Security hackers exploit vulnerabilities within electronic systems. While all hackers work with code, their methods and expertise differ. Hackers also have individual reasons for hacking, and sometimes, hackers work against one another.
In general, “hacking” is a very vague term that could apply to almost anyone who works on code. But let’s dig into what security hackers are and what they do. If you work in security, you’ll either need to work with or against these people to keep your assets safe.
Who are security hackers?
In Hollywood movies, hackers are young people who hunch over computers in dark basements, tapping on keys for hours until they get just what they want. In reality, hackers come from all walks of life. And most of them don't need to work in dark basements. It's impossible to tell what they're doing (unless you're close enough to them to read their code).
In the 1960s, people started using the term "hacker" to describe people coding in FORTRAN. They wanted to understand how the code worked, including learning how to break seemingly impenetrable programs.
In the 1980s and 1990s, computers moved out of offices and into homes, and hacking panic grew. Individuals didn't want assets stolen, and anyone who had the skills to do that could be called a "hacker."
High-profile hacker arrests in the 1980s and 1990s didn't help. Soon, hacking was almost exclusively linked to mischief and crime.
Many websites have ranked lists of notorious hackers. These five appear in almost every blog:
- Kevin Mitnick, known for hacking the Digital Equipment Corporation's network, and then hacking for years after his release
- Jonathan James, known for hacking NASA and learning all about the International Space Station
- Gary McKinnon, known for hacking both NASA and the U.S. Armed Forces
- Robert Morris, best known for creating the Morris Worm, which crippled more than 6,000 computers
- Anonymous, a hacking collective, known for hacking Amazon, PayPal, and others
Many hackers do their work privately, and they never discuss their current projects. But others are quite open, and they look for opportunities to learn from others and share knowledge. Hacker conferences, of which there are many, are a place for this type of hacking knowledge sharing.
Types of security hackers
Categorizing hackers by the work they do can help you understand the diversity within the term, as well as the risks and benefits hacking presents.
Hacker types include:
- Black hat. This person is typically working outside the law. A black hat hacker will exploit vulnerabilities for a profit (hacker for hire), or this person will work as part of a collective that has a larger goal (such as taking down a site).
- Blue hat. Contractors who test a company's software for vulnerabilities are blue hat hackers.
- Criminal gangs. Hackers who work for one nefarious employer are part of criminal gangs.
- Elite hacker. Think of this hacker as someone with extensive skills and the ability to choose jobs and targets carefully.
- Grey hat. This hacker sometimes works ethically, and sometimes, this person breaks the law.
- Hacktivist. This person works with an activist goal in mind. The hacker might take down an oil company's website, for example, to highlight ocean pollution risks.
- National hackers. These people work for a government, attacking targets they're given.
- Neophyte. This person, often called a "script kiddie," is new to hacking but can still do a lot of damage.
- White hat. This person hacks, but all the work is done with the target’s knowledge and permission.
These distinctions matter to law enforcement officials. Taking on black-hat jobs is both unethical and illegal, and it could put the hacker in jail. When in doubt, don't hack.
Wondering what a hacker's life is really like? Check out this blog about hacker Matias Brutti.
The History of Hacking. (April 2002). Help Net Security.
The Evolution of Hacking. (August 2016). The State of Security.
The World's Most Famous and Best Hackers (and Their Fascinating Stories). (April 2021). Make Use Of.
The Best Hacker Conferences of 2020. (April 2019). Infosec.