5. Explain the terms good actors and bad actors (AC 2.2)

Bad Actors Are what we call people whose intention is to cause damage to digital devices or steal data. Black hats This terms usually describes your typical "hacker". In films often portrayed as someone in a hoodie in a basement surrounded by many screens. Black hat is broad definition meaning any person who's got nefarious intent when it comes to cyber. Black hats can act solitary, in teams or large global organisations. Black hat hackers will aim to steal or destroy private data. They'll disrupt or shut down networks and websites, for either financial gain or to prove their skillset to their peers on the dark web. Scrip kiddies A script kiddie is a term used to describe someone who only uses scripts or programs made by others with the aim to either show off to their peers or for various nefarious activities. A script kiddie is usually someone who has no intention of understanding any of the mechanics behind these hacking tools. They will exploit weaknesses at random with little regard or understanding of the possible harm they might be causing. In 2015, a 17 year old boy, found a weakness on the TalkTalk website. Excited with his findings, he posted them online. Others, more skilled hackers than used this knowledge to their advantage and over 15,000 people's details were stolen, including their email addresses, phone numbers, and full bank details. Hacktivist Hacktivist's mission is to use their hacking skills to promote their political agendas or beliefs. Hacktivists will usually target corporations or government entities. It might a simple act of vandalism, data theft, ransomware or blackmail. It's form of a protest. An example would a DDoS attack of political website or service that the hacktivist(or a group of hacktivists) doesn't agree with. Or hacking their website and replacing the original content with something inappropriate or edit their message so it says the exact opposite of what the political party is trying to do. There are several forms of hacktivism. Online blog Content: Whistleblowers need the anonymity of a blog where they can publish potentially damaging information about powerful people, organisation, government. DDoS: Is the perfect way to stop business, impact revenue, customer loyalty. Doxing: is a tactic of collection and dissemination of personal info with malicious intent. For example, exposing a politicians unknown past can be very damaging to their career. Information Leaks: People working on the inside have the best opportunity to leak sensitive information about their employer, whether it's a large organisation or the government. This act alone could sway the election, or make the worth of the stock plummet. Website vandalism: Is a great way of communicating with the public. Obtaining control of the website lets the hacker display whatever message they please. Website Cloning: It's done by cloning a website and hosting on very similar URL. It tricks users to use the cloned, fake website, that will seemingly look identical with the only difference - the hacktivist message would be there in an official looking way. The most well known Hacktivist group - Anonymous is an international group of unknown size. They've attacked countless number of large organisations such as Sony and PayPal. They've attacked governments: Tunisia, Egypt, Malasia. And religious organisations: Church of Scientology and the Wesboro Church. And countless other targets. Organised Crime Cyber (online) organised crime can operate the same way the usual one (offline) does. The groups can either focus on just the online world, or cyber is just one of the many avenues groups like mafia will be exploiting. Organised crime is usually interested in financial gains. This can be either achieved directly, like the infamous Evil Corp did. They stole over $100 millions from small to medium businesses. They've done this by distributing the Dridex malware through emails. Port of Antwerp was a different story. They organised crime gained money through selling drugs. In order to bypass inspection at the port, the hackers altered the shipping container data to release the shipments of cocaine undetected. More on this here. Insider threats Possibly the most dangerous group of people on this list here. Insider threats are people trusted by the organisation and because of that will have access to systems, networks or data. There are 4 main types of insiders 1) Malicious Insider. They will misuse their access for personal gain, revenge or ideological reasons. e.g. Selling company secrets, sabotaging systems or leaking sensitive data. 2) Careless users: These are employees who accidentally expose systems, networks or sensitive data to risks. e.g. Clicking on phishing links, using weak passwords, leaving their work laptop unattended in a public space. 3) Compromised Insiders: These could be influenced or coerced by external parties such as cybercriminals or nation-state actors, to act against their organisation. e.g. Falling victim to social engineering or blackmail. 4) Third-Party Insider: Partners, vendors or contractors all might haven an access to organisation's systems or data and can pose a threat. e.g. Using a weaker system of a contractor to infiltrate the primary organisation. Few notable examples: 1) Edward Snowden leaked classified documents revealing global surveillance conducted by NSA. 2) Morgan Stanley stole data of approx. 350 000 clients and posted it online. Good Actors Good actors are those who's job is to protect systems, networks and data from unauthorised access. These may include professionals, ethical hackers, companies and organisations committed to cyber security. White hat hackers Also known as Ethical Hackers. These are the good guys. They can range from 1 man team protecting a small business from cyber attacks, to global organisations that protect the most valuable systems across the world such as governments, utilities, nuclear power plants, military. Ethical hackers will work similarly to bad actors with the difference, that they will have a permission to find vulnerabilities in the system, therefore making it legal. Typical white hacker's job description may include PenTesting, improving security and report any vulnerabilities found on any given system or network. A company might hire an external specialist or a company specialising in ethical hacking, to constantly try to hack their system. From early 2000's you were able to get certifications in ethical hacking, making you more employable. Since then, the ethical hacking business has exploded and there are now countless organisations offering training, hands on courses and certificates. Such as Tryhackme.com , Hackthebox.com , CompTia.com There are huge conferences such as RSA or DEFCON. Grey hat hackers Grey hat hackers thread the fine line between Black and White hat hackers. They will break into systems and networks illegally to find and vulnerabilities. They will often try to contact the organisations and inform them of their lacking security. If the organisation doesn't listen or won't upgrade their security, grey hat hackers will often release this information publicly. The main issue grey hat hackers are facing, is that all their activity is done without a prior consent from the organisation. Even though grey hat hackers findings are for the 'greater good' their actions can often lead to legal challenges and ethical concerns. There are few notable examples: Adian Lamo: Known for accessing systems at New York Times, Microsoft, Yahoo! and more. He informed these organisations of the vulnerabilities, offering to help fix them. He was sentenced to 2 years' probation. Khalil Shreateh: Found a way to post a message on anyone's Facebook wall, including Facebook's founder - Mark Zuckerberg's wall. Khalil tried to report this security issue through proper channels, but was dismissed. To get Facebook's attention, he posted a message on the founder's wall. Despite founding a major security flaw in their system, Khalil wasn't rewarded through their bug bounty program, as it's often the case. Certified penetration tester (CPT) Is a professional who's undergone an official training in ethical hacking. They must demonstrate their practical and theoretical skills to conducts penetration tests effectively and safely. Some of CPT's responsibilities are Vulnerability Assessment, Exploitation, Reporting, Collaboration and Compliance Testing. To get find a job as a Certified Pentester you need to be skilled at many different areas. You'd need a proficiency in programming languages (e.g. Python, C, Javascript). Strong understanding of OS (windows, Linux, macOS). Networking knowledge (TCP/IP, firewalls, protocols). Familiarity with security tools (e.g. Metasploit, Wireshark, Nmap, Burp Suite). Knowledge of cryptography and security protocols. Problem solving and analytical skills. Understanding of compliance frameworks like GDPR, PCI-DSS (Payment Card Industry Data Security Standard) and ISO 270001 (international standard for information security management systems). What are some of the differences between good actors and bad actors Good actors and bad actors represent the two opposing forces in cyber. Good actors aim to protect and secure digital systems, bad actors exploit vulnerabilities for malicious purposes. The differences between these two groups can be analysed through their intentions, legality, methods, goals and overall impact. The fundamental difference lies in intentions.