Skip to content

Attackers

The security terminiology is not mature, in the sense that attackers can be described using different names for virtually the same types. For the purpose of this space the terminology used by OWASP (CC??) will be used. Their commmon denominator is that they either have a goal which involves financial gain or control (status).

  • Disgruntled staff or developers
    • Employee that "takes revenge" status
    • Employee with own agenda control
    • Developer that adds backdoors money
  • Motivated criminal attackers
    • Organized crime (extortion) money
    • Industy espionage (information theft) money
  • Script kiddies
    • Unexperienced attackers that uses already published tools that exploit weaknesses.
    • Young computer interested people that doesn't understand the legal ramifications of their actions.
  • "Drive by" attackers (automated worms, trojans, viruses) money or status (note: financial gain can be acheived by spamming)
    • The attacker is an automated non-person which tries to exploit well known security holes.