Change background image
  1. What's up? I see you're viewing as a Guest. How about registering, it only takes like 2 minutes. This will enable you to do more on our forum and stay updated.

Hacker Types, Attitudes, & Hat Colors

Discussion in 'Forum Chatter' started by dns, May 17, 2011.

Thread Status:
This thread is more than 180 days old.
  1. dns

    dns Active Member Admin

    Many people do not know that hackers are typically classified into different groups depending on their actions and overall netiquette. Therefore I felt this may sum it up. This was a pulled from the combination of the Wiki and WindowSecurity since they both combine to actually explain this to you all better than I could myself.

    Hacker attitudes
    Several subgroups of the computer underground with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree. Eric S. Raymond (author of The New Hacker's Dictionary) advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as one wider hacker culture, a view harshly rejected by Raymond himself. Instead of a hacker/cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker. According to (Clifford R.D. 2006) a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system". These subgroups may also be defined by the legal status of their activities.

    Hacker 'Hats'

    White hat
    A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. Often, this type of 'white hat' hacker is called an ethical hacker. The International Council of Electronic Commerce Consultants, also known as the EC-Council has developed certifications, courseware, classes, and online training covering the diverse arena of Ethical Hacking.

    Black hat
    A Black Hat Hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain"(Moore,2005). Black Hat Hackers are "the epitome of all that the public fears in a computer criminal"(Moore,2006). Black Hat Hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.

    The way Black Hat Hackers choose the networks that they are going to break into is by a process that can be broken down into two parts. This is called the pre-hacking stage.

    Part 1 Targeting Targeting is when the hacker determines what network to break into. The target may be of particular interest to the hacker, or the hacker may "Port Scan" a network to determine if it is vulnerable to attacks. A port is defined as "an opening through which the computer receives data via the network"(Moore,2005). Open ports will allow a hacker to access the system.

    Part 2 Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them access the system. The main way that hackers get desired results from this stage is from Social Engineering, which will be explained below. Aside from Social Engineering hackers can also use a technique called Dumpster Diving. Dumpster Diving is when a hacker will literally dive into a dumpster in hopes to find documents that users have thrown away, which will help them gain access to a network.

    Grey hat
    Many of us have an ethical standard that will and can vary depending on the situation. Hackers are no different in that aspect. Grey hat hackers just like us are not outright malicious, however they can justify their means by their own personal brand of ethics. That is very much where the grey hat hacker resides.

    What is different between our grey hat and our white hat is the way they go about their business. Some software manufacturers explicitly forbid reverse engineering of their products. While this would deter the white it in all likelihood will not deter the grey hat. After all there has yet to be a definitive ruling to my knowledge from the Supreme Court in the US over this issue. Furthermore, if a flaw is found, how long should a security researcher wait before disclosing the issue to the public? Many large companies are well over the sixty day limit normally given for correcting programming flaws. For grey hats the answer will vary as they very much go by their own code of ethics, which can be very different from another grey hat. So what differences between white hats and grey hats have we so far? Well reverse engineering products which explicitly state not to for one, and secondly our grey hat will not wait forever for the vendor to issue a fix. These changes may not seem like much, but once again we are talking about grey hat hackers, and the many shades of grey that represent them.

    Elite hacker
    A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits will circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members. Elite (e.g. 31337) gives the term leet speak its name.

    Script kiddie
    A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept—hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature).

    A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.

    Blue hat
    A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

    A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks. In more extreme cases, hacktivism is used as tool for cyberterrorism.

    I hope this helps you to better understand that not all hacking or hackers are bad. Many people are under the perception that if your a 'hacker' your a bad guy and will try to steal their information. But as you can clearly see, many people just don't know that there are many variations of hackers just as there are variations of any group of people. Thanks for your interest on this post!
  2. brann22

    brann22 New Member Member

    Very good explanation and description of what we call hackers. (:
Thread Status:
This thread is more than 180 days old.

Share This Page