• United States




11 types of hackers and how they will harm you

Sep 11, 20209 mins

Understanding the different types of hackers, what motivates them, and the malware they use can help you identify the attacks you are most likely to face and how to properly defend yourself and your organization.

CSO: Have you met these hackers? [slide 01]
Credit: Robertiez / Getty Images

Hackers—and the malware they build and use—have grown up in the last couple of decades. When computers were big putty-colored boxes, hackers were just learning to walk and their pranks were juvenile — maybe they would create a bit of silly malware that did little more than flash “Legalize Marijuana!” or play Yankee Doodle across your screen. As computers have evolved into an economy of their own, hackers, too, have evolved out of those wide-eyed nerds into an audacious army of criminals.

Computers are no longer novel, and hackers are no longer messing around. Gone are the social misfits entertaining themselves with a bit of all-night geek hijinks, energy drinks and junk food. Today’s hackers are skilled professionals with serious jobs. They are paid well, have human resource teams, and take holidays off.

What are those jobs? The hacker employee profile is as diverse as the ways people earn money or power, but they fall, roughly, into these 11 basic types.

1. The bank robber

Once there were bank robbers and road agents who rode horses and pointed guns as they stole money from banks, travelers, merchants and anyone offering an easy target. Today’s financial hackers ride into town on ransomware and use fake invoices, dating scams, fake checks, fake escrow intermediaries, denial-of-service attacks, and any other scam or hack that will help them steal money from individuals, companies, banks, and stock accounts. Greed: It’s a story as old as humanity.

2. The nation-state

Today, most sophisticated nations have thousands—if not tens of thousands—of skilled hackers on the payroll. Their job? Sneak behind enemy lines at other nations’ military and industrial networks to map assets and install malicious back doors. That way, when hostilities happen, the cyberwarfare machine will be ready.

Stuxnet, which took down hundreds of Iranian centrifuges, is the poster child for cyberwarfare. North Korea’s 2014 hack into Sony Pictures site in retaliation for a movie the country’s propaganda machine found offensive is equally notorious. These are just the big stories. Nation-state hacking happens all the time, mostly quietly, and it isn’t going anywhere. The attacking nation certainly won’t do anything to prevent it or punish the hackers because they are soldiers doing their job to further that country’s objectives.

3. The corporate spy

For many hackers, a day in the office involves stealing corporate intellectual property, either to resell for personal profit or to further the objectives of the nation state that employs them. A common type of corporate espionage is to steal secret patents, future business plans, financial data, contracts, health data, and even the notes of legal disputes. Anything that gives competitors a leg up on the hacked organization is fair game. Every once in a while, corporate espionage gets exposed when the competitor who was offered the illegal information reports it to the victimized company and/or authorities.

4. The professional hacking group for hire

This is a relatively recent phenomenon where a group of expert hackers develop, buy or steal powerful malware and offer advanced-persistent-threat (APT) services to target their skills and tools for a fee. The goal might be financial gain, disrupting a competitor or enemy, or theft of valuable data or intellectual property. Their clients might be nation-states, companies interested in corporate espionage, or other criminal groups looking to resell what the hackers steal.

One mercenary group, known as Deathstalker, targets organizations that work in or with the financial sector including law offices, wealth consultancy firms and financial technology companies. They are known to be active in Asia, Europe, and South America. The group uses PowerShell-based malware called Powersing delivered via spear-phishing campaigns. This malware can capture information such as login credentials and execute other malicious PowerShell scripts.

5. The rogue gamer

You might consider your teenager’s gaming habit nothing more than an obstacle to good grades. For millions of people, though, gaming is a serious business. It has spawned an industry that’s worth billions of dollars. Some gamers spend thousands of dollars on cutting-edge, high-performance hardware. They spend hundreds, if not thousands, of hours annually playing games. Is it any surprise, then, that the gaming industry has its own specialized hackers? They steal their competitors’ credit caches, or cause anti-competitive distributed denial-of-service (DDoS) attacks.

6. Cryptojackers: The resource vampires

Harnessing other people’s computing power is a trick that hackers—and legitimate endeavors—have used since computers first started landing on the desks of the masses. In the early days, hackers used other people’s hard drives to store large files such as videos. For years, SETI enlisted volunteers to install a screen saver that harnessed the CPU power of the many to help search for alien life.

