Hacker is a term used to describe different types of computer experts. It is also sometimes extended to mean any kind of expert, especially with the connotation of having particularly detailed knowledge or of cleverly circumventing limits. The meaning of the term, when used in a computer context, has changed somewhat over the decades since it first came into use, as it has been given additional and clashing meanings by new users of the word. To further confuse the issue, "hacker" also has a musical connotation as well. In small combos, and in middle school, high school, and college jazz band classes all over the English-speaking world, "hacker" means either "a musician who plays out of turn" or simply a musician who shows off constantly
Currently, "hacker" is used in two main ways, one complimentary and one pejorative. In popular usage and in the media, it generally describes computer intruders or criminals. "Hacker" can be seen as a shibboleth, identifying those who use it in its positive sense as members of the computing community. The term "hacker" can also be used in the computing community to describe a particularly brilliant programmer or technical expert (for example: "Linus Torvalds, the creator of Linux, is a genius hacker."). This is said by a minority to be the "correct" usage of the word (see the Jargon File definition below).
As a result of this conflict, the term is the subject of some controversy. The pejorative usage is disliked by many who identify themselves as hackers, and who do not like their label used negatively. Many users of the positive form say the "intruder" meaning should be deprecated, and advocate terms such as "cracker" or "black-hat" to replace it. Others prefer to follow common popular usage, arguing that the positive form is confusing and never likely to become widespread.
A possible middle ground position observes that "hacking" describes a collection of skills, and that these skills are utilized by hackers of both descriptions, though for differing reasons. The companion situation which illustrates this is the skills involved in locksmithing, specifically picking locks, which — aside from its being a skill with a fairly high tropism to 'classic' hacking — is a skill which can be used for good or evil.
Table of contents
A timeline of the noun "hack" and etymologically related terms as they evolved in historical English:
- In French, haquenée means an ambling horse.
- In Old English, tohaccian meant hack to pieces.
- At some point in the 14th century, the word haquenée became hackney, meaning a horse of medium size or fair quality.
- Shortly after, hackney was shortened to hack, and in riding culture the act of "hacking" (as opposed to fox-hunting) meant riding about informally, to no particular purpose.
- 1393 (at the latest): the word had also acquired the meaning of a horse for hire and also "prostitute."
- 1596: hackney was being used as an adjective meaning tired or worn out. William Shakespeare also used the word to mean "to make common and overly familiar" in Henry IV, Part I.
- 1700: a hack is a "person hired to do routine work".
- 1704: hack now also means a "carriage for hire".
- 1749: hack means "one who writes anything for hire" (still in use today among writers); see hack writer
- 1802: hack is used to mean a "short, dry cough" (still in use)
- 1826: the expression hack writer is first recorded though hackney writer appeared at least 50 years earlier
- 1898: hack is given the figurative sense of "a try, an attempt".
- 1950s: ham radio fans borrowed the term hacking from riding and defined it as creatively tinkering to improve performance.
- 1955: American English gives it the slang sense of "cope with" (as in "can't hack it"). On the U.S. East Coast, cars were substituted for horses, and hacking was a precursor to cruising.
- 1972: Stewart Brand publishes "S P A C E W A R: Fanatic Life and Symbolic Death Among the Computer Bums" in Rolling Stone
- 1983: First Usenet post on the use of hacker to mean computer criminal in the media (in Newsweek and on CBS News).
- 1984: Steven Levy publishes Hackers: Heroes of the Computer Revolution. The book publicizes, and perhaps originates the phrase "Hacker Ethic" and gives a codification of its principles.
- 1988: Stalking the Wily Hacker, an article by Clifford Stoll appears in the May 1988 issue of the Communications of the ACM and uses the term hacker in the sense of a computer criminal. Later that year, the release by Robert Tappan Morris, Jr. of the so-called Morris worm provoked the popular media to spread this usage.
- 1989: The Cuckoo's Egg by Clifford Stoll is published, and its popularity further entrenches the term in the public's consciousness.
