The Seven Types of Hackers

Bruce Schneier's blog links to a nifty article listing the seven types of malicious hackers. The list is: Cyber criminals; Spammers and adware spreaders; Advanced persistent threat (APT) agents; Corporate spies; Hactivists; Cyber warriors; and Rogue hackers.

Missed some

[Capt.DrumkenBum]

Script kiddies. (They believe they are hackers)\
The real pros. (The ones you never hear about)
Probably some others.

Re:

[WrongSizeGlass]

Probably some others.

Insert name of government agency here ...

Re:Missed some

[dkleinsc]

You're just being paranoid. Those government agencies don't exist. And if you don't believe me, just ask them.

Re:

[jgagnon]

You're a spy and you don't really exist. So where does that leave us?

Re:

[FatdogHaiku]

So you all really don't exist, whats the purpose of being here then?

To confirm a lack of existence and discredit any rumors to the contrary. The aforementioned actions should not be interpreted as an indication that said non-existent entities do in fact exist.

Re:

[blair1q]

It doesn't have a name.

Re:

[Dan93]

There is No Such Agency like that....

Gotta Have Catchy Nicknames for Them Though

[Anonymous Coward]

Yeah but you need a catchy name like 'hacktivists' or else no one will publish your oversimplified crappy little classification rant that ends with you saying 'know thine enemy' and making ROGER GRIMES look like a badass hacker hunter.

Here are your suggested nicknames:

Script kiddies.

The Can't-Somebody-Else-Code-It? Hacker

The real pros.

The Gingerbread Men

Re:

[wmbetts]

The term as been around over a decade now. If I remember correctly it was first used to describe the milw0rm attacks on the Indian nuclear program.

Re:

[blair1q]

Script kiddies.

The Can't-Somebody-Else-Code-It? Hacker

"There's a hack for that."

Re:Gotta Have Catchy Nicknames for Them Though

[skids]

The seven types of useless speculation-based throwaway tech articles:

1) Those that try to classify things
2) Those that list traits of things or people
3) Those that troll-bait old tech holy wars
4) Those that recycle old ideas as new and revolutionary
5) Dups from this-day-last-year because the byline didn't display the year
6) Shameless FUD
7) Those that ego-stroke the intended audience by telling them how unique they are.

Re:

[iammani]

Probably some others.

You mean He-Who-Must-Not-Be-Named.

Re:

[Scarletdown]

Probably some others.

You mean He-Who-Must-Not-Be-Named.

Hastur is a hacker?
Hastur never really came across as a hacker type.
Hastur is... (oh shit!)
*** Transmission terminated at the source ***

Re:

[Alex Belits]

He actually meant Candlejack. ...what? Of course, I am here. I just gave him some Microsoft marketing people from this site, they are dime a dozen.

Re:

[DarthVain]

Security Experts.

Re:

[El_Muerte_TDS]

Don't forget: those who won't be named.

You know, the people that $^#!***LOST CARRIER

Re:

[interkin3tic]

Script kiddies. (They believe they are hackers)

Doesn't that fall under #7 (put by itself on the second page, so it's easy to miss):
"Malicious hacker No. 7: Rogue hackers There are hundreds of thousands of hackers who simply want to prove their skills, brag to friends, and are thrilled to engage in unauthorized activities. They may participate in other types of hacking (crimeware), but it isn't their only objective and motivation. These are the traditional stereotyped figures popularized by the 1983 film "War Games," hacking late at night, while drinki

Re:

[ShakaUVM]

>>These are the petty criminals of the cyber world. They're a nuisance, but they aren't about to disrupt the Internet

TFA that wrote that was amazingly stupid. Robert Morris took down the internet, and he was basically the stereotypical rogue hacker described in the article. Ditto the guys that wrote Melissa (David Smith), Sasser (Sven Jaschan), and so forth.

