Linux Security Threats: The 7 Classes of Attackers


Start exploring Linux Security Fundamentals by downloading the free sample chapter today. DOWNLOAD NOW

Organizations today are facing a worldwide security workforce shortage — and hurting for it, according to a 2016 report from Intel Security and the Center for Strategic and International Studies (CSIS).

“Eighty-two percent of surveyed respondents admitted to a shortage of cybersecurity skills, with 71 percent of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets,” according to Intel Security.

It’s important and valuable for Linux sysadmins to stay one step ahead of malicious hackers by fortifying their security skills. Regardless of your skill level or experience, there’s always more to learn to further expand your awareness of security issues and preventative measures.

falseThe Linux Foundation’s online Linux Security Fundamentals course is intended for anyone involved with any security-related task, at any level. You’ll learn how to assess your current security needs, evaluate your current security readiness, and implement security options as required.

In this new tutorial series, we’ll give you a sneak preview of the third session in the course on Threats and Risk Assessment. Or you can download the entire chapter now.

By the end the series, you should be able to:

  • Differentiate the different classes of attackers

  • Discuss the types of attacks                    

  • Explain the tradeoffs in security, including likelihood, asset value, and business impact

  • Install and try common security tools tcpdump, wireshark, and nmap.

The 7 Classes of Attackers

In dealing with threats and risk assessment, there are different classes of attackers.

A white hat hacker

Breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term “white hat” in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement.

A black hat hacker

Violates computer security to be malicious or for personal gain. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture. Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.

A script kiddie (also known as a skid or skiddie)

A non-expert who breaks into computer systems by using prepackaged automated tools written by others, usually with little understanding of the underlying concept.


Utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.

Nation state

Refers to intelligence agencies and cyber warfare operatives of nation states.

Organized crime

Refers to criminal activities carried out for profit.


Automated software tools that are available for use by any type of hacker.

Attack Sources

An attack can be perpetrated by an insider or from outside the organization.

An inside attack is an attack initiated by an entity inside the security perimeter (an insider), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.

An outside attack is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an outsider). On the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

A resource (both physical or logical), called an asset, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromise the confidentiality, integrity or availability properties of resources (potentially different from the vulnerable one) of the organization and other involved parties (customers, suppliers).    

In part 2 of this series, we’ll cover the types of attacks you can expect. And later we’ll discuss the business trade-offs associated with common security measures.

Stay one step ahead of malicious hackers with The Linux Foundation’s Linux Security Fundamentals course. Download a sample chapter today!

Read the other articles in the series:

Linux Security Threats: Attack Sources and Types of Attacks

Linux Security Fundamentals Part 3: Risk Assessment / Trade-offs and Business Considerations

Linux Security Fundamentals: Estimating the Cost of a Cyber Attack

Linux Security Fundamentals Part 5: Introduction to tcpdump and wireshark

Linux Security Fundamentals Part 6: Introduction to nmap