The modern, computer-related form of the term is likely rooted in the goings on at the Massachusetts Institute of Technology (MIT) in the 1960s, long before computers became common; the word "hack" was local slang which had a large number of related meanings. One was a simple, but often inelegant, solution to a problem. It also meant any clever prank perpetrated by MIT students; logically the perpetrator was a hacker. To this day the terms hack and hacker are used in several ways at MIT, without necessarily referring to computers. When MIT students surreptitiously put a police car atop the dome on MIT's Building 10, that was a hack, and the students involved were therefore hackers. Another type of hacker – one who explores undocumented or unauthorized areas in buildings – is now called a reality hacker or urban spelunker.
The earliest known use of the term in this manner is from the 20 November 1963 issue of The Tech, the student paper of MIT:
- "Many telephone services have been curtailed because of so-called hackers, according to Prof. Carlton Tucker, administrator of the Institute phone system. [...] The hackers have accomplished such things as tying up all the tie-lines between Harvard and MIT, or making long-distance calls by charging them to a local radar installation. One method involved connecting the PDP-1 computer to the phone system to search the lines until a dial tone, indicating an outside line, was found. [...] Because of the "hacking," the majority of the MIT phones are "trapped.""
In the nascent computer culture of the 1960s, the unavoidable analogy to "hacking" programs was the already-established counter-culture practice of chopping Harley-Davidsons in Southern California: taking them apart and "chopping" their frames, improvising to make them lower, sleeker, faster, hotter than their uncustomized "stock" originals.
Originally, the term applied almost exclusively to programming or electrical engineering, but it has come to be used in some circles for almost any type of clever circumvention, in phrases such as "hack the media", "hack your brain" and "hack your reputation".
Categories of hacker
The hacker community (the set of people who would describe themselves as hackers, or who would be described by others as hackers) falls into at least three partially overlapping categories.
Hacker: Intruder and criminal
The most common usage of "hacker" in the popular press is to describe those who subvert computer security without authorization or indeed, anyone who has been accused of using technology (usually a computer or the internet) for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, and many other forms of crime. This can mean taking control of a remote computer through a network, or software cracking. This is the pejorative sense of hacker, also called cracker or black-hat hacker or simply "criminal" in order to preserve unambiguity.
A hacktivist is a hacker who utilizes technology to announce a political message. It should be noted that web vandalism is not necessarily hacktivism.
There are several recurring tools of the trade used by computer criminals:
- Trojan horse — These are malicious programs that are disguised as legitimate software. A trojan horse can be used to set up a back door in a computer system so that the criminal can return later and gain access. Viruses that fool a user into downloading and/or executing them by pretending to be useful applications are also sometimes called trojan horses. See also: Dialer.
- Virus — A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see the article about computer viruses). Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
- Worm — Like a virus, a worm is also a self-replicating program. The difference between a virus and a worm is that a worm does not attach itself to other code. After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program.
- Vulnerability scanner — A tool used to quickly check computers on a network for known weaknesses. Hackers also use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound.)
- Sniffer — An application that captures password and other data while it is in transit either within the computer or over the network
- Exploit — A prepared application that takes advantage of a known weakness.
- Social engineering — Using manipulation skills in order to obtain some form of information. An example would be asking someone for their password or account possibly over a beer or by posing as someone else.
- Root kit — A toolkit for hiding the fact that a computer's security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.
- Leet — An English pidgin which is commonly seen as a social phenomenon unique to the hacker community which is used as a means of dialog and obscurement for conversations between its members. More accurately, this is something of an inside joke, as there are comparatively few people who speak in this manner, and as a true means of dialog, this is more commonly found in the gaming community.
Those who consider themselves hackers in this sense but who don't write their own programs, and who generally don't really understand the inner workings of the computers they gain access to, are known as script kiddies.The term originates from the idea that no one is born with knowledge of these things, and everyone must at some point use "scripts" to learn. To some however the term expresses considerable contempt, being meant to indicate that they are immature (or unable to realize the equality lesson contained in the somewhat loaded term), and only use "scripts" and programs created by other people, in what is merely simple vandalism (if not outright theft).
Hacker: Brilliant programmer
The positive usage of hacker. One who knows a (sometimes specified) set of programming interfaces well enough to write software rapidly and expertly. This type of hacker is well-respected, although the term still carries some of the meaning of hack, developing programs without adequate planning. This zugzwang gives freedom and the ability to be creative against methodical careful progress.
