There is no such thing as a typical hacker. It is neither the fat guy in the grubby hooded sweater with horn-rimmed glasses and full beard, nor the slim, sporty black-haired girl with the earrings on the motorcycle, although Hollywood always presents us these stereotypes.
A hacker doesn't have to pursue a political idea. Sometimes he acts alone, sometimes as part of a group. Since it is possible to disguise one's identity online, it is almost impossible to find usable data on the origin of the attack, let alone evaluate and use it sensibly. Experience only shows that hackers can roughly be divided into four groups with different levels of threat.
Level 1 & 2 – Script Kiddies and small hackers
At the lower end there are followers and small hackers. They form by far the largest group, but they also pose the least danger. Above all, they let their curiosity run free and use existing files or scripts to try out “hacking”. They get their motivation from the hacker's outlaw image and the associated thrill. They accept damage, but usually don't think about it.
Level 3 - Savvy individuals or small groups
The third group (level 3) hacks on a higher level and either programs existing scripts to meet their needs or extends them. For them it is already about power, they have a monetary interest—such as credit card fraud—and in contrast to the followers, the limit to cyber crime is crossed knowingly.
Level 4 – Professional hackers or hacker groups
At the top of the hierarchy are those that develop their own Trojans and use them for their own or for the purposes of third parties. Blackmailing, credit card fraud, industrial espionage are among the fields in which the fourth group is active. Protection against these is complex and an intensive process. The weapons that are used by level 4 hackers or in general in industrial espionage include the drive-by exploit. An interesting or fake e-mail lures a user to a prepared website. Without user interaction, the vulnerabilities in the browser, in the installed plug-ins or in the operating system of the website visitor are used to insert malware.
Industrial spies can use social engineering, for example, without any technical support or expertise. This is nothing else than the exploitation or manipulation of people. Your willingness to help, trust and fears are misused to get information. Even small, at first glance insignificant, individual information that is passed on by telephone to employees can end up in a vital data record. Here a first name, there a private email address, the date of birth, the names of the children, the cell phone number, the nickname in the social networks — the more information given, the easier it is to get more.
There are so many different ways to do mischief online. It would go beyond the scope of this blog entry to illuminate them all. We would be happy to show you what botnets, advanced persistent threats or SQL injection attacks can do if the right precautionary measures are not taken.
Why do we know that? Quite simply: Level 4 hackers aren't just on the dark side...
Yours sincerely, Steffen Mauer