Welcome to the first official article of Hacking and You; where we will be discussing the non-technical aspects of hacking, hacking culture, and the role it will play in our lives.
In my previous article, we quickly refined hacking into a short, easy-to-understand piece of information.
"Hacking is the skill of gaining unauthorised access to data in a system."
Of course, this doesn't fully cover the spectrum of hacking; but it wasn't meant to. I wanted to succinctly explain exactly what hacking is in very few words.
In this article, we will be discussing the different types of hackers as well as non-hackers or script kiddies. Let's begin.
There are 3 categories hackers fit in to: white hat, grey hat, and black hat. While I'm sure many of you have seen these terms thrown about, we will be going a bit more in depth to better understand the differences between the three.
At its core, hacking is actually ethical. Hackers are those who use their skills in constructive ways, whereas a cracker is someone who uses their skill in a destructive way.
With the media misunderstanding what a hacker truly is and perpetuating this idea that all hackers are black hats, it's become the universal term for us; this is where the hats system has come into play. It's a way for us to clarify the various kinds of hackers out there without getting into a heated (and pointless) dispute over what a hacker truly is.
White Hat
Ethical hackers and information security experts fall into this category.
White hats are employed to find vulnerabilities in the security of an organisation or system; to patch those vulnerabilities as well as developing practices and procedures for the company to follow stringently in order to prevent any unauthorised access to the systems. Of course, this cannot always be achieved due to the one common weakness of any security system. People.
White hats use the same tactics that any black hat would use to try to detect any possible exploits within a system; even if it is something as simple as sending an email pretending to be from the I.T. department asking for login credentials.
The difference between white hats and any other kind of hacker is that they're given permission and actually paid to carry out their work, making any hacking that they do on any specific systems they're given permission to hack completely legal.
Black Hat
Cyber criminals, scammers, phishers, unethical hackers, and the like hide under black hats.
These hackers are the exact opposite to white hats; where a white hat will be lawfully breaking into a system, a black hat will be doing it entirely illegally. They try to steal valuable information for their own purposes and agenda; whether it be banking details to steal money, hacking into corporations to commit corporate espionage, or just sending those spam emails claiming to be a Nigerian prince. They are breaking the law.
Either that, or they might just be wanting to bring down websites to disrupt business just for kicks; this causes major online businesses such as Amazon and PayPal to lose significant amounts of money, even if the disruption lasts 1 minute. This is also illegal.
Take note that, to a black hat, any piece of information can be useful; a lot of people have a misconception that their information isn't valuable to hackers due to an intrinsic lack of financial gain on the hackers end. This is entirely not the case. Nearly anything, and I do mean nearly anything, can be valuable to a hacker. While you may not have a lot of money, assets, or investments; they can use your information to clone your identity and use it in their social engineering, committing crimes under this stolen identity.
Grey Hat
Most of us fall into this category.
The reason we're known as grey hats is due to our rather ambiguous motives. We can either be vigilantes, seeing the law as an impediment to further our agenda for the greater good; but we can also be malicious, destroying systems for reasons unknown to most but ourselves. So what we do encompasses both ends of the spectrum and you can think of us as a sort of hybrid of the two kinds mentioned before.
It's kind of weird to explain really; we can break into a system and we may choose either to alert the system administrators or not. Most of our black hat-esque endeavours will be passive, remaining relatively undetected as opposed to the destructive nature of black hats. While most of our white hat-esque endeavours will be a bit more active, providing detailed warnings and fix suggestions to system administrators.
In the end we follow our own code of conduct that we develop according to our own moral compass. Oddly enough, as I type this, I can't stop thinking about the main protagonist from Watch Dogs; not because of its release, but because I feel like he is the only relatable popular grey hat icon today that everyone knows about.
He is the quintessential grey hat and you can really think of a grey hat as true neutral in D&D terminology. I didn't want to use any popular media as a reference, but I suppose it's the easiest way for people to understand.
Script Kiddies
These people have not developed any hacking skills of their own.
They use simple tools available written by actual skilled hackers without understanding basic underlying concepts. They are often immature, lazy, and not terribly intelligent.
They don't know how to program, they use tools that others have developed without understanding how or why it works, they don't know how to find exploits for themselves, they don't want to learn anything. They just want instant gratification with a hacker status without doing any work. They also tend to brag about their 'hacking abilities' and threaten to hack people that anger them.
Now while I say they don't know how to do these things, if you don't know how to do them, don't worry. There's a difference between learning and ignorance; the latter applies to script kiddies.
With that being said, don't be this guy; this guy is a joke within our culture and is not a hacker at all.
In any case, I hope this article has cleared some things up for you wondering about the different kinds of hackers that are out there and where you fit into these categories. If there are any questions or if you feel I've left out any important information; please don't hesitate to leave a comment letting me know about it.
