Hacker
This article is part of a series on |
Computer hacking |
---|
History |
Hacker culture & ethic |
Conferences |
Computer crime |
Hacking tools |
Practice sites |
Malware |
Computer security |
Groups |
|
Publications |
A hacker is a person skilled in information technology who achieves goals by non-standard means. Though the term hacker has become associated in popular culture with a security hacker – someone with knowledge of bugs or exploits to break into computer systems and access data which would otherwise be inaccessible to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN or the dark web) to mask their identities online and pose as criminals.[1][2] Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. Hacking and cyber-attacks are used extra-legally and illegally by law enforcement and security agencies (conducting warrantless activities), and employed by state actors as a weapon of legal and illegal warfare.
Definitions
Reflecting the two types of hackers, there are two definitions of the word "hacker":
- Originally, hacker simply meant advanced computer technology enthusiast (both hardware and software) and adherent of programming subculture; see hacker culture.[3]
- Someone who is able to subvert computer security. If doing so for malicious purposes, the person can also be called a cracker.[4]
Mainstream usage of "hacker" mostly refers to computer criminals, due to the mass media usage of the word since the 1990s.[5] This includes what hacker jargon calls script kiddies, less skilled criminals who rely on tools written by others with very little knowledge about the way they work.[6] This usage has become so predominant that the general public is largely unaware that different meanings exist.[7] Though the self-designation of hobbyists as hackers is generally acknowledged and accepted by computer security hackers, people from the programming subculture consider the computer intrusion related usage incorrect, and emphasize the difference between the two by calling security breakers "crackers" (analogous to a safecracker).
The controversy is usually based on the assertion that the term originally meant someone messing about with something in a positive sense, that is, using playful cleverness to achieve a goal. But then, it is supposed, the meaning of the term shifted over the decades and came to refer to computer criminals.[8]
As the security-related usage has spread more widely, the original meaning has become less known. In popular usage and in the media, "computer intruders" or "computer criminals" is the exclusive meaning of the word. In computer enthusiast and hacker culture, the primary meaning is a complimentary description for a particularly brilliant programmer or technical expert. A large segment of the technical community insist the latter is the correct usage, as in the Jargon File definition.
Sometimes, "hacker" is simply used synonymously with "geek": "A true hacker is not a group person. He's a person who loves to stay up all night, he and the machine in a love-hate relationship... They're kids who tended to be brilliant but not very interested in conventional goals It's a term of derision and also the ultimate compliment."[9]
Fred Shapiro thinks that "the common theory that 'hacker' originally was a benign term and the malicious connotations of the word were a later perversion is untrue." He found that the malicious connotations were already present at MIT in 1963 (quoting The Tech, an MIT student newspaper), and at that time referred to unauthorized users of the telephone network,[10][11] that is, the phreaker movement that developed into the computer security hacker subculture of today.
Civic hacker
Civic hackers use their security and/or programming acumens to create solutions, often public and open-sourced, addressing challenges relevant to neighborhoods, cities, states or countries and the infrastructure within them.[12] Municipalities and major government agencies such as NASA have been known to host hackathons or promote a specific date as a "National Day of Civic Hacking" to encourage participation from civic hackers.[13] Civic hackers, though often operating autonomously and independently, may work alongside or in coordination with certain aspects of government or local infrastructure such as trains and buses.[14] For example, in 2008, Philadelphia-based civic hacker William Entriken developed a web application that displayed a comparison of the actual arrival times of local SEPTA trains to their scheduled times after being reportedly frustrated by the discrepancy.[15]
Security hackers are people involved with circumvention of computer security. There are several types, including:
- White hat
- Hackers who work to keep data safe from other hackers by finding system vulnerabilities that can be mitigated. White hats are usually employed by the target system's owner and are typically paid (sometimes quite well) for their work. Their work is not illegal because it is done with the system owner's consent.
- Black hat or Cracker
- Hackers with malicious intentions. They often steal, exploit, and sell data, and are usually motivated by personal gain. Their work is usually illegal. A cracker is like a black hat hacker,[16] but is specifically someone who is very skilled and tries via hacking to make profits or to benefit, not just to vandalize. Crackers find exploits for system vulnerabilities and often use them to their advantage by either selling the fix to the system owner or selling the exploit to other black hat hackers, who in turn use it to steal information or gain royalties.