Over the years, there have been multiple ways found to "disrupt the internet" and some have been exploited (negative routing table entries being a

Re:

[interkin3tic]

I'd assume he's actually just oversimplifying things for his target audience. I got the impression that this was a list to be forwarded to someone's CEO or boss who didn't understand that norton antivirus wasn't protecting against corporate espionage. A primer for getting people used to thinking about there being different types of dangerous types online. Such people hopefully wouldn't have much reason to be concerned with script kiddies shutting down more than their own website. If this list is meant f

Re:

[c0lo]

Script kiddies. (They believe they are hackers)

TFA

Malicious hacker No. 7: Rogue hackers
There are hundreds of thousands of hackers who simply want to prove their skills, brag to friends, and are thrilled to engage in unauthorized activities.

They may be "hacking stupid", but they are legion... just as the populace bearing arms...
Because we are yet to see them being persistent, it doesn't mean it cannot happen to make a mass transition from the "rogue" category to the "low-tech hacktivists" one.

Re:

[microbee]

The legendary hot female hackers.

They only exist in fairy tales, and dreams of /. readers.

Re:

[kill-1]

Like the xkcd 1337 series.

Re:

[baegucb]

As of when I post this, noone has mentioned http://www.catb.org/~esr/faqs/hacker-howto.html [catb.org] and I rather doubt the author at infoworld has ever read it.

Re:

[syousef]

Script kiddies. (They believe they are hackers)\

The real pros. (The ones you never hear about)

Probably some others.

No, no, no! It's Grumpy, Sleazy, Scammer, Pedant, NoLife, Recluse, and Doc aka The 7 Dwarves.

The common thread

[GodfatherofSoul]

They all think they're the "good" kind.

Re:The common thread

[jayme0227]

Nah. Some of them know they are criminals. Their moms probably think they're good boys, but these guys who are actively participating in organized crime know that they are bad guys.

That's it?

[Anonymous Coward]

What about "Curious kids"?

Wait A Second

[mattwrock]

I always considered myself a hacker in its original sense. Someone who modded an existing piece of hardware or software to suit their needs, or to work around an existing issue. My latest and most simplest "hack" is getting Froyo on my phone, since my carrier wouldn't send the update. Where am I on the list? Certainly not Hackivist. I guess I am now a "modder" or "homebrewer". I am afraid that the previous terms will be added to the hacker list, with the word criminal added in front.

Re:

[Anonymous Coward]

He lists malicious hackers!

Re:

[Khashishi]

Then hactivist doesn't belong in there either., since activists are not motivated by malice.

Re:Wait A Second

[jgrahn]

I always considered myself a hacker in its original sense. Someone who modded an existing piece of hardware or software to suit their needs, or to work around an existing issue. My latest and most simplest "hack" is getting Froyo on my phone, since my carrier wouldn't send the update. Where am I on the list? Certainly not Hackivist. I guess I am now a "modder" or "homebrewer". I am afraid that the previous terms will be added to the hacker list, with the word criminal added in front.

You're a hacker in my book. Those others are not. And I'm surprised that Slashdot has started using the word *exclusively* to mean criminals.

Re:

[Mister Whirly]

You can't fight city hall indefinitely without just throwing in the towel at some point. I get sick of having a 5 minute conversation every time the subject comes up (sometimes the same conversation multiple times with the same person), so i just let it go now. Language evolves and once a phrase is out there publicly, used correctly or not, you can't put the toothpaste back in the tube. Coincidentally, the folks misusing "hacker" also seem to be the ones that call their desktop towers "CPU" or "hard drive"

Re:

[turing_m]

It's true - we are in the position of the French government trying to legislate language when it's beyond our control at this point. And still, words descended from the original meaning of "hacker" and maintaining that connotation of "tinkering" do not have a corrupted meaning, e.g. "an ugly hack", "hack something together". Though I'll have to train myself not to use the old term lest people think I am breaking into banks or something.

Re:

[WaroDaBeast]

(...) or refer to any brand of MP3 player as an "iPod".

I agree with everything you said before (I actually had a hard laugh the first time I heard someone call their computer a CPU), but — and even though I hate it when people call any portable music player an iPod — I see that from a different angle. It's just like people using the term "kleenex" when they mean "tissue." (I got other examples in mind, but they only apply to my country.)

