This material was developed with funding from the National Science Foundation
Each threat actor has different
motivations, resources and
Cyber Threat Agent
The globalized nature of the Internet
allows threat actors to be physically located anywhere in the world
A Cyber Threat Agent (CTA) is a person or group in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks. Most agents are knowing participants while others are oblivious or reckless users or victims of a larger action.
Click on each image to learn more
The computer industry uses hat colors to classify
the different types of hackers.
Red hat hackers want to save the world from evil much like white hat hackers, but red hats choose extreme and sometimes illegal routes to achieve their goals.
Red hat hackers are like the pseudo-Robin Hood of the cybersecurity field—they take the wrong path to do the right thing. When they find a black hat hacker, they deploy dangerous cyber attacks against them.
Blue hat hackers can be revenge seekers, outside security professionals hired to solve a continuous attack threat, or testers trying to find security vulnerabilities in new software before its release.
Green hat hackers are the newbies (or green) to the world of hacking. Green hats are not aware of the security mechanisms and the inner workings of the web, but they are quick learners and are determined to elevate their skills in the hacker community.
Although their intention is not necessarily to cause harm, they may do so while “playing” with various malware and attack techniques and tools.
When used in mainstream media, the word, hacker, is usually used in relation to cyber criminals, but hackers can actually be anyone regardless of their intentions who utilize their knowledge of computer software and hardware to break down and bypass security measures on a computer, device or network.
Many companies and govenment agencies actually employ hackers to help them secure their systems. Hacking is not an illegal activity unless the hacker is compromising a system without the owner’s permission.
Code of Ethics
The Image of the Hacker
The term WHITE HAT is used to describe the good guys and are named
after the white-hatted heroes in Western movies.
These individuals are normally professional cybersecurity specialists who track and monitor threats. Their job is to find and fix vulnerabilities found in systems, networks, and services.
They are sometimes called pen testers which stands for penetration testers. Pen testers research and try to make the Internet of Things safer.
White hats are security operations center analysts, network defenders, incident responders, penetration testers, and bug bounty hunters.
A black hat hacker cracks computers and breaks into networks for ill intent or personal gain. These hackers are criminals with malicious purpose.
Black hat hackers may also release malware (malicious software) that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information
Gray hat hackers are the vigilantes of cyberspace. They could be citizens or professionals who will uncover a threat actor and then take matters into their own hands by engaging the attacker or threat.
The gray hat hacker will try blocking the threat and attempt to distract and/or take down an attacker’s infrastructure or combat them in some manner (hacking back).
Organizations sometimes employ them as guns for hire.
Threat actors may be internal, external, or partners with their target. For each threat actor listed, click on the Target and Motive buttons to discover what they are after and why.
Nation State Actors
Cyber Mercenaries are “guns for hire,” serving as experts to attackers who do not have hacking skills. They are normally gray hats, and an organization or company hires the services or a cyber mercenary so the company has plausible deniability.
Mercenaries will take payments to lauch offensive action against an army, black hats, or even a real company.
Highly Visible Targets
IP, Banks, PoS
Organized criminals run a business and use spam operations, spear phishing campaigns, ransomware, credit card data theft, and hosting operations.
Anything and Everything
Hacktivists can be individuals with a political or personal agenda, or larger groups like the various Anonymous factions.
Publicity, Watch it burn
Script kiddies are green hat hackers with little or few skills who download tools and scripts from the dark web. They may even learn how to use the tools by watching videos online. These threat actors are low on the sophitication scale and are relatively easy to spot.
The corporation itself can be a threat to domestic and foreign competitors through espionage and disruption using cyber means.
Proprietary Data, Damage Reputation
An insider threat is a malicious threat to an organization that comes from people within the organization such as employees, former employees, contractors or business associates who have inside information concerning the organization’s security practices, data, and computer systems.
Some cybersecurity experts believe that negligent and malicious employees are the most common insider threats.
Networks, Corporate Data
These criminals can pick your pockets or your packets. Some physically steal devices like mobile phones, tablets, and laptops, mining the device for information and credentials. Others might “sniff for packets” and steal information over the air by setting up a free WiFi network at a coffee shop or hotel. Cyber pickpockets are not very organized or sophisticated.
Personal Devices and Information
Random attacks are going on every day. Ransomware, worms, Trojans, logic bombs, backdoors and viruses are released into the general public.
These attacks are so vast that every organization is a potential victim. The most famous non-target specific attack is the WannaCry ransomware incident that affected over 200,000 computers in 150 countries.
Nation state actors are cyber soldiers and agents with large budgets and sophisticated tools. They can perform intelligence-gathering on military objectives, or they may monitor (and if necessary) attack or interfere with an adversary country’s network. Sometimes they will place a trusted insider into an organization to steal classified, sensitive or propietary information.
Economic or Military
IP or Infrastructure
Information, Computer Systems,
Computer Programs, Data
Cyber terrorists perpetrate criminal acts by using computings and telecommunication capabilities resulting in violence or the destruction and/or disruption of services to create fear within a population.