How to Effectively Build Hacker Personas

How to effectively build hacker personas with Core Sentinel logo

How to Effectively Build Hacker Personas

Jun 9 2017

A hacker, in digital technology, is a term referring to a person with a tremendously high level of skills in programming, networking, information security, operating systems and computer hardware. But thanks to the media’s irresponsible sensationalisation, most people now associate the term with some techy nerd who breaks into government computer systems, or any website of great importance for personal advantage or malicious purposes.

Types of Hackers

However, not all hackers are bad. In fact, there are three types of them:

  • White hat hackers

These are the good guys. They’re the builders and problem solvers of the computer and IT world. Take open source operating systems and applications for example. They are all products of white hat hacker ingenuity. A white hat hacker will never break into a computer system or IT infrastructure without the owner’s permission.

  • Grey hat hackers

The term refers to a computer security or programming expert who may at times go against ethical standards or even the law. For example, a grey hat hacker may break into a website and then inform the administrator of the vulnerabilities found. While this, in a way, is a good thing, still they have broken into a system without the owner’s consent, making the act unethical and illegal. The point to note is that they do not operate with malicious intent.

  • Black hat hackers

The big dividing line between white hat and black hat hackers is not just permission, but malicious intent. Black hats are also known as crackers because they breach security systems with malicious intent. Crackers break things. Hackers build things.

How to Effectively Build Hacker Personas
In the next sections, you’re going to learn how to create hacker personas as a way for you to understand what goes on in the minds of hackers and help you better prepare against attacks or to launch a countermeasure.

What Is a Hacker Persona?

A hacker persona is a generalised portrayal of a fictional hacker character with his or her own set of personal belief system, values, aspirations, skillset, mindset, desires, life outlook and philosophy shaped by a number of factors including culture, religion, upbringing, education, and personal experiences. These are based on observed behaviour patterns among real attackers, helping you understand how to deal with each type or what they’re going to do next.

build hacker personas

The rate at which today’s technology is evolving is staggering. That’s why many penetration testers, spend most of their waking hours updating their knowledge and dissecting each facet of cyber crime.

Unfortunately, many have neglected the social and psychological aspects of penetration testing. Many pentesters focus their attention on the hacker’s exploit tools, code, exploit techniques and malware, yet they forego trying to learn about who these people are and the reason and motivation behind their actions.

In order to better understand the nature of the cyber threat,penetration testers need to focus more on the driving forces behind a hacker’s actions such as:

  • Reward for their actions
  • The circumstances signalling the opportunity to attack

Nowadays, we have access to sophisticated techniques, methodologies and tools. Unfortunately, only a handful are able to understand, much less leverage, hacker motive. One way to accomplish that is to create hacker personas.

How to Build Hacker Personas

Over the past couple of years, an earlier generation of glory-seekers gradually faded into the background, giving way for a younger, hungrier breed of hackers and script kiddies (attackers lacking the skills to create their own but rely on scripts written by others). These new guys play the game somewhat differently. What we ought to do is throw away stereotypes and outdated biases. It’s the only way we can profile them under completely new light.

Now building hacker personas is a team effort and should never be based on the opinion or ideas of just a few. Gather your team of skilled testers and start brainstorming ideas:

1. Give them names like Pedro, Kylo Ren, Rey and Darth Maul. How you name your characters doesn’t matter as long as the names are meaningful to you.

2. Give each name a personality. This comes from a combination of observed hacker behaviour and thought patterns. Note that a hacker persona can either be an individual, a group, or even a government or nation state. How you classify these personas will depend on your organisation’s unique needs.

3. Identify the goals of each persona. What are their goals in attacking your infrastructure? Think critically what data or system features you have, or what your organisation represents that makes you a prime target for a particular persona.

4. Identify their mode of attack. Is it Virus, Trojan, Worm, Fake WAP,  DoS\DDoS (Denial of Service), Eavesdropping, ClickJacking, Keylogger, Waterhole, or Phishing attack? That list is by no means comprehensive, but you get the point: Attributing an attack specialty to each hacker persona allows you to be better equipped and prepared against it.

5. Focus on psychological parameters. Review hacker attributes. Go through your list again and review the characteristic attributed to each hacker persona. Only this time, highlight their psychological implications.

