The word hacker has been generally viewed in a negative image. But in this vast digital word, the word encompasses a lot, both good and evil.
What is a hacker? Is he the person sweating nervously behind a monitor as lines of code in fluorescent green flow by like a waterfall on his monitor? If that’s what you think, you’ve been watching way too many movies. With countless groundbreaking advancements in the cyber world happening every few months, the threat landscape has also increased beyond conceivable proportions. The word ‘hacker’ simply doesn’t cut it anymore. Normally, we consider hackers to be the bad guys who are out to steal our passwords and credit card data, and while that may be partially right, there’s a lot more to it!
Defining a ‘Hacker’
A hacker is basically someone who tries to get around the security measures placed around pre-existing software in order to access private data. The target for every hacker varies, from an office network to personal devices like PC or mobile phones, all the way up to complex integrated systems belonging to governments.
There are two qualities that usually classify hackers: ethics and knowledge. Ethics in the world of cybersecurity usually differentiates the bad guys from the good guys. Both types of hackers can gain access to confidential data that they shouldn’t have, but what they do with the data is what separates them. Hacking has also become very easy. It doesn’t take a Post-Graduate degree to hack into a number of different systems. There are many hacking tools available online, both free and paid, that are easy to download and even easier to implement. For the record, there are plenty of people who implement such tools for nefarious purposes, so with that in mind, we should break down the broad term ‘hacker’ into its various types.
‘Script Kiddies’ are basically the kindergarten students of the hacking world. These include the next-door neighbor who claims he can hack by changing certain names on a website. These individuals come under the classification of those hackers who have next to no knowledge of the computer world. Hacks performed by these script kiddies are usually for peer recognition or purely for amusement.
What empowers these script kiddies to hack is something known as scripts. A script is an application written by much experienced hackers that makes hacking easy to use. These scripts are almost like the Paint application you see in a Windows PC. There are various tools in a toolbar, such as a key logger, remote-access control or a DoS option. Whilst the script used for hacking is powerful and can cause damage to your PC, the person behind it is probably a novice. What’s worrisome is that such powerful scripts are available on the internet for prices as low as $40!
Deloitte and Symantec explain white-hat hackers and black-hat hackers through this video
According to recent trends, the number of hacks has grown exponentially over the years due to these script kiddies. Within Utah’s governmental network, there were 1 million hacks per year about two years ago. Now, that number has increased to round 20 million annual hacks.
Black Hat Hackers
These are the guys people were referencing when the term ‘hacker’ was first coined. Known to many as cyber criminals, these are the people that ‘hacker movies’ are based on. Black-Hat hackers are usually very skilled in programming and hacking and are often the perpetrators of the biggest cyber crimes we see in the news. They are responsible for much of the $2.1 billion in losses by cyber attacks that affect businesses every year.
These hackers have advanced knowledge of system networks, Operating Systems, applications and all their potential loopholes. While they write most of the malware for themselves, many of them also create scripts that can be used by script kiddies.
These guys are similar to an actual criminal network and are responsible for the larger and more widespread hacks on government installations, businesses etc. A recent example was the ransomware WannaCry. WannaCry was a type of malware that spread to a computer, encrypted its files, and prevented the user from accessing what they needed. For access to be returned to the user, the user had to pay a sum of money via Bitcoin to get a key that would then decrypt his/her files. The sum was to be paid in a certain time frame, after which all the person’s files would be deleted.
White Hat Hackers
As opposed to Black-Hat Hackers, these guys exist on the other end of the spectrum. These are the ‘good guys’ of cyber security. Like black-hat hackers, they’re highly skilled at programming and hacking, but ethics separates a black-hat hacker from a white-hat hacker. White-hat hackers perform their trade with direct permission from their clients to check and test their software or networks for potential breaches.
Also known as Ethical Hackers, they usually work for companies that employ cyber security tools to defend others from attacks. Under a legally binding document, ethical hackers try to breach the system of their client and identify vulnerabilities. They then try to patch these vulnerabilities and introduce counter measures to prevent black-hat hackers from breaching the system.
A common example to which we can relate is the antivirus program you are probably using on your PC. That antivirus program is a piece of software built by ethical hackers that defends your PC from vulnerabilities. Ethical hackers also test software like Windows and Linux in order to try and find vulnerabilities. These vulnerabilities are then patched in the form of system updates. all of which is done to combat the rising threat of cyber criminals.
Ethical Hacking is a very viable and sought-after job in the current work environment. One can aspire to become an ethical hacker by gaining various certifications offered by many companies. One of the more famous certifications is the CEH (Certified Ethical Hacker), which is offered by the EC Council.
Gray Hat Hackers
Like life, not everything can be split into black and white. There is always grey space, and the same is true for hackers. Gray-Hat hackers are not part of companies performing cyber security, nor are they part of the criminally inclined black-hat hackers. These people have great knowledge of hacking and usually put that knowledge to good use, but their means are considered illegal.
One common practice of gray-hat hackers is breaching companies without their consent. These folks might breach a company without its consent, but would not misuse the breach to extract any data. They would either contact the company to inform them of the breach or simply do nothing. Companies usually give a certain amount of money as bounties to such individuals as a reward for pointing out their system vulnerabilities.
A Few Last Words
Although the word “hacker” tends to evoke negative connotations, it’s important to remember that not all hackers are created equal. If we didn’t have white-hat hackers diligently seeking out threats and vulnerabilities before the black-hat hackers can find them, there would be a lot more cyber criminal activity exploiting vulnerabilities and collecting sensitive data to misuse in any way they please. While this may sound strange or counterintuitive, the privacy of your personal data is largely due to hackers!