A security cracker (a.k.a. "hacker") is someone who exploits vulnerabilities to gain access to secured systems and information, and in some cases, control of such vulnerable systems. Motivations for such activity can vary from evil desire to penetration testing for security. Those who engage in hacking are often classified into a category which is referred to by a certain hat color. This unusual naming system probably comes from the "western" genre of black-and-white television, in which the people wearing white hats were often "good-guys" while the people in black hats were usually "bad guys."
This is the type of cracker most people think of when "hacking" is mentioned. A black-hat hacker is a term for someone who compromises the security of a computer system without authorized permission, usually intending the system harm. Hackers can use their knowledge of exploits and software vulnerabilities for their personal gain and disregard for the law. Hackers may use their skills in computer crimes to break copy prevention devices in software or cause other malicious damage such as breaking into secure systems via DOS attacks or releasing Internet worms.
Infamous Black-Hat Hackers:
- Mark Zbikowski - Known as one of the earliest crackers by exploiting the security of Wayne State University's mainframe for his amusement.
- Vladimir Levin - Allegedly tricked Citibank's computers into spitting out $10 million.
- Johnathan James - aka c0mrade, made unauthorized copies of software that controlled the International Space Station's life sustaining elements. Also intercepted thousands of electronic messages from the DoD relating to U.S. nuclear activities.
A hacker who sometimes acts legally, sometimes in good will and sometimes not. Usually they do not hack for personal gain or with malicious intent, but sometimes commit crimes during their exploits. "Hacktivists" usually fall into this category.
Ethical hackers who work to secure IT systems. Often white-hats are hired by corporations and companies to locate and detect any weaknesses in their IT security. White-hat hackers observe the hacker ethic:
- the belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing free software and facilitating access to information and computing resources wherever possible; and/or
- the belief that system cracking for fun and exploration is ethically acceptable as long as the hacker commits no theft, vandalism, or breach of confidentiality.
Some organizations go so far as to set up "red team/blue team" exercises, where one team will attempt to penetrate a system, while another will try to prevent penetration. If the "red team" (penetration testers) manage to gain access, they will then reveal to the "blue team" (defense security) how they accomplished the task so that the vulnerability can be closed.
Blue-Hat Hackers are hackers that have been employed by Microsoft to test the security of Microsoft software. The origin of the 'Blue' in Blue-Hat is based on the fact that Microsoft considers blue its signature color. These are essentially white-hat hackers.