Behind every cybersecurity attack is a motivation, and it is that motivation that drives why and how the attack is carried out.
Not every hacker is inherently bad, which is why it’s important to understand what type of hacker you’re up against. Regardless of the type of cybersecurity attack, the first step any individual or organization needs to take is to first identify the type of hacker they believe they are facing.
There are three types of hackers: white hat hackers, black hat hackers, and grey hat hackers, which can be identified based on the level of permission they have from the system owner and their motivation behind the conduct.
Black Hat Attacks
What separates black hat hackers from the other two types of hackers is that these individuals did not obtain permission from the system(s) owner and they hack for personal and/or financial gain.
Well-versed in their knowledge of computer security, these individuals penetrate and exploit with the wrong intention, attacking other systems to get access to systems where they do not have authorized entry. Upon gaining access, these individuals often steal, modify, and/or destroy data.
Due to the malicious nature of their attack and the unauthorized access to systems, this makes the conduct criminal and illegal.
An example of this is Kevin Mitnick who is (in)famous for the millions of dollars of data he stole from telecom companies and the national defense warning system in the 1990s. He first received national attention in 1982 when he hacked into the North American Defense Command (NORAD), which inspired the 1983 film War Games. During the 1980s, Mitnick gained temporary control of three telephone offices in New York City and all the phone switching centers in California.
However, black hat hackers should be on the lookout for “red hat hackers,” who use cyber attacks to attack black hat hackers, who often take unethical or illegal routes to take down bad hackers, including but not limited to infecting the bad hackers’ systems with malware, launching DDoS attacks, and/or using tools to gain remote access to the hacker’s computer to demolish it.
In other words, they take the wrong path to do the right thing, like a Robin Hood of cybersecurity.
White Hat Attacks
White hat hackers or ethical hackers are individuals who are hacking with permission from the owner of the system(s). Often academics and researchers who want to better understand various cyber threats and educate others about them. Companies and governments will hire them as consultants to help prepare contingency plans to get ready for attacks.
These hackers also help companies comply with security guidelines and protocols, including laws like HIPAA, PCI DSS, and GDPR.
These types of hackers help enterprises, governments, and/or companies create defenses, detect vulnerabilities, and fix those issues before other cybercriminals find them and exploit them.
In identifying the weaknesses and fixing them to avoid attacks from external sources, white hat hackers work per rules and regulations set by the system owner – most often, the government.
So what are the key motivations:
- Finding and fixing vulnerabilities in the system before black hat hackers exploit them.
- Develop tools that can detect cyberattacks and mitigate or block them.
- Strengthen the overall security posture of the software and hardware components.
- Build security software like antivirus, anti-malware, anti-spyware, honeypots, firewalls, etc.
An example of this is the 2021 Poly Network attack, where hackers stole over $600 million worth of cryptocurrency assets from the DeFi platform, only to return the funds the following day, explaining they did it for fun and to teach a lesson.
Grey Hat Attacks
The grey hat hacker mimics certain traits from the black hat hacker and white hat hacker. While they are not certified hackers, they can operate with either good or bad intentions.
Depending upon their intention, these hackers can mimic that of a black hat hacker or a white hat hacker.
So what are the key motivations to look for here?
These hackers do what they do without the owner’s permission or knowledge, sometimes charging a fee to:
- Fix bugs or vulnerabilities.
- Strengthen the organization’s security defenses.
- Provide recommendations, solutions, or tools to patch vulnerabilities.
Some hackers release information about vulnerabilities in the public once they are patched, but in many cases, will reach out to affected companies before publicizing that information. In the event a company doesn’t respond or act quickly enough, the hacker may choose to disclose the information publicly.
An example of this type of hacker is Marcus Hutchkins, famous for testing the WannaCry ransomware until he helped stop it.
Andrew Rossow is a Legal Contributor at Lawrina. He is a practicing attorney, adjunct law professor, writer, and speaker on cybersecurity, digital monies, and privacy. Utilizing his millennial upbringing, Rossow provides a well-rounded perspective on legal and technology implications Bitcoin brings to the world of consumer finance. HIs work has been featured on Bloomberg News, Cheddar, CoinTelegraph, Law360, and numerous others. You can follow him on Twitter at @RossowEsq or visit his website AR Media Consulting.