Classes of Hackers
As we see, internet usage has turned out to be more
inescapable over the world. Because of which the attack surface is wide and
growing well. Most of us are spending more time accessing internet. Attackers
are taking the advantage of this cyber addiction of the people. Cyber
adversaries may likely be already on our network and end points, to steal the
personal or business data. However, the question is who the attackers are and
what are they targeting for and what is their motive for performing the attack.
It is very important for the Cyber investigators to know
about the attackers in order to properly investigate the cyber-attack. Doubtlessly,
there is a need to know the purpose of the attackers. If we ask the following
questions to ourselves then we will understand who the attackers are. Was the
attacker a sophisticated or novice. A lot of times cyber attackers even if they
are advanced and eventually become pretty sophisticated often times they do for
personal grudge or revenge.
There are different types of attackers:
They don’t know what they are doing and they don’t possess
any skills of hacking. Although these individuals try to be hackers, they lack
the relevant training. They are idiots, who don’t know how to use the hacking
tools and often misuses them. Certainly they won’t be successful in attacking
the targets. For example, they may be targeting a Linux machine with the tool
which is designed to run on windows box.
A script kiddie is a step ahead of Wannable lamer. They are
unskilled individuals who try to attack the computers and network using the automated
tools or scripts developed by others. These people are not experts but they
exploit the vulnerabilities in the systems that have been uncovered by others
and these weaknesses are typically shared on the ‘dark web’. At times, these
individuals just attack for fun or to show off among their peers so they just
randomly select the attack vectors with the limited knowledge about the
systems. They are boastful and mostly concerned about their personal credit
than the profit.
example of an attack perpetrated by a ‘script kiddie’ is the TalkTalk hack in
October 2015. The attack, which reportedly cost the company £42 million and
resulted in the ICO’s record fine to-date, was the work of a 17-year-old boy
who claimed he was “just showing off” to friends.
Criminal hackers are called as Crackers. These guys explore
and break the systems. They are motivated by personal fame and want to live a
luxury lifestyle so they choose an easier way to make enough money.
They do it usually by extortion to steal sensitive
information or confidential data.
They are the individuals who understand how the attackers
work and learn about hacking to better protect the systems. They are the
security professionals who understand the architecture and know how to securely
design the systems. Responsible for explaining the cyber attacks to the law
enforcement and creating awareness on the security to the company.
QPS (Quiet, Paranoid,
They are sophisticated hackers compared to crackers or
ethical hackers. Highly skilled with uncovered attack methods. They may be
“white hat” or “black hat” attackers who usually make a huge amount of money
through breaking into the systems. Use a less noisy way to identify the
vulnerabilities and then attack only the vulnerabilities that makes sense on
that particular system.
Cyber warriors are associated with military organization.
They are also called as “military hacker”. They are usually assigned a target
and asked to evaluate the target with military objective.
This individual tries to gain profit for his company by
participating in hacking action against a business enemy, generally employed
secretively by an organization. The objective of the Spy is to deeply acquire
the intellectual property or business knowledge. A lower-end kind of this
hacking is that some sales representatives utilize industrial Spy attackers to
obtain contact databases or notes from other business people, realizing who the
chiefs are and how much cash they have been going through with the opposition.
Foreign governments are appointing intelligence agent to
know the secret information about their competitive adversaries and gain the
economic and political advantage. While guarding against this sort of attack,
all the possible ways has to be investigated. Not like every single past
classification of hacking, these hackers have the financial plan and scope to
do stuffs, say for example, preparing someone to be your ideal representative
and having them in contract with your organization. During the investigation,
following are some of the considerations that have to include:
Beware of the malicious insider. For example, a spy working
for your company.
Proper implementation of Physical security. For example,
there is a possibility of stealing the sensitive information to outside through
thumb drives or hard drives.
Employee Hacking. For example, agent may consider the
employees with sensitive information and access the their systems when they are
not at desk to gain access to their email accounts, personal identifiable
information and eventually compromising the systems.
In case the organization you are guarding has sensitive
information on which the other foreign countries agents are targeting then your
objective is to coordinate and communicate with a proper government
organization and have a security plan for that to train and recognizes all the threats,.
Unlike government agents, military hackers have more funds to
have sufficient man power and hacking tools. Military hacking frequently has a
dangerous or crippling target proposed to pick up flexibility of development
and opportunity of correspondence in a field of battle, while denying the same
to the adversary. Electronic warfare and Cyber warfare are linked closely. The
entire network can be shut down and made unavailable to the users by hacking
the routers of the network or by disabling all the systems in that area. There
is lot of scope in building new cyber hacking tools and training people in this