What’s the difference between hackers, cybercriminals, and identity thieves?

By Allstate Identity Protection

The terms “hacker,” “cybercriminal,” and “identity thief” are often used interchangeably — but they’re actually different. Hackers are computer programmers who use their skills to breach digital systems. They’re not all bad actors: some, known as ethical hackers, use their knowledge to improve security practices. Cybercriminals, on the other hand, are people who use computers to commit crimes, while identity thieves use stolen personal information to commit fraud.

When you hear the word hacker, your next thought probably isn’t helper. In the mainstream media, hackers are often portrayed as cloak-and-dagger, fly-by-night figures evil geniuses who are out to get your data. 

But, did you know that many of the people who search computer systems for bugs and vulnerabilities are actually out to lend a hand, or at least make an honest living?  

In fact, there are many different types of hackers. Some have good intentions, while others may be malicious. Let’s take a closer look at how cybercriminals are categorized, the ways hackers can differ from identity thieves, and how you may be able to best protect yourself from the not-so-good guys.

What’s a hacker?

By definition, hackers are computer programmers who use their technical skills to breach digital systems, networks, and devices. In the process, they may employ a variety of tools and techniques, including rootkits, a type of malware that can control a system remotely; distributed denial-of-service (DDoS) attacks, which disrupt connections and services; and vulnerability scanners, or programs that find potential weak spots or loopholes. 

But, that doesn’t mean they’re all bad guys. Many hackers are actually security professionals hired by software companies to find and then help fix unknown exploits. Their goal is to identify bugs and vulnerabilities first, before bad actors find them and take advantage.

What are the three types of hackers?

There are three types of hackers, categorized by the color of their metaphorical hats

With data leaks making more and more headlines, it’s important to note that not every breach is the handiwork of a black-hat hacker. Security incidents can be accidental, like when a well-meaning employee unknowingly leaks customers’ information onto the internet, or a security team doesn’t properly encrypt sensitive data. But there are things you can do to stay alert. Before sharing personal information with a website, for example, it’s a good idea to check the privacy policy for an idea of how your data will be protected.

What’s the difference between a hacker and a cybercriminal? 

Cybercriminals are people who use computers or the internet to commit crimes. Both black- and gray-hat hackers may break the law, effectively becoming cybercriminals. All 50 states have computer crime laws governing the damage or disruption of computer systems. 

Just as there are many ways to break these laws, there are many faces of cybercriminals. Some are petty thieves: lone wolves who steal information for financial gain. On the other end of the spectrum, there are organized crime groups who use the internet to buy and sell illegal goods think weapons and drugs or broker unlawful services. Corporations may break the law by engaging in cyber espionage, while nation-states have been known to hire cybercriminals to spy on other governments, steal information, or otherwise engage in cyber warfare.

What about identity thieves? 

There’s a lot that goes into categorizing different types of hackers, but the terms hacker, cybercriminal, and identity thief are often used interchangeably and inaccurately. 

Identity thieves use stolen personal information, such as your name, birth date, and Social Security number, for illicit personal gain. An identity thief might open a new line of credit, take out a loan, or even receive medical services using your name. 

Identity theft can happen without a computer, like when someone applies for a job in-person using your Social Security number. But identity theft is increasingly carried out on the internet. As companies continue to track and store our information, our digital footprints grow and unfortunately, those data trails can become fodder for fraudsters. 

In 2018 alone, 14.4 million people were victims of some type of identity theft. If you happen to be one of them, you know it can be incredibly difficult to untangle the mess and reclaim your records. 

While we can’t always control what happens to our data, we can be vigilant about protecting our identities, both online and in the physical world.

How can I protect my data?

If you’re an Allstate Identity Protection member, you can feel good knowing there are a number of features in place to help alert you if your information does fall into the wrong hands.

To up your defenses, log in to the portal and switch on dark web monitoring. Enter your details such as log-in credentials, passwords, and account numbers and we’ll notify you if we find your information where it shouldn’t be. You can also activate credit monitoring to receive notifications about your credit activity. That way, you can act fast to minimize damage if someone else opens a line of credit in your name. 

You can’t stop cybercriminals and identity thieves from operating. But with Allstate Identity Protection, you have a holistic, multi-faceted approach to your data protection, complete with alerts about potential fraud and a team of Identity Specialists available to help with round-the-clock remediation. Doesn’t it feel good to be proactive?