Skip to content

Page055

Types of Attackers

Controlling access is not just controlling authorized users; it includes preventing unauthorized access. Information systems may be attacked by a variety of attackers, ranging from script kiddies to worms to militarized attacks. Attackers may use a variety of methods to attempt to compromise the confidentiality, integrity, and availability of systems.

Hackers

The term “hacker” is often used in the media to describe a malicious individual who attacks computer systems. The term hacker originally described a non-malicious explorer who used technologies in ways its creators did not intend. The first definition of a hacker from a 1981 version of the Jargon File (see http://www.catb.org/jargon/) is: “HACKER [originally, someone who makes furniture with an axe] n. 1. A person who enjoys exploring the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary” [^18]. The term “how to stretch their capabilities” is key: the original “hackers” were experts at pushing the bounds of technology and enjoyed doing so.

The eighth definition of hacker from the same version of the Jargon File references malice: “A malicious or inquisitive meddler who tries to discover information by poking around. Hence ‘password hacker’, ‘network hacker’ ” [^18].

Unethical hackers sometimes violate laws, break into computer systems with malicious intent, and may violate the confidentiality, integrity, or availability of an organization’s systems and data.

Ethical hackers include professional penetration testers who break into systems with permission, malware researchers who research malicious code to provide better understanding and ethically disclose vulnerabilities to vendors, etc. They follow a code of ethics and obey laws. Ethical and unethical hackers are commonly referred to as “white hats” and “black hats,” respectively. These terms are falling out of favor due to a (much needed) movement for more respective language in our industry, which has historically used non-inclusive language.