Hacker

Hacker is a term used to describe different types of computer experts. The media and the general populace typically use the term to mean "computer criminal"; however, in many computer subcultures it simply means "clever programmer", with no connotation of computer security skill. It is also sometimes extended to mean any kind of expert, especially one who has particularly detailed knowledge or cleverly circumvents limits.

In an apparently separate usage, "hacker" also has a musical connotation as well. In small combos, and in middle school, high school, and college jazz band classes all over the English-speaking world, "hacker" means either a musician who plays out of turn or simply a musician who shows off constantly. This article does not discuss this definition further.

Contents

1 Definition 2 History 3 Categories of hacker 3.1 Hacker: Intruder and criminal 3.2 Hacker: Brilliant programmer 3.3 Hacker: Security expert 4 Jargon File definition 5 Summary of terms 6 Notable hackers 6.1 Intruders and criminals 6.2 Brilliant programmers 6.3 Security experts 6.4 Hacker media personalities 7 See also 8 External links 9 Related books 10 Commercials

Definition

The meaning of the term, when used in a computer context, has changed somewhat over the decades since it first came into use (when it was simply used as a verb for 'messing about' with, 'I hack around with computers'), as it has been given additional and clashing meanings by new users of the word.

Currently, "hacker" is used in two main ways, one pejorative and one complimentary: in popular usage and in the media, it generally describes computer intruders or criminals; in the computing community, it describes a particularly brilliant programmer or technical expert (for example: "Linus Torvalds, the creator of Linux, is a genius hacker."). The latter is said by some to be the "correct" usage of the word (see the Jargon File definition below).

The mainstream media usage of the term may be traced back to the early 1980's (see History below). At the time in 1983 of the first national media use of the term to refer to computer intruders, even those in the computer community refered to such activity as "hacking", although this was not the exclusive use of the word. Due to the increasing media use of the term exclusively in the criminal connotation, the computer community began to differentiate the terminolgy at about that time, coining several alternative terms for such criminal activities, while retaining the other more commonly performed activities under the core meaning of "hack". As network news use pertained primarily to the criminal activities, the mainstream media has not followed suit. Through the present the media routinely describe computer criminals at all levels of technical sophistication as "hackers", and does not generally make usage of the word "hacker" in any of its non-criminal connotations.

"Hacker" can therefore be seen as a shibboleth, identifying those who use it in its positive sense as members of the computing community.

As a result of this conflict, the term is the subject of some controversy. The pejorative usage is disliked by many who identify themselves as hackers, and who do not like their label used negatively. Many users of the positive form say the "intruder" meaning should be deprecated, and advocate terms such as "cracker" or "black hat" to replace it. Others prefer to follow common popular usage, arguing that the positive form is confusing and never likely to become widespread. It should be noted however, that the positive definition of hacker was widely used for many years before the negative definition, and thus can be seen as more authentic.

A possible middle ground position observes that "hacking" describes a collection of skills, and that these skills are utilized by hackers of both descriptions, though for differing reasons. The companion situation which illustrates this is the skills involved in locksmithing, specifically picking locks, which — aside from its being a skill with a fairly high tropism to 'classic' hacking — is a skill which can be used for good or evil.

History

A timeline of the noun "hack" and etymologically related terms as they evolved in historical English:

