In mainstream press, the word "hacker" is often used to refer to a malicious security cracker. There is a classic definition of the term "hacker", arising from its first documented uses related to information technologies at MIT, that is at odds with the way the term is usually used by journalists. The inheritors of the technical tradition of the word "hacker" as it was used at MIT sometimes take offense at the sloppy use of the term by journalists and others who are influenced by journalistic inaccuracy.
Some claim that the term has been unrecoverably corrupted, and acquired a new meaning that we should simply accept. This descriptivist approach is predicated upon the assumption that there's no reasonable way to communicate effectively with the less technically minded without acquiescing to the nontechnical misuse of the term "hacker". I believe it's still useful to differentiate between hackers and security crackers, though, and that terms like "malicious security cracker" are sufficiently evocative and clear that their use actually helps make communication more effective than the common journalistic misuse of "hacker".
I think it's useful to differentiate especially because there are many situations where "hack", and its conjugations, is the only effective term to describe something that has nothing to do with malicious violation of security measures or privacy. When you simply accept that "hacker" means "malicious security cracker", you give up the ability to use the term to refer to anything else without potential confusion.
Both are distinct from people whose interest in technical matters is purely professional, with no desire to learn anything about the subject at hand other than to advance a career and make a living. Many hackers and security crackers turn their talents toward professional ends, of course, and some security crackers got where they are only through professional advancement, but one definitely need not have a professional interest to pursue the path of either a hacker or a security cracker.
A hacker, in the classic sense of the term, is someone with a strong interest in how things work, who likes to tinker and create and modify things for the enjoyment of doing so. For some, it is a compulsion, while for others it is a means to an end that may lead them to greater understanding of something else entirely. The RFC 1392: Internet Users' Glossary defines "hacker" as:
A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular. The term is often misused in a pejorative context,
where "cracker" would be the correct term. See also: cracker.
The Jargon Wiki's first definition for hacker says:
A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
A security cracker, meanwhile, is someone whose purpose is to circumvent or break security measures. Some security crackers end up using their powers for good, providing penetration testing services or otherwise making efforts on the side of the angels. Many others use their powers for evil, however, as we are all too painfully aware. Both RFC 1392 and the Jargon Wiki provide definitions of "cracker" that support this use of the term.
Maintaining distinct terms for distinct phenomena is an important aspect of communication, as demonstrated in the incident I described in Managers and technologists live in different worlds, where a company executive and I used the same term to refer to two different things and failed to communicate effectively as a result. When two different phenomena acquire the same label, as in the case of hackers in the classic sense on one hand and malicious security crackers on the other, either something has to give or discussion is bound to suffer from confusion that could easily have been avoided.
The more easily relabeled of the two uses of the term "hacker" is the malicious security cracker: it is not only the more recent phenomenon to acquire that label, but also the one whose meaning is most easily evoked by an alternative term. This is why, when you read an article of mine that talks about malicious security crackers, I use the term "malicious security cracker" — and in an article that talks about hackers in the classic sense of the term, I try to differentiate clearly between these two uses of the term "hacker" before using it myself.
For purposes of clarity when communicating with others about security issues, I recommend you do the same.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.