Getting to know your hackers

The issue of cyberattacks is as serious as it is widespread, causing breaches and outages across industries, time zones and continents. Given the breadth and variety of cyberattacks, it can be hard to keep track of who would attack your organization and its technology infrastructure. But understanding hackers—who they are, the kinds that exist and their motivations—helps to thwart their attempts. This article will explore different terms used to describe hackers, along with their attack methods and the vulnerabilities they seek to exploit. Using this information, you can begin to shore up your IT infrastructure and get ahead of hackers before they come knocking.

Before diving deep into hackers and their intent, it’s important we have a shared understanding of some key terms. These are some of the crucial topics that underpin cybersecurity:

• IT infrastructure – The network, systems, services or applications an organization relies on. This includes software or hardware components.
• Vulnerability – A weakness that can be exploited to gain access to a computer system.
• Attack – Exploit, or attempt to exploit, a vulnerability. Attacks manifest in many ways, from social engineering attacks like phishing to installing malware or ransomware on unsuspecting users’ devices.
• Hacker – An individual, group or organization that attacks your IT infrastructure. In this article, the term hacker applies to both illegal and legal activity.

Now that we have a firmer foundation for a hacker’s world, let’s consider the types of hackers that exist. First, we can categorize hackers by their intent: either ethical or malicious. Ethical hackers, sometimes referred to as researchers, notify the affected organization of any vulnerabilities discovered. The organization may have hired these ethical hackers, or they might be acting on their own volition. By notifying organizations of vulnerabilities, ethical hackers allow the organization to fix issues before announcing them to the public. An ethical hacker does not steal data from an organization.

In stark contrast, malicious hackers use vulnerabilities to gain access to an organization’s IT infrastructure and data. The malicious hacker’s motives can be financial, reputational (to embarrass), espionage or to facilitate additional cyberattacks. The malicious hacker is often referred to as a black hat, while an ethical hacker is known as a white hat. Gray hats exist somewhere in between; their intentions and ethics may be murkier. For example, they might breach a system and identify a vulnerability to receive payment from the benefitting organization, though the organization did not ask them too. For more information on the ethical differences between hacker types, check out this article about black, gray and white-hat hackers from the University of San Diego’s Director of Graduate Cyber Security Operations & Leadership.

Of course, any organization that wants to guard against hackers is most concerned about bad actors. There are six levels of hackers that can threaten your IT infrastructure:

1. Script kiddies – These are hackers who may have no or limited technical knowledge. Equipped with cheap and easy-to-deploy tools, they often follow a “recipe” to exploit a known vulnerability. Script kiddies may not understand what they are exploiting or the risks to the victim’s IT infrastructure.
2. Hacking groups – This is a group of script kiddies that share knowledge and resources. Consequently, hacking groups can be more destructive.
3. Hacktivist – Refers to those driven by social or political motivations.
4. Black-hat professionals – Skilled attackers who fall under the category of malicious hackers. When they discover vulnerabilities, they attempt to exploit the vulnerability to either gather or destroy data.
5. Organized criminal gangs – These are professional criminals who focus on cybercrime as a means of gaining money. Their motivation is purely financial.
6. Nation states – These organizations’ motives are for either financial, political or espionage reasons. There are three sub-categories:
   1. Nation state – These hackers are government employees, including military.
   2. Sponsored criminal group – The government directs the criminal groups to specific targets or goals.
   3. Sanctioned criminal groups – The government may have knowledge that the group exists. These groups select their own targets but avoid targets within the host nation and its allies. The host nation does not prosecute these groups and may even actively protect them.

Now that you have a better understanding about the types of hackers and their respective motivations, consider how this knowledge applies to your government. Does your government handle sensitive data that another government could leverage? Perhaps that makes you more prime for a nation-state attack. Do you store peoples’ data that hackers could sell on the dark web? That may mean hacking groups are more likely to direct their efforts toward you.

The State Auditor’s Office can help you think through a hacker’s mindset and prepare accordingly. Our Center for Government Innovation has a cybersecurity specialist available to talk with you about best practices and resources. Additionally, you can contact the State Auditor’s Office’s Center for Government Innovation to sign up for a free cybersecurity checkup.

How to reach us for more assistance 

Do you have questions about cybersecurity? For assistance, reach out to us at Center@sao.wa.gov.