- Grey hat
- Computer security experts who may sometimes violate laws or typical ethical standards, but do not have the malicious intent typical of a black hat hacker.
Hacker culture
Hacker culture is an idea derived from a community of enthusiast computer programmers and systems designers in the 1960s around the Massachusetts Institute of Technology's (MIT's) Tech Model Railroad Club (TMRC)[17] and the MIT Artificial Intelligence Laboratory.[18] The concept expanded to the hobbyist home computing community, focusing on hardware in the late 1970s (e.g. the Homebrew Computer Club)[19] and on software (video games,[20] software cracking, the demoscene) in the 1980s/1990s. Later, this would go on to encompass many new definitions such as art, and life hacking.
Motives
Four primary motives have been proposed as possibilities for why hackers attempt to break into computers and networks. First, there is a criminal financial gain to be had when hacking systems with the specific purpose of stealing credit card numbers or manipulating banking systems. Second, many hackers thrive off of increasing their reputation within the hacker subculture and will leave their handles on websites they defaced or leave some other evidence as proof that they were involved in a specific hack. Third, corporate espionage allows companies to acquire information on products or services that can be stolen or used as leverage within the marketplace. Lastly, state-sponsored attacks provide nation states with both wartime and intelligence collection options conducted on, in, or through cyberspace.[21]
Overlaps and differences
The main basic difference between programmer subculture and computer security hacker is their mostly separate historical origin and development. However, the Jargon File reports that considerable overlap existed for the early phreaking at the beginning of the 1970s. An article from MIT's student paper The Tech used the term hacker in this context already in 1963 in its pejorative meaning for someone messing with the phone system.[10] The overlap quickly started to break when people joined in the activity who did it in a less responsible way.[22] This was the case after the publication of an article exposing the activities of Draper and Engressia.
According to Raymond, hackers from the programmer subculture usually work openly and use their real name, while computer security hackers prefer secretive groups and identity-concealing aliases.[23] Also, their activities in practice are largely distinct. The former focus on creating new and improving existing infrastructure (especially the software environment they work with), while the latter primarily and strongly emphasize the general act of circumvention of security measures, with the effective use of the knowledge (which can be to report and help fixing the security bugs, or exploitation reasons) being only rather secondary. The most visible difference in these views was in the design of the MIT hackers' Incompatible Timesharing System, which deliberately did not have any security measures.
There are some subtle overlaps, however, since basic knowledge about computer security is also common within the programmer subculture of hackers. For example, Ken Thompson noted during his 1983 Turing Award lecture that it is possible to add code to the UNIX "login" command that would accept either the intended encrypted password or a particular known password, allowing a backdoor into the system with the latter password. He named his invention the "Trojan horse". Furthermore, Thompson argued, the C compiler itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler. However, Thompson disassociated himself strictly from the computer security hackers: "I would like to criticize the press in its handling of the 'hackers,' the 414 gang, the Dalton gang, etc. The acts performed by these kids are vandalism at best and probably trespass and theft at worst. ... I have watched kids testifying before Congress. It is clear that they are completely unaware of the seriousness of their acts."[24]
The programmer subculture of hackers sees secondary circumvention of security mechanisms as legitimate if it is done to get practical barriers out of the way for doing actual work. In special forms, that can even be an expression of playful cleverness.[25] However, the systematic and primary engagement in such activities is not one of the actual interests of the programmer subculture of hackers and it does not have significance in its actual activities, either.[23] A further difference is that, historically, members of the programmer subculture of hackers were working at academic institutions and used the computing environment there. In contrast, the prototypical computer security hacker had access exclusively to a home computer and a modem. However, since the mid-1990s, with home computers that could run Unix-like operating systems and with inexpensive internet home access being available for the first time, many people from outside of the academic world started to take part in the programmer subculture of hacking.
