Know Your Enemy: Hacker Taxonomy
Key Points
- The speaker frames cybersecurity threats through Sun Tzu’s principle “know your enemy,” emphasizing that understanding attackers is essential for effective defense.
- For the purpose of the discussion, “hacker” is defined (following Google) as a person who uses computers to gain unauthorized access to data, distinguishing them from non‑malicious tech enthusiasts.
- Hackers are first categorized by the “hat” they wear: black‑hat (no permission, malicious intent), white‑hat (authorized, defensive testing), and gray‑hat (unauthorized but claiming a benevolent motive).
- A second classification looks at skill level, ranging from low‑skill “script kiddies” who run pre‑written tools to highly skilled adversaries capable of crafting custom exploits.
- The speaker stresses that attackers are diverse and cannot be painted with a single broad brush, urging a nuanced, multi‑dimensional taxonomy when assessing cyber threats.
Full Transcript
# Know Your Enemy: Hacker Taxonomy **Source:** [https://www.youtube.com/watch?v=TK8_qFp79nM](https://www.youtube.com/watch?v=TK8_qFp79nM) **Duration:** 00:10:38 ## Summary - The speaker frames cybersecurity threats through Sun Tzu’s principle “know your enemy,” emphasizing that understanding attackers is essential for effective defense. - For the purpose of the discussion, “hacker” is defined (following Google) as a person who uses computers to gain unauthorized access to data, distinguishing them from non‑malicious tech enthusiasts. - Hackers are first categorized by the “hat” they wear: black‑hat (no permission, malicious intent), white‑hat (authorized, defensive testing), and gray‑hat (unauthorized but claiming a benevolent motive). - A second classification looks at skill level, ranging from low‑skill “script kiddies” who run pre‑written tools to highly skilled adversaries capable of crafting custom exploits. - The speaker stresses that attackers are diverse and cannot be painted with a single broad brush, urging a nuanced, multi‑dimensional taxonomy when assessing cyber threats. ## Sections - [00:00:00](https://www.youtube.com/watch?v=TK8_qFp79nM&t=0s) **Defining the Hacker as Enemy** - The speaker clarifies that, for the purpose of his cyber‑security discussions, a “hacker” refers specifically to a malicious individual who gains unauthorized access to data, invoking Sun Tzu’s principle of knowing one’s enemy. ## Full Transcript
if you've seen my videos on this channel
you know I talk about cyber security and
make a lot of references to the bad guys
who are these folks what do they do why
do they do it let's peel back the layers
and get a better understanding
this guy Sun Tzu wrote a book about 2500
years ago called The Art of War and in
that he said if you know the enemy and
know yourself you need not fear the
result of a hundred battles to shorten
that it's basically know your enemy well
so who is the enemy well we use a lot of
different kinds of terms to describe
these folks and to be honest with you
there's some debate as to what the
definition should be so I'm going to
tell you what I'm going to Define it as
in this context when I use the term
hacker I'm referring to not for instance
a geek who's really great at a hackathon
and can win that contest really has a
lot of technical skills I'm also not
referring to a really bad golfer because
that's another definition of the term
hacker I'm referring to a bad guy now
again there is some disagreement as to
whether that's how the term should be
used because there are a lot of people
who are on the good side of computer
security that also use that term to
apply to themselves so apologies to
those who want a different definition
I'm going to go with what Google says
since that's one of the most common
things that I think people would
understand and that is a person who uses
computers to gain unauthorized access to
data so what about these folks if Sun
Tzu said we need to know our enemy what
do we need to know about these guys well
it turns out they're not all the same we
can't paint them with a single broad
brush and really have a good
understanding of what they do so let's
talk about the different types of
hackers that we might have
the different types of adversaries if
you choose that term and prefer that
instead well we can think of them along
a number of different dimensions
think of this as a taxonomy or
classification system and this first one
I'm just going to refer to as the hat
that they wear
you could have black hat hackers and
white hat hackers and then even someone
in between the gray hats so the the
difference between a white hat hacker
and a black hat is really simple it's
consent a black hat does not have
permission to break into your system a
white hat does a white hat hacker would
be someone who is under contract you've
hired them to do a penetration test and
see if they can get into your system and
they are following certain rules the
black hat is doing it for different
reasons and then a gray hat is someone
who may not have permission but they
think they're doing something good so
they're in that gray area so that's one
way of classifying the the people that
are trying to break into systems another
is their skill type
I think many times we assume that all
hackers are super skilled and in fact
they're not in fact we have script
kitties that are on one end of the
spectrum who are just downloading code
and running it and then we have the
elite hackers and everything again in
between so that's another way of looking
at what is an adversary and it's based
upon their skill abilities another thing
is ttps
this is
tactics techniques and procedures so in
other words what are they doing when
they do it what kinds of tools do they
use and what are their ultimate
objectives so there could be crackers
those are people that are trying to
break into cryptography there could be
malware Riders there could be denial of
service attackers there are pin testers
penetration testers so they're using
different kinds of tools to do that
doing vulnerability scans and things
like that social Engineers are another
