Welcome to the first official article of Hacking and You; where we will be discussing the non-technical aspects of hacking, hacking culture, and the role it will play in our lives.
In my previous article, we quickly refined hacking into a short, easy-to-understand piece of information.
"Hacking is the skill of gaining unauthorised access to data in a system."
Of course, this doesn't fully cover the spectrum of hacking; but it wasn't meant to. I wanted to succinctly explain exactly what hacking is in very few words.
In this article, we will be discussing the different types of hackers as well as non-hackers or script kiddies. Let's begin.
There are 3 categories hackers fit in to: white hat, grey hat, and black hat. While I'm sure many of you have seen these terms thrown about, we will be going a bit more in depth to better understand the differences between the three.
At its core, hacking is actually ethical. Hackers are those who use their skills in constructive ways, whereas a cracker is someone who uses their skill in a destructive way.
With the media misunderstanding what a hacker truly is and perpetuating this idea that all hackers are black hats, it's become the universal term for us; this is where the hats system has come into play. It's a way for us to clarify the various kinds of hackers out there without getting into a heated (and pointless) dispute over what a hacker truly is.
Ethical hackers and information security experts fall into this category.
White hats are employed to find vulnerabilities in the security of an organisation or system; to patch those vulnerabilities as well as developing practices and procedures for the company to follow stringently in order to prevent any unauthorised access to the systems. Of course, this cannot always be achieved due to the one common weakness of any security system. People.
White hats use the same tactics that any black hat would use to try to detect any possible exploits within a system; even if it is something as simple as sending an email pretending to be from the I.T. department asking for login credentials.
The difference between white hats and any other kind of hacker is that they're given permission and actually paid to carry out their work, making any hacking that they do on any specific systems they're given permission to hack completely legal.
Cyber criminals, scammers, phishers, unethical hackers, and the like hide under black hats.
These hackers are the exact opposite to white hats; where a white hat will be lawfully breaking into a system, a black hat will be doing it entirely illegally. They try to steal valuable information for their own purposes and agenda; whether it be banking details to steal money, hacking into corporations to commit corporate espionage, or just sending those spam emails claiming to be a Nigerian prince. They are breaking the law.
Either that, or they might just be wanting to bring down websites to disrupt business just for kicks; this causes major online businesses such as Amazon and PayPal to lose significant amounts of money, even if the disruption lasts 1 minute. This is also illegal.
Take note that, to a black hat, any piece of information can be useful; a lot of people have a misconception that their information isn't valuable to hackers due to an intrinsic lack of financial gain on the hackers end. This is entirely not the case. Nearly anything, and I do mean nearly anything, can be valuable to a hacker. While you may not have a lot of money, assets, or investments; they can use your information to clone your identity and use it in their social engineering, committing crimes under this stolen identity.
Most of us fall into this category.
The reason we're known as grey hats is due to our rather ambiguous motives. We can either be vigilantes, seeing the law as an impediment to further our agenda for the greater good; but we can also be malicious, destroying systems for reasons unknown to most but ourselves. So what we do encompasses both ends of the spectrum and you can think of us as a sort of hybrid of the two kinds mentioned before.
It's kind of weird to explain really; we can break into a system and we may choose either to alert the system administrators or not. Most of our black hat-esque endeavours will be passive, remaining relatively undetected as opposed to the destructive nature of black hats. While most of our white hat-esque endeavours will be a bit more active, providing detailed warnings and fix suggestions to system administrators.
In the end we follow our own code of conduct that we develop according to our own moral compass. Oddly enough, as I type this, I can't stop thinking about the main protagonist from Watch Dogs; not because of its release, but because I feel like he is the only relatable popular grey hat icon today that everyone knows about.
He is the quintessential grey hat and you can really think of a grey hat as true neutral in D&D terminology. I didn't want to use any popular media as a reference, but I suppose it's the easiest way for people to understand.
These people have not developed any hacking skills of their own.
They use simple tools available written by actual skilled hackers without understanding basic underlying concepts. They are often immature, lazy, and not terribly intelligent.
They don't know how to program, they use tools that others have developed without understanding how or why it works, they don't know how to find exploits for themselves, they don't want to learn anything. They just want instant gratification with a hacker status without doing any work. They also tend to brag about their 'hacking abilities' and threaten to hack people that anger them.
Now while I say they don't know how to do these things, if you don't know how to do them, don't worry. There's a difference between learning and ignorance; the latter applies to script kiddies.
With that being said, don't be this guy; this guy is a joke within our culture and is not a hacker at all.
In any case, I hope this article has cleared some things up for you wondering about the different kinds of hackers that are out there and where you fit into these categories. If there are any questions or if you feel I've left out any important information; please don't hesitate to leave a comment letting me know about it.
Next article: The Hacker's Mindset.