I guess it all revolves around the eternal debate between descriptive and prescriptive grammar. Who's right? Who'

Re:

[WaroDaBeast]

Never forget that, sadly enough, it's always "Too much, too complicated" for most people, even if a five-year-old can do it (I'm looking at you, mom, who simply "couldn't" figure out how to plug a parallel cable despite the color code and the particular shape of the connector).

Re:

[BetterThanCaesar]

[...] or refer to any brand of MP3 player as an "iPod".

I think you just used "MP3" to mean any digital audio file and compression format. It's easy to fall into those traps. Language is full of similar misconceptions or alterations that have built up through the years. Sometimes the meaning differs depending on what area you are in, like the word "theory" which means different things in science and otherwise, or "hacker" for that matter, which means different things in engineering and otherwise.

Re:

[Thing 1]

Language evolves and once a phrase is out there publicly, used correctly or not, you can't put the toothpaste back in the tube.

Exactly. I just tried to help someone understand the origin of the phrase that has devolved into finding proof in a dessert. He maintained that "language evolves and math does not" but saying something that is patently ridiculous as a way of heightening one's credibility just doesn't seem to make sense. "The proof of the pudding is in the eating" makes sense. "The proof is in the pudding" does not; perhaps during a marriage proposal, I suppose, but not in general, and I agree, sometimes you just throw i

Re:

[Nursie]

Also note that wikileaks don't hack anything, they just receive and publish data.

That's very, very fishy.

Not that I think Hacktivism is necessarily malicious or 'bad'. but then I guess that makes me a rogue... LOL

Re:

[Mister Whirly]

Well, you can carry that rather large and heavy banner around. I carried it for years and my arms are simply too tired to do it anymore. In my eyes, they have already won - I don't think that every major media outlet is going to issue retractions at any time and start correctly using the term correctly in the future. Plus being a pedantic asshat is pretty fun when you are young, but as the years go by it loses some of the luster. Now get off my lawn!

Re:

[Mister Whirly]

"start correctly using the term correctly" brought to you by the Department of Redundancy Department.

Re:

[Gr8Apes]

I always considered myself a hacker in its original sense. Someone who modded an existing piece of hardware or software to suit their needs, or to work around an existing issue. My latest and most simplest "hack" is getting Froyo on my phone, since my carrier wouldn't send the update.

You're a hacker in my book.
Those others are not.
And I'm surprised that Slashdot has started using the word *exclusively* to mean criminals.

Whatever happened to the word "cracker" (the original word describing a hacker with criminal intent)?

Re:Wait A Second

[trollertron3000]

Do you code? If not then how do you hack anything? You just load ROMs. So you're a modder. Now you may love the lifestyle, but in my not so humble opinion if you don't write code you really can only "hack" mechanical things because you can't alter the software of anything controlled by code. You can get other people to write it for you and run it. But does that really meet the definition? If so then I'm a mechanic. If that's the bar then half the world can be listed as hackers for jail breaking their phone. No sir you are a scenester. Which is okay I guess If you just want to look like you're a bad ass. Like those guys with all the Celtic tattoos on 50k "motorcycles". It's okay I guess. But it ain't no 1%er.

Re:

[BJ_Covert_Action]

Someone who modded an existing piece of hardware or software...

I guess you missed that part of his post? Either way, good job at coming off like an arrogant douche in the fine /. tradition of not reading something in detail. =P

Re:

[trollertron3000]

He said he loaded a ROM. I read it just fine asshole.

Re:

[rekenner]

He said that was his latest and simplest. Meaning that's not the only thing he's done.
Arrogant douchebag.

Re:

[trollertron3000]

LOL, you lose and I win, again. Read my nick sucker.