one that are not really hacking the
systems they're kind of hacking the
people they're basically doing a con
game on the individuals in order to get
into a system
another way to look at at these
attackers would be motive
what's the reason that they're doing
what they're doing well there could be a
number of motives for instance piracy I
want to get a movie and make copies of
it so all my friends can can watch the
movie and not pay for it uh there could
be uh profit that is I'm wanting to make
money from my activities or there could
be politics so any one of those three
three p's piracy profit and politics
could be the reason that we're doing
this
another motivation or another actually
classification that we could look at
would be targets
so what is this person going after
the target might be a bank it might be a
nation state it might be individuals so
it could be any of those as well and
again the way we look at at the way they
attack would be different depending on
which one of those things they're going
after and then a much more controversial
one would be the psychology of the
attacker so we've got a range here as
well this could be someone who is a
sociopath it could be a misfit it could
be a criminal so there's a lot of
different elements here also to consider
so this is showing you I hope that
there's a much more complex definition
as to what an attacker would would look
like the things that are motivating them
the things they're doing and why they're
doing it so here is a different way
that's a fairly complex view that we
would have to do a multi-dimensional
matrix in order to map all of that out
I'm going to try to give you a more
simple taxonomy that I think captures
most of these aspects it's not perfect
nothing's going to capture all of these
but this is one that we can at least
consider as a as a more simple version
so we've got different types of hackers
and I'm going to say Roger Grimes
writing an article for infoworld.com
came up with this and then I'm going to
add a few to it the work that he did I
think is really solid so that's why I'm
citing it so we've got criminals
these are the ones who are breaking in
for a lot of the kinds of reasons that
we've talked about that's one type of
hacker we've got spammers
so this is a different kind of attack
the spammer is doing much more of just
overloading the system or overloading
the person's mind and trying to con them
in this is a little more of social
engineering if you think of it that way
we've got things that are called apts
advanced persistent threats this is
usually the work of nation states and
and Departments of defense and things
like that where they are using really
Advanced capabilities they're looking
for zero days a zero day is something
where there's a vulnerability in the
software for which there is no patch so
no one has a good protection against it
right away so this is very elite kind of
stuff then we have corporate spies
these are people that are motivated by
profit they're trying to steal corporate
Secrets intellectual property from some
organization in order to use it in their
organization
then we have pactivists
what's a hacktivist well a hacktivist is
someone who's hacking for a cause this
is basically a political or social
statement that they're trying to make
they disagree with what a given
organization is doing so they're going
to attack that website in order to let
their displeasure be known this could
take the form of basically e graffiti
where I'm marking up their website or it
could be denial of service where I'm
taking their website down and to try to
make a point others could be cyber
Warriors
these are basically fighters who fight
not on the battlefield but their
Battlefield is in cyberspace and we see
more and more the rise of the Cyber
Warrior as militaries become more and
more modern it's an asymmetric threat
meaning any organization any country
with a computer can have a cyber warfare
capability so the barrier to entry is
very low
then we have Rogue hackers
these are people who operate sort of
outside of all of these other
constraints
they really defy definition in many
cases and their motivations are not
always clear at least not obvious to us
in every case so this was the work that
I mentioned earlier I'm going to add a
couple more categories here
and that is
The Accidental
hacker the one who maybe is in your
organization who doesn't mean ill
doesn't have any malicious and tit but
they misconfigured a system so now it
ends up taking the system down or they
have malware installed on their system
that they didn't realize and now they're
basically the source of an attack on the
organization so an accidental even
though their intentions might not be bad
their actions and the effects can be the
same and then
the last category I'm going to mention
is one that is rising more and more
and this is the Cyber stalker this is
someone who puts some sort of malware
some sort of spyware on maybe your phone
your computer your tablet and then
they're able to look at all your
activities everywhere you go they follow
and see the GPS location they can read
your emails your text messages turn on
the camera turn on the microphone on
your device and listen to your
conversations this is a substantial
threat so hopefully you can see from all
of these there are a lot of different
reasons why adversaries try to break
into systems so when I talk about the
bad guys I want us to have a better
understanding of what those bad guys are
hopefully now that we you have a better
understanding this is a much more
complex much more nuanced subject than a
lot of people would realize so take some
of your stereotypes and throw them away
and start thinking about more the
complexity of what this space really
looks like
and just remember if you're satisfied
with your security so are the bad guys
that means we need to follow the advice
of Sun Tzu we need to know our enemy so
that we can fight the bad guys
thanks for watching if you found this
video interesting and would like to
learn more about cyber security please
remember to hit like And subscribe to
this channel