• In French, haquenée means an ambling horse.
• In Old English, tohaccian meant hack to pieces.
• At some point in the 14th century, the word haquenée became hackney, meaning a horse of medium size or fair quality.
• Shortly after, hackney was shortened to hack, and in riding culture the act of "hacking" (as opposed to fox-hunting) meant riding about informally, to no particular purpose.
• 1393 (at the latest): the word had also acquired the meaning of a horse for hire and also "prostitute."
• 1596: hackney was being used as an adjective meaning tired or worn out. William Shakespeare also used the word to mean "to make common and overly familiar" in Henry IV, Part I.
• 1700: a hack is a "person hired to do routine work".
• 1704: hack now also means a "carriage for hire".
• 1749: hack means "one who writes anything for hire" (still in use today among writers); see hack writer
• 1802: hack is used to mean a "short, dry cough" (still in use)
• 1826: the expression hack writer is first recorded though hackney writer appeared at least 50 years earlier
• 1898: hack is given the figurative sense of "a try, an attempt".
• 1950s: ham radio fans borrowed the term hacking from riding and defined it as creatively tinkering to improve performance.
• 1955: American English gives it the slang sense of "cope with" (as in "can't hack it"). On the U.S. East Coast, cars were substituted for horses, and hacking was a precursor to cruising.
• 1972: Stewart Brand publishes "S P A C E W A R: Fanatic Life and Symbolic Death Among the Computer Bums" in Rolling Stone
• 1983: First Usenet post on the use of hacker to mean computer criminal in the media (in Newsweek and on CBS News).
• 1984: Steven Levy publishes Hackers: Heroes of the Computer Revolution. The book publicizes, and perhaps originates the phrase "Hacker Ethic" and gives a codification of its principles.
• 1988: Stalking the Wily Hacker, an article by Clifford Stoll appears in the May 1988 issue of the Communications of the ACM and uses the term hacker in the sense of a computer criminal. Later that year, the release by Robert Tappan Morris, Jr. of the so-called Morris worm provoked the popular media to spread this usage.
• 1989: The Cuckoo's Egg by Clifford Stoll is published, and its popularity further entrenches the term in the public's consciousness.

The modern, computer-related form of the term is likely rooted in the goings on at the Massachusetts Institute of Technology (MIT) in the 1960s, long before computers became common; the word "hack" was local slang which had a large number of related meanings. One was a simple, but often inelegant, solution to a problem. It also meant any clever prank (http://hacks.mit.edu/) perpetrated by MIT students; logically the perpetrator was a hacker. To this day the terms hack and hacker are used in several ways at MIT, without necessarily referring to computers. When MIT students surreptitiously put a police car atop the dome on MIT's Building 10, that was a hack, and the students involved were therefore hackers. Another type of hacker - one who explores undocumented or unauthorized areas in buildings - is now called a reality hacker or urban spelunker.

The term was fused with computers when members of the Tech Model Railroad Club started working with a Digital Equipment Corporation PDP-1 computer and applied local model railroad slang to computers.

The earliest known use of the term in this manner is from the 20 November 1963 issue of The Tech, the student paper of MIT:

"Many telephone services have been curtailed because of so-called hackers, according to Prof. Carlton Tucker, administrator of the Institute phone system. [...] The hackers have accomplished such things as tying up all the tie-lines between Harvard and MIT, or making long-distance calls by charging them to a local radar installation. One method involved connecting the PDP-1 computer to the phone system to search the lines until a dial tone, indicating an outside line, was found. [...] Because of the "hacking," the majority of the MIT phones are "trapped.""

In the nascent computer culture of the 1960s, the unavoidable analogy to "hacking" programs was the already-established counter-culture practice of chopping Harley-Davidsons in Southern California: taking them apart and "chopping" their frames, improvising to make them lower, sleeker, faster, hotter than their uncustomized "stock" originals.

Originally, the term applied almost exclusively to programming or electrical engineering, but it has come to be used in some circles for almost any type of clever circumvention, in phrases such as "hack the media", "hack your brain" and "hack your reputation".

Categories of hacker

The hacker community (the set of people who would describe themselves as hackers, or who would be described by others as hackers) falls into at least three partially overlapping categories.

Hacker: Intruder and criminal

The most common usage of "hacker" in the popular press is to describe those who subvert computer security without authorization or indeed, anyone who has been accused of using technology (usually a computer or the Internet) for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, and many other forms of crime. This can mean taking control of a remote computer through a network, or software cracking. This is the pejorative sense of hacker, also called cracker or black-hat hacker or simply "criminal" in order to preserve unambiguity.

A hacktivist is a hacker who utilizes technology to announce a political message. It should be noted that web vandalism is not necessarily hacktivism.

