3 Understanding Hackers

In this section of the book, we’re going to look at the different types of hacker, how they think, and some of their most common attacks. Hacking itself is neither good or bad: it’s a way of working out how something works, and then getting it to do something different. This mindset can be applied to everything – not just software and computers, but processes, machinery: even companies themselves.

Kicking this off, in this chapter we’ll put hackers into context by taking a look at the different types of hacker, and what separates the bad from the good.

Hackers are a varied bunch, with a wide range of skills, backing, and motivation. Having a high-level working knowledge of the different types of hacker is the first step to understanding the attackers you may face, and how sophisticated and tenacious their attacks will be.

3.1 Who are the Hackers?

There are three main categories of hacker that have emerged over the years. Although not exhaustive, this provides us with an easy way to understand their motivations and how they are likely to operate. When talking about hackers and hacking, you’ll often hear these terms used to describe someone’s actions or motivations. The three types of hacker are:

3.1.1 Black Hat

3.1.2 Grey Hat

3.1.3 White Hat

3.2 Where do they come from?

3.2.1 Black Hat hacker: Alberto Gonzalez

3.2.2 Grey Hat hacker: Sabu and the Anonymous collective

3.2.3 White Hat hacker: mudge

3.2.4 The Hacker Mindset

3.3 What are they capable of?

3.3.1 Black Hats

3.3.2 Grey Hats

3.3.3 White Hats

3.4 Working through a real-life problem: How do hackers think?

3.4.1 Breaking a financial services website

3.4.2 Combining The Hacker Mindset with the OODA loop

3.5 Summary