Profiling 10 types of hackers

Profiling 10 types of hackers

Different shapes and sizes

Hackers, like the attacks they perpetrate, come in many forms, with motivations that range from monetary to political to ethical. Understanding the different types of hackers that exist and what motivates them can help you to identify the attackers you are most susceptible to and properly defend yourself and your organization against cyberattacks. Travis Farral, director of security strategy at Anomali, outlines the top 10 types of hackers you should have on your radar.

White Hat Hackers

These are known as the ethical hackers of the cyberworld. Comprised mostly of security researchers and operators, this category of hacker actively tracks and monitors threats. They may sinkhole domains and seize or takedown botnets. They may or may not operate completely within the law, but their intent is to stop malicious hackers. Those that operate outside the law are sometimes referred to as “Grey Hats”.

Cyber mercenaries

These are the arms dealers of the cyberworld, serving as a third-party aide to other attackers. In some cases, Cyber Mercenaries are lumped in with the loosely defined Advanced Persistent Threat or “APT” bucket.

Nationalist hackers

State allowed and enabled hackers, these actors may not be nation states themselves, but are not prosecuted for their activities which often further their state’s agenda. Some of this group’s intrusions are also lumped into the “APT” bucket.

Organized criminals

These are groups that are very efficient with monetizing their gains. They have a well established supply chain where different tasks are often supplied by different individuals (spam operations, backdoor operations, carding operations, hosting operations). The “Business Club,” that includes the ZeuS author Slavik (Evgeney Bogachev) and PCI intrusion actor Dmitri Smilanets, falls into this group.

Repeat offenders

These are people or groups like LulzSec and Sabu, or actors like th3J3st3r, that have gained some skill and have some connections to loosely monetize their gains, but they don’t have the well oiled criminal connections that other groups have.


These are the larger groups like the various Anon-sects that want to make a statement through common techniques such as DDoS attacks or Web defacements. They are typically motivated by ideology or politics, with the aim of embarrassing or exposing their target.

Nation State Actors

These are the true Military and Intelligence Apparatus. They have giant budgets and long running persistent programs, but are usually focused on true intelligence and military objectives. The tools used by these groups can be extremely complex, but may be simple since these groups play to the level of their victim, not wanting to burn expensive tools and exploits unnecessarily. These are often the truly advanced or extremely persistent attacks in the “APT” bucket.

Disorganized Criminals

These are people like the ShadowCrew, with Gonzalez and Stephen Watt. They have some skills, are loosely organized, and they have some capability to monetize their gains.

Script Kiddies

These are the common criminals of the cyberworld. Think of it as attention-seeking, rebellious teenager petty theft. Script kiddies are actors who often have very little skill. They hang out on message boards, might try to write a RAT once or engage in a DDoS with Anonymous here and there, but often can’t monetize their gains. The old web defacement hackers that focused on getting their name out there would fall into this category.

The Insider Threat

Never underestimate the power of a disgruntled employee. The Insider Threat, also known as the Malicious Insider, can be an employee with a grudge, or a whistleblower that take advantage of their access to steal sensitive information.


No Comments

Sorry, the comment form is closed at this time.