Next article: The Hacker's Mindset.
ghost_
24 Responses
Don't be a S|<r1p7 |<11d13
We will find you, we are legion of SK's
please see this in the tone it was meant my friend. Another good article
EX1S7:
Thank you for the compliment.
ghost_
I like it! +1
I agree with what you wrote...especially about those script kiddies, even tho I had no name for them...lol.
Good article, I agree with the SK point. Although i have not yet started my hackerpath i will. Gandalf hat here i come!
Adam Bjorkman:
So long as you retain your mindset of wanting to know more and actively pursuing knowledge to further yourself, you will not fall into that category.
ghost_
Fantastic explanation without complicating people, easy for anyone to understand the differences.
Script kiddies, the amount of them that think they are top dog and suddenly think they are experts in a couple of weeks..... then the amount of them that get caught by our company trying to hack servers thinking they can hide behind a couple of false IP addresses..... Only wish I could see the looks on there faces when the police are knocking at there doors at 6am before they head off to school :D
Ian Holmes:
Thank you; I suppose it does help having a degree in journalism.
As for the script kiddies comment; that's precisely my point. I have no time or patience for willfully ignorant people.
ghost_
hello ghost :)
I am setting up a lab but i ain't got enough computers...do you think setting up boxes in vmware station will give the same results? thanks ;)
yes. that is a proper Lab. You need VMWare set up with a few different types of OS's and a few Cisco switches set up in there too.
oh cool...tell me more about the cisco switches
google gns3
GNS3 is an open source (GNU GPL) software that simulates complex networks while being as close as possible from the way real networks perform, all of this without having dedicated network hardware such as routers and switches.
Thought of the day:#~sudo proxychains iceweasel
kkk, thanks...yeah..we did the proxychain lesson well with OTW and it's importance cannot be stressed enough
Sir GHOST _:
You made my decision to leave the hacking tools (temporarily) like msf more firm. NOW first i will get the skills(Networking,programming etc.) And then come back to These hacking lessons by Master OTW.
I tried many hacks using aircrack-ng & msf and "not even one" of them worked.So , i've stopped using any hacking tools till the time i've necessary skills...Am i going right ?
May i ask you to tell me how you started with hacking Sir .. And what according to you is the best way ? I think that would be "INSPIRING" for many of us here(atleast for me) .
Thank You
Pranav:
I think you are making the right decision. You really need to build a foundation of IT skills to be successful hacking.
OTW
Agreed, This will all make better sense when you know what is happening and why.
While I generally try not to speak for other people. I think we all got started because we had an interest in it, much like you, and its grown from there.
Some of us are heading onto university courses, others try and keep their skills slightly more hidden, OTW does his best to keep the peace and coach everybody so these interests can grow into skills. All it takes is a spark of interest and a will to learn and you're already a hacker to some extent.
Pranavvats:
I'm glad I've helped you make the correct decision. As Occupy The Web has stated; a foundation of IT skills is necessary.
While I'm flattered, I'm not one to inspire. We're all at different levels, but we all have one thing in common; I'm just like anyone else here, I'm still learning.
I would suggest following OTW's tutorials to the tee. I don't see any point in instructing people in the technical aspects when OTW has worlds more experience than myself and written so many guides.
With that said, I'm writing about the hacker's mindset in my next article. Maybe I will share my story there, it does tie in with the subject.
ghost_
Just an update with my next article. Sorry it's late, my grandfather recently died so I've been dealing with that; and work has been hectic. I'll try to finish and post the next article soon.
With that being said, let's get more people into the i2p channel, #nullbyte.
ghost_
If i use zanti on my android to target networks and compromise them and i understand how they work also have developed a few programmes like port scanners and im planning to build my own mobile hacking suite
Am i a script kiddie for using another persons tool ?
If you have to ask then theirs your answer. Sorry that's mean. Truthfully there is nothing wrong with being a script kiddie, its just a level you are at given your skill, ability and desire to move forward. Some people are script kiddies and are very effective with what they do. Others spend countless hours trying to learn what ever they can and move forward. When used derogativley people are typically referring to someone that only uses someone elses work and can not use/create there own (I.E. running scripts). This is made worse by their lack of effort to even try and figure out issues when the script doesn't just work and expect someone else to figure it out.
So my advice is don't worrie if you are this or that, just keep learning and trying no one knows everything.
But I am not ignorants nd never threaten to hack people
Also I have learned
C++
Python
C
Perl(a little bit)
Also I know how to use the sockets on those reapective sockets
Using another person's tool is fine, it doesn't make you a script kiddy. I was more talking about the general attitude there.
Also, sorry for the late reply. I didn't see your comment.
ghost_
Sometimes I catch myself acting or sounding like a script kiddie. If I ever act like one here on Null Byte, please do tell me. I do want to learn, and I don't want to leech. Thank you so much for the tutorial, though, Ghost!!
Share Your Thoughts