10 types of hackers and how they'll harm you

Understanding the different types of hackers, what motivates them, and the malware they use can help you identify the attacks you are most likely to face and how to properly defend yourself and your organization.

CSO: Have you met these hackers? [slide 01]
Getty Images / robertiez

Hacker profiles

Hackers—and the malware they build and use—have grown up in the last couple of decades. When computers were big putty-colored boxes, hackers were just learning to walk and their pranks were juvenile — maybe they would create a bit of silly malware that did little more than flash “Legalize Marijuana!” or play Yankee Doodle across your screen. As computers have evolved into an economy of their own, hackers, too, have evolved out of those wide-eyed nerds into an audacious army of criminals.

Computers are no longer novel. And hackers are no longer messing around. Gone are the social misfits entertaining themselves with a bit of all-night geek hijinks, energy drinks and junk food. Today’s hackers are skilled professionals with serious jobs. They get paid well, have Human Resource teams, and take holidays off.

What are those jobs? The hacker employee profile is as various as the ways people earn money or power. But they fall, roughly, into these ten basic types.

types of hackers [slide 02]
Getty Images / matejmo / welcomia

The bank robber

Once there were bank robbers and road agents who rode horses and pointed guns as they stole money from banks, travelers, merchants, and anyone offering an easy target. Today's financial hackers ride into town on ransomware and use fake invoices, dating scams, fake checks, fake escrow intermediaries, denial-of-service attacks, and any other scam or hack that will help them steal money from individuals, companies, banks, and stock accounts. Greed — It’s a story as old as humanity.

Types of hackers [slide 03]
Getty Images / LagartoFilm

The nation state

Today, most sophisticated nations have thousands—if not tens of thousands—of skilled hackers on the payroll. Their job? Sneak behind enemy lines at other nations’ military, industrial networks to map assets and install malicious back doors. That way, when hostilities happen, the cyberwarfare machine will be ready. Stuxnet, which took down hundreds of Iranian centrifuges, is the poster child for cyberwarfare. North Korea’s 2014 hack into Sony Pictures site in retaliation for a movie the country’s propaganda machine found offensive is equally notorious. But these are just the big stories. Nation state hacking happens all the time, mostly more quietly than that, and it isn’t going anywhere. The attacking nation certainly won’t do anything to prevent it or punish the hackers because they are soldiers doing their job to further that country’s objectives.

Types of hackers [slide 04]

The corporate spy

For many hackers, a day in the office involves stealing corporate intellectual property, either to resell for personal profit or to further the objectives of the nation state that employs them. A common type of corporate espionage is to steal secret patents, future business plans, financial data, contracts, health data, and even the notes of legal disputes. Anything that gives competitors a leg up on the hacked organization is fair game. Every once in a while, corporate espionage gets exposed when the competitor who was offered the illegal information reports it to the victimized company and/or authorities.

Types of hackers [slide 05]
Getty Images / sezer66 / Tonivaver

The rogue gamer

You might consider your teenager’s gaming habit nothing more than an obstacle to good grades. For millions of people, though, gaming is a serious business. It has spawned an industry that’s worth billions of dollars. Gamers spend thousands on cutting-edge, high-performance hardware. They spend hundreds, if not thousands, of hours annually playing games. Is it any surprise, then, that the gaming industry has its own specialized hackers? They steal their competitors' credit caches, cause anti-competitive denial of service attacks, and even send police SWAT teams to take down or arrest gamers who have made them angry. These gaming hostilities got very real when, in December 2017, we saw the world’s first known first known death due to a swatting attack.

Types of hackers [slide 06]
Getty Images / ImagesByTrista / vjom / matejmo

The resource vampire

Harnessing other’s people’s computing power is a trick hackers—and legitimate endeavors—have used since computers first started landing on the desks of the masses. In the early days, hackers used other people’s hard drives to store large files such as videos. And, for years, SETI enlisted volunteers to install a screen saver that harnessed the CPU power of the many to help search for alien life. But the biggest reason hackers steal computer resources today is to “mine” cryptocurrencies. Cryptominers spread malware—either by directly exploiting browser visitors or by infecting the web sites they visit, which then exploit their visitors—to harness computers and resources—including electricity and cooling—to mine cryptocurrencies for them. Miners often can’t pay for these resources and profit from mining cryptocurrency, so they steal it. Mining malware is one of the fastest growing classes of malware and many legitimate employees have been fired for distributing unauthorized miners across company computers.