At their best, hackers can be very productive. The downside of hacker productivity is often in maintainability, documentation, and completion. Very talented hackers may become bored with a project once they have figured out all of the hard parts, and be unwilling to finish off the "details". This attitude can cause friction in environments where other programmers are expected to pick up the half finished work, decipher the structures and ideas, and bullet-proof the code. In other cases, where a hacker is willing to maintain their own code, a company may be unable to find anyone else who is capable or willing to dig through code to maintain the program if the original programmer moves on to a new job.
Types of hackers in this sense are gurus and wizards. "Guru" implies age and experience, and "wizard" often implies particular expertise in a specific topic, and an almost magical ability to perform hacks no one else understands.
Hacker: Security expert
There is a third meaning which is a kind of fusion of the positive and pejorative senses of hacker. The term white hat hacker is often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Many such people are employed by computer security companies (such professionals are sometimes called sneakers). Collections of these people are often called Tiger Teams.
White hat hackers often overlap with black hat depending on your perspective. The primary difference is that a white hat hacker claims to observe the hacker ethic. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem without requiring support from a system manufacturer.
An example of a hack: Microsoft Windows ships with the ability to use cryptographic libraries built into the operating system. When shipped overseas this feature becomes nearly useless as the operating system will refuse to load cryptographic libraries that haven't been signed by Microsoft, and Microsoft will not sign a library unless the US Government authorizes it for export. This allows the US Government to maintain some perceived level of control over the use of strong cryptography beyond its borders.
While hunting through the symbol table of a beta release of Windows, a couple of overseas hackers managed to find a second signing key in the Microsoft binaries. That is, without disabling the libraries that are included with Windows (even overseas), these individuals learned of a way to trick the operating system into loading a library that hadn't been signed by Microsoft, thus enabling the functionality which had been lost to non-US users.
Whether this is good or bad may depend on whether you respect the letter of the law, but is considered by some in the computing community to be a white hat type of activity. Some use the term grey hat to describe someone on the borderline between black and white.
Jargon File definition
The following is the definition given by the most recent edition of the Jargon File (a dictionary of hacker jargon), which emphasizes the positive sense of "hacker". The definitions in this dictionary were not made through research into common usage, but reflect to some extent the opinions of its editors. Hence, the following is accepted by some but not all of the hacker community.
hacker n. [originally, someone who makes furniture with an axe]
The term "hacker" also tends to connote membership in the global community defined by the net (see the network and Internet address). For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic. It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labelled bogus). See also geek, wannabe. This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.
- A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
- One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
- A person capable of appreciating hack value.
- A person who is good at programming quickly.
- An expert at a particular program, or one who frequently does work using it or on it; as in "a Unix hacker". (Definitions 1 through 5 are correlated, and people who fit them congregate.)
- An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
- One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
- [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence "password hacker", "network hacker". The correct term for this sense is cracker.
The earliest Stanford revisions of the Jargon file (1975) did not describe the term so positively, including only definitions 4, 5 and 8. The current definition was written in more or less its current form around 1980 at MIT. Definition 8 was "deprecated" in the 1990s by Jargon File editor Eric S. Raymond, a known advocate of the positive usage of "hacker". This deprecation is considered somewhat controversial by some, although use of the term "hacker" (in the computer-related sense) predates the first computer system with security (CTSS), and thus necessarily pre-dates any security-related meaning.
Summary of terms
Guru, Wizard: Types of hacker in the positive sense.
Cracker: A hacker in the negative sense.
Blackhat: A person that maintains his or her vulnerabilities and exploits as confidential. A blackhat promotes freedom rather than security. Blackhats poke holes in systems and do not increase control of information; there are no attempts made to disclose or patch software. A blackhat hacker has 0-day exploits (private software that exploits security vulnerabilities; 0day exploits have not been distributed to the public).
Script kiddie: a person with little or no skill. Or a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing. Usually pejorative.
Whitehat, Sneaker, Grey-hat: A hacker who breaks security but who does so for altruistic or at least non-malicious reasons. To whitehats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, blackhats may claim the lighter the hat, the more the ethics of the activity are lost.
Note also that even among users of the positive sense of "hacker", the noun "hack" often means kludge, and in those cases has a negative connotation of being ugly, inelegant, and inefficient. The practical joke form of the noun "hack" is considered to have a positive meaning. Meanwhile, the verb "hack" can and often does share the same positive connotations as the noun "hacker".
