Roger Grimes posted on Infoworld a taxonomy of Hackers: “Your guide to the seven types of malicious hackers. – Knowing the difference between a spammer, a corporate spy, and a cyber warrior can better help you defend your systems”. The seven types he discerns are:
- Cyber criminals
- Spammers and adware spreaders
- Advanced persistent threat (APT) agents
- Corporate spies
- Cyber warriors
- Rogue hackers
Boring, but Bruce Schneier more or less reposted it and, probably because he has a certain reputation as a security expert, now it attracted a lot of readers (including me) and thus generated some comments, as usual more interesting than the original post. So let’s summarize.
The first issue is, of course, what exactly is a hacker? I’ve written about this before, here on this weblog, and there is, of course the hackers/crackers-dichotomy. Someone claimed that we should not use these labels anymore, but distinguish between “White Hat”, “Gray Hat” and “Black Hat”.
I like the definition “A hacker is someone who unlocks currently hidden functionality”, and Schneier said something like this (using more words) in a 2006 – post on his blog:
A hacker is someone who thinks outside the box. It’s someone who discards conventional wisdom, and does something else instead. It’s someone who looks at the edge and wonders what’s beyond. It’s someone who sees a set of rules and wonders what happens if you don’t follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.
Brett Keith Watson posted a link to his recently published PhD thesis “Network Protocol Design with Machiavellian Robustness“, where his taxonomy of security threats is in chapter two:
That makes more sense to me than Grimes’ taxonomy, so I downloaded the book and loaded it into my e-reader (it’s free, and I am Dutch, so: why not? – I just have to find some time to read it, but that problem will be dealt with by employing some Life-Hacking techniques!)
Finally some jokes;
There are 10 types of hackers: Those who understand binary, and those who don’t. (Script kiddies tend to fall into the latter group…)
and by Dick Praet:
script kiddie = Snotnose missing the physical skills to be good at sports, the technical skills to play an instrument and the social skills to get a girlfriend. Aspires to fall into one of these seven categories once he starts understanding computers.