Re:

[Nyder]

Do you code? If not then how do you hack anything? You just load ROMs. So you're a modder. Now you may love the lifestyle, but in my not so humble opinion if you don't write code you really can only "hack" mechanical things because you can't alter the software of anything controlled by code. You can get other people to write it for you and run it. But does that really meet the definition? If so then I'm a mechanic. If that's the bar then half the world can be listed as hackers for jail breaking their phone. No sir you are a scenester. Which is okay I guess If you just want to look like you're a bad ass. Like those guys with all the Celtic tattoos on 50k "motorcycles". It's okay I guess. But it ain't no 1%er.

Wow, you've proven yourself to be Mr. Badass. Why don't you regal us with tales of your hacking adventures?

Re:

[trollertron3000]

I code on your mother's chip using JTAG.

Re:

[trollertron3000]

Sorry sorry I had that all wrong. I can only debug your mother's chip using JTAG. The code I write requires ANSI C.

Re:

[Lord Ender]

Hacker in its original sense is "one who hacks," esp. with a knife or axe. The definition you are talking about is little-used. The definition Bruce is talking about is by far the most common definition used in the infosec world. Since he is an infosec expert writing for an infosec blog it's fairly obvious which of the multiple definitions he intended. It's so obvious, in fact, that anyone who complains about the terminology here is just being intentionally thick. Kinda funny, really.

Re:

[gnapster]

I believe that the reason people complain about the semantics of hacking is this: they value the definition of 'hack' that first became popular at MIT and is codified in the Hacker HOWTO and the Jargon File. To wit, the application of ingenuity to a problem. This is a beautiful concept, and there is no other word which captures it. I would like to talk to people about this concept, but the vocabulary has been diluted, making my goal more difficult. At the end of the day, though, it is probably futile to

Re:

[Lord Ender]

Anyone upset that the English language overloads terminology needs to find himself a new language. Whining about this is as silly as whining about water being wet.

Re:

[triffid_98]

Geohot says yes?

Re:

[trollertron3000]

How does one allow another to use a word exactly? Language evolves my friend. Evolve with it or you'll be very very angry in life. You obviously understand the meaning so the message was conveyed properly. So what's the big deal?

Re:Wait A Second

[_anomaly_]

Why exactly do those listed not fall under the category of malicious hackers?
"Hacker" is only used as a negative word in this context because of the adjective "malicious".

Re:

[gnapster]

All the same, it would be good to have 'malicious' included in the title. From the title, I was expecting seven types in the whole spectrum from white hat to black. It's not like the title was getting overly long.

Re:

[_anomaly_]

I agree, the title certainly is misleading.

Re:

[_anomaly_]

No problem. It seems there are A LOT of people making that mistake in this thread.

Re:

[ShakaUVM]

>>I was reading through the comments getting extremely aggravated waiting to see how long it would take someone to point out he's naming types of crackers, not hackers. Stop allowing people to use the word hacker as a negative word without making them informed.

I was scanning through the comments wondering when people, once again, would blame redneck hicks for all of our criminal computer activity.

Seriously, pedants - "crackers" is a stupid word, and this is why your War on Terminology failed. Black Ha

Missing option

[blair1q]

8) Website devs who force simple articles to split unnecessarily across multiple webpages. They're in it for clicks and ad revenue, essentially scamming multiple banner-ad buyers into paying for the same article read. Here's an example. [infoworld.com]

Re:

[nzap]

Also missing: users who have installed Adblock Plus [adblockplus.org] and don't even see the ads.

They don't see the ads, but they still see the inconvenience of imitating the limitations of a paper format.

Re:

[Dr_Barnowl]

They're beneficial - they weren't going to buy anything anyway, so they've saved the ad server some bandwidth. It's not free, you know.

rogue hackers

[smitty97]

Does Rogue Hackers include all the roguelikes such as Net Hackers, Moria Hackers and Angband Hackers?

Re:

[trollertron3000]

The moment I see them I inspect their gear. If they don't use c++ I grief them hard and boot them from the instance.

Re:

[ElectricTurtle]

Perhaps, but some rogue hackers might have trouble resolving Ancient Domains of Mystery...

Re:

[game kid]

It did, but they all died and they're never coming back.

