Hackers: White-hat versus Black-hat
While it seems that the best way to prevent cybercrime is to ensure that your organisation's employees understand the risks, it's also important to understand what kind of people outside of your business might attempt to crack it.
The term "hacker" has been used for years, erroneously or otherwise, to describe users who are intent on breaking into computer systems and secure networks. However, that term is experiencing a re-evaluation, particularly since hackers are becoming an important element in helping to secure organisations.
A general breakdown between hackers separates them into two categories: white hat and black hat. White hat hackers are individuals who have specialist technical knowledge that is used to protect systems from intrusion. Generally, these sorts of hackers are more interested in learning about systems and networks for the sake of establishing a body of knowledge regarding those forms of technology.
The black hat hacker, as the name suggests, are the "bad guys" of the hacker world. These types of hacker are more interested in cracking into systems for the kudos as well as for possible financial gain. The intent for these types of hackers tends to be more malicious and are regarded by those in the wider hacker community as giving them a bad name. In fact, many hackers prefer to refer to these types of people as "crackers" instead of as hackers.
Although the threat from these crackers is real, they are less common than most people believe. "The predominant form of hacker out there today is what's referred to as 'grey hat'--they're 'white' in their motives, in that they don't seek to cause damage and don't seek unlawful financial gain," explains Grant Bayley, administrator for the hacker advocacy group 2600 Australia. "But they're intimately aware [of] 'black' methods of subverting security."
Bayley claims that the average hacker might be someone in their mid 20s who has been into computers for a number of years. They develop an interest in a particular area of technology and might start out "being a bit of a black hat". During these early stages, the novice hacker starts learning about operating systems and equipment by breaking into some systems and "poking around".
However, after they become a bit older, explains Bayley, they might get a job or go to Uni and "start to see that working with particular systems or particular equipment legitimately can pay relatively well".
"All the time, they're still learning about things and still know as much 'black' as they do 'white'," says Bayley. "[As they get] older... they might get picked up to do some security work or sysadmin work, an they're forced to switch into the role of the 'white' protector, all the time knowing that there's other 'black' methods out there that could be used against systems or pieces of equipment under their legitimate control."
As a result these "grey" hats might conduct private testing or keep in contact with "black" hats to "prevent breaches of security on their turf".
The use of hackers to help maintain security around an organisation or business is one that is certainly gaining strength in Australia. "Naming the organisations [that use hackers to help improve their own security] probably isn't a good thing," says Bayley. "They're obvious enough--just look for companies that offer 'IT Security Services' and 'Penetration Testing' as part of that."
Bayley points out that it's a mistake to believe that majority of hackers are interested in being malicious or gaining financial rewards through cracking. In fact, he states that the actual percentage of 'black' hats is actually quite small. In general he estimates that 70 percent of unskilled but well-equipped teenagers are 'white', while 30 percent could be labelled "black". But of the more skilled sector, Bayley believes that about 40 percent are "white", 55 percent are "grey" and only about 5 percent are really "black".
"I make mention of the second set of figures [for skilled hackers] because there's a ton of people purporting to be black hats when in fact they're little more than unskilled people with code written by others," says Bayley. "Once people get a bit more level-headed (and usually a bit older), people begin to teach themselves, learn in the course of a job, [or] go to Uni... all the time retaining their 'black' knowledge and concepts but operating in a 'white' environment at work."
