Restart

Ethics Challenge

Next

1/11

This material was developed with funding from the National Science Foundation 

Threat Actors

Back

Each threat actor has different motivations, resources and  skill level

2/11

Cyber Threat Agent

The globalized nature of the Internet allows threat actors to be physically located anywhere in the world

A Cyber Threat Agent (CTA) is a person or group in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks. Most agents are knowing participants while others are oblivious or reckless users or victims of a larger action.

4/11

Click on each image to learn more

Hacker Hats

The computer industry uses hat colors to classify the different types of hackers.

Red Hats

Red hat hackers want to save the world from evil much like white hat hackers, but red hats choose extreme and sometimes illegal routes to achieve their goals.  Red hat hackers are like the pseudo-Robin Hood of the cybersecurity field—they take the wrong path to do the right thing. When they find a black hat hacker, they deploy dangerous cyber attacks against them.

8/11

Blue Hats

9/11

Blue hat hackers can be revenge seekers, outside security professionals hired to solve a continuous attack threat, or testers trying to find security vulnerabilities in new software before its release.

Green Hats

Green hat hackers are the newbies (or green) to the world of hacking. Green hats are not aware of the security mechanisms and the inner workings of the web, but they are quick learners and are determined to elevate their skills in the hacker community. Although their intention is not necessarily to cause harm, they may do so while “playing” with various malware and attack techniques and tools.

10/11

When used in mainstream media, the word, hacker, is usually used in relation to cyber criminals, but hackers can actually be anyone regardless of their intentions who utilize their knowledge of computer software and hardware to break down and bypass security measures on a computer, device or network. Many companies and govenment agencies actually employ hackers to help them secure their systems. Hacking is not an illegal activity unless the hacker is compromising a system without the owner’s permission. 

Code of Ethics

The Image of the Hacker

3/11

5/11

The term WHITE HAT is used to describe the good guys and are named  after the white-hatted heroes in Western movies. These individuals are normally professional cybersecurity specialists who track and monitor threats. Their job is to find and fix vulnerabilities found in systems, networks, and services. They are sometimes called pen testers which stands for penetration testers. Pen testers research and try to make the Internet of Things safer. White hats are security operations center analysts, network defenders, incident responders, penetration testers, and bug bounty hunters.

White Hats

6/11

A black hat hacker cracks computers and breaks into networks for ill intent or personal gain. These hackers are criminals with malicious purpose. Black hat hackers may also release malware (malicious software) that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information

Black Hats

7/11

Gray hat hackers are the vigilantes of cyberspace. They could be citizens or professionals who will uncover a threat actor and then take matters into their own hands by engaging the attacker or threat. The gray hat hacker will try blocking the threat and attempt to distract and/or take down an attacker’s infrastructure or combat them in some manner (hacking back). Organizations sometimes employ them as guns for hire.

Gray Hats

11/11

Threat actors may be internal, external, or partners with their target. For each threat actor listed, click on the Target and Motive buttons to discover what they are after and why. 

Introduction

Cyber Mercenaries

Cyber Terrorist

Corporate Competitors

Hacktivists

Cyber Pickpockets

Insider Threat

Script Kiddies

Nation State Actors

Thrill-seekers

Organized Crime

Monetary

Cyber Mercenaries are “guns for hire,” serving as experts to attackers who do not have hacking skills. They are normally gray hats, and an organization or company hires the services or a cyber mercenary so the company has plausible deniability. Mercenaries will take payments to lauch offensive action against an army, black hats, or even a real company.

Target

Highly Visible Targets

Motive

IP, Banks, PoS Private Information

Financial Gain

Organized criminals run a business and use spam operations, spear phishing campaigns, ransomware, credit card data theft, and hosting operations. 

Anything and Everything

Hacktivists can be individuals with a political or personal agenda, or larger groups like the various Anonymous factions.

Hactivists

Publicity, Watch it burn

Fame

Script kiddies are green hat hackers with little or few skills who download tools and scripts from the dark web. They may even learn how to use the tools by watching videos online. These threat actors are low on the sophitication scale and are relatively easy to spot.

Networks, Websites

 The corporation itself can be a threat to domestic and foreign competitors through espionage and disruption using cyber means.

Corporate Competitor

Proprietary Data, Damage Reputation

Revenge, Embarrassment, Financial Gain

An insider threat is a malicious threat to an organization that comes from people within the organization such as employees, former employees, contractors or business associates who have inside information concerning the organization’s security practices, data, and computer systems. Some cybersecurity experts believe that negligent and malicious employees are the most common insider threats.

Networks, Corporate Data

Monetary Gain

These criminals can pick your pockets or your packets. Some physically steal devices like mobile phones, tablets, and laptops, mining the device for information and credentials. Others might “sniff for packets” and steal information over the air by setting up a free WiFi network at a coffee shop or hotel. Cyber pickpockets are not very organized or sophisticated.

Cyber Pickpocket

Personal Devices and Information

Random attacks are going on every day. Ransomware, worms, Trojans, logic bombs, backdoors and viruses are released into the general public. These attacks are so vast that every organization is a potential victim. The most famous non-target specific attack is the WannaCry ransomware incident that affected over 200,000 computers in 150 countries.

Satisfaction

Thrill Seekers

Nation state actors are cyber soldiers and agents with large budgets and sophisticated tools. They can perform intelligence-gathering on military objectives, or they may monitor (and if necessary) attack or interfere with an adversary country’s network. Sometimes they will place a trusted insider into an organization to steal classified, sensitive or propietary information.

Economic or Military

Nation States

IP or Infrastructure

Information, Computer Systems, Computer Programs, Data

Cyber terrorists perpetrate criminal acts by using computings and telecommunication capabilities resulting in violence or the destruction and/or disruption of services to create fear within a population.

Cyber Terrorist

Politics, Fear