In the ancient days of the golden age of computer nerds, hacking was as much an art as it was a science. It required a special set of skills, capabilities and abilities. Today EVERYBODY can do it, without a doubt: attack services are purchased and sold in Clearnet and Darknet, there are many YouTube tutorials for executing whatever kind of payload or technique, and automated tools are doing a lot of the stuff. This is truly a sad phenomenon that is closing the gap between “skilled digital jedis” and amateurs, while fueling an exponential increase in asymmetric threats.

So, it is now possible to wreak havoc even if you know virtually nothing about computer programming or networks thanks to the growing array of online marketplaces. While many hacktivists still prefer to enlist their own digital “armies,” some are discovering that it’s faster and easier to pay for example a “DDoS-as-a-Service” than to recruit members or build their own botnet.

But no matter the current situation of the cyberspace, a profiling of this “bad actors” always tends to be quite difficult to understand and overalls categorize. Their motives are as diverse as themselves. Hacking can be fun, can empower people, can give a level of control (of what they lack in the real world). Some hackers are anarchists performing random acts of disobedience, others have a personal business to settle with some company, while others are seeking exclusively for the money. However, all of them share one thing in common: if someday you become suddenly the target of one of these fantastic creatures, it will not go away. In this case you have an almost impossible battle to fight and certainly impossible to win.

Cybercriminal X-ray

What does profiling tell us about the "standard" hacker cybercriminal? There are always exceptions, but according to some basic lawyer knowledge, they display some or most of the following characteristics:

  • Some measure of technical knowledge (among hackers, the skill level is the key differentiator. There are those skilled hackers who can write code in their sleep and know UNIX inside out. Then there are those “posers” who only know how to run tools which crack passwords or sniff networks, but that’s all)
  • Disregard for the law obviously
  • High tolerance for risk
  • "Control freak" nature, enjoyment in manipulating or "outsmarting" others
  • A motive (previously mentioned) for committing the crime, like monetary gain, strong emotions, political or religious beliefs, sexual impulses, or even just boredom or the desire for "a little fun."

Let’s have a deeper look at this last one. Personally, to classify motives and being pragmatic, I like the three-core approach (profit, evasion, disruption):

  • Profit. Money is the primary motivation in the attack marketplace. Those who want to commit a crime, but don’t know how to execute it, will always pay someone to do it for them. And with demand outpacing supply, this is a crime that pays. Stressers, ddosing services orchestrating generation of a massive amount of traffic, are known to bring in more than $100,000 a year. Vendors offering application exploits can generate thousands of dollars from selling one exploit on the Darknet.

  • Evasion. The ability to evade detection is one of the most important capabilities a vendor offers to his or her business and clients. Vendors are highly motivated to stay on top of the market. After all, detection or mitigation of their services will cost them customers and profits. Thus, vendors continually research and discover new attack methods to help their clients bypass mitigation techniques and take down their targets undetected.

  • Disruption. This represents one of the primary motivators for hacktivist groups. Hacktivists are motivated to disrupt their target’s operations and/or reputation; vendors thrive by investing in researching and discovering new attack vectors.

I want to make a categorization separate from the core three because probably this is the most important one, since many hackers have committed severe crimes due to this one:

  • Emotional. The most destructive cybercriminals often act out of emotion, whether anger/rage, revenge, "love" or despair. This category includes spurned lovers or spouses/ex-spouses (cyber-stalking, terroristic threats, email harassment, unauthorized access), disgruntled or fired employees (defacement of company web sites, denial of service attacks, stealing or destroying company data, exposure of confidential company information), dissatisfied customers, feuding neighbors, students angry about a bad grade, and so forth. This can even be someone who gets mad over a heated discussion on a web board or in a social networking group. Also, this category includes some of the most violent cybercriminals: serial rapists, sexual sadists (even serial killers) and pedophiles. Child pornographers can fit into this category or they may be merely exploiting the sexual impulses of others for profit, in which case they belong in the "money" category.

And there might exist another crucial categorization:

  • Motivation by ego. The hacker’s ego is probably the main engine for the attacks performed. Remember that skill/reputation is everything within the hacker community, and many are looking for their hall of fame. Malware writers, information leakers, etc. want to receive credits for the activities they do. Each hacker has a pathological necessity to prove himself, his abilities and compare with others. They usually believe that they are smarter and more skilled than their adversaries and all the support who might be called to assist against them. The more visible the target, the greater the hack, so therefore the greater the hacker.

Even though we might find these kinds of categorizations, as we can expect hackers are not created the same. In reality, there are many different kinds of hacker, and some of them fall into more than one categorization or profiling. For the sake of simplicity, it helps to be familiar with the following types of hackers that can be found commonly in reality.

Amateurs/Posers/Non-hackers:

  • Script Kiddies. They are little more than nuisances, compared to their hacking compatriots, but for some reason there is a name for those people.

The “Good Guys”:

  • White Hats. These ethical hackers, usually security researchers, are those that help the average user by using their skills to keep threats at bay.

Political Players:

  • Hacktivists. Using DDoS attacks and website vandalism to humiliate and hobble their targets, these actors are usually part of a larger group, working towards an ideologically driven common cause.
  • Nationalist Hackers. These actors are those that, thanks to their sympathies and patriotic motives, are often given a pass by law enforcement.
  • Nation-State Agents. These actors are part typically of a government body, usually in a military or intelligence capacity. They have access to great capital and resources and will not hesitate to use them.

The Criminals:

  • Cyber Mercenaries. These are hackers-for-hire, who will be brought on to assist other cybercriminals for a share of whatever ill-gotten gains there are to be had.
  • Organized Cybercrime. These are criminal organizations that focus on cybercrime, with a hierarchy that allows them to reap great profits from their schemes.
  • Malicious Insider. These are the criminals who sit inside your walls, actively working to sabotage your efforts and leak critical information to your competition, often for personal motivations.