies are novices that have little skill, few resources, little expertise and little knowledge of the system they are attacking. They typically use tools written by White Hat Hackers and think that they know a whole lot more than they really do. Both Black and White Hat Hackers sneer in contempt at Script Kiddies. However, they do exist and they can wreak havoc on unprotected systems.

White Hat Hackers are very technical people that try to access systems for the sheer thrill of it. They are often referred to as Old School or Noble Hackers (and hence the original definition above). Their goal is typically twofold: the first is to see if they can increase their technical knowledge by hacking into systems and seeing what makes them tick; the other is to verify that if a vendor claims that their product is secure, that it is indeed so. They will identify potential vulnerabilities and alert the vendors and after time is given for the vendor to react, publish the vulnerability to ensure that everyone knows about it (otherwise, only a few people would know, which is not a good thing). So why worry about White Hat Hackers? The problem is that in publishing the vulnerability, they sometimes publish an attack tool that greatly simplifies the use of the vulnerability. This tool is usually what is used by Script Kiddies in their attacks.

Black Hat Hackers are very technical people that try to access systems for malevolent purposes. These people seek to enter systems usually with the intention of embarrassing companies by destroying, defacing, or corrupting their systems. In addition to their high skills, they tend to have sophisticated resources and tools at their disposal and have intricate knowledge of the architecture and setup of the systems they are attacking.

Hacktivists are people generally with fewer skills and resources than Black Hat Hackers, but whose motive is to attack systems for political or religious reasons. Their sole goal is to make a statement, and if it requires hacking into a system to access information, deface it, or destroy it, they will do it.

Corporate Spies are people with fair to excellent computer science skills whose single motive is financial. If they are contracted to get access to information pertaining to the attribution of a major government contract, for example, they will hack whatever systems will need to be hacked in order to acquire that information.

Insiders are people that are hired by a company and work there. They can either be employees or contractors and usually have one of two motives for hacking your systems: the first is for financial gain, the other is for revenge. In the first case, their motives are the same as Corporate Spies. In the second case, it could be a way to compensate for some kind of perceived offense that was done to them, such as a demotion, a cut in pay, or an administrative note in their personnel record. Many security problems occur considerably more often with insiders than outsiders.