The Raytheon Field Guide to Hackers

Cyber actors, from black to white hat and all shades between...

Not all hackers are compiled from the same code. They vary in principle, purpose and practice.

The following list describes that role and other types of hackers encountered in the wild, wild web.

White hat hackers — These are the good guys, named after the white-hatted heroes in Western movies. They’re cybersecurity professionals who track and monitor threats, as well as researchers and students trying to make the Internet of Things safer. “They reverse-engineer malicious code, pulling it apart and seeing how it works,” said Mark Orlando, chief technology officer for cyber services at Raytheon. “You’ll find white hats who are security operations center analysts, network defenders, incident responders, penetration testers and bug bounty hunters.”

Gray hat hackers — These are the vigilantes of cyberspace. They could be citizens or professionals who will sometimes run across a botnet or uncover a threat actor, and then take matters into their own hands, engaging the attacker or threat. “A white hat hacker will escalate an intrusion or threat to a higher authority or report it to law enforcement,” Orlando said. “A gray hat hacker will, instead, try blocking the threat and attempt to move in, trying to take down an attacker’s infrastructure or interact with them in some way. It’s called ‘hacking back.’”

Black hat hackers —A black hat hacker cracks computers and breaks into networks for ill intent or personal gain. “If you’re not a white hat or a gray hat, then you’re more than likely a black hat,” Orlando said. “Black hats can any fall into any of the categories that follow on this list, and can be a combination of several categories at the same time, like an insider threat who is also a hacktivist, like a whistleblower or somebody with a cause that leaks sensitive information.”

Cyber mercenaries — These are cyber "guns for hire," serving as experts to attackers who don’t have hacking skills. “A country can enlist the services of a cyber mercenary so they can have plausible deniability,” Orlando said. “A good example would be a ‘bot herder,’ who controls a large network of compromised computers. These bot herders will take payments to turn on a botnet to unleash a DOS [Denial of Service] attack against a company or enemy.”

Nationalist hackers —These actors aren’t actual nation states, but who further the state's agenda. They vandalize websites, leak proprietary information and cause damage in the name of their country. “Nationalist hackers, again, allow a state to deny any responsibility for an attack,” Orlando said. “Sometimes the hacker’s motivation is purely financial, but sometimes it just gives them leverage and status, or just national pride. They’re often cyber mercenaries or organized criminals.”

Organized and disorganized criminals — These hackers cash in on their cyber skills. Organized criminals run much like a business, using spam operations, spearphishing campaigns, ransomware, credit card data theft and hosting operations. Disorganized criminals can be lone wolves or loosely knit bands of hackers. “Attribution is really hard when it comes to high-profile breaches like the ones we’ve heard about with some major retailers,” Orlando said. “But in these cases, it’s all about information—credit card numbers, social security numbers or intellectual property — that can be sold on the dark web’s blackmarket. For disorganized criminals, it’s oftentimes opportunistic. They’re just out there, seeing what they can get, and then going after it.”

Hacktivists — These could be individuals with a political or personal agenda, or larger groups like the various Anonymous factions. “They’re usually motivated by ideology or politics, trying to expose or embarrass their opposition,” Orlando said. “Think of the fictional ‘The fSociety’ group of hackers on the TV show ‘Mr. Robot.’”

Nation state actors — These are cyber soldiers and agents with huge budgets and sophisticated tools. With intelligence-gathering and military objectives, their mission is to monitor and if necessary, attack or interfere with an adversary country’s network. “Sometimes, they’ll place a trusted insider into an organization to steal classified, sensitive or proprietary information,” Orlando said.

Script kiddies — These are hackers with little or few skills, who download rootkits and scripts from the dark web, seeking fortune and fame. “These aren’t children…script kiddies can be any age,” Orlando said. “They either buy or download tools for free, and they can even learn how to use them by watching videos online. These attacks are generally low in sophistication and relatively obvious to spot.”

Insider threats — These are employees, often disgruntled, with an axe to grind. They leak, steal or vandalize their own company’s network for money, revenge and attention-seeking. “They take advantage of their access and privileges to compromise systems,” Orlando said. “In the past 20 years, we’ve heard about quite a few high-profile cases of employees stealing and selling secrets, or leaking them.”

Cyber pickpockets — These criminals might pick your packets or your pockets. Some physically steal devices like mobile phones, tablets and laptops, mining the device for information and credentials. Others might “sniff for packets” and steal information over the air by setting up a free WiFi network at a coffee shop or hotel. “It’s usually not very organized or sophisticated.