Security

You say cracker; I say hacker: A hacking lexicon

Crackers, hackers, phrackers, phreakers, sneakers: Is there a difference? Here's a primer on hacking nomenclatures to help you keep the bad guys and the good guys straight.


Recently, a debate broke out on TechRepublic over the use of the word “hacker” in an article describing DDoS attacks (see "TechRepublic members say the law needs to punish cyber criminals, not the victims"). Member Lee McGrevin, a systems administrator, took exception to that article’s usage of the term “hacker,” stating that the correct term for someone who launches a DDoS attack would be “cracker.”

“I am surprised that such a technical-based Web forum would stoop low enough to jump on the bandwagon of the hacker witch hunt,” McGrevin wrote. “Let’s get the record straight for those of us who wear the white hat. A hacker is someone with deep knowledge of how systems work, how to optimize them through noncommercial ways, and [how to] improve the overall quality of programs and [deal with] security-related issues.”

McGrevin basically felt that calling those who engage in DDoS attacks “hackers” was demeaning to the hacking community and a hallmark of bad reporting.

We certainly regret mislabeling anyone, although in our defense, we’d like it noted that hacking is used generically both in the media and in the IT security field to refer to illegal tampering with systems.

So to make sure no other members out there fall into the same trap we did, let’s all take a closer look at this issue.

Depends on whom you ask
In some ways, the definition of these terms depends upon whom you ask. Take, for example, the following various interpretations of hacking.

The National Security Agency (NSA) defines hacking simply as the “unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.”

By comparison, Hackers.com, an underground domain whose stated purpose is to “provide a place for hackers, phone phreaks, and other underground-related people to interact and expand their minds,” offers a somewhat more poetic and gracious definition of hacking:

“Hacking is the act of penetrating a closed computer system for the knowledge and information that is contained within. Through the study of technology and computers, a hacker can open his mind and expand his knowledge. Hacking is intended to free information and expand minds, not to be destructive nor for material gain. There is always some debate because of how the term ‘hacker’ has been both glorified and undermined by common media, but most will say that those who destroy data, hack for money, or hack with illegal intent should be referred to as ‘crackers,’ not hackers.”

On the other hand, TechRepublic member Edward Clint, a systems administrator for HealthCenter Internet Services, made this important distinction:

“No one with a real IT job calls themselves either a hacker or a cracker. …In the real world, we are Security Experts, System Engineers, Network Admins and Architects, and so forth.”

A list of terms
To help set the record straight, we’ve provided a breakdown of terms and their definitions from the "NSA Glossary of Terms Used in Security and Intrusion Detection." You might also want to visit Information Security Magazine’s online descriptions of "Perpetrator Subtypes."

Hacking Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.
Hacker A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary.
Crack A popular hacking tool used to decode encrypted passwords. System administrators also use crack to assess weak passwords by novice users in order to enhance the security of the Automated Information System (AIS).
Cracker One who breaks security on an AIS. Automated Information System - any equipment of an interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data and includes software, firmware, and hardware.
Samurai A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith.
Sneaker An individual hired to break in to places in order to test their security; analogous to tiger team.
Tiger Team Government and industry-sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes.
Ankle-Biter or Script Kiddies A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to AIS's. Usually associated with young teens who collect and use simple malicious programs obtained from the Internet.
Phreaking The art and science of cracking the phone network.
Phreak(er) An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another.
Phracker An individual who combines phone phreaking with computer hacking.

Hacking Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.
Hacker A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary.
Crack A popular hacking tool used to decode encrypted passwords. System administrators also use crack to assess weak passwords by novice users in order to enhance the security of the Automated Information System (AIS).
Cracker One who breaks security on an AIS. Automated Information System - any equipment of an interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data and includes software, firmware, and hardware.
Samurai A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith.
Sneaker An individual hired to break in to places in order to test their security; analogous to tiger team.
Tiger Team Government and industry-sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes.
Ankle-Biter or Script Kiddies A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to AIS's. Usually associated with young teens who collect and use simple malicious programs obtained from the Internet.
Phreaking The art and science of cracking the phone network.
Phreak(er) An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another.
Phracker An individual who combines phone phreaking with computer hacking.
We’d like to know: What’s your take on this whole hacker/cracker debate? Is there an important distinction between all of these terms, or is it mere semantics? Post your comments below.

Editor's Picks

Free Newsletters, In your Inbox