Queenie C.

Quiñones November 20, 2019

BSOA 2-1

Types of Hackers and Its Examples

1. White Hat Hackers

Meet the right guys on the dark web. White hat hackers, also known as ethical
hackers are the cybersecurity experts who help the Govt and organizations by performing
penetration testing and identifying loopholes in their cybersecurity. They even do other
methodologies and ensure protection from black hat hackers and other malicious cyber
crimes. Simply stated, these are the right people who are on your side. They will hack into
your system with the good intention of finding vulnerabilities and help you remove virus and
malware from your system.

Example:
The "other Steve" of Apple, Steve Wozniak got started as a white-hat hacker by
making something called blue boxes. Wozniak and Jobs built blue boxes, which essentially
hack the phone system so users can make free long-distance calls. They then sold the blue
boxes to their classmates in college. Of course, you know the rest of the story. From blue
boxes they moved on to bigger and better things. Those early days of white-hat hacking are
what started them off.

2. Black Hat Hackers

Taking credit for the negative persona around “hacking,” these guys are your culprits.
A black hat hacker is the type of hacker you should be worried. Heard a news about a new
cybercrime today? One of the black hat hackers may be behind it. While their agenda may
be monetary most of the time, it’s not always just that. These hackers look for vulnerabilities
in individual PCs, organizations and bank systems. Using any loopholes they may find, they
can hack into your network and get access to your personal, business and financial
information.

Example:
Kevin Poulsen (a.k.a. Dark Dante). The notorious ’80s black hat hacker, Kevin
Poulsen, gained recognition for his hacking of the telephone lines for LA radio station KIIS-
FM, securing himself a place as the 102nd caller and winning a brand new Porsche 944,
among other prizes. Law enforcement dubbed Poulsen the “Hannibal Lecter of computer
crime.” Poulsen went underground as a fugitive when the FBI began its search for him, but in
1991, he was finally captured. He pleaded guilty to seven counts of mail, wire and computer
fraud, money laundering, obstruction of justice, and for obtaining information on covert
businesses run by the FBI. Kevin Poulsen was sentenced to 51 months in prison (4 years
and 3 months), which was the longest sentence ever given for hacking at the time.
3. Gray Hat Hackers

Gray hat hackers fall somewhere in between white hat and black hat hackers. While
they may not use their skills for personal gain, they can, however, have both good and bad
intentions. For instance, a hacker who hacks into an organization and finds some
vulnerability may leak it over the Internet or inform the organization about it. It all depends
upon the hacker. Nevertheless, as soon as hackers use their hacking skills for personal gain
they become black hat hackers. There is a fine line between these two. So, let me make it
simple for you. Because a gray hat hacker doesn’t use his skills for personal gain, he is not a
black hat hacker. Also, because he is not legally authorized to hack the organization’s
cybersecurity, he can’t be considered a white hat either.

Example:
In August 2013, Khalil Shreateh, an unemployed computer security researcher,
hacked the Facebook page of Mark Zuckerberg, Facebook's CEO, in order to force action to
correct a bug he discovered which allowed him to post to any user's page without their
consent. He had tried repeatedly to inform Facebook of this bug only to be told by Facebook
that the issue was not a bug. After this incident, Facebook corrected this vulnerability which
could have been a powerful weapon in the hands of professional spammers. Shreateh was
not compensated by Facebook's White Hat program because he violated their policies
making this a grey hat incident

4. Script Kiddies

A derogatory term often used by amateur hackers who don’t care much about the
coding skills. These hackers usually download tools or use available hacking codes written
by other developers and hackers. Their primary purpose is often to impress their friends or
gain attention. However, they don’t care about learning. By using off-the-shelf codes and
tools, these hackers may launch some attacks without bothering for the quality of the attack.
Most common cyber attacks by script kiddies might include DoS and DDoS attacks.

Example:
They are capable of attacking even the biggest web platforms, just as we saw in
2005 where an 18-year-old boy from Minnesota – Jeffrey Parson, was charged for spreading
a modified version of the Blaster computer worm, which produced a DDoS attack against all
computers that used the Microsoft Windows operating system. He was sentenced to 18
months in prison for the widespread colossal damage caused by his program.

5. Green Hat Hackers

These hackers are the amateurs in the online world of hacking. Consider them script
kiddies but with a difference. These newbies have a desire to become full-blown hackers
and are very curious to learn. You may find them engrossed in the hacking communities
bombarding their fellow hackers with questions. You can identify them by their spark to grow
and learn more about the hacking trade. Once you answer a single question, the hackers will
listen with undivided attention and ask another question until you answer all their queries.
6. Blue Hat Hackers
These are another form of novice hackers much like script kiddies whose main
agenda is to take revenge on anyone who makes them angry. They have no desire for
learning and may use simple cyber attacks like flooding your IP with overloaded packets
which will result in DoS attacks.

Example:
Blue Hat Microsoft Hacker Conference is a event started by Window Snyder. In this
event the Microsoft Engineers and Hackers meet together. They can communicate on
different security problems and also for better understanding. That is why this event also
play an important role in the world of cybersecurity.

7. Red Hat Hackers

Red Hat Hackers have an agenda similar to white hat hackers which in simple words
is halting the acts of Blackhat hackers. However, there is a major difference in the way they
operate. They are ruthless when it comes to dealing with black hat hackers.
Instead of reporting a malicious attack, they believe in taking down the black hat
hacker completely. Red hat hacker will launch a series of aggressive cyber attacks and
malware on the hacker that the hacker may as well have to replace the whole system.

8. State/Nation Sponsored Hackers

State or Nation sponsored hackers are those who have been employed by their state
or nation’s government to snoop in and penetrate through full security to gain confidential
information from other governments to stay at the top online. They have an endless budget
and extremely advanced tools at their disposal to target individuals, companies or rival
nations.

Example:
The WannaCry ransomware campaign hit hundreds of thousands of computer
systems worldwide in one fell swoop, causing disruption to countless organizations including
the UK's National Health Service (NHS), US hospitals, Nissan, and Russian banks.

9. Hacktivist
If you’ve ever come across social activists propagandizing a social, political or
religious agenda, then you might as well meet hacktivist, the online version of an activist.
Hacktivist is a hacker or a group of anonymous hackers who think they can bring about
social changes and often hack government and organizations to gain attention or share their
displeasure over opposing their line of thought.

Example:
An example of hacktivism is denial of service attacks (DoS) which shut down a
system to prevent customer access. Other examples involve providing citizens with access
to government-censored web pages or providing privacy-protected means of communication
to threatened groups (such as Syrians during the Arab Spring).
10. Malicious Insider or Whistleblower
A malicious insider or a whistleblower may be an employee with a grudge or a
strategic employee compromised or hired by rivals to garner trade secrets of their opponents
to stay on top of their game. These hackers may take privilege from their easy access to
information and their role within the company to hack the system.

Example:
Target: Third-Party Credential Theft. Target’s highly publicized 2013 credit card data
breach was a result of a third-party vendor (another type of insider threat) taking critical
systems credentials outside of an appropriate use-case. The credential access allowed the
hackers to take advantage of weaknesses in Target’s payment systems to gain access to a
customer database and install malware. Then, they were able to steal personally identifiable
information (PII) of Target’s customers, including: names, phone numbers, emails, payment
card details, credit card verification codes, and more.