k_Street Consulting, LLC Blog
How Many Types of Cybercriminals Can You Name?
We’re all familiar with the idea that pop culture has cultivated in our minds about computer hackers, but as it happens, this impression is just one of the many shapes that the modern hacker can take. This kind of closed-off view is dangerously shortsighted, so let’s take a few moments to dig into the kinds of hackers there are, in ascending order of the threat they pose to your business.
The Heroic Ethical Hacker
It is important to acknowledge that hackers aren’t all bad—some are actually committed to using their skills to protect businesses from threats. By examining a business’ defenses from the perspective of a cybercriminal, the ethical hacker can help you identify vulnerabilities in your network infrastructure so that they can be resolved appropriately. These are the hackers that you hire for your own benefit.
The Accidental Hacker
It isn’t unheard of for someone to go poking around on a website—particularly if they stumble upon a preexisting issue on it. Unfortunately, this kind of poking can often result in them finding more than they bargained for. This kind of hacking has raised the question of whether such activity should be prosecuted if the person responsible reports what they have found back to the company.
Either way, what does it say about a business’ security if its website can be hacked accidentally? Such events need to be looked on as a warning to improve the protections you have in place.
The Pokey Curious Hacker
Just one step up from the accidental hacker, some hackers are fully aware of what they are doing and are just doing it to find out if they can. Meaning no real harm, these hackers are seeking little more than validation—or, in layman’s terms, bragging rights. Having said this, it is important to acknowledge that this variety of hackers is becoming rarer with the increased criminal accountability that such activities bring with them. Nowadays, hardware modification by means of single-board computers now occupy the time of those that would be interested in these kinds of activities.
The Scammy Networking Hacker
Adware—or a piece of software that hijacks your browser to redirect you to a website hoping to sell you something—is a real annoyance, as it wastes the user’s valuable time and energy. It also isn’t unheard of for otherwise well-known and legitimate companies to use it in their own marketing, despite the risk they run of having to pay regulatory fines due to these behaviors.
While the real damage that adware spamming can do may seem minimal, it is also important to put the nature of these efforts into perspective. An adware spammer will use the same tactics that other serious threats—things like ransomware and the like—are often spread through. If you’re finding your workstations suddenly inundated with adware, you are likely vulnerable to a much wider variety of threats than you might first assume.
The Strength-in-Numbers Hacker
Sometimes, instead of attacking you, a hacker will use your resources to attack another business. While this isn’t an attack against you, per se, it should still be seen as a threat, as it interferes with your business’ potential for success.
The attackers that do this use the resources they take over to generate something called a botnet—a network that can then be used to the hacker’s ends. For example, one only must look at the attack on the DNS provider Dyn, where a botnet was able to take down various major websites (including Facebook and Twitter) for several hours. These botnets often make their way in through unpatched vulnerabilities and breached login credentials.
The Political Hacker
Political activists are often seen in a positive light—and rightly so—but some activists use tactics that are decidedly negative in their nature. By deploying cyberattacks to sabotage and blackmail a company that they see as doing something wrong, a hacktivist often goes about doing good in a bad way. This kind of activity can be dangerous to your operations and to the cybercriminal alike, as law enforcement won’t take the motives behind a hacker’s deeds into account.
The Cryptocurrency-Seeking Hacker
The ongoing obsession many have with cryptocurrency right now has contributed to no shortage of attacks seeking to bring the attacker responsible an unfair leg up. While the concept of borrowing resources is not a new one—The SETI (Search for Extraterrestrial Intelligence) Institute, which is associated with NASA, once legitimately used a screen saver to borrow the CPU usage of the computers it was installed upon—cybercriminals now do a similar thing to help hash cryptocurrency for their own benefit.
With hardware costs rising and the intense utility demands that mining brings about, it is little surprise that such hackers will find a way to sidestep these demands for their own benefits.
The Gaming Hacker
While many may scoff at video games in general, it is important to keep in mind that the industry behind them is valued in the billions, with huge investments of both time and money put into the games it creates. Naturally, with such high stakes, it is only natural that some hackers set their sights upon it for their own gain. Such hackers will attack their fellow players to obtain in-game currency through theft or will even restrict their competition through denial-of-service attacks.
The Professional Hacker
A lot of gig work has been facilitated by the Internet and its capability to facilitate networking. In terms of cybercrime, this has allowed many people to act as a for-hire hacker, combining malware of their own creation with programs that they’ve found or stolen to offer their services to others. For a fee, these mercenaries will act on behalf of whomever pays, whether that’s a government seeking some separation from the deed or a business looking to sabotage their competition.
The Larcenous Hacker
Considering how much of life has been converted to digital, it should come as little surprise that crime has followed suit—after all, hacking someone is a lot less physically dangerous and potentially much more profitable than mugging them likely would be. As transactions have digitized, thefts and cons using ransomware and romance scams did as well to allow those less scrupulous to continue to profit from their actions.
The Business-Minded Hacker
Much like the professionals we discussed above, some hackers decide to turn their efforts specifically to the corporate world. By spying on documents and stealing data from one business, these hackers seek to sell this information to that business’ competitors for a healthy price. Fortunately, many businesses will report when a cybercriminal has approached them with such an offer, alerting the hacked business to the breach.
The Sovereign Hacker
At long last, we come to what many see as the biggest threat: the veritable militias composed of hackers that governments will assemble to actively interfere with and undermine the efforts put forth by other nations. These groups have been known to attack the political structure of opposing nations as well as the industries that these countries rely on, with the goal of having a leg up if hostilities were to arise between them.
The hack on Sony Pictures in retaliation for the satirical 2014 film The Interview was an example of an attack by a nation-state.
What Does This All Go to Show?
Putting it bluntly, this list should demonstrate that any individual impression of what a hacker is will not be enough to ensure that a business is prepared to deal with a cyberattack. Fortunately, k_Street Consulting, LLC can help. With our team of professionals following a lengthy list of best practices and policies, we can ensure that you are ready to resist a cyberattack when it comes.
To learn more about what we can do to protect your business, reach out to us at (202) 640-2737.