Profile of a Hacker

As the hacktivist community continues to grow and evolve, so do the tools and services at a hacker’s disposal. The digital divide between skilled and amateur hackers continues to grow. This separation in skill is forcing those with limited knowledge to rely solely on others who are offering paid attack services available in marketplaces on both the Clearnet and Darknet.  While most hacktivists still look to enlist a digital army, some are discovering that it’s easier and more time efficient to pay for an attack service like DDoS-as-a-Service. Cyber criminals that are financially motivated market their attack services to these would-be hacktivists looking to take down a target with no knowledge or skill.

hacker over a screen with binary code

This evolution in skill is eliminating the need of the ‘know-how,’ and one does not have to learn a single thing about computer networks or programming. Attack services have lowered the entry level and kicked off a business trend by commoditizing hacktivist activities. This new trend is resulting in a change in the current hacker community and landscape in regards to skill set and status.

The current hacker community can now be categorized and explained in three groups. There is the consumer level, which is strictly composed of non-skilled users who are looking to pay to participate.  The second group is the pure hacker.  This group is a skilled group that does not require any paid service or assistance to conduct their operations. The third group, vendors, is comprised of hackers who are now looking to commoditize their tools and services due to the growing demand from the consumer level.

Consumers – The consumer is categorized as a low or non-skilled hacktivist that is looking to pay to participate in an operation. Currently this group represents the largest of the three. This group’s growth and demand for paid attack services is the main reason why the attack marketplace is growing so rapidly. The consumer group does not know how to carry out an attack on their own, so they rely on attack services that provide an easy-to-use attack portal. Consumers will spend anywhere between $20 – $200 dollars a month in attack services so they can participate in different hacktivist operations. The consumer is often influenced by Anonymous propaganda and purchases attack service so they can feel like they are part of the group. They are often the ones to get arrested due to their lack of knowledge.

[You might also like: How Friday’s Massive DDoS Attack in the U.S. Happened]

Hackers – The hacker category is comprised of pure hackers that are able to carry out their own attacks and run hacktivist operations. This group is considered a step above Consumer level since they understand networking and programming – on a scale between amateurs and highly skilled computer networking professionals. These hackers are self-sufficient and do not rely on others’ tools or services, and they are able to write their own attack programs, as well as build their own attack platforms by abusing cloud and trusted services. By having this skill set, they are not reliant on a shared network and are not limited by an attack time limit. Hackers in this category are capable of launching sustained and long term attacks against their targets.

Vendors – The vendor category is comprised of pure hackers that have moved on from their daily anarchic activity. These vendors have seen that there is more profitability in providing attack services to would-be hacktivists and consumers, vs. engaging in ransom-based activities. Some of these vendors in fact make over $100,000 a year. These vendors are exploiting a digital divide for a profit and return that have been proven to be well worth the risk to most hackers looking to cash in. The owners behind vDoS AppleJ4ck allegedly made $600,000 over two years before getting arrested.

The leading contributor to the evolution and change in the classification of the hacker community is due to the growth of the attack marketplace and the commoditization of attack services that have resulted in a skills gap. The profits behind selling tools to entry level consumers has led to the creation of highly popular and easily accessible marketplaces where potential hacktivists with no skill set can purchase a number of attack services that vendors are willing to set up for a fee. These markets have greatly advanced the evolution of hacktivists over the last year but at the same time resulted in a divide in skill set, forcing more to become reliant consumers.

Over the next year, expect to see more hackers enter the markets as vendors looking to sell their tools and services as the divide between skilled and amateur hacktivist broadens. We also expect to see more consumer hacktivists joining the attack landscape as more attack services become readily available.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center