Intruders and criminals
Note that many of these have since turned to fully legal hacking.
- Mark Abene (a.k.a. Phiber Optik) — Inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
- Dark Avenger — Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
- Robert Tappan Morris, Jr. — This Cornell University graduate student unleashed the first major Internet worm in 1988.
- Kevin Mitnick — The first hacker to be held in jail without bail for a time long enough to merit a world record.
- Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest.
- Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
- Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.
- Seymour Cray — He was a supercomputer architect who founded the company Cray Research.
- Bill Gosper
- Richard Greenblatt
- Bill Joy — Co-founder of Sun Microsystems and author of many fundamental UNIX utilities.
- Richard Stallman — Founder of the free software movement and the GNU project, and wrote the early versions of Emacs and gcc.
- Ken Thompson and Dennis Ritchie — Ritchie and Thompson created Unix in 1969. Ritchie is also notable for having created the C programming language.
- Linus Torvalds — Torvalds was a computer science student at the University of Helsinki when he wrote the Linux kernel in 1991.
- Larry Wall — The creator of the Perl programming language.
- Steve Wozniak — The co-founder of Apple Computer got his start making devices for phone phreaking.
- Rob Pike — a software engineer and author. He is best known for his work at Bell Labs, where he was a member of the Unix team and was involved in the creation of the Plan 9 and Inferno operating systems.
- Dan Bernstein — the author of Qmail and Djbdns, also a mathematician and cryptographer.
- Solar Designer — Founder of the Openwall Project.
- Fyodor — The author of Nmap & STC.
- Johan "Julf" Helsingius — Operated the world's most popular anonymous remailer, the Penet remailer (called penet.fi), until he closed up shop in September 1996.
- Tsutomu Shimomura — Shimomura helped catch Kevin Mitnick, the United States' most infamous cracker, in early 1994. He is the co-author of a book about the Mitnick case, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (ISBN 0786889136).
- Michal Zalewski (lcamtuf) — Prominent security researcher.
- Marty Roesch — Creator of Snort, a network Intrusion Detection System.
- Ralph Echemendia — Hacking Instructor and prominent security researcher.
- Horatio Huxham — Made public a security hole in a South African banking system.
- Zaraza — Russian security researcher who has located various flaws in Microsoft Windows
Hacker media personalities
- Eric Corley (a.k.a Emmanuel Goldstein) — Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.
- CULT OF THE DEAD COW — a high profile hacker group that has both made news and been consulted by the media on numerous occasions.
- Eric S. Raymond — He is one of the founders of the Open Source Initiative. He wrote the famous text The Cathedral and the Bazaar and many other essays. He also maintains the Jargon File for the Hacker culture, which was previously maintained by Guy L. Steele, Jr..
- Bruce Perens — He is also one of the Open Source Initiative. He was the former Debian GNU/Linux Project Leader, and is the primary author of the Open Source Definition.
- Hacker culture
- Hacker Emblem
- Hacker Manifesto
- Hackers (short stories)
- Hacker (game)
- Hackers Heroes of the Computer Revolution
- A Hacker History a timeline of events relating to hacking
- List of fictional hackers
- Jargon File
- Astalavista Security Group
- 1337 h4x0r h4ndb00k
- The Hacker Dictionary
- The Broken video series on hacking
- The MIT Gallery of Hacks
- The Jargon File
- The Hacker Emblem
- How To Become A Hacker
- Free Software Foundation
- Open Source Initiative
- Digital Information Society
- SecureRoot Directory
- Hacker News
- Hacker Games
- Hacker Interviews
- Paul Graham's Hackers & Painters Essay
- Paul Graham's Great Hackers Essay
- WPI Hackers of the '70s
- A Brief History of Hackerdom (2000)}
- HackThisSite.org-Learn to web hack
- Learn To Hack – Hacking Challenges
- SPACEWAR: Fanatic Life and Symbolic Death Among the Computer Bums Stewart Brand's 1972 article
- Use of the Word "Hacker" post on newsgroup net.flame
- "The Art of Deception" by Kevin D. Mitnick & William L. Simon
- "Hacking Exposed" by Stuart McClure, Joel Scambray & George Kurtz
- "2600: The Hacker Quarterly"
- "Binary Revolution Magazine"