The biggest reason hackers steal computer resources today is to “mine” cryptocurrencies. Illegitimate cryptominers, known as “cryptojackers”, spread malware—either by directly exploiting browser visitors or by infecting the websites they visit, which then mine cryptocurrencies for them. This steals resources such as electricity and computer processing power from victims. Cryptojackers often can’t pay for these resources and profit from mining cryptocurrency, so they steal it. Many legitimate employees have been fired for distributing unauthorized miners across company computers.

7. The hacktivists

Hackivists use hacking to make a political statement or promote social change. They either want to steal embarrassing information from a victim company, cause operational issues for the company, or wreak havoc that will cost the victim company money or bring attention to the hacktivist’s cause. The Anonymous collective is one famous hackivist group. They are the authors of one of my favorite hacktivist attacks: Using an operation named Darknet, they not only identified and exposed multiple child porn sites but also named names by exposing their members.

Many otherwise well-meaning, law-abiding people get caught up with hacktivist goals and crimes, though, and end up getting arrested. Despite their well-meaning intentions, they can be prosecuted for the same crimes as hackers with less noble motives. If you tie yourself to a tree or a submarine, you will probably just get probation. Hack something? You will very likely to go to jail.

8. The botnet masters

Many malware coders create bots, which they send out into the world to infect as many computers as they can. The goal is to form large botnet armies that will do their evil bidding. Once your computer becomes their minion, it sits waiting for instruction from its master. These instructions usually come from command-and-control (C&C) servers. The botnet can be used directly by the botnet creator but more often that master rents it out to whoever wants to pay.  

These days, botnets made up of the Mirai bot, which attacks routers, cameras and other IoT devices, are very popular. A Mirai botnet was used to generate one of the largest DDoS attacks in history, on the DNS provider Dyn. It generated 1.2 TBpS of malicious traffic. The Mirai bot looks for unpatched devices and devices that haven’t changed their default logon credentials—IoT devices are often an easy target—and easily installs itself. According to some experts, one-fifth of the world’s computers have been part of a botnet army.

9. The adware spammer

You’re lucky if your company is only compromised by a spam malware program or your browser is only hijacked by an adware program that is looking to sell you something. Adware works by redirecting your browser to a site you did not intend to go to. Perhaps you were searching for “cats” and the adware program sent you instead to “camping gear.”

Many legitimate companies are surprised to learn that their own online marketing campaigns are using spam and adware. I have seen this happen when a company hires an online media specialist who guarantees a high response rate without stipulating how. Sometimes, legitimate companies—such as Cingular, Travelocity, and Priceline—have intentionally engaged adware purveyors and have been made to pay legal settlements as a result.

Spam and adware might not seem like a huge threat, but it can be a symptom of a serious system leak. These tools find their way through unpatched software, social engineering, and other means that are the same methods more serious threats, like backdoor Trojans and ransomware, use to get in.

10. The thrill hacker

Most hackers work with a financial goal in mind, have a boss with malicious motives, or are trying to achieve a political goal. A class of hacker remains who is in it for the thrill. They may want to demonstrate—to themselves and perhaps an online community—what they can do. There aren’t as many of these as there once were because hacking—whatever the motive—breaks laws and prosecution is a real possibility.

Today’s sport hacker is often most interested in hardware hacking. The appearance of general-purpose hardware hacking kits, with chips, circuits, and jump wires (like Raspberry Pi kits), have steadily increased the public’s interest in hacking hardware as a sport. There are even hardware hacking websites created for kids.

11. The accidental hacker

Lastly, some hackers are more like tourists than serious miscreants. Perhaps they have some technical ability but never intentionally set out to hack anything. Then one day they come across a website with a glaring coding error. Fascinated by the puzzle it presents, they begin to play at hacking in. To their own surprise, they discover it was as easy as it looked.

History is full of people who happened upon, for example, a website that used easily guessable numbers in the URL to identify customers. Accidental hackers can sometimes have a hard time reporting their finding to the company without getting themselves in trouble. The accidental hacker might find they have committed illegal crimes after starting out merely solving a puzzle. Most security professionals in the business of fighting serious hackers feel that innocent hackers should not be prosecuted as long as they report it to the unprotected company.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author