Threat actors are those who would perpetrate damaging acts against computer systems and networks. They can exist inside or outside an organization and may be driven by motives ranging from economic to political to thrill-seeking or fear-instilling.
Threat actors commit actions as a result of certain character traits, circumstances, or environment. Understanding these contributing factors is an important step in recognizing and averting threats and their outcomes.
Resources
- What Motivates a Hacker?
- State actors are sponsored by a government. The motive behind the attack may be to obtain sensitive information for political gain, intelligence, and military information. Example: A country uses professional hackers to infiltrate the network of a rival country's defense department and gain confidential details of a weapons deal. Additionally, some state actors use cyberattacks to steal intellectual property.
- Nonstate actors operate unsanctioned for a variety of reasons.
- Script kiddies are unskilled, borrowing code.
- Hacktivists are driven by political ends.
- Criminal hackers are motivated by monetary gain.
- Black hat, gray hat, and white hat hackers are characterized by their actions when a vulnerability is discovered. Specifically, a black hat actor will intentionally exploit a discovered vulnerability, even if it is a violation of law or standards, and will not report it so that it can be addressed; a white hat actor will not exploit or disclose a vulnerability until it has been mitigated; and a gray hat actor will neither exploit a discovered vulnerability nor report its existence.
Check Your Knowledge
Choose the best answer to each question:
Question
1
What best describes a script kiddie?
an advanced hacker
an elite hacker
beginner hacker
none of the above
Incorrect. An advanced hacker has the expertise to write his or her own code and does not need to use existing computer scripts or code. Try again.
Incorrect. An elite hacker has the expertise to write his or her own code and does not need to use existing computer scripts or code. Try again.
That's correct. The beginner hacker is less skilled and lacks the expertise to write his or her own scripts or code.
One of the statements does describe a script kiddie. Try again.
Question
2
The leading source of hacking and computer crime is which of the following?
black hat hackers
insiders
script kiddies
hacktivists
Incorrect. A black hat hacker is a person who hacks into a computer system or network with the intent to cause harm or exploit vulnerabilities. Infiltration by black hat hackers causes disruption and damage, but these hackers are not the major source of hacking and computer crime. Try again.
That's correct. People within an organization such as employees or former employees, referred to as insiders, are the leading source of hacking and computer crime. Insiders use their knowledge of the organization's security practices, data, and computer systems to cause harm.
Incorrect. A script kiddie is a person who lacks the skills to write malicious code, and thus uses scripts and codes developed by others to hack into computers. Script kiddies' actions cause disruption and damage, but they are not the major source of hacking and computer crime. Try again.
Incorrect. Hacktivists maliciously hack into computer networks and systems to spread or bring exposure to a political or social agenda. Hacktivists cause disruption and damage, but these hackers are not the major source of hacking and computer crime. Try again.
Question
3
Which of the following hacker types exploit systems to obtain intellectual property or trade secrets?
hacktivists
industrial saboteurs
script kiddies
insiders
Incorrect. Hacktivists maliciously hack into computer networks and systems to spread or bring exposure to a political or social agenda. They typically do not exploit systems to obtain intellectual property or trade secrets. Try again.
That's correct. Industrial saboteurs exploit computer networks and systems to obtain intellectual property or trade secrets.
Incorrect. A script kiddie is a person who lacks the skills to write malicious code, and thus uses scripts and codes developed by others to hack into computers. Script kiddies typically do not exploit systems to obtain intellectual property or trade secrets. Try again.
Incorrect. An insider is a user (such as an employee, former employee, contractor or business associate) who is given a legitimate user account but becomes a malicious threat using the insider information on an organization's security practices, data, and computer systems to an organization. Insiders typically do not exploit systems to obtain intellectual property or trade secrets. Try again.
Question
4
Several easy-to-use hacking tools that are readily available have contributed to the growth of which of the following hacker groups?
gray hats
white hats
script kiddies
insiders
Incorrect. Gray hat hackers are experts who exploit vulnerabilities to computer networks and systems, without malicious intent. However, they may violate laws if the vulnerability results in personal gain. Due to their experience and expertise, they do not need easy-to-use hacking tools. Try again.
Incorrect. A white hat hacker is a computer security specialist who intentionally exploits vulnerabilities to computer networks and systems, with the intent to expose vulnerabilities and improve security measures. Due to their experience and skills, white hat hackers do not need easy-to-use hacking tools. Try again.
