So basically, hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose. … White hat professionals hack to check their own security systems to make it more hack-proof.
Hacker is a person who uses computers to gain unauthorised access to data; informal: an enthusiastic and skilful computer programmer or user. or hacker is person who uses hacking techniques or skills which he gained and can hack in others system.
Here are some of the types of hackers:
The stereotypical ‘hacker’ – the kind you hear about on the news.
- Motives: Financial gain.
- Aims: To break into your business and steal bank details, money or confidential data. They usually use these stolen resources for their own gain, to sell on to the black market or to extort the target business.
- What That Means for You: Black Hat hackers are at the top of the business risk list. Their methods are varied but basic, so they can be protected against. But if their attacks are successful, the results could be devastating for your business and your customers.
The Yang to the Black Hat’s Yin, White Hat hackers are the polar opposite of the Black Hat in every way.
- Motives: A desire to help businesses, along with a passion for finding holes in security networks.
- Aims: To protect businesses and support them in the ongoing battle against cyber threats. A White Hat hacker is someone like us – a company or individual who will help you protect your business. They can help you put effective protections in place, find vulnerabilities and provide solutions to solve them, before other hackers find them. There is even a qualification and organisation specifically for them – the CEH (Certified Ethical Hacker) from the EC Council.
- What That Means for You: A business that is well protected from every angle of attack in the digital world, and ongoing support in case of a breach.
Nothing in life is black and white, and neither is hacking.
- Motives: Personal enjoyment.
- Aims: Grey Hat hackers have all the skills of a Black and a White Hat hacker. The difference is, they don’t care about stealing from people, nor do they particularly want to help people. Instead, they like to play with systems and enjoy the challenge of finding gaps, breaking protections and generally just find hacking fun.
- What That Means for You: Despite their skill set and the fact that they do break into systems, Grey Hat hackers will rarely do anything harmful. They break into things because they can, and then move on. Grey Hat hackers actually make up the majority of the hacking community, even though it’s the Black Hat’s most people know about.
Vengeful and aggressive in every way- but only if you create them.
- Motives: Revenge.
- Aims: Blue Hat hackers often take existing code for malware and viruses they find online, then modify it to meet their needs. They will use this code to target the business or individual they feel has wronged them and inflict their revenge.
- What That Means for You: Generally, only a problem if you’ve made someone very, very angry. This could be a customer, supplier or employee – anyone who might be so angry that they want to ‘make you pay’.
The caped crusaders of the cyber world.
- Motives: Vigilante justice.
- Aims: To put a stop to people they know to be Black Hat hackers. But they are downright scary in how they go about it. They essentially take the Black Hat’s arsenal and turn it back against them. Using malware, DoS attacks, viruses and Trojan Horses to destroy their machines from the inside out. It’s a pretty effective way of stopping them from attacking anyone else!
- What That Means for You: Nothing really. Red Hat hackers are similar to White Hat ones, in the sense that they are working to put a stop to Black Hat attacks on your business. But you probably won’t know about it.
Baby hackers taking their first steps in the cyber world.
- Motives: Learning to be full blown hackers.
- Aims: Green Hat hackers are all about the learning. They are new to the world of scripting, coding and hacking in general, so you probably won’t find one attacking. Instead, they hang around online message boards asking questions of more developed hackers, honing their skills.
- What That Means for You: Green Hat hackers don’t really represent a threat to businesses. They are still ‘green’, and more interested in learning how to hack than actually doing it.
This is something of an ‘odd one out’, since it’s neither a hat or a color! But a Script Kiddie can still cause problems, no matter how innocent the name sounds.
- Motives: Causing chaos and disruption.
- Aims: Script Kiddies have no interest in things as mundane as theft. Or, as it turns out, script. They don’t tend to develop their own software – instead they download existing malware development software and watch videos on how to use it. When they’re confident, they’ll attack. A typical Script Kiddie attack would be a DoS (Denial of Service) or DDoS (Distributed Denial of Service). This basically means they flood an IP address with so much useless traffic that it collapses. Think most retail websites on Black Friday. It causes chaos and prevents anyone else from using the service.
- What that means for you: While they might not present a financial risk, Script Kiddies can be a pain. They can cause disruption to your business that can damage your reputation or lose you customers, and it can take some time to get everything back online afterwards.
Often, when we think of hackers we see a hooded person, tapping away on their keyboard in a dark room with neon lit screen, mirroring a scene from Mr Robot. However, whilst hacking, or penetration testing as we like to call it, is really interesting work, it’s often delivered in a professional setting by teams of highly intelligent professionals.
