Читать книгу Hacking For Dummies - Kevin Beaver - Страница 41

Hacker skill levels fall into three general categories:

 Script kiddies: These hackers are computer novices who take advantage of the exploit tools, vulnerability scanners, and documentation available free on the Internet but who don’t have any real knowledge of what’s going on behind the scenes. They know just enough to cause you headaches but typically are very sloppy in their actions, leaving all sorts of digital fingerprints behind. Even though these guys are often the stereotypical hackers that you hear about in the news media, they need only minimal skills to carry out their attacks.

 Criminal hackers: Sometimes referred to as crackers, these hackers are skilled criminal experts who write some of the hacking tools, including the scripts and other programs that the script kiddies and security professionals use. These folks also write malware to carry out their exploits from the other side of the world. They can break into networks and computers and cover their tracks. They can even make it look as though someone else hacked their victims’ systems. Sometimes, people with ill intent may not be doing what’s considered to be hacking; nevertheless, they’re abusing their privileges or somehow gaining unauthorized access.Advanced hackers are often members of collectives that prefer to remain nameless. These hackers are very secretive, sharing information with their subordinates (lower-ranked hackers in the collectives) only when they deem those subordinates to be worthy. Typically, for lower-ranked hackers to be considered worthy, they must possess unique information or take the ganglike approach by proving themselves through a high-profile hack. These hackers are some of your worst enemies in IT. (Okay, maybe they’re not as bad as untrained and careless users, but they’re close. They do go hand in hand, after all!) By understanding criminal hacker behavior, you’re simply being proactive, finding problems before they become problems.

 Security researchers: These people are highly technical, publicly (or somewhat publicly) known security experts who not only monitor and track computer, network, and application vulnerabilities, but they also write tools and other code to exploit them. If these guys didn’t exist, security professionals wouldn’t have much in the way of open-source and even certain commercial security testing tools. I follow many of these security researchers on a weekly basis via their personal or company blogs, Twitter feeds, and articles, and you should too. You can review my blog (www.principlelogic.com) and the appendix of this book, which lists other sources from which you can benefit. Following the progress of these security researchers helps you stay up to date on vulnerabilities, as well as the latest, greatest security tools. I list tools and related resources from various security researchers in the appendix and throughout the book.

Hackers can be good (white hat) and bad (black hat) hackers. Gray hat hackers are a little bit of both. There are also blue-hat hackers, outsiders who are hired to find security flaws in client systems. Blue-hat hackers are more recently referred to as purple-hat hackers.

A study from the Black Hat security conference found that everyday IT professionals even engage in malicious and criminal activity against others. And people wonder why IT doesn’t get the respect it deserves!

Regardless of age and complexion, hackers possess curiosity, bravado, and often very sharp minds.