There are several recurring tools of the trade used by computer criminals:

• Trojan horse — These are programs designed so that they seem to do or be one thing, such as a legitimate software, but actually are or do another. They are not necessarily malicious programs. A trojan horse can be used to set up a back door in a computer system so that the intruder can return later and gain access. Viruses that fool a user into downloading and/or executing them by pretending to be useful applications are also sometimes called trojan horses. See also: Dialer.
• Virus — A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see this article about computer viruses). Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
• Worm — Like a virus, a worm is also a self-replicating program. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system and that it propogates itself through computer networks. After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. It is possible for a program to have the blunt characteristics of both a worm and a virus.
• Vulnerability scanner — A tool used to quickly check computers on a network for known weaknesses. Hackers also use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound.)
• Sniffer — An application that captures password and other data while it is in transit either within the computer or over the network.
• Exploit — A prepared application that takes advantage of a known weakness.
• Social engineering — Using manipulation skills in order to obtain some form of information. An example would be asking someone for their password or account possibly over a beer or by posing as someone else.
• Root kit — A toolkit for hiding the fact that a computer's security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Those who consider themselves hackers in this sense but who don't write their own programs, and who generally don't really understand the inner workings of the computers they gain access to, are known as script kiddies or "amateur hobbyists" in the UK.The term originates from the idea that no one is born with knowledge of these things, and everyone must at some point use "scripts" to learn. The term is also a reference to Linux/Unix scripts, which are small applications that can accomplish a specific task with little more input than the target of the attack. To some however the term expresses considerable contempt, being meant to indicate that they are immature (or unable to realize the equality lesson contained in the somewhat loaded term), and only use "scripts" and programs created by other people, in what is merely simple vandalism (if not outright theft).

Hacker: Brilliant programmer

The positive usage of hacker (the proper usage). One who knows a (sometimes specified) set of programming interfaces well enough to write software rapidly and expertly. This type of hacker is well-respected, although the term still carries some of the meaning of hack, developing programs without adequate planning. This zugzwang gives freedom and the ability to be creative against methodical careful progress.

At their best, hackers can be very productive. The downside of hacker productivity is often in maintainability, documentation, and completion. Very talented hackers may become bored with a project once they have figured out all of the hard parts, and be unwilling to finish off the "details". This attitude can cause friction in environments where other programmers are expected to pick up the half finished work, decipher the structures and ideas, and bullet-proof the code. In other cases, where a hacker is willing to maintain their own code, a company may be unable to find anyone else who is capable or willing to dig through code to maintain the program if the original programmer moves on to a new job.

Types of hackers in this sense are gurus and wizards. "Guru" implies age and experience, and "wizard" often implies particular expertise in a specific topic, and an almost magical ability to perform hacks no one else understands.

Hacker: Security expert

There is a third meaning which is a kind of fusion of the positive and pejorative senses of hacker. The term white hat hacker is often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Many such people are employed by computer security companies (such professionals are sometimes called sneakers). Collections of these people are often called tiger teams.

White hat hackers often overlap with black hat depending on your perspective. The primary difference is that a white hat hacker claims to observe the hacker ethic. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem without requiring support from a system manufacturer.

An example of a hack: Microsoft Windows ships with the ability to use cryptographic libraries built into the operating system. When shipped overseas this feature becomes nearly useless as the operating system will refuse to load cryptographic libraries that haven't been signed by Microsoft, and Microsoft will not sign a library unless the US Government authorizes it for export. This allows the US Government to maintain some perceived level of control over the use of strong cryptography beyond its borders.

While hunting through the symbol table of a beta release of Windows, a couple of overseas hackers managed to find a second signing key in the Microsoft binaries. That is, without disabling the libraries that are included with Windows (even overseas), these individuals learned of a way to trick the operating system into loading a library that hadn't been signed by Microsoft, thus enabling the functionality which had been lost to non-US users.

Whether this is good or bad may depend on whether you respect the letter of the law, but is considered by some in the computing community to be a white hat type of activity. Some use the term grey hat to describe someone on the borderline between black and white.

