Hackers, crackers and coloured hats

(Status of the text: In writing)

Intro
'Hacker' is possibly one of the most controversial terms in computing. There are but a few others that have been so much disputed and that have so many different definitions and understandings. Initially the word probably meant a carpenter (one that hacks wood), but it is been also used to mean radio amateurs, telephone tweakers, collectors and spreaders of illegal software, top programmers, networking gurus. It has also denoted professionals in any given field or just original pranksters...

The mainstream media depicts the hacker as an intelligent but malicious person who has mastered the dark arts of breaking into computers. For cyberpunks, the hacker is a network anarchist. For warez d00dz dealing with illegal software a top hacker is able to gather the newest titles and deliver '0-day warez' (explained below).

But probably the most authoritative definition is given by the people who largely built most of today's Internet and its infrastructure. The Jargon File defines hacker as

hacker: n.

[originally, someone who makes furniture with an axe]

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

3. A person capable of appreciating hack value.

4. A person who is good at programming quickly.

5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)

6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

So for this company, a hacker is a professional with original thinking, lots of competence and attitude. Although most hackers work in IT, the definition does not limit it to computing only - hackers may find 'soulmates' among likely-minded musicians and physicians, artists and mechanics.

So although different opinions exist, this writing uses the definition above - as hackers in this sense have most influenced the development of computing, be it then new standards (Ethernet and Bob Metcalfe, Web and sir Timothy Berners-Lee) programming languages (Perl and Larry Wall, PHP and Rasmus Lerdorf), operating systems (GNU and Richard Stallman, Linux and Linus Torvalds, OpenBSD and Theo de Raadt) or revolutionary ideas (Richard Stallman, Eric Raymond, Lawrence Lessig and many others). What comes to the infamy coming from breaking in and stealing things - building is remarkably harder then pulling down, so the 'bad guys' are called 'crackers' by the real hackers and frowned upon (an occasionally-used spicier term is 'lower life forms').

A good account of the early hacker ethic is seen in "Hackers: The Heroes of Computer Revolution" by Steven Levy, a more philosophical insight is provided by Dr. Pekka Himanen in "Hacker Ethic".

The Zoo of the Lord
If to use 'hacker' properly, meaning the computer ace, then the question arises - who are the others then? The ones that media labels hackers? And numerous others who use the term on themselves (but by our definition are not)?

The classification below is not 100% serious, rather a bit tongue-in-cheek. However, all these kinds of people do exist in the cyberspace.

Crackers
This is what media usually means when speaking about hackers. The term was brought to use by hackers proper, to differentiate themselves from the cyber-hooligans and intruders. The term does have some problems, as 'cracker' is also connected to another gray-zone activity in computing - breaking various means of copy protection (serial numbers, registration nags etc; the activity has some connection to hackers as well, as some of them sometimes engage in such activities, based on the hacker maxim "Information wants to be free". However, most hackers proper do not endorse unlawful behaviour). It also means a certain kind of cookie in American English.

However, the difference is there. A cracker is someone who uses a computer in an illicit manner, typically for unauthorised entry to other systems. Classical hacker ethic will allow such entry occasionally - for some, 'peeking in' without doing any harm is acceptable; for some, intrusion as a pedagogical measure ("I told you that you have these things wide open here!") is allowed, more certain cases of 'ethical intrusion' include loss of administrative password or other similar means (e.g. sudden death of a network administrator). Many hackers know cracking techniques to a degree, to be able to better protect their systems. But in general, harmful and also profit-seeking intrusion is universally considered a Wrong Thing. A large share of hackers tend to believe in the principle of cause and effect (some call it Karma, others Kant's Cathegorical Imperative, yet others refer to the words of Jesus), so any harm is likely to return to the source.

(A side note: actually it is surprisingly common to find either religious people or the ones with a well-defined life philosophy among hackers; this may be connected to the very 'hacker-y' will to know 'how things work'). However, it is very difficult to find aggressive fundamentalists of any kind - the hacker community tends to value tolerance.)

Cracking is sometimes considered a part of the 'larval stage' by hackers proper, not unlike pranks and misconduction of little children is tolerated by adults (to a certain point). Many young crackers will grow up and become real hackers (remember the employment of many notorious crackers by security firms!), but some will not.

Phreaks (phone phreaks, phreakers)
Phreaking is usually defined as exploring and exploiting of telephone networks. Today, this is a dwindling kind of activity - many techniques which flourished during the days of analog phones do not work in today's automated digital networks (the US replaced the last old networks with T1 lines in June 2006). It is still possible to phreak in countries with older phone technology, and new technologies are not 100% safe either. However, it might mean an end to phreaking as a separate discipline - it will possibly gradually merge with high-profile cracking.

Early phreaking used to be tolerated and even rather widely practiced by hackers, as the telephone system was an 'undiscovered world' which offered many new things to find out. Also the insistence of information freedom probably played its part in development of a wide range of 'boxes' to alter the behaviour of standard phone system. In the US, local calls have been free for a majority of country since the beginning, only long-distance ones were billed. Hackers sometimes felt that by not paying, they did not take away anything from the phone company (who had plenty of money after all), so early phreakers often strived for making long-distance calls for free by modifying or exploiting the phone systems, using various ingenious solutions. However, as the network landscape gradually became more regulated while the Net became affordable and accessible for ordinary people as well, phreaking started to merge with other cracking forms.

Script kiddies
These are mostly either would-be or poorly-skilled crackers. When crackers tend to have quite good (albeit specific) knowledge on computers, kiddies typically have just enough knowledge to get their software tools running. But when a talented, but malicious crackers uses his talent to create tools to empower a much larger number of not-so-bright but diligent kiddies, the result can be ugly enough.

More than often, the kiddies do amply possess one resource, and it is their time. A 'no-lifer' kiddie can dedicate a large share of his day to unsophisticated entry attempts to many networked computers. And given the uneven (at best) security situation in today's Internet, success is almost guaranteed in at least some of them.

Until quite recently, the kiddie action tended to result only in defacement - one's webpage was either distorted or replaced with another one claiming the victory (in the key of "K00l D00dz owned d1s s3rw4r. U suck! R2ging F2rting B2dger"). Some really evil ones might have wiped the hard disk. However, recently the kiddie action tends to change towards serving the digital underworld of botnets, spam propagation and malware creation. Such kiddies form the lower class of network criminals, checking lots of machines for vulnerabilities, exploiting them, installing rootkits and turning the resulting zombies over to 'bigger boys'.

Black, white and grey
The 'coloured hat' notation is mostly used among security professionals and related circles. In this scale, a 'white hat' is someone who uses his/her security knowledge to improve and secure system (by our definition, a hacker). A 'black hat' is someone who tries to break security (for us, a cracker). A 'grey hat' is someone who may do either this or that - these people are not so common, but they do exist. A distinguished cracker might help his/her friend to secure his/her computer, and there are cases of well-known hackers doing questionable things (perhaps the best example is Randall Schwartz). Many former 'black hats' have changed their colors - some grew out of their hooligan days, some where caught, served their time and were later employed by the 'light side' (happened even to the former uncrowned king of black hats, Kevin Mitnick).

The 'coloured hat' scale does not deal with different motivations and ethical issues, as opposed to the 'hacker vs cracker'. It is mostly limited to the practical results and consequences of one's action.