Re:

[thatskinnyguy]

No but the font change makes you a scene hacker/tool.

Re:

[HeckRuler]

Lookout rgrd! Bruce is coming for you!

Wikileaks? Really?

[Kell Bengal]

If they're conflating Wikileaks with hackers, then it's pretty clear to me that they either don't know what hackers are, don't know what Wikileaks is, or are riding the Wikileaks-hater bandwagon.

Re:

[blair1q]

If you include in Wikileaks the people who are stealing the secrets and giving them to the organization, then Wikileaks are hackers. They're quite a bit less technical about their acquisition of data, but they are the most famous representative of the hacktivists subset of (cr|h)ackers that includes those who are more technical. If you prefer, you can always think Sneakers.

Re:

[cbhacking]

I thought that was supposed to mean the people who are "defending" Wikileaks, Anonymous et. al.

It's unfortunate that the writing isn't very good, because the point he's trying to make (the random troublemaker is different from the commercially motivated is different from the targeted attacker) is a pretty good one.

I've always broken it down by "hats"

[Anonymous Coward]

from good to bad...

white hat, gray hat, black hat, and asshat

I don't remember where I originally heard this, known it for years, so sorry to the source.

Re:

[camperdave]

I'd reverse the last two. Black hats are being deliberately malicious and evil, whereas the other is just being a jerk for the sake of being a jerk.

innacurate re: wikileaks

[Junior J. Junior III]

From the article:

Malicious hacker No. 5: Hacktivists
Lots of hackers are motivated by political, religious, environmental, or other personal beliefs. They are usually content with embarrassing their opponents or defacing their websites, although they can slip into corporate-espionage mode if it means they can weaken the opponent. Think WikiLeaks.

I'll grant that Wikileaks are activists. I'll also grant that they have some great hackers working for them. But what the article describes as "hacktivism" is not what wikileaks does. Wikileaks employs hackers defensively, to provide a secure system that guarantees anonymity for the sources who leak information to them.

Although there have been allegations made in the press by people who probably don't know anything about information security, I have seen no evidence that suggests that Wikileaks obtains information by cracking into systems. On the contrary, Wikileaks have always claimed to work by receiving information from sources who were privileged with access to the information, and who elected to leak it to Wikileaks out of duty to their conscience.

There has been, to date, no evidence brought forward which suggests that Wikileaks has ever broken into a system to extract information out of it. That isn't the way they do things.

There are "hacktivists" who do things like deface websites in order to publicize a cause, or DDoS attack some target that they disagree with. But that is not what Wikileaks does, either. Misguided sympathizers from "Anonymous" may have done some of these things in an attempt to aid Wikileaks, but that is still not something that Wikileaks does or endorses.

Re:

[gearsmithy]

Well we know Assange isn't a hacker... we have evidence to suggest that he's be laid at least twice.

Re:

[HeckRuler]

Agreed, but when he said "think wikileaks" he could have meant the material on wikileaks. Although, that's kinda silly as the majority of wikileaks is stuff that's leaked by those entrusted with said information leaking it to the public. It's kinda build into the name.

Re:

[c0lo]

Oh, well as long as they claim to not hack systems, I see no reason not to trust them. I hereby proclaim Wikileaks to be an honest company because that's my opinion so it must be fact!

Doh, AC... Your proclamation seems a bit redundant (to use a mild term), don't you think?
Or you haven't heard about "Innocent until proven guilty" yet?

Hackers?

[D Ninja]

Angelina Jolie is suspiciously absent...

Re:

[Stregano]

That is because she was a crappy hacker. She needed the help of ZEROCOOL a.k.a. Crash Override a.k.a. Dade Murphy. Don't forget about Razor and Blade, they are elite.

Re:

[c0lo]

Angelina Jolie is suspiciously absent...

Currently on active assignment for a job requiring a "Cat4 hacker"... be patient.

Re:

[PPH]

OTOH, Keanu Reeves is blessedly absent.