Since the mid-1980s, there are some overlaps in ideas and members with the computer security hacking community. The most prominent case is Robert T. Morris, who was a user of MIT-AI, yet wrote the Morris worm. The Jargon File hence calls him "a true hacker who blundered".[26] Nevertheless, members of the programmer subculture have a tendency to look down on and disassociate from these overlaps. They commonly refer disparagingly to people in the computer security subculture as crackers and refuse to accept any definition of hacker that encompasses such activities. The computer security hacking subculture, on the other hand, tends not to distinguish between the two subcultures as harshly, acknowledging that they have much in common including many members, political and social goals, and a love of learning about technology. They restrict the use of the term cracker to their categories of script kiddies and black hat hackers instead.
All three subcultures have relations to hardware modifications. In the early days of network hacking, phreaks were building blue boxes and various variants. The programmer subculture of hackers has stories about several hardware hacks in its folklore, such as a mysterious "magic" switch attached to a PDP-10 computer in MIT's AI lab that, when switched off, crashed the computer.[27] The early hobbyist hackers built their home computers themselves from construction kits. However, all these activities have died out during the 1980s when the phone network switched to digitally controlled switchboards, causing network hacking to shift to dialing remote computers with modems when pre-assembled inexpensive home computers were available and when academic institutions started to give individual mass-produced workstation computers to scientists instead of using a central timesharing system. The only kind of widespread hardware modification nowadays is case modding.
An encounter of the programmer and the computer security hacker subculture occurred at the end of the 1980s, when a group of computer security hackers, sympathizing with the Chaos Computer Club (which disclaimed any knowledge in these activities), broke into computers of American military organizations and academic institutions. They sold data from these machines to the Soviet secret service, one of them in order to fund his drug addiction. The case was solved when Clifford Stoll, a scientist working as a system administrator, found ways to log the attacks and to trace them back (with the help of many others). 23, a German film adaption with fictional elements, shows the events from the attackers' perspective. Stoll described the case in his book The Cuckoo's Egg and in the TV documentary The KGB, the Computer, and Me from the other perspective. According to Eric S. Raymond, it "nicely illustrates the difference between 'hacker' and 'cracker'. Stoll's portrait of himself, his lady Martha, and his friends at Berkeley and on the Internet paints a marvelously vivid picture of how hackers and the people around them like to live and how they think."[28]
Representation in Media
The mainstream media's current usage of the term may be traced back to the early 1980s. When the term, previously used only among computer enthusiasts, was introduced to wider society by the mainstream media in 1983,[29] even those in the computer community referred to computer intrusion as hacking, although not as the exclusive definition of the word. In reaction to the increasing media use of the term exclusively with the criminal connotation, the computer community began to differentiate their terminology. Alternative terms such as cracker were coined in an effort to maintain the distinction between hackers within the legitimate programmer community and those performing computer break-ins. Further terms such as black hat, white hat and gray hat developed when laws against breaking into computers came into effect, to distinguish criminal activities from those activities which were legal.
Network news' use of the term consistently pertains primarily to criminal activities, despite attempts by the technical community to preserve and distinguish the original meaning. Today, the mainstream media and general public continue to describe computer criminals, with all levels of technical sophistication, as "hackers" and do not generally make use of the word in any of its non-criminal connotations. Members of the media sometimes seem unaware of the distinction, grouping legitimate "hackers" such as Linus Torvalds and Steve Wozniak along with criminal "crackers".[30]
As a result, the definition is still the subject of heated controversy. The wider dominance of the pejorative connotation is resented by many who object to the term being taken from their cultural jargon and used negatively,[31] including those who have historically preferred to self-identify as hackers. Many advocate using the more recent and nuanced alternate terms when describing criminals and others who negatively take advantage of security flaws in software and hardware. Others prefer to follow common popular usage, arguing that the positive form is confusing and unlikely to become widespread in the general public. A minority still use the term in both senses despite the controversy, leaving context to clarify (or leave ambiguous) which meaning is intended.
However, because the positive definition of hacker was widely used as the predominant form for many years before the negative definition was popularized, "hacker" can therefore be seen as a shibboleth, identifying those who use the technically-oriented sense (as opposed to the exclusively intrusion-oriented sense) as members of the computing community. On the other hand, due to the variety of industries software designers may find themselves in, many prefer not to be referred to as hackers because the word holds a negative denotation in many of those industries.
