Title: MIL – Cyberwarfare – the Actors
Summary: The online community is composed of not just state-run agencies, but subnational and individual actors. In some cases, the skill and resources of a single individual can surpass those of a much larger organization. Though some of these individual actors are partially defined by certain proclivities or behaviors, the predominant ideologies that pervade the community are Link to Ideologies>.
This is a background piece in an ongoing series on cyberwarfare. -----
Hacker – The simplest definition of this complex term is that a hacker is a person who has a profound understanding of the internal workings of computer systems and networks and attempts to constantly expand upon this knowledge. They exhibit an interest in computer security and how they can bypass or test its limits within the context of a given system or network. How a hacker expresses these interests and uses their knowledge depends upon their perception of the Internet, the actors that compose it, and finally their personal ideology or motives.
Black Hat – A black hat, also known as a darkside hacker, is a hacker whose primary activities and intentions are malicious and often criminal in nature. They attempt to locate, identify, and exploit security gaps or flaws within operating systems, computers, and networks in order to gain control of them, steal information, destroy data, or orchestrate other activities. Once identified, the hacker may even expand the security gaps to guarantee their continued access to the system or may close the security gap completely leaving only an access route they know of open.
While most of the black hats activities are done to amplify their own power they will occasionally share their knowledge and methods. This sharing of information however rarely occurs outside of the hacker community and will usually be amongst groups and associates that have an established level of trust. When it spreads beyond these to the whole of the hacker community it is usually done in an attempt to cause a mass rallying of resources and other hackers against a specified target or a group. As an addition point of interest there is a tendency for most cybermercenaries to emerge from or exist within this hacker class.
White Hat –White Hat hackers, known also as ethicals or sneakers, are the antitheses of darksides and are ethically opposed to the abuse or misuse of computer systems. Much like their black hat counterparts, white hats actively search for flaws within computer systems and networks. This most often will occur within systems that they have a vested interest in or substantial background knowledge so there is no single type of system which gets more attention than others. Once identified white hats will actively attempt to repair or patch vulnerable (and possibly already compromised) systems or alert the administrators or owners of them so that they can determine the best course of action. Fundamentally white hats attempt to maintain security within the Internet and its connected systems, but there are times when their actions can appear contradict their defining feature.
Since white hats are actively trying to thwart their black hat counterparts, conflicts have naturally been sparked between the two classes and open cyberbattles have been known to occur. So if in the course of an examination of a system a white hat discovers that black hats are damaging or compromising the system they will attempt to remove them, by force if necessary. If force ultimately comes to bear they will disconnect them from the system, back-hack them, or even infect their system in order to preserve the safety of the system.
There is an aspect to white hats however that calls their classes identifying features into question even more and that is how they behave given their altruistic disposition. If a white hat identifies or merely believes a system or individual is compromising the security or hindering the freedom of one of their interests they may launch a cyberattack against it. This is a rare occurrence within the white hat community, but it has been known to occur on occasion so long as the hacker believes they are acting in the best interests of security and the public good.
Grey Hat – Grey hat hackers are essentially hybrid forms of black hats and white hats. They are often just as skilled as the members of the other two classes and occasionally even exceed their levels since they have experience with offensive and defensive cyber operations. At any given time a grey hat might be acting out of altruism and Internet security much like that of a white hat or they might be destroying or disabling computer systems like a black hat. What dictates which side a grey is current on varies, but the deciding factor is simply what currently interests them.
Blue Hat – Most likely the smallest class within the hacker community, blue hats behave in ways that are very similar to white hats but they actively work for the security community and computer companies. They will like the other classes actively search for security flaws and gaps but they do so to guarantee a minimum amount of security for a company’s services and products.
Script Kiddies – Often incorrectly categorized as full hackers script kiddies are actually an intermediate form between regular computer users and hackers. They are inherently more knowledgeable about computers and related fields than regular users, but this knowledge has not translated into increased natural skill. To overcome this skill gap script kiddies will turn to autonomous computer programs that are released to the hacker community which will perform many of the same functions as a skilled hacker or cracker. Currently these can create and manage botnets, spawn viruses and worms, spread spamware, infect computers with adware, and many other malicious programs. Additionally due to the limitations in skill many script kiddies activities are restricted to only simple tricks that any user can perform or malicious actions.
Cybermercenaries – Cybermercenaries compose a special group of hackers and technologically skilled individuals who are willing to sell or rent their skills, services, information, or property out on short- or long-term contracts. Their activities are often limited to those with a malicious nature including denial of service attacks, website disabling, alteration, or defacement, electronic espionage, data theft or destruction, and network warfare. They have been known to be occasionally contracted for defensive network warfare as well, but incidents of this nature have been very limited. Additionally cybermercenaries are currently one of the smallest subgroups within the hacker community today due to the high degree of skill and resources required to fulfill most contracts along with the amount of risk involved with operations.
Hacktivist –Hacktivists are a rare but powerful subgroup of hackers which promotes the use of hacking through either illegal or legal means to accomplish political goals or advance particular ideologies.
Cracker – A computer or technology user whose primary activities are to circumvent or bypass copyright protection on software and digital media. Primary contribution to the hacker community is making programs and applications more available thus increasing individual capacity.
Coder / Writer –Coders, otherwise known as writers, are the primary creators of viruses and worms. Many hackers are often coders as well due since an understanding of computer code and code writing is a fundamental skill that hackers must understand to make real gains in natural skill and be considered competent. However, there are individual coders and writers who enjoy or prefer to write only new viruses, worms, Trojans, bot protocols, and many of the other programs that hackers find useful.
Bot – Bots are unique actors within cyberspace and perhaps one of the most powerful. All bots start out as a computer that is connected to the Internet. This could be a personal computer within a home, a computer within an office or business, or a server within a network. What transforms this computer or system into a bot varies, but it is most often accomplished by it becoming infected with a malicious program that allows it to be remotely controlled by a hacker or automatically perform actions after a certain time period. Once control is established the bot can be directed to a do a number of tasks which a hacker could do just as easily, but they can do it a far more efficient rate. Most often bots are used to collect active email addresses, clog bandwidth, website scraping, spread viruses and worms, generate DDoS attacks, or collect themselves into collective computer networks known as botnets.
Bot Herder – Obtaining bots for any given purpose can be an energy and time intensive process and may also expose a hacker or group to considerable risk. To increase efficiency and minimize risk hackers will often turn to bot herders. A bot herder is created in a process similar to that of a regular bot, but it is specifically programmed to infect other computers and turn them into bots or additional bot herder. By using these wranglers hackers can construct massive bot armies and networks and once they have accumulated enough bots they will become communication mediums for the hacker. When a hacker wants to control or direct their bots functions they will pass their orders to their herders who will them disseminate them through the botnet, ensuring greater security and command and control.
Botnet – Once a hacker has amassed numerous bots and bot herders they will begin to collect them into a consolidated network. By joining them into a collective computing network hackers can control the computing power of many thousands or millions of machines simultaneously and accomplish tasks that would otherwise be impossible with a single computer. Among these are DDoS attacks which can shutdown websites, servers and backbone nodes, massive emailing and spamming, and intensive virus dissemination. Once these botnets are established it can be extremely difficult to disband them or protect against their attacks.