Rogue Hack

[DarthVain]

When you're killed by the letter "k"

Maybe you should have an editor read this one, Rog

[Minwee]

"If you think simply having a buffer overflow, fully patched systems, and antivirus will defend against all hackers no matter their objectives, you're wrong."

Um, if you think that a buffer overflow is supposed to defend you, then you're even more wrong.

Re:

[game kid]

XD

Re:

[Spykk]

The buffer overflow is there to offset the adjacent buffer underrun. It is a very delicate system.

Re:

[rwv]

What's wrong with the Buffer Overflow defense? Also, might I suggest that you try protecting your data from hackers with NULL pointers.

Now all we need

[Dachannien]

...is a list of skill bonuses for each class, and we can start rolling up characters!

The Slashdot poster

[CrazyJim1]

Although trained in different skill sets, they come together as a communal force to DOS sites.

Only Two Types

[Plekto]

There are only two types.

Those that you know about.
Those that you don't know about yet.

Thankfully, idiots make up 98%+ of the ones out there, but there are some that you never see, never know about, and are usually doing it as part of their normal job for whatever agency or government that is hiring them.

Of course, they aren't interested in us normal folk, so it's really us vs the idiots. And some days I wonder how they can be doing so well. Then I see my neighbor and it makes quite a lot of sense...

I need a Venn diagram to explain the fail

[HeckRuler]

Yeah, I'm not really diggin the list.
#1 "Criminal" is any law-breaker, which would be everyone on the list, except maybe "Cyber Warriors". Also maybe Hackticists, depending on if you consider "crime" to mean anything "socially detrimental".
#1a Maybe you meant for-profit criminals, which would still include Spam, Adware, and Corporate Spies.
#2 Spamming and adware spreading are two different activities. They may be of the similar low-hanging-fruit bulk-rate sort, but I don't know if they overlap.
#3 APT, w

Hacker vs. Cracker

[LongearedBat]

In the 80's (before the internet) and before jargon was mixed up by casual computer users...

- A "hacker" meant someone who was proficent enough with computers (few people were at that time) that they typed really fast at their keyboard, usually writing code or scripts. Today a "hack" still means quickly written, not carefully thought out code.

- A "cracker" was someone who broke copy protection. Today that would include breaking network security.

I may be considered pedantic, but it would be good to retain

You might as well give me the keys to your etc.

[parlancex]

How can we even begin to discuss hackers without this video? http://www.youtube.com/watch?v=wQ_SE71N3Bc [youtube.com]

Seven Types

[halcyon1234]

1. 1. Sleepy
2. 2. Sneezy
3. 3. Dopey
4. 4. Grumpy
5. 5. Happy
6. 6. Bashful
7. 7. Cowboy Neil

Sidenote: Slashdot's css has fucked up OL. Another entry for my user style. Great job, Slashdot. Great job.

ol li
{
list-style-type:decimal !important;
}

Sub 7 is 31337

[NSN A392-99-964-5927]

i just clicked the server, then hit his firewall and crashed his computer.

****malicious***

[Gunstick]

It says "Your guide to the seven types of malicious hackers"
Please note the word malicious

There are many more types of hackers, which are not malicious at all.

Re:

[blair1q]

phreaks

Re:

[trollertron3000]

Woz would be a hobbyist hacker. Steve Jobs would be a suit.

Re:

[c0lo]

may 6, 2010. look for the photo in Wall Street Journal. Vice Admiral Joseph Maguire rang the NYSE opening bell, Maguire is deputy director for Strategic Operational Planning at the National Counterterrorism Center. Record high trading volume, dow drops over 1000 points... someone banked billions in an hour

How does it go? Something like "never attribute to malice that could be reasonable explained by stupidity" or something (because it weren't the guys that caused it the ones who banked them billions).

Re:

[gregthebunny]

Hanlon's razor [wikipedia.org]:

Never attribute to malice that which is adequately explained by stupidity.

Re:

[Scarletdown]

Pro tip: When ever you see "APT," run in the other direction. That term belongs to Marketing now.

apt-get install...