A possible middle ground position has been suggested, based on the observation that "hacking" describes a collection of skills and tools which are used by hackers of both descriptions for differing reasons. The analogy is made to locksmithing, specifically picking locks, which is a skill which can be used for good or evil. The primary weakness of this analogy is the inclusion of script kiddies in the popular usage of "hacker", despite their lack of an underlying skill and knowledge base.
See also
- Script kiddie, an unskilled computer security attacker
- Hacktivism, conducting cyber attacks on a business or organisation in order to bring social change
References
- ↑ Ghappour, Ahmed (2017-01-01). "Tallinn, Hacking, and Customary International Law". AJIL Unbound 111: 224–228. doi:10.1017/aju.2017.59. https://scholarship.law.bu.edu/faculty_scholarship/206. Retrieved 2020-09-06.
- ↑ Ghappour, Ahmed (2017-04-01). "Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web". Stanford Law Review 69 (4): 1075. https://scholarship.law.bu.edu/faculty_scholarship/204. Retrieved 2020-09-06.
- ↑ Hackers: Heroes of the Computer Revolution. 1984.
- ↑ Internet Users' Glossary. 1996. doi:10.17487/RFC1983. RFC 1983. https://tools.ietf.org/html/rfc1983.
- ↑ Skillings, Jon (2020-05-27). "In '95, these people defined tech: Gates, Bezos, Mitnick and more". https://www.cnet.com/news/in-95-these-people-defined-tech-gates-gosling-bezos-mitnick-and-more/. "The term "hacker" started out with a benign definition: It described computer programmers who were especially adept at solving technical problems. By the mid-1990s, however, it was widely used to refer to those who turned their skills toward breaking into computers, whether for mild mischief or criminal gain. Which brings us to Kevin Mitnick."
- ↑ Samuel Chng; Han Yu Lu; Ayush Kumar; David Yau (Mar 2022). "Hacker types, motivations and strategies: A comprehensive framework". Computers in Human Behavior Reports 5. doi:10.1016/j.chbr.2022.100167. ISSN 2451-9588. https://www.sciencedirect.com/science/article/pii/S245195882200001X. Retrieved 24 January 2024.
- ↑ Yagoda, Ben. "A Short History of "Hack"". The New Yorker. http://www.newyorker.com/tech/elements/a-short-history-of-hack. Retrieved November 3, 2015.
- ↑ Malkin, G.; Laquey, T. (1993). Internet Users' Glossary. doi:10.17487/RFC1392. https://tools.ietf.org/html/rfc1392.RFC 1392
- ↑ Alan Kay quoted in Stewart Brand, "S P A C E W A R: Fanatic Life and Symbolic Death Among the Computer Bums:" In Rolling Stone (1972)
- ↑ 10.0 10.1 Fred Shapiro: Antedating of "Hacker" . American Dialect Society Mailing List (13. June 2003)
- ↑ "The Origin of "Hacker"". April 1, 2008. https://imranontech.com/2008/04/01/the-origin-of-hacker/.
- ↑
- "What is a Civic Hacker?" (in en-US). 2013-05-15. https://digital.gov/2013/05/15/what-is-a-civic-hacker/.
- Finley, Klint. "White House, NASA Celebrate National Day of Hacking" (in en-US). Wired. ISSN 1059-1028. https://www.wired.com/2013/05/national-day-of-hacking/. Retrieved 2023-11-03.
- ↑
- Abegail (2016-06-04). "Join Us for National Day of Civic Hacking" (in en-US). https://www.chhs.ca.gov/blog/2016/06/03/join-us-for-national-day-of-civic-hacking/.
- "Open Data and Innovation at the National Day of Civic Hacking 2016" (in en). 2016-06-03. https://obamawhitehouse.archives.gov/blog/2016/06/03/open-data-and-innovation-national-day-civic-hacking-2016.
