3 Understanding hackers

 

This chapter covers

  • Exploring the different types of hackers
  • Approaching problem solving in a new way with the hacker mindset
  • Applying the OODA loop to efficiently discover and exploit vulnerabilities

In this chapter, we will look at the different types of hackers, how they think, some of their most common attacks, and what separates the bad from the good. Hacking itself is neither good or bad; it’s a way of working out how something works and then getting it to do something different. This mindset can be applied to everything, not just software and computers but processes, machinery—even companies themselves.

Hackers are a varied bunch, with a wide range of skills, backing, and motivation. Having a high-level working knowledge of the different types of hackers is the first step to understanding the attackers you may face and how sophisticated and tenacious their attacks will be.

3.1 Who are the hackers?

There are three main categories of hackers that have emerged over the years (see figure 3.1). Although not exhaustive, this list provides us with an easy way to understand their motivations and how they are likely to operate. When talking about hackers and hacking, you’ll often hear these terms used to describe someone’s actions or motivations:

3.1.1 Black hat

3.1.2 Grey hat

3.1.3 White hat

3.2 Where do they come from?

3.2.1 Black hat hacker: Alberto Gonzalez

3.2.2 Grey hat hacker: Sabu and the Anonymous collective

3.2.3 White hat hacker: Mudge

3.2.4 The hacker mindset

3.3 What are hackers capable of?

3.3.1 The bad guys: Black hats

3.3.2 The middle ground: Grey hats

3.3.3 The good guys: White hats

3.4 Working through a real-life problem: How do hackers think?

3.4.1 Breaking a financial services website