Types of hackers [slide 07]

The hackivists

Hackivists use hacking to make a political statement or promote social change. They either want to steal embarrassing information from a victim company, cause operational issues for the company, or wreak any havoc that will cost the victim company money or bring attention to the hacktivist’s cause. The Anonymous collective is one famous hackivist group. They are the authors of one of my favorite hacktivist attacks: Using an operation named Darknet, they not only identified and exposed multiple child porn sites but also named names by exposing their members. Many otherwise well-meaning, law-abiding people get caught up with hacktivist goals and crimes, though, and end up getting arrested. Despite their well-meaning intentions, they can be prosecuted for the same crimes as hackers with less noble motives. If you tie yourself to a tree or a submarine, you will probably just get probation. Hack something? You will very likely to go to jail.

Types of hackers [slide 08]
Getty Images / grandeduc / matejmo

The botnet masters

Many malware coders create bots, which they send out into the world to infect as many computers as they can. The goal is to form large botnetarmies that will do their evil bidding. Once they have turned your computer into their minion, it sits waiting for instruction from its master. These instructions usually come from command-and-control (C&C) servers. The botnet can be used directly by the botnet creator but more often that master rents it out to whoever wants to pay.  These days, botnets made up of the Marai bot, which attacks routers, cameras and other IoT devices, are very popular. A Mirai botnet was used to generate one of the largest distributed denial of service (DDoS) attacks in history, on the DNS provider Dyn. It generated 1.2 TBpsof malicious traffic. The Mirai bot looks for unpatched devices and devices that haven’t changed their default logon credentials—IoT devices are often an easy target—and easily installs itself. According to some experts, one-fifth of the world’s computers have been part of a botnet army.

Types of hackers [slide 09]
Getty Images / Murat Göçmen / matejmo

The adware spammer

These days you’re lucky if your company is only compromised by a spam malware program or your browser is only hijacked by an adware program that is looking to sell you something. Adware works by redirecting your browser to a site you did not intend to go to. Perhaps you were searching for “cats” and the adware program sent you instead to “camping gear.” Many legitimate companies are surprised to learn that their own online marketing campaigns are using spam and adware. I have seen this happen when a company hires an online media specialist who guarantees a high response rate without stipulating how. Sometimes, legitimate companies—such as Cingular, Travelocity, and Priceline—have intentionally engaged adware purveyors and have been made to pay legal settlements as a result. Spam and adware might not seem like a huge threat, but it can be a symptom of a serious system leak. These tools find their way through unpatched software, social engineering, and other means that are exactly the same methods more serious threats, like backdoor trojans and ransomware, use to get in.

Types of hackers [slide 10]
Getty Images / mel-nik / Tonivaver

The sport hacker

Most hackers these days are working with a financial goal in mind, a boss with malicious motives, or a political goal. But there does remain a class of hacker who is in it for the thrill. They may want to demonstrate—to themselves and perhaps an online community—what they can do. There aren’t as many of these as there once were because hacking—whatever the motive—breaks laws and prosecution is a real possibility. Today’s sport hacker is often most interested in hardware hacking. The appearance of general purpose hardware hacking kits, with chips, circuits, and jump wires (like Raspberry Pi kits), have steadily increased the public’s interest in hacking hardware as a sport. There are even hardware hacking web sites created for kids.

Types of hackers [slide 11]

The accidental hacker

Lastly, some hackers are more like tourists than serious miscreants. Perhaps they have some technical ability but never intentionally set out to hack anything. Then one day they come across a web site with a glaring coding error. Fascinated by the puzzle it presents, they begin to play at hacking in. To their own surprise, they discover it was as easy as it looked. History is full of people who happened upon, for example, a web site that used easily guessable numbers in the URL to identify customers. Accidental hackers can sometimes have a hard time reporting their finding to the company without getting themselves in trouble. The accidental hacker might find they have committed illegal crimes after starting out merely solving a puzzle. Most security professionals in the business of fighting serious hackers feel that innocent hackers should not be prosecuted as long as they report it to the unprotected company.