Bug Watch: Hacker motivation

This week, Sam Curry, security architect for McAfee.com, looks at the ins and outs of hacking culture.

Artist Andy Warhol was responsible for a phrase that, in our increasingly digital world, has taken on a new meaning.

For those skilled in the mysterious art of computer hacking, the rise of the internet offers '15 minutes of fame' that is far-reaching and potentially devastating.

The ability to hack into private networks or deposit insidious computer viruses is a way of achieving notoriety, albeit often under a pseudonym.

Hackers' perverse desire for anonymous infamy means that, although we experience the shock waves of their activities, we often know very little about the people the public refers to as hackers.

So who are they, and are they all bad? Actually the term 'hacker' was originally a name used by computer programmers for someone who could 'hack together' code and, later, for someone who could manipulate it in an elite, wizard-like manner.

The more elegant this skill, the more subtle, the more refined, the better the hacker. It was also a word that referred, slightly tongue-in-cheek, to cooking something up from various bits and pieces.

Later the term came to refer to those who commit vandalism and criminal acts with their computers; anything from 'hacking into' supposedly secure, confidential information to spreading a computer virus.

There are two major categories of hackers: the white hats and the black hats. As might be supposed, white hats use their skills for good, and black hats for darker purposes.

There is one more major division among hackers, and it is the largest. These are the 'script kiddies'. The term is derogatory and refers to usually young hackers who employ techniques without understanding what they are doing.

Script kiddies are often malicious and vindictive or simply criminally ignorant of their actions. They blindly use the tools of black hat hackers.

White hats have a long tradition of trying to improve the computing community and its resources. They look for weaknesses and vulnerabilities with the intent of making knowledge public in order to improve the quality of services and products.

They look for weaknesses in programs, for instance, to help manufacturers improve their products. In a way, they are a form of public testing, allowing the software to improve from version to version as a result of their tests.

Black hats have none of these benign principles and fall into at least two categories: the 'angry hacker' and the 'agenda hacker'.

Angry hackers are technical people who have decided that they hate a particular company or cause. They may target a specific operating system or program, or dedicate themselves to embarrassing or damaging a cause through its online assets.

Agenda hackers are perhaps the most dangerous and will stop at nothing to further their political or economic cause.

They might be vocal or very quiet. They could be terrorists or online agents of a country at war. They might be industrial spies or rebels against a government or organisation.

This group will usually act in a guerrilla-like manner, co-ordinating and timing their attacks to maximum effect. They will have private tools and won't hesitate to use them to further their goals and values or to make money.

So while there are those who mean no more than to test their computing skills, there are those whose aim is to gain some kind of associated notoriety for their hacking exploits.

As virus protection and anti-hacking systems improve, hopefully the 'momentarily famous' among this loose digital family will be easier to control.