- "Time To Make Plans For June's National Day of Civic Hacking - IEEE Spectrum" (in en). https://spectrum.ieee.org/time-to-make-plans-for-junes-national-day-of-civic-hacking.
- Hong, Albert (2016-06-08). "National Day of Civic Hacking is about 'civic bravery'" (in en). https://technical.ly/civic-news/national-day-civic-hacking-secondmuse/.
- "Government releases 'unprecedented amount of data' for National Day of Civic Hacking" (in en-US). 2013-05-31. https://venturebeat.com/entrepreneur/government-releases-unprecedented-amount-of-data-for-national-day-of-civic-hacking/.
- ↑
- Gallagher, Sean (2015-02-25). "Bus pass: Civic hackers open transit data MTA said would cost too much to share" (in en-us). https://arstechnica.com/information-technology/2015/02/bus-pass-civic-hackers-open-transit-data-mta-said-would-cost-too-much-to-share/.
- Babcock, Stephen (2015-02-25). "Thanks to civic hackers, a Montreal company just made Baltimore's bus system more usable" (in en). https://technical.ly/software-development/transit-app-civic-hackers-mta-bus-tracking-data-mobile/.
- Reyes, Juliana (2014-01-09). "This app shows you how often SEPTA Regional Rail is late (with fixes)" (in en). https://technical.ly/civic-news/septa-regional-rail-late-app/.
- Reyes, Juliana (2014-07-11). "Why does this data from our troubled Philadelphia Traffic Court cost $11K?" (in en). https://technical.ly/civic-news/traffic-court-data-expensive-william-entriken/.
- ↑
- Lattanzio, Vince (2014-01-20). "Frustrated Over Late SEPTA Trains, Software Developer Creates App Proposing Better Schedules". https://www.nbcphiladelphia.com/news/local/frustrated-over-late-septa-trains-software-developer-creates-app-to-recommend-schedule-changes/2113743/.
- Reyes, Juliana (2014-01-09). "This app shows you how often SEPTA Regional Rail is late (with fixes)". https://technical.ly/civic-news/septa-regional-rail-late-app/.
- Metro Magazine Staff (2014-01-22). "SEPTA rider creates app proposing 'better schedules'". https://www.metro-magazine.com/10038748/septa-rider-creates-app-proposing-better-schedules.
- ↑ "What are crackers and hackers? | Security News". http://www.pctools.com/security-news/crackers-and-hackers/.
- ↑ London, Jay (6 April 2015). "Happy 60th Birthday to the Word "Hack"". https://slice.mit.edu/2015/04/06/happy-birthday-hack/.
- ↑ Raymond, Eric (25 August 2000). "The Early Hackers". A Brief History of Hackerdom. Thyrsus Enterprises. http://www.catb.org/~esr/writings/cathedral-bazaar/hacker-history/ar01s02.html.
- ↑ Levy, part 2
- ↑ Levy, part 3
- ↑ Lloyd, Gene. "Developing Algorithms to Identify Spoofed Internet Traffic". Colorado Technical University, 2014
- ↑ phreaking. http://catb.org/~esr/jargon/html/P/phreaking.html. Retrieved 2008-10-18.
- ↑ 23.0 23.1 cracker. http://catb.org/~esr/jargon/html/C/cracker.html. Retrieved 2008-10-18.
- ↑ Thompson, Ken (August 1984). "Reflections on Trusting Trust". Communications of the ACM 27 (8): 761. doi:10.1145/358198.358210. http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf. Retrieved 2007-08-24.
- ↑ Richard Stallman (2002). "The Hacker Community and Ethics: An Interview with Richard M. Stallman". GNU Project. https://www.gnu.org/philosophy/rms-hack.html.
- ↑ Part III. Appendices. http://catb.org/jargon/html/pt03.html#bibliography. Retrieved 2008-10-18.
- ↑ A Story About 'Magic'. http://catb.org/~esr/jargon/html/magic-story.html. Retrieved 2008-10-18.
- ↑ Part III. Appendices. http://catb.org/jargon/html/pt03.html. Retrieved 2008-10-18.
