Hackers, Bad Actors and Adversaries aka The Bad Guys

You may think of them as hackers, but those who breach networks, steal intellectual and other property, and commit espionage are usually referred to as bad actors and adversaries. While I was driving the other day, I started thinking about how those who aren’t cybersecurity professionals might wonder, “What’s the difference between a hacker, a bad actor and an adversary?”

Technically speaking, the term hacker refers to any individual with technical skills. Typically, a hacker is someone who uses those skills to gain unauthorized access to information systems for the purpose of committing a crime or crimes. Hackers, and there are different varieties of them, exploit vulnerabilities. There are black, gray and white hats, for example, but also script kiddies. Black hats are synonymous with the hacker stereotype – think dark hoodie – and are motivated by malice and/or personal gain. White hats, on the other hand, are ethical hackers. They use their skills to test security measures and defenses.  Gray hats fall somewhere in between black and white hats, while script kiddies are individuals who aren’t as technically skilled but know enough to use programs created by others to attack networks or deface systems.

What’s interesting is that the word hack didn’t originally mean what it does today. The verb hack, circa 1200, originally meant “to cut roughly, cut with chopping blows“. The term “hack” was then used by M.I.T. in 1955 to refer to “fussing with machines”, according to Ben Yagoda’s 2014 piece in The New Yorker titled “A Short History of ‘Hack‘”.  Yagoda concluded the more negative connotations of the term were later additions, with M.I.T.’s student paper referring to hackers in the 1960’s and, in the mid-1980’s, Steven Levy doing so as well in his book Hackers: Heroes of the Computer Revolution.

Bad actor was first used in 2005 to refer to “a person that attempts to lie, cheat, or deceive, in a poor manner” according to an entry in the Urban Dictionary. The current usage of criminal as in “bad actors want to sniff out data from accounts at Google” wasn’t added until October 2018. Google “bad actor cybersecurity” and you’ll find the term is often used to refer to hackers or cybercriminals and learn they – individuals and entities – are responsible for criminal activities but also unrest.

So is a bad actor the same as a hacker? Well, the answer is yes and no. The type of hacker one is referring to will dictate whether the terms are interchangeable. A black hat hacker is definitely a bad actor. A white hat hacker is not a bad actor. In contrast, some might refer to a white hat as a good actor. Either way, both will use artificial intelligence to further their positions in the future, but that’s another post.

The word adversary originally referred to an “unfriendly opponent, enemy“, but especially “Satan as the enemy of mankind” and originated from Latin’s adversarius, according to Online Etymology Dictionary. Today, while the terms bad actor and adversary are sometimes used to refer to the same types of criminals, adversary is usually used to refer to threat groups that are highly sophisticated and motivated such as nation states or multinational criminal organizations. To a lesser extent, hacktivists and insiders are also referred to as adversaries.

What’s a nation state? How do we define a criminal organization? What’s the difference between a hacktivist and an insider? Here’s a quick primer: