What Kinds of Web Attackers Exist

written by: Craig Nelson; article published: year 2007, month 06;


In: Categories » Computers and technology » Data security » What Kinds of Web Attackers Exist

There are as many definitions out there for network attackers as there are for attacks. Most commonly, you will hear people refer to these individuals as hackers, crackers, script kiddies, black and white hats, and many other names. I will touch on the most common types here.

Script Kiddies—Your Biggest Threat?

The most common and prolific type of attacker today is the script kiddie. These people get their name from the simple fact that they are most often young, unskilled crackers who find and use scripts and utilities other skilled attackers have written and released free to anyone on the Internet. Mom and Dad got the kiddies an AOL account, and the first keyword they went looking for on a search engine was "hacking." With all the glorification of hacking in the media and on the Internet, and the relative safety of perpetrating this type of crime, young people are easily lured to this dark underworld. There are thousands of Web sites with material and information for the young, enterprising cracker to get started with.

Often, many of the attacks proliferated by script kiddies are unsuccessful, or maybe just mildly annoying to the victim. However, because of their relentless persistence, they will and often do eventually find systems that they can break into, damage, and attack more computers from. There is no love in the security community for this type of cracker. Script kiddies are more likely to attack systems and maliciously damage data than any other type of cracker. Even professional crackers speak about this group with ill will.

Black Hats—"The Dark Side"

Black hats are generally considered "The Dark Side" of the hacking community. These people are generally highly skilled with computers, programming, and network security and administration. They are the crackers who rarely get caught, who take their time and target specific systems for specific reasons. Often, these are the people who discover the vulnerabilities you and I read about, and they often will code the exploit that allows the system to be attacked or penetrated (which eventually the script kiddies get hold of and use against other unsuspecting victims).

Black hat crackers do not often talk about or boast about their skills or activities. They are generally secretive in nature. I have heard some people refer to them as the Ninja of the Internet. Black hat groups often hold cracking conferences, such as DEFCON, where they get together to share and learn from each other. A lot of security professionals love to attend these conferences also, as does the FBI. Not surprisingly, the crackers don't use their real names at these events.

White Hats—The Good Guys

On the other end of the spectrum are the white hat hackers. These are often security professionals who work very hard to help test and make available security patches, information, and software to the user community to help users become more secure. Often, companies call on white hats to help test and implement security, or to help improve it. Many white hats got their start in the security community as a black hat cracker. For whatever reason, they decided to put their skills to use to help others with system security. A lot of these people have started and continue to run professional security companies.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. The Most Common Network Security Tools and Technologies
The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network. In order to understand how a firewall works, one should have an understanding of packets, IP addresses and DoS attacks. Howev...

2. Securing Multiple Servers and Domains with SSL
As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a s...

3. How to protect against Unexpected Inputs
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....

4. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...

5. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...

6. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...

7. Virus Prevention ~ How to protect against Internet Viruses
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...

8. How to protect against Hostile Web Pages and Scripting
The dangers of Trojans and viruses are well known. However, many computer users are completely unaware of the dangers involved in viewing Web pages. Through scripting languages, Web page operators can upload and download files to your device (PC/PDA). They can also install mini-programs or grab information from you that can be used to destroy or take over your computer. Every time you go to a Web page, you actually download the full document to your computer. This includes all text, pictures, and even any code that is r...

9. Features of Windows Encrypting File System (EFS)
• Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5). • Encryption is transparent to the user. • Uses public-key encryption. Using a public key from the user’s certificate encrypts keys that are used to encrypt the file. The list of encrypted fileencryption keys is kept with the encrypted file and is unique to it. When decrypting the file encryption keys, the file owner provides a private key that only he has. ...

10. What are Denial of Service Attacks (DOS attacks) and how to protect against them
Hackers can wreak havoc without ever penetrating your system. For example, a hacker can effectively shut down your computer by flooding you with obnoxious signals or malicious code. This technique is known as a denial-of-service attack. Hackers execute a denial-of-service attack by using one of two possible methods. The first method is to flood the target computer or hardware device with information so that it becomes overwhelmed. The alternative method is to send a well-crafted command or piece of erroneous data that crash...