Our common adversary in the online and offline worlds we deal with goes by many names. They are often called scammers, hackers, bad actors, cybercriminals, threat actors, malicious actors, adversaries, crackers, script kiddies, etc. I hope to help clear up the confusion.
Hackers
The term hacker has many definitions and a lot of them aren’t exactly appropriate. Typically a hacker is a person who is skilled in the use of computer systems. Yes, some use that skill for bad purposes, but a lot use them for good. A hacker could be somebody who just has an interest in computer systems. Their curiosity may lead them to places the public wouldn’t normally be expected to go. With this information, they will notify the organization of their findings so they can be addressed. This is a typical White Hat Hacker (aka Ethical Hacker). They are like the caped superhero that we didn’t know we had.
A Black Hat Hacker (aka Unethical Hacker), though, uses those skills to break into places they should never be. And use the information for themselves or sell it on the black-market. They might also use that information against the organization in exchange for a ransom.
There really are a lot more good hackers than bad hackers. The effort and skill required is high. As a result, it isn’t done as often as, say, Phishing. It doesn’t pay the bad guys well for the time involved. Of course, this depends on the prize, sometimes it is worth the effort.
Scammers
A scammer scams innocent people. They use tactics like phishing to manipulate the user into divulging personal information. A scammer wouldn’t hack into a system or try your password with a million different possibilities. That is left to the Cracker.
Crackers
A cracker is one who will spend the time and resources to crack your password. This is usually reserved for very high-value information like government or top-secret information. They will try the 1 million different possibilities of a password. Cracking a password requires some high-powered computer equipment and time. Many systems have limits on password attempts. These systems will lock the account after reaching the attempt limit. To get around this, the crackers will grab a copy of the encrypted password list and crack it offline.
Script Kiddie
A script kiddie is a person who takes what others have learned. They try these skills on others without understanding how they work. They are unable to come up with their own exploits. They are typically kids playing around.
Hacktivist
These are hackers who attack organizations or other entities that they feel are immoral. They hack for a cause. This would include hacking organizations like Anonymous. They use their skills to expose greed. They support social movements. They fight for freedom of information and against censorship.
Cyberterrorist
A cyberterrorist attacks critical systems to cause damage, for example, a city’s water supply. They aim to disrupt critical infrastructure, spread propaganda, or cause alarm or panic. Often with political or ideological motivations. Can cause bodily harm.
Nation State Actor
These are the skilled computer security specialists that are hired by governments to perform espionage, sabotage or other offensive activities. They typically have a toolkit so advanced that they can bypass most computer security protections and have unlimited budgets. These are the scariest of them all. You might not think about a country sanctioning such activity, but it is happening all the time. Remember the WannaCry ransomware breakout that crippled the UK’s Health Authority – NHS in 2017? That was believed to be North Korea. North Korea is also believed to be behind one of the largest bank heists of all time. The heist totaled $81 million. We see a lot of misinformation that might be coming from these types of cybercriminals, especially around election time.
Bad Actor, Cybercriminal, Threat Actor, Malicious Actors
These are just terms for a person using computer resources for malicious purposes. They might be hackers or scammers. These are umbrella terms, meaning they cover all aspects of computer criminals.