A hacker is a term developed originally in the United States university computing community to characterize anyone who enjoys the intellectual challenge of creatively overcoming or circumventing limitations, primarily in their fields of interest, namely programming or electrical engineering.
The term hacker is used in four senses in common use:
(1) Someone who knows a (sometimes specified) set of programming interfaces well enough to write novel and useful software without conscious thought on a good day.
(2) Someone who (usually illegally) attempts to break into or otherwise subvert the security of a program, system or network, often with malicious intent. This usage is annoying to many in the developer community who grew up with the primary meaning in sense (1), and would prefer to keep it that way; they would prefer the media used the term cracker. Sometimes this is also called a "black hat hacker", to distinguish it from sense 3 below.
(3) Someone who attempts to break into systems or networks in order to help the owners of the system by making them aware of security flaws in it. This is often called a "white hat hacker". Many of these people are employed by computer security companies, and are doing something completely legal; and many were formerly hackers within sense 2.
(4) Someone who, through either knowledge or trial and error, makes a modification to a piece of software such that it provides a change of funcionality. Such change is normally a benefit.
"Script kiddie" is reserved for a cracker of little or no skill who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing.
See also jargon file.
The hacker community (the set of people who would describe themselves as hackers, or who would be described by others as hackers) falls into at least three partially overlapping categories. The word hacker probably derives from the somewhat derogatory hack, used in the newspaper industry typically to refer to a Journalist who types his stories without checking his facts first.
Hacker -- Guru
One who knows a (sometimes specified) set of programming interfaces well enough to write novel and useful software without conscious thought on a good day. This type of hacker is respected within the development community for the freedom they represent, although the term still carries some of the meaning of Hack, developing programs without adequate planning. This zug-zwang sets freedom and the ability to be creative against methodical careful progress. Corporate programming environments typically favor only either the good hackers, or the careful computer scientist.
At their best, Hackers can be surprisingly productive. Industry standard rates of development are in the range of 6-10 lines of code (debugged, and documented) per hour. A Hacker in stride can produce a couple of thousand lines of code an hour as thought translates itself directly into code. As a result a Hacker may be able to sketch out the full shape of a program to a level of quality that can be used for demonstrating ideas in less than a week. Thus it isn't hard to see what some companies find useful in Hacker talent.
The down side of Hacker productivity is generally agreed to be in maintainability, documentation, and completion. Very talented hackers may become bored with a project once they have figured out all of the hard parts, and be unwilling to finish off the details. This attitude can cause friction in shops where other programmers are expected to pick up the half finished work, decipher the structures and ideas, and bullet-proof the code. In other cases, where a Hacker is willing to maintain their own code, a company may be unable to find anyone else who is capable or willing to dig through code to maintain the program if the original programmer moves on to a new job.
Hacker -- Black Hat, or Cracker
The popular press tends to use the terms "hacker" and "cracker" interchangably for someone who attempts to break into or otherwise subvert the security of a system or network. This usage is annoying to many in the developer community who grew up with the primary meaning in the Guru sense, and would prefer to keep it that way.
However, within the programming community, "hacker" is generally a term of respect or acknowledgement of skill while "cracker" is used for someone who is skillfully malicious or committing criminal (not simply illegal) acts. Some former hackers and crackers are now employed by companies online to test their security and report on weaknesses.
There are several recurring tools of the trade used by hackers to gain unauthorized access to computers:
- Trojan horse -- These are applications that seem to do useful work, but set up a back door so that the Hacker can later return and enter the system. These include programs which mimic login screens.
- Snooper -- Applications that capture password and other data while it is in transit either within the computer, or over the network
- Virus -- An application that propagates itself opportunistically by waiting in the background until the user offers it an new medium to infect. Viruses are often confused with worms.
- Worm -- An application that actively probes for known weaknesses across the network, then propagates itself through exploits of that weakness. (The original Usenet post describing the MorrisWorm described the distinction between viruses and worms thus: worms do not attach themselves to code. Present usage appears to favour worms being more active than viruses.)
- Vulnerability Scanner -- A tool used to quickly check computers on a network for known weaknesses. Hacker's also use Port Scanners. These check to see which ports on a specified computer are "open" or available to acess the computer through.
- Exploit -- A prepared application that takes advantage of a known weakness
- Social engineering -- Asking someone for the password or account (possibly over a beer.) Also includes looking over someone's shoulder while they enter their password, or posing as someone else in order to get sensitive information.
- Root kit -- A toolkit for hiding the fact that a computer's security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible to see applications being run by the intruder in the active process tables.
Hacker -- Grey Hat
1) A black-hat hacker turned white-hat. See below.
2) A white-hat hacker who uses black-hat techniques to satisfy their employers, for whom they act as white-hat.
Hacker -- White Hat
White hat hackers often overlap with black hat depending on your perspective. The primary difference is that a white hat hacker observes the hacker ethic, a sort of golden rule of computing similar to: Do unto others as you would have them do unto you. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem without requiring support from a system manufacturer.
An example of a hack: Microsoft Windows ships with the ability to use cryptographic libraries built into the operating system. When shipped overseas this feature becomes nearly useless as the operating system will refuse to load cryptographic libraries that haven't been signed by Microsoft, and Microsoft will not sign a library unless the US Government authorizes it for export. This allows the US Government to maintain some perceived level of control over the use of strong cryptography beyond its borders.
While hunting through the symbol table of a beta release of Windows, a couple of overseas hackers managed to find a second signing key in the Microsoft binaries. That is without disabling the libraries that are included with Windows (even overseas) these individuals learned of a way to trick the operating system into loading a library that hadn't been signed by Microsoft, thus enabling the functionality which had been lost to non-US users.
Whether this is good (white hat) or bad (black hat) may depend on whether you are the US Government or not, but is generally considered by the computing community to be a white hat type of activity.
How Hackers Define Themselves
The following is the definition given by the jargon file (a dictionary of hacker jargon):
[originally, someone who makes furniture with an axe]
- A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
- One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
- A person capable of appreciating hack value.
- A person who is good at programming quickly.
- An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
- An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
- One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
The term `hacker' also tends to connote membership in the global community defined by the net (see the network and Internet address). For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic (see hacker ethic).
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.
This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.