Arkaprabha Chakraborty

Basics of Security - Part 2 (Theory notes made by googling and reading different articles)

Posted on Oct 4, 2022

Classes of Attackers

  • White Hat A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term “white hat” in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement.
  • Black Hat A black hat hacker is a hacker who violates computer security to be malicious or for personal gain. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture. Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.
  • Script Kiddie A script kiddie (also known as a skid or skiddie) is a non-expert who breaks into computer systems by using prepackaged automated tools written by others, usually with little understanding of the underlying concept.
  • Hacktivist A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.
  • Nation State Nation state refers to intelligence agencies and cyber warfare operatives of nation states.
  • Organized Crime Organized crime refers to criminal activities carried out for profit.
  • Bots Bots are automated software tools that are available for use by any type of hacker.

Attack Sources

  • An attack can be perpetrated by an insider or from outside the organization.
    • An inside attack is an attack initiated by an entity inside the security perimeter (an insider), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
    • An outside attack is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an outsider). On the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.
  • A resource (both physical or logical), called an asset, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromise the Confidentiality, Integrity or Availability [Also referred to as CIA triad] properties of resources (potentially different from the vulnerable one) of the organization and other involved parties (customers, suppliers).
  • An attacker need not remove data for there to be a problem. Reading of material, such as a secret formula, or encryption and extortion for the key could be done without removal of any data.