It’s hard to get a handle on the hacker community, but here’s a look at the range of people -- from lone geeks to organized governments -- who could be behind recent security breaches.
FORTUNE — The recent hacking headlines make it seem like we’re in the middle of a cyberwar: In the past few weeks, there have been revelations of security breaches at organizations including Citigroup, Sony, the IMF, and — as recently as yesterday — the CIA’s website.
Indeed, hackers are everywhere, according to Bruce Schneier, security expert and chief security technology officer for IT service-provider BT. But for the hacker community, the apparent cluster of attacks is really just business as usual: “This is hacking, it hasn’t changed in decades,” he says.
While the public may picture shadowy groups of Lisbeth Salander-like computer nerds taking down major networks around the globe, the truth is much less glamorous, Schneier says. Still, the hacker pecking order can be nuanced and tough to de-tangle. It runs the gamut from geeks messing around in their basements to organized national governments. What hackers do and how they do it often remains a mystery, but every day there are activities that fall under the wide umbrella of digital subversion called “hacking.”
The lone wolf
Hacking has its roots in recreation. “The majority of people hacking are just people,” Schneier says, meaning they aren’t connected to a hacking network other than chat rooms and online forums. “It’s just guys messing around.”
Some members of this breed of hacker eventually go corporate. For example, Linus Torvalds, the man who wrote the central component for the Linux operating system, has a well-respected hacking history. He even co-authored a book called The Hacker Ethic, published in 2001. Another high-profile hacker is Apple AAPL co-founder Steve Wozniak, who speaks openly about his early days at UC Berkeley, building and selling devices that could hack phone networks to make free calls.
There’s another, relatively new breed of hacker that seeks publicity. These are typically politically-motivated groups, says Ethan Zuckerman, a researcher at Harvard University’s Berkman Center for Internet and Society. The attacks they launch, he says, are “really designed to get the press release.”
One of the most famous groups is Anonymous, an anarchic network of hackers that periodically organizes to shut down websites, either for fun or for some political purpose. Generally, the group launches a “denial of service” (DDoS) attack, which targets and cripples a specific site. Anonymous has launched several such campaigns, most famously its 2008 efforts to take down the digital presence of the Church of Scientology, which involved a DDoS attack and offline protests by masked members. Recently, the group forewarned an attack against the Federal Reserve, calling for the resignation of Chairman Ben Bernanke via a YouTube video, though none of the Fed’s websites have been shut down yet.
Another group called LulzSec has also stirred up news recently. On Wednesday, it temporarily crashed the Central Intelligence Agency’s public website, Cia.gov. LulzSec has also claimed responsibility for breaches at PBS, Fox and Sony SNE . For the Sony attack, LulzSec’s goal was to showcase a pitiful lack of online security at the company, according to Phil Blank, a senior security analyst at Javelin Strategy & Research, and it succeeded. “It’s a very fundamental, basic attack that no modern corporation should be subjected to — it’s embarrassing.”
While attacks like the one on Sony can be easy, the muscle power of hacktivist groups is generally limited, says Zuckerman. In fact, he notes that within the hacker community, DDoS and similar attacks don’t even qualify as true hacking, which involves actually compromising a network, not taking down a site. LulzSec hasn’t tried to harm large, critical infrastructures so far, and Anonymous has tried and failed, he says: The group couldn’t pull through an attempt to crash Amazon AMZN in December 2010, for example. “Essentially, they’re taking down people’s marketing copy,” says Zuckerman.
Government-backed hacking efforts are a different story — they have much more funding, but can still be next to impossible to trace. They’re also happening all the time, Schneier says: “The U.S. is doing it, China is doing it. Governments have spied on each other for thousands of years.”
While complicated, expensive hacks are more likely to involve government investment, it can be difficult to prove the connection. Earlier this month, the IMF announced to its faculty and staff that it had suffered a cyberattack, but hasn’t released details. There has been speculation that the attack received funding from a foreign government, says Phil Blank, a senior security analyst at Javelin Strategy & Research, but there’s little public proof. “To be able to create the attack from that distance requires a substantial infrastructure, IT work and research,” he says. “Generally speaking, that is out of the scope of most individuals, and it’s probably not corporate espionage.”
The same is true for recent Gmail hacks: Earlier this month, Google GOOG announced that someone had broken into hundreds of Gmail users’ personal accounts. That required fairly complicated, targeted hacks, Blank says. But the only evidence that a government was behind it was that Google traced the origin of the attack to computers with Internet Protocol (IP) addresses in the Jinan region in China. Also, the hack seemed suspicious because victims included U.S. government officials and Chinese political activists. But IP addresses can be fabricated, Blank says, and the Chinese government vehemently denied anything to do with the incident.
That hacking mystery, like so many others, may go unsolved. While the size or complexity of the hack can provide clues, “You never know who’s behind anything really,” says Schneier. “In general, you never know who did it or why.”