- ↑ Deffree, Suzanne (2019-09-05). "EDN - 'Hacker' is used by mainstream media, September 5, 1983" (in en-US). https://www.edn.com/hacker-is-used-by-mainstream-media-september-5-1983/.
- ↑ DuBois, Shelley. "A who's who of hackers". Reporter. Fortune Magazine. http://tech.fortune.cnn.com/2011/06/16/a-whos-who-of-hackers/.
- ↑ "TMRC site". http://tmrc.mit.edu/hackers-ref.html.
Further reading
- Baker, Bruce D. "Sin and the Hacker Ethic: The Tragedy of Techno-Utopian Ideology in Cyberspace Business Cultures." Journal of Religion and Business Ethics 4.2 (2020): 1+ online .
- Hasse, Michael. Die Hacker: Strukturanalyse einer jugendlichen Subkultur (1994)
- Himanen, Pekka. The hacker ethic (Random House, 2010).
- Himanen, Pekka. "19. The hacker ethic as the culture of the information age." The Network Society (2004): 420+ online.
- Holt, Thomas J. "Computer hacking and the hacker subculture." in The palgrave handbook of international cybercrime and cyberdeviance (2020): 725-742.
Computer security
- Dey, Debabrata, Atanu Lahiri, and Guoying Zhang. "Hacker behavior, network effects, and the security software market." Journal of Management Information Systems 29.2 (2012): 77-108.
- Dreyfus, Suelette (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN 1-86330-595-5.
- Hafner, Katie; Markoff, John (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon & Schuster. ISBN 0-671-68322-5. https://archive.org/details/cyberpunk00kati.
- Levy, Steven (2002). Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age. Penguin. ISBN 0-14-024432-8.
- Logik Bomb: Hacker's Encyclopedia (1997)
- Revelation: The Ultimate Beginner's Guide to Hacking & Phreaking (1996)
- Slatalla, Michelle; Joshua Quittner (1995). Masters of Deception: The Gang That Ruled Cyberspace. HarperCollins. ISBN 0-06-017030-1. https://archive.org/details/mastersofdecepti1994slat.
- Sterling, Bruce (1992). The Hacker Crackdown. Bantam. ISBN 0-553-08058-X. https://archive.org/details/hackercrackdownl00ster.
- Taylor, Paul A. (1999). Hackers: Crime in the Digital Sublime. Routledge. ISBN 978-0-415-18072-6. http://insecure.org/stf/them_and_us.txt. Retrieved 2009-03-08.
- Thomas, Douglas (2002). Hacker Culture. University of Minnesota Press. ISBN 0-8166-3345-2.
- Verton, Dan (2002). The Hacker Diaries: Confessions of Teenage Hackers. McGraw-Hill Osborne Media. ISBN 0-07-222364-2. https://archive.org/details/hackerdiariescon0000vert.
Free software/open source
- Graham, Paul (2004). Hackers and Painters. Beijing: O'Reilly. ISBN 0-596-00662-4.
- Himanen, Pekka (2001). The Hacker Ethic and the Spirit of the Information Age. Random House. ISBN 0-375-50566-0. https://archive.org/details/hackerethic00pekk.
- Lakhani, Karim R.; Wolf, Robert G. (2005). "Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects". in Feller, J.; Fitzgerald, B.; Hissam, S. et al.. Perspectives on Free and Open Source Software. MIT Press. http://ocw.mit.edu/courses/sloan-school-of-management/15-352-managing-innovation-emerging-trends-spring-2005/readings/lakhaniwolf.pdf. Retrieved 2016-03-25.
- Levy, Steven (1984). Hackers: Heroes of the Computer Revolution. Doubleday. ISBN 0-385-19195-2.
- Raymond, Eric S.; Steele, Guy L., eds (1996). The New Hacker's Dictionary. The MIT Press. ISBN 0-262-68092-0.
- Raymond, Eric S. (2003). The Art of Unix Programming. Prentice Hall International. ISBN 0-13-142901-9.
- Turkle, Sherry (1984). The Second Self: Computers and the Human Spirit. MIT Press. ISBN 0-262-70111-1.
External links
Original source: https://en.wikipedia.org/wiki/Hacker.
Read more |