Today's perception of the hacker is often informed by the latest action thriller coming out of Hollywood. But in truth this couldn't be further from the case. Hackers are neither nerds nor gun slinging action heroes; despite what the Matrix trilogy would have you believe.
The term 'hacker' was first coined in the 1980s to describe a person who lived and breathed computing and programming culture; who then put this knowledge to work by applying it to different computing technologies to solve problems. Thirty years on, the same term is still being wrongly applied to describe cyber criminals that are using the same skills to cause untold damage.
Why does this matter? Because cyber criminals, not hackers, threaten nearly every aspect of our day to day life, from personal data to bank accounts and even critical infrastructure. Hence, the threat posed by such an individual today warrants much more than the 'hacker' namesake.
Over time different versions of cyber criminals have appeared on the global stage; otherwise known as the Internet, with each possessing different backgrounds, motivations, skill sets and budgets. Understanding these individual types is essential for putting in the right processes and procedures to protect yourself and/or your organisation from a cyber-attack. So who are they?
Traditional
These folk make their living by stealing credit card details, user credentials or confidential company information. They also tend to have full time jobs and are employed from 9am to 6pm. A tell-tale sign of a traditional cyber-criminal is that they will put their attack on hold around 6pm so they can go home and put the kids to bed; despite the fact that they've been trying to compromise your systems all day.
Hacktivists
These guys like nothing more than attacking organisations and individuals based on their political views and their belief in the "greater good". Attacks often correlate with what is playing out in the news. Being loosely organised, they reach out to their followers and activate others by using social media to coordinate attacks. Skill levels will vary and more often than not, they will use basic automated hacking tools to conduct 'Denial of Service' attacks. That said, what they lack in terms of group skill is compensated for by high levels of motivation and some very skilled individuals.
Script Kiddies
This group is a fairly recent phenomenon and can be explained by the ubiquity of the internet and descriptive lessons on how to 'hack'. More often than not, the basic motivation of these individuals is to prove that something is possible. The digital equivalent, if you will, of skinny dipping late at night in the local lido. Fame and street credibility is hugely important for this group, although their lines of attack are primarily basic and based on what they can learn from searching the Internet or dark web.
Nation State
Nation driven espionage is almost certainly performed by all countries these days. Budget and skillset are no issue for government powered attacks. That said a degree of protection against a nation state cyber-attack is possible by building up a strong defence around you, your employees and your business.
Looking at the descriptions of today's varying types of cyber threat, it is safe to conclude that today's cyber criminal is no longer a basement dwelling nerd or a rogue superhero.
Ultimately, cyber criminals are human beings. Building higher technical defences will only result in them building taller ladders. Based on the basic principles of any cyber security plan, the key is to identify the threat you're faced with and then develop a plan to counter it that focuses on the weakest link in any cyber security chain; people. Because like any human, a cyber criminal will always look for the best possible return for the minimalist of effort.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