That's correct. A script kiddie is a person who lacks the skills to write malicious code and thus uses easy-to-use hacking tools that are readily available.
Incorrect. An insider is a user (such as an employee, former employee, contractor, or business associate) who is given a legitimate user account but becomes a malicious threat, using the insider information on an organization's security practices, data, and computer systems to an organization. Insiders do not need easy-to-use hacking tools but use only their job access. Try again.
Question
5
Distributed denial-of-service (DDoS) attacks and the defacement of websites are most likely caused by the following type of hacker:
script kiddie
insider
hacktivist
black hat hacker
Incorrect. A script kiddie is a person who lacks the skills to write malicious code and thus uses scripts and codes developed by others to hack into computers. Script kiddies do not normally use DDoS attacks. Try again.
Incorrect. An insider is a user (such as an employee, former employee, contractor, or business associate) who is given a legitimate user account but becomes a malicious threat using the insider information on an organization's security practices, data, and computer systems to an organization. However, insiders do not need DDoS to perform their jobs. Try again.
That's correct. A hacktivist is a person who has the malicious intent to hack into computer networks and systems to spread or bring exposure to his or her political or social agenda. Hacktivists often use a distributed denial-of-service (DDoS) attack, which makes the machine or network resource unavailable to its intended users, as their method of operation.
Incorrect. A black hat hacker is a person who hacks into a computer system or network with the intent to cause harm or exploit vulnerabilities. The black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose. Using DDoS will not fulfill his or her intent. Try again.
Question
6
Which of the following is often cited as the primary motive for hackers?
curiosity
financial gain
notoriety or fame
boredom
Incorrect. Computer hackers break into computer systems with malicious intent or for personal gain. Curiosity is not usually one of their objectives. Try again.
That's correct. Computer hackers break into computer systems with malicious intent or for personal gain. One of their primary motivations is to steal money.
Incorrect. Computer hackers break into computer systems with malicious intent or for personal gain. Notoriety or fame are not part of their objectives as they want to remain hidden. Try again.
Incorrect. Computer hackers break into computer systems with malicious intent or for personal gain. Boredom is not usually one of their objectives. Try again.
Question
7
State actors such as China, Russia, Iran, and the United States often use a method that allow for reconnaissance, malware insertion, backdoors, privilege escalation, and expropriation. That method is called:
advanced penetration testing
advanced persistent threat
advanced persistent testing
all of the above
Incorrect. Penetration testing is a type of testing that exposes vulnerabilities to computer networks and systems to improve security measures. This method is a testing method, not a threat method. Try again.
That's correct. An advanced persistent threat (APT) is a type of attack in which an unauthorized person breaks into a computer network without being discovered. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.
Incorrect. Advanced persistent testing is network testing of APTs. This method is a testing method, not a threat method. Try again.
One of the statements does describe the threat process. Try again.
Question
8
Famous white hat hackers include all of the following except which person?
Julian Assange
Stephen Wozniak
Tim Berners-Lee
Tsutomu Shimomura
That's correct. Julian Assange is the WikiLeaks founder and not a white hat hacker.
Incorrect. Stephen Wozniak is one of the founders of Apple computers. He is a white hat hacker. Try again.
Incorrect. Tim Berners-Lee is a computer scientist and helped to create the World Wide Web. He is a white hat hacker. Try again.
Incorrect. Tsutomu Shimomura is a computer research scientist and a white hat hacker. Try again.
Question
9
Which of the following tend not to engage in malicious hacking acts but may use unethical means to discover and report vulnerability, especially if profit is a motivation:
black hat hacker
white hat hacker
gray hat hacker
gray box hacker
Incorrect. A black hat hacker is a malicious hacker that can detect and exploit computer software weaknesses and definitely intends to engage in malicious hacking acts. Try again.
A white hat hacker is a computer security specialist who intentionally exploits vulnerabilities to computer networks and systems, with the intent to expose vulnerabilities and improve security measures. Due to this understanding, this statement is not true. Try again.
That's correct. Gray hat hackers are experts who exploit vulnerabilities to computer networks and systems, without malicious intent. They may violate laws if the vulnerability results in personal gain such as money, but they do not have the malicious intent typical of a black hat hacker.
Incorrect. A gray box hacker is an integration of gray box testing and a gray hat hacker. Try again.
Licenses and Attributions
Stack by XKCD is available under the Creative Commons Attribution-NonCommercial 2.5 license. UMGC has modified this work and it is available under the original license.