Members-only Printer-friendly version

4. Attacks and Attackers

Attacks, as well as the attackers, come in many different shapes and forms. Before we go through the most common types of attacks, we'll first have a look at who the attackers are and what their motivation is. Please note that the descriptions below are used and abused often more incorrect than correctly, and are not defined in any standard.

Hackers
The term hacker is used to define someone who overcomes limitations in hard and software by using clever solutions, often to 'problems' the typical computer user doesn't even know of. A hacker wants to know the ins-and-outs of a system and go even further. Curiosity and competition are often part of the motivation of a hacker. In terms of security the term hacker is often used incorrectly to describe malicious individuals who gain unauthorized access to network resources. The hacker community has made several attempts to take back the word 'hacker' by providing alternatives to define those that do have malicious intentions, such as 'cracker'. These attempt have largely failed, because today it is quite common to use the word hacker when talking about someone who breaks into computers. When a security system is breached by someone who cracked passwords, it's said the system is 'hacked'.

Crackers
A cracker is a more proper term to describe someone with malicious intentions who gains unauthorized access to network resources or software. They crack passwords, code, and software to gain unauthorized access to a system in order to steal, alter, or destroy data.

Black Hats
These are considered the bad hackers, the crackers. Their motivation includes money, recognition ("Look at me, I hacked the NSA!", "I told you Microsoft Windows has more back doors than the Matrix!"), improving security, and various criminal intentions.

White Hats
These are considered the good guys, hackers with a certain level of ethics. Their goal is to improve security and create awareness. They are often employed by security companies to work as security auditors and perform penetration testing.

Grey Hats
Black hats turned white who use their black hat skills for a white hat job.

Script Kiddies
These are the amateurs, the wannabees. They usually don't have a lot of resources nor knowledge about the target, nor advanced hacking skills, but they can be disastrous nevertheless. Especially when they play with the tools written by more knowledgeable hackers and crackers.

Governments
Intelligence agencies who want to stay on top of things usually have a department with extremely skilled hackers and crypto-analysts. They have the resources, the money, and usually know a lot about the target.

Employees
The not-so-trustworthy employees who are already connected to the network which gives them a head start if they have malicious intentions. Attacks by ex-employees who want revenge or settle a score are quite common. That's why it is important to disable the user account of an employee as soon as possible. Preferably, although often not possible, as soon as the employee knows he or she is going to get fired. Also employees without an ill agenda can do lot of damage. Do to improper configurations, users can be given the access and the rights to damage resources in the network. A lot of times this is done unintentionally. The user accidently deletes, moves, or changes company resources or stumbles on private information about other employees or customers (i.e. salaries, social security numbers) when browsing the file server.

Hacktivists
This type of attacker is usually out to make a political statement create awareness about certain issues. Examples are human and animal rights activists. They often don't have an extreme amount of skills or knowledge about the target, but they may have a lot of resources. A common attack from hacktivists is a DDOS attack performed by gathering enough people with the same ideals who have a computer with Internet connection.

Terrorists
Scum of the earth who attempt to cause chaos and worse, often for political or religious reasons. Unfortunately, they have a lot of resources and skills, and know the target very well.

L33t hax0rs (Elite hackers)
Usually script kiddies with an Unreal Tournament, or similar online multiplayer first-person-shooting game, addiction. In case they do have any skills they usually waste them on cracking games to give them an unfair advantage. Their motivation is typically to win by cheating and showing off the little amount of skills they have.