6. Assign an age and gender. These are important clues in ascertaining hacker motives.

7. Take economic factors into account. Determine your persona’s lifestyle and living needs. Is your persona rich? Middle Class? Poor? Again this variable will help lead you to motive.

8. Verify all assumptions against solid proof. During the brainstorming process, many will make certain assumptions based on what they have heard or read. But assumptions are just that. Unless you have solid proof, assumptions not backed by evidence shouldn’t make it past this stage.

9. Act it out. Assign members of the group to act it out and give life to the various personas you created. This will demystify the persona to someone whose thoughts and actions we can understand, predict and even relate to.

10. Build your strategy around your persona. Hackers have varying skills, knowledge, needs, wants and goals. It follows that your methodology must be tailored to the contour of these parameters.

Know the Kind of Hacker You’re Dealing With

In today’s cyber world almost every attacker you’ll encounter will fall under one of three categories. And each type is just as dangerous as the other. So don’t be fooled into thinking that you should be paying more attention to one and less to the other.

  • Cyber Criminals

Cyber criminals have been around longer than most other types of hackers. They’re the most economically motivated of all types. So where money can be found, they’re always nearby, lurking, and ready to pounce at the earliest opportunity. And they’ll use any means necessary to get it. Cyber crime in recent years is increasingly becoming an organised and systematised crime, as opposed to a random act perpetrated by some lone freckly kid.

Organised cyber crime has cost consumers and businesses billions of dollars in losses each year. These organised groups have a rich underground network of resources and exploit tools that they can buy, trade or sell. They are calculating criminals, and opportunistic predators that will attack the weakest or easiest prey they can find.

  • Hacktivists

They are the activists of the cyber world who target governments, large corporations and related institutions. They’re politically motivated, often plagued by factionalism within their own groups, and are therefore not as organised as cyber criminals.

Being activists first and foremost with little background in programming, most hacktivists are also script kiddies, relying on freely available open source tools. Their most common mode of attack is DDoS and SQL injection attacks against websites, either rendering the site inaccessible, or downloading and publishing an organisational database. Not all hacktivists are script kiddies though. A few of them are actually talented programmers who can write their own scripts and exploit tools. However, the fact that they are also constantly warring with each other, leaves them with little chance to fully leverage this to their advantage.

Just because hacktivists are politically motivated doesn’t mean your small business won’t be a target. If you happen to be in partnership with a corporation they hate or carrying a product they’re lobbying against, you may suddenly find yourself a target. So the moral of the story is to never let your guard down.

  • Government-Sanctioned Attackers

Yes, the government too have their own special troop of hackers and arsenal of exploit tools. Unlike other hacker types, the government engages in extremely well funded and highly customised exploit activities. State approved attackers often take advantage of bleeding edge attack and evasion tactics and zero-day vulnerabilities known only to them, and without any available patch or fix.

Their targets include other countries or government and multinational corporations, but won’t hesitate to attack small organisations or businesses if they could use them as a stepping stone to their actual target.

Government sponsored attacks are covert activities that often occur under the radar of the country’s legal and judicial systems.
Having learned something about these hacker profiles puts you in a better position to build more effective hacker personas and implement better defensive countermeasures against a given threat.


No matter how much we’ve learned about hackers, there will always be an air of mystery to them. That cannot be avoided. However, what’s important is that we’re not slack in learning about their real nature, activities, strategies and motives. And this goal brings us to the task of building hacker personas.

By following the steps for building hacker personas, as outlined above, you have opened the door for better understanding as to which hacker persona is the biggest threat to you, which specific parts of your infrastructure are most vulnerable, and how you might protect them. Let your hacker personas teach you about your enemy, and how to match your defenses to their strategies or modes of attack.

However, if you and your team lack the capability to carry out this project, Core Sentinel can help.
At Core Sentinel, we stay abreast of the latest vulnerabilities by continuously researching and participating in industry events, and we regularly leverage hacker personas to discover new vulnerabilities not yet identified by the industry. And we’ve been successfully doing it for over 15 years.

As qualified penetration testers, we’re committed to a professional code of conduct and practice. Our goal is to help protect your assets, your resources, your revenue, your reputation, your privacy, and your peace of mind.

Call one of our consultants today to see how we can assist you.

Other articles you might like:

Definitive Guide to Penetration Testing

Black Box vs. White Box Testing: Key Differences Every Organisation Should Know

Characteristics of a Good Penetration Tester