It’s hard to imagine talking about [tag]online security[/tag], and in particular, online business security without the inevitable appearance of the shadow antipode of the [tag]security professional[/tag] otherwise known as “hacker”.

The word “hacker” has such a bad publicity associated with it that for the average Internet users hackers are almost always a synonym of the serious online trouble.

So let’s “set the records straight”. There are many different types of hackers, some of them are really dangerous, others can help you patch gaping vulnerabilities in your business or even save your online business.

They are known as “White Hat Hackers” and they have the full right to be called “the White Knights of the Online World”.

So who are these guys? I would say every gifted programmer who found and reported serious security vulnerability in publicly available systems (either in open source architecture or in commercial application) could be called a “white hat hacker”.

If s/he wouldn’t report this security whole, it could be later identified by black hackers and used as a new exploit for a successful 0-day attack.

Every security professional who stumbled upon un-known security risk during penetration testing and informed not only his client (for whom this testing was performed) but also the community of security professionals, could be called a “white hat hacker”.

The person who was able to reverse-engineer binaries of the sophisticated new virus not only through a creation of a sandbox or virtual machine simulation, but by getting his hands dirty and actually playing with the code and understanding the internal actions of the binaries through core dump analysis, and then show the world the structure of this virus, could be called a “white hat hacker” too. 

All these guys have one thing in common: they used their knowledge to make this world a little better, more secure place. They didn’t use it for their own personal gains.

Make no mistake though – hacking is in their blood, it’s their alter ego. It gives the ultimate joy to their brains, because not many things in life can compare with a thrill of entering the presumably secure system through the newly created backdoor, without being noticed by company’s IDS and avoiding other traps.

But it’s one thing to hack in the system as part of penetration testing, when you was asked to do so by the owner, and use your knowledge to help the company to patch the security holes at the end of your ride. And quite another – to penetrate the same system without permission and rip off all the sensitive data off the company’s servers.

That’s in a nutshell the difference between white hat and black hat hackers.

Stay tuned, we’ll talk about grey hat hackers in the next post.

Child molesters (also called child abusers, [tag]online sexual predators[/tag], etc) are in my opinion the most disgusting type of “online pirates” mentioned above. They target chidren who post their profiles on different social networking sites, popular teenage chats, etc. Starting the conversations with potential victims as if being the child of the same age, those predators not only use the information gathered during chats for their financial benefit, but they also blackmail children and use their knowledge of children psychology to take sexual advantage of children.

Luckily for the world’s safety and sanity, hackers are usually interested in system hacking only from the point of view of getting a financial gain. Stealing is wrong, yes, but it’s far less dangerous than using hacking skills to abuse children.

Unfortunately there are a few morons outhere who combine some level of hacking skills with psychological disorders, and they use their skills to molest children.

In my opinion those are the most dangerous online villains. Adrian Ringland, for example, was caught in 2006 for molesting girls in Britain and Canada. He posed in the chat rooms as a teenager and sent to 13-year old girls a Trojan Horse mascaraded as a picture of him. After “the picture” was downloaded, bastard gained remote control to the victims’ machines and searched for anything that could embarass girls. Then he used this material for successful blackmails.

You can learn more about this frightening case of child abuse from this article:Internet predator jailed for targeting teen girls. Of course, nobody says that identity thieves or hackers that are up to financial gains are angels, but at least they target adults. Other than that there is not much good left to say about identity thieves, either.

It’s probably worth noting that not all identity thieves are hackers. Identity thieves not necessarily hacked into personal computer (or some website’s database) to get victim’s data. They could instead use one of millions online scams that are spread out like a plague all over the Net.

Whereas child molesters and identity thieves deserve absolutely no leniency towards their maliciouis activities, and thus should be prosecuted as harsh as possible, I wouldn’t be so quick to judge hackers. At least, not until we define the types of hackers, their motives and intentions.

Based on their skills and mostly, based on their purposes, I divide hackers into 4 groups.

There are white hat hackers, grey hat hackers, black hat hackers (also called crackers) and script kiddies.

Only 2 groups can be considered a “villain” type: crackers and script kiddies. You might be surprised to learn this, but only those 2 types will launch attacks that will harm your online business.

Black hat hackers will certainly try to get some financial advantage, whereas script kiddies might either stole your data or deface your site, which is annoying but can be easily corrected.

I will talk about “good” types of hackers in the next post.