Jargon File definition

The following is the definition given by the most recent edition of the Jargon File (a dictionary of hacker jargon), which emphasizes the positive sense of "hacker". The definitions in this dictionary were not made through research into common usage, but reflect to some extent the opinions of its editors. Hence, the following is accepted by some but not all of the hacker community.

hacker n. [originally, someone who makes furniture with an axe]

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in "a Unix hacker". (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence "password hacker", "network hacker". The correct term for this sense is cracker.

The term "hacker" also tends to connote membership in the global community defined by the net (see the network and Internet address). For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic. It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labelled bogus). See also geek, wannabe. This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.

The earliest Stanford revisions of the Jargon file (1975) did not describe the term so positively, including only definitions 4, 5 and 8. The current definition was written in more or less its current form around 1980 at MIT. Definition 8 was "deprecated" in the 1990s by Jargon File editor Eric S. Raymond, a known advocate of the positive usage of "hacker". This deprecation is considered somewhat controversial by some, although use of the term "hacker" (in the computer-related sense) predates the first computer system with security (CTSS), and thus necessarily pre-dates any security-related meaning.

Summary of terms

Guru, Wizard: Types of hacker in the positive sense.

Cracker: A hacker in the negative sense.

Blackhat: A person that maintains his or her vulnerabilities and exploits as confidential. A blackhat promotes freedom rather than security. Blackhats poke holes in systems and do not increase control of information; there are no attempts made to disclose or patch software. A blackhat hacker has 0-day exploits (private software that exploits security vulnerabilities; 0day exploits have not been distributed to the public).

Script kiddie: a person with little or no skill. Or a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing. Usually pejorative.

Whitehat, Sneaker, Grey hat: A hacker who breaks security but who does so for altruistic or at least non-malicious reasons. To whitehats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, blackhats may claim the lighter the hat, the more the ethics of the activity are lost.

Note also that even among users of the positive sense of "hacker", the noun "hack" often means kludge, and in those cases has a negative connotation of being ugly, inelegant, and inefficient. The practical joke form of the noun "hack" is considered to have a positive meaning. Meanwhile, the verb "hack" can and often does share the same positive connotations as the noun "hacker".

Notable hackers

Intruders and criminals

Note that many of these have since turned to fully legal hacking.

• Mark Abene (a.k.a. Phiber Optik) — Inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.
• Dark Avenger — Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
• Robert Tappan Morris, Jr. — This Cornell University graduate student unleashed the first major Internet worm in 1988.
• Kevin Mitnick — Held in jail without bail for a long period of time. Inspired the Free Kevin movement.
• Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest.
• Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.
• Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.
• Brian Salcedo — Salcedo and accomplices gained access to Lowe's wireless LAN connection and installed a program designed to steal credit card account information.
• Marcus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
• David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.

Brilliant programmers

• Seymour Cray — He was a supercomputer architect who founded the company Cray Research.
• Bill Gosper
• Richard Greenblatt
• Bill Joy — Co-founder of Sun Microsystems and author of many fundamental UNIX utilities.
• Richard Stallman — Founder of the free software movement and the GNU project, and wrote the early versions of Emacs and gcc.
• Ken Thompson and Dennis Ritchie — Ritchie and Thompson created Unix in 1969. Ritchie is also notable for having created the C programming language.
• Linus Torvalds — Torvalds was a computer science student at the University of Helsinki when he wrote the Linux kernel in 1991.
• Larry Wall — The creator of the Perl programming language.
• Steve Wozniak — The co-founder of Apple Computer got his start making devices for phone phreaking.
• Rob Pike — a software engineer and author. He is best known for his work at Bell Labs, where he was a member of the Unix team and was involved in the creation of the Plan 9 and Inferno operating systems.
• Dan Bernstein — the author of Qmail and Djbdns, also a mathematician and cryptographer.

