Meet the hackers
This may sound like anathema, but a hefty chunk of this book is devoted to cajoling your angelic innocence into something more akin to that of a hacker's savvy.
This isn't some cunning ploy by yours-truly to see for how many readers I can attain visitor's rights, you understand. The fact is, as we practise in Chapter 2 and as any crime agency would explain, to catch a thief one has to think like one.
Besides, not all hackers are such bad hats. Far from it. Overall there are three types—white hat, grey hat, and black hat—each with their sub-groups.
White hat
One important precedent sets white hats above and beyond other groups: permission.
Also known as ethical hackers, these decent upstanding folks are motivated:
To learn about security
To test for vulnerabilities
To find and monitor malicious activity
To report issues
To advise others
To do nothing illegal
To abide by a set of ethics to not harm anyone
So when we're testing our security to the limit, that should include us. Keep that in mind.
Black hat
Out-and-out dodgy dealers. They have nefarious intent and are loosely sub-categorized:
Botnets
A botnet is a network of automated robots, or scripts, often involved in malicious activity such as spamming or data-mining. The network tends to be comprised of zombie machines, such as your server, which are called upon at will to cause general mayhem.
Botnet operators, the actual black hats, have no interest in damaging most sites. Instead they want quiet control of the underlying server resources so their malbots can, by way of more examples, spread malware or Denial of Service (DoS) attacks, the latter using multiple zombies to shower queries to a server to saturate resources and drown out a site.
Cybercriminals
These are hackers and gangs whose activity ranges from writing and automating malware to data-mining, the extraction of sensitive information to extort or sell for profit. They tend not to make nice enemies, so I'll just add that they're awfully clever.
Hacktivists
Politically-minded and often inclined towards freedom of information, hacktivists may fit into one of the previous groups, but would argue that they have a justifiable cause.
Scrapers
While not technically hackers, scrapers steal content—often on an automated basis from site feeds—for the benefit of their generally charmless blog or blog farms.
Script kiddies
This broad group ranges anything from well-intentioned novices (white hat) to online graffiti artists who, when successfully evading community service, deface sites for kicks.
Armed with tutorials galore and a share full of malicious warez, the hell-bent are a great threat because, seeking bragging rights, they spew as much damage as they possibly can.
Spammers
Again not technically hackers but this vast group leeches off blogs and mailing lists to promote their businesses which frequently seem to revolve around exotic pharmaceutical products. They may automate bomb marketing or embed hidden links but, however educational their comments may be, spammers are generally, but not always, just a nuisance and a benign threat.
Misfits
Not jargon this time, this miscellaneous group includes disgruntled employees, the generally unloved, and that guy over the road who never really liked you.
Grey hat
Grey hatters may have good intentions, but seem to have a knack for misplacing their moral compass, so there's a qualification for going into politics. One might argue, for that matter, that government intelligence departments provide a prime example.
Hackers and crackers
Strictly speaking, hackers are white hat folks who just like pulling things apart to see how they work. Most likely, as kids, they preferred Meccano to Lego.
Crackers are black or grey hat. They probably borrowed someone else's Meccano, then built something explosive.
Over the years, the lines between hacker and cracker have become blurred to the point that put-out hackers often classify themselves as ethical hackers.
This author would argue the point but, largely in the spirit of living language, won't, instead referring to all those trying to break in, for good or bad, as hackers. Let your conscience guide you as to which is which instance and, failing that, find a good priest.