We wanted to provide some high-level insight into the difference between hacking in accordance with the law and also what type of testing can be considered as illegal. Illegal hacking includes:
Hacking For Fun
Most hackers love what they do, it is a passion as much as a job. However, conducting hacking activity against a company or a person without their permission is viewed as an offence under the Computer Misuse Act 1990 “unauthorized access to computer material”.
The Computer Misuse Act (1990) is one of the primary pieces of legislation that covers hacking offences, along with other pieces of legislation such as the Data Protection Act 2018.
Hacking For Political Purposes
When a political party, politician or specific campaign resonates with hackers they can often take the law into their own hands by hacking personal accounts, websites, emails and/or networks relating to political parties. This happened recently to Donald Trump during the US presidential election.
Hacking as Part of Organized Crime
Often when it comes to organized crime hacking is big business and can be very sophisticated in nature. Hacking for profit has proven extremely lucrative and the techniques used mean that hackers can often evade law enforcement.
Hacking For Notoriety
These types of attacks are normally performed by the younger generation of hacker along with script kiddies trying to prove their knowledge to groups they may belong to. These types of attacks are often website defacements but, in some cases, can be larger in scale.
Predominately these forms of hacking are illegal, as there is no authorization for these individuals to access or conduct active testing on these systems, which subsequently leads into a number of additional offences. Individuals who perform this activity are often referred to as Black Hat Hackers — you read more about them here.
In the other side of the coin, when it comes to legal forms of hacking, there are generally several kinds, including:
This type of hacking consists of passive techniques, which means (without being too granular) conducting activity that does not actively impact on a computer, system or service. Online reconnaissance, researching only data and viewing websites encryption details could be seen as passive. Honeypots are another form of research and can be very useful in understanding how hackers conduct attacks and what type of techniques they are utilizing.
Many organizations such as Twitter and Facebook offer monetary rewards for vulnerabilities found in their systems. Hackers often have careers trying to find vulnerabilities known as Zero Days and once found they submit them to the relevant company and subsequently get rewarded.
Professional Penetration Testing
Working as a penetration tester is one of the best legal ways for security professionals to apply their skills and make a career out of hacking. Bridewell has a number of penetration testers who conduct this form of hacking, dedicated to checking our customers’ systems and finding vulnerabilities before malicious hackers do We do this with the full permission of our customers and the scope of what to test and for how long is generally agreed beforehand. The types of penetration testing include:
Web Application Penetration Testing
This is where a company requires their website or web applications tested and many testers use the OWASP Top 10 vulnerabilities to assess the systems against.
Infrastructure Penetration Testing
This is where company may have a network consisting of servers, routers, switches, firewalls and PCs. A company or individual will be procured to conduct penetration testing on all of this equipment
Mobile Device and Mobile Application Penetration Testing
Mobile device penetration testing can be the act of performing a security assessment against devices that access or hold sensitive information and their physical security, as well as performing penetration tests against applications that are created specifically for mobile devices such as applications on the iOS and Android platforms. This type of testing is similar to a web application test.
Red team engagements are full attack simulations of what a real-world attack would look like. Penetration tests are normally scoped with only a portion of the infrastructure available to test with everything else being out-of-scope. Red team assessments can take weeks and even months to complete as the team performing the engagement will perform a hefty amount of reconnaissance against the target before slowly progressing into active testing and attempting to be as quiet and undetected as possible. In this type of testing everything can be in scope including social engineering and physical entry assessments.
There is often a perceived fine line between operating within the law and outside of it. Hackers are generally very inquisitive by nature; it is a key trait of being a good hacker/penetration tester. But ultimately organizations need to be prepared for the illegal kind and individuals should have approval prior to commencing any testing. This is why proactive penetration testing of your systems is critical to protecting your data and business when operating online. Vulnerability scanning, and web application scans are a good way of checking for vulnerabilities, but they only provide part of the process a real hacker would go through in order to get access to your system and data and in some scenarios your premises.
Penetration testing involves several additional stages and techniques, which can go way beyond simple scans of your network. If this is something you are interested in, Bridewell is a CREST Registered penetration testing service company and one of our expert penetration testers can discuss your requirements and provide you with some sound advice on protecting your systems and data.
And comes the main question:
Why Should We Learn It ?
So, learning how to hack can help you implement the strongest possible security practices. It’s as much about finding and fixing security vulnerabilities as it is about anticipating them. Learning about the methods hackers use to infiltrate systems will help you resolve issues before they become dangerous.
The given information are from GOOGLE and some of my own research.
Hope you gained some knowledge