Security experts

• Solar Designer — Founder of the Openwall Project.
• Fyodor — The author of Nmap & STC.
• Johan "Julf" Helsingius — Operated the world's most popular anonymous remailer, the Penet remailer (called penet.fi), until he closed up shop in September 1996.
• Tsutomu Shimomura — Shimomura helped catch Kevin Mitnick, the United States' most infamous hacker, in early 1994. He is the co-author of a book about the Mitnick case, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (ISBN 0786889136).
• Michal Zalewski (lcamtuf) — Prominent security researcher.
• Marty Roesch — Creator of Snort, a network Intrusion Detection System.
• Ralph Echemendia — Hacking Instructor and prominent security researcher.
• Horatio Huxham — Made public a security hole in a South African banking system.
• Zaraza — Russian security researcher who has located various flaws in Microsoft Windows

Hacker media personalities

• Eric Corley (a.k.a Emmanuel Goldstein) — Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.
• CULT OF THE DEAD COW — a high profile hacker group that has both made news and been consulted by the media on numerous occasions.
• Eric S. Raymond — He is one of the founders of the Open Source Initiative. He wrote the famous text The Cathedral and the Bazaar and many other essays. He also maintains the Jargon File for the Hacker culture, which was previously maintained by Guy L. Steele, Jr..
• Bruce Perens — He is also one of the Open Source Initiative. He was the former Debian GNU/Linux Project Leader, and is the primary author of the Open Source Definition.

See also

• Hacker culture
• Hacker Emblem
• Hacker Manifesto
• Hackers (short stories)
• Hacker (game)
• Hackers: Heroes of the Computer Revolution
• A Hacker History a timeline of events relating to hacking
• List of fictional hackers
• Quick-and-dirty
• Jargon File
• Biohacker
• Astalavista Security Group

External links

• The Hacker Dictionary (http://www.hacker-dictionary.com)
• The Broken video series on hacking (http://www.thebroken.org)
• The MIT Gallery of Hacks (http://hacks.mit.edu/)
• The Jargon File (http://www.catb.org/~esr/jargon)
• The Hacker Emblem (http://www.catb.org/~esr/hacker-emblem)
• How To Become A Hacker (http://www.catb.org/~esr/faqs/hacker-howto.html)
• Free Software Foundation (http://www.fsf.org)
• Open Source Initiative (http://www.opensource.org)
• Digital Information Society (http://www.phreak.org)
• SecureRoot Directory (http://www.secureroot.com)
• Hacker News (http://www.hackwire.com/)
• Hacker Games (http://hackergames.net/)
• Hacker Interviews (http://www.safemode.org/interviews.html)
• Paul Graham's Hackers & Painters Essay (http://www.paulgraham.com/hp.html)
• Paul Graham's Great Hackers Essay (http://www.paulgraham.com/gh.html)
• WPI Hackers of the '70s (http://www.wpi.edu/~trb/hacker70s.html)
• A Brief History of Hackerdom (2000)} (http://citeseer.ist.psu.edu/raymond00brief.html)
• HackThisSite.org-Learn to web hack (http://www.hackthissite.org/)
• Learn To Hack - Hacking Challenges (http://www.learntohack.org/)
• SPACEWAR: Fanatic Life and Symbolic Death Among the Computer Bums (http://www.wheels.org/spacewar/stone/rolling_stone.html) Stewart Brand's 1972 article
• Use of the Word "Hacker" post on newsgroup net.flame (http://groups-beta.google.com/group/net.flame/msg/d819f568a30ecf57)

Related books

Template:Book reference

Social Engineering:

• "The Art of Deception" by Kevin D. Mitnick & William L. Simon

Network Security:

• "Hacking Exposed" by Stuart McClure, Joel Scambray & George Kurtz

Magazines:

• "2600: The Hacker Quarterly"
• "Hakin9"
• "Binary Revolution Magazine"

Commercials

• Hacking Challenges (http://www.clubhack.com)
• Hacker Shirts & Stickers (http://www.hackerstickers.com/)ca:Hacker

da:Hacker de:Hacker es:Hacker fr:Hacker gl:Hacker ko:해커 it:Hacker he:האקר lv:Hakeris nl:Hacker ja:ハッカー no:Hacker pl:Haker pt:Hacker ru:Хакер simple:Hacker sl:Heker fi:Hakkeri sv:Hackare th:แฮกเกอร์ zh:黑客