'

Grey Hats, Black Hats, and Script Kiddies

Most of these guys are kids who don't always think through the consequences of their actions

According to Mark Loveless, Senior Security Analyst for Bindview, the bulk of the hacking community is comprised of "grey hats" who, for the most part, respect the law.

"(But) like other law-abiding citizens, we respect some laws more than others," he says. "Most people wouldn't dream of stealing a stereo, but wouldn't hesitate to steal cable service. Who hasn't broken the speed limit?"

"Grey hats experiment with the grey areas as a means of learning more," says "Oxblood Ruffin," the "Foreign Minister" of well-known hacker group Cult of the Dead Cow (cDc). "Of course people go overboard -- most of these guys are kids who don't always think through the consequences of their actions -- but there's usually no evil intent."

Of course, there are "black hat" hackers. Most observers agree that some are pretty close to the public image of the hacker. You're not likely to run into any of these folks, however; if they do exist, they represent a miniscule fraction of the population -- perhaps 100 individuals worldwide -- and are obsessively averse to publicity.

There are also otherwise average members of the hacking community who maliciously attack systems for money, or to promote some political agenda, or simply for kicks.

The great bulk of high-profile security breaches, such as Web-site defacements and Denial of Service (DoS) attacks, aren't the work of hackers at all. Most culprits know very little about computer or network security but instead rely on ready-made tools to launch attacks they themselves do not understand. Indeed, many argue that web defacements are always the sign of a "script kiddie" or "packet wanker", as they are called, because they require almost no technical sophistication.

"These are kids getting their kicks," says Oxblood Ruffin. "Ten or twenty years ago, they would have been spray painting walls or throwing rocks through windows. It takes about as much skill."

What do you think? Tell the Mailroom. And read what others have said.

Take me to Hackers

Take me back to the Cyber terrorism special