October 3, 2006
Whats in a hacker?
TWENTY years ago, Raoul Chiesa went by the nickname nobody -- but at 13
years old, he was already known amongst the security community as one of
the first hackers in Italy.
Now, Chiesa is the director of communications at the Institute for
Security and Open Methodologies (ISECOM) and he is on a mission to
uncover the mysteries of hacker types. According to Chiesa, hackers were
generally unknown to people and ignored by researchers back when the
usage of computers became popular in the eighties.
Today, researchers and analysts are becoming more interested in hackers,
he said, though these parties often have a misconception about hackers
because they do not have proper research methods to define the group.
In their minds, there is only one type of hacker, who is seen as
physically ugly, have bad moral values and are unethical or anarchic in
nature, he said.
Unhappy with the stereotype, Chiesa and project partner Dr. Stefania
Ducci, who works for the United Nations Interregional Crime and Justice
Research Institute, embarked on a project called Hacker Profiling
Project (HPP) to discover the typologies of hackers basically how
different hacker types think and function.
Chiesa said that profiling hackers are important because of the rise of
high-tech crimes today.
There is a continuous increase of dependence between national stability
and IT security issues. There are dangerous synergies among
technologically advanced personalities, classic criminality and
terrorism, Chiesa said. But often, cybercrime is still being analysed in
the wrong manner.
Basically, we want to help the government and police realise and
understand the different types of hackers, so that they will know when
to pursue an actual criminal and when not to waste resources chasing
after script-kiddies, he said.
The HPP aims to analyse the hacking phenomenon from four principal
perspectives: technological, social, psychological and criminological.
There are eight phases in the HPP (see story Delving deep into the
hacker culture, In.Tech Sept 14), one of which involves going directly
to the source letting hackers answer questionnaires about themselves.
Chiesa said the results from the questionnaires, collected since the HPP
kicked off in September 2004, revealed that hackers are generally
intellectually brilliant, creative, decided and resolute.
Those with a low-level of skills usually target easier operating
systems, such as Windows or Linux, while the more elite hackers prefer
to stimulate their minds with *BSD, Solaris, HP/UX, IOS or Symbian
If these hackers manage to break into a system, they would mostly lay
the blame on its system administrators or designers for not keeping
their own turf secure.
For bona fide hackers, hacking is used as a technique or way of life to
satisfy curiosity or to challenge themselves, Chiesa said. Or it can be
used as a tool of power to raise peoples awareness on political and
Generally, hackers are motivated by their love for knowledge, Chiesa
found, but some are motivated by lucrative purposes so they may practice
phishing or get involved in industrial espionage.
Many hackers are also rebels, especially towards authorities and people
they consider narrow-minded or a menace to civil liberties.
The different types
According to the study, there are nine types of hackers, which are:
Wannabe lamer, script-kiddie; cracker; ethical hacker; the quiet,
paranoid and skilled hacker (QPS); cyber-warrior; industrial spy;
government agent; and military hacker.
The wannabe lamer, usually aged from nine to 16, are the most harmless
of the lot.
They generally claim to be a hacker to brag or to be seen as cool,
though most are rather clueless about what hacking really is.
Script-kiddies (10-18 years old), however, are a little more informed in
that they know how to search and download hacking tools but most have
limited knowledge on how these tools work.
The harm they cause is mostly low impact, but they would do it anyway to
either rebel or attract attention from the mass media.
Ethical hackers (15-50 years old), who are usually part of hacker
communities, would probably frown on this. Seen as the most selfless of
the hacker lot, they are usually motivated by curiosity and generally
have altruistic intentions.
Ethical hackers would usually advise system administrators if they find
vulnerabilities in a companys security system, but would generally do
that only after communicating their discoveries with peers in their
underground community first.
Also, this group would likely not cause damage to a violated system but
instead help defend and secure it against attacks.
Crackers (17-30 years old), on the other hand, may possess less
technical skills than the ethical hacker, but are viewed as a bigger
threat because they have malicious intentions to cause damage.
Like script-kiddies, they may hack to attract attention or to
demonstrate their prowess.
The QPS (16-40 years old), like their name suggests, are quite the
opposite. Preferring to keep a low profile, they possess high technical
skills that allow them to enter and leave computer systems undetected.
This type might hack into a system because there is something that he
needs, Chiesa noted. The QPS might be more dangerous than ethical
hackers as they have their own agenda. Theyre the type who you will
never realise have even entered your system.
More dangerous than crackers with malicious intent, however, are
This group, aged 18-50 years old, are the ones who are into hacking
solely for financial gain.
Industrial spies (22-45 years old) are also motivated by similar means,
in that they are professionally employed by businesses to hack for
Higher on the hacker chain are government agents and military hackers.
These groups, usually aged 25-45, are hired by the government to
monitor, defend or provide counter-attacks on a national level.
As it is unlikely that these last few low-profile groups would
voluntarily take part in the HPP questionnaire, Chiesa said he collected
data about them through the use of honeypots traps designed to appear
like it is part of a legitimate network, but is not.
But these findings are not the final conclusion, as we are still in the
process of collecting data, Chiesa added. We still have a lot of work to
do and we need support. HPP is currently self-funded and based on
independent research methodologies.
He said that HPP is open to collaboration and research partnerships and
is looking for contributors, volunteers as well as sponsors.
Interested in participating? Get the questionnaire at
Donate online for the Ron Santo Walk to Cure Diabetes!