Terms used in information technology and IT security often are vague. Take, for instance, cloud computing. Some might think of the public cloud; others, the private, hybrid or community cloud. Or, the term could mean software as a service, platform as a service and so on.
The same can be said of the word hacker. Not all hackers are the same, and that presents problems in defending against them, writes Stuart Coulson, a director of the British hosting provider, in an article on the U.K. website business7.co.uk:
"The catch-all media description of a hacker is one who accesses a computer system by circumventing its security system. But contrary to popular belief, not all are motivated by the prospect of obtaining credit-card details or personal data that they can sell for cash. Not all that fall into the hacker category are cybercriminals. Not all are human."
Coulson identifies seven levels of hackers, the higher the number, the greater the danger they pose:
- Script Kiddies: Essentially bored teens with some programming skills who hack for fun and recognition. They're thrill seekers.
- The Hacking Group: A loose collection of script kiddies who wield more power as a collective than as individuals, and can cause serious disruption to business. Think LulzSec, known for attacks last year on Sony, CIA and the U.S. Senate, among others [see LulzSec: Senate, Sony Hackers Profiled].
- Hacktivists: Collectives that often act with a political or social motivation. Anonymous is the best known hacktivist group that has been credited - or blamed - with attacks against child-porn sites, Koch Industries, Bank of America, NATO and various government websites.
- Black Hat Professionals: Using their expert coding skills and determination, these hackers generally neither destroy nor seek publicity but figure out new ways to infiltrate impenetrable targets, developing avenues of attacks that could prove costly for governments and businesses.
- Organized Criminal Gangs: Led by professional criminals, these serious hackers function within a sophisticated structure, guided by strict rules to ensure their crimes go undetected by law enforcement.
- Nation States: With massive computing power at their disposal, they target critical infrastructure, military, utilities or financial sectors.
- The Automated Tool: Fundamentally, it's a piece of software that acts like a worm virus and tries to affect as much as possible to give itself the largest possible framework. "A well-crafted tool could be utilized by any one of the other six criminal types," Coulson says.
To defend against these seven levels of hackers, a lesson from ancient Chinese military treatise "The Art of War" seems apropos: "Know your enemies."
Yet, getting to know them won't be easy. We hear a lot about the first three levels of hackers, but what's scary is that we don't know much about the other levels that pose the greatest threats to information security.