Security

Hackers and crackers: a lesson in etymology and clear communication

The term "hacker" has a meaning older and more respectable than its common usage in mainstream journalism. Familiarity with that history and its implications can help you make sure your audience understands your meaning when you use the term.

The term "hacker" has a meaning older and more respectable than its common usage in mainstream journalism. Familiarity with that history and its implications can help you make sure your audience understands your meaning when you use the term.


The term "hacker" gets abused, misused, and overused regularly. Its roots in reference to computers reach back to the early days of the MIT Artificial Intelligence lab. The MIT AI lab shared a lot of members with the MIT Tech Model Railroad Club, and borrowed the term from there.

A nominal "file" containing the collected wisdom of several generations of hacker culture has grown over the years under the name The Jargon File, and at one time a variant edited by noted and controversial Open Source Initiative co-founder Eric Raymond was published as The New Hacker's Dictionary. Raymond, also known widely as ESR, maintains his version of the Jargon File online for free public access. Within that Jargon File version, the most relevant definition of "hacker" reads:

A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.

A number of other definitions and comments follow, some of which refer at least obliquely to a heuristic common ethic within hacker culture, which tends to value elegant innovation, information freedom, and collaborative effort.

Some time three decades ago (give or take), the term "hacker" began to take on a different meaning in popular media — including mainstream, nontechnical journalism, and eventually in movies and other fictional entertainments. Given the tendency toward sensationalism, many might consider mainstream nontechnical journalism to be "fictional entertainment" as well, particularly in cases where hackers in the sense defined in the Jargon File bristle at the insulting references in mainstream journalism to hackers as people who perpetrate criminal mischief using computers.

This misuse of the term "hacker" to refer to criminal mischief by way of information technologies probably came into being as a result of the fact that, occasionally, members of hacker culture at MIT and elsewhere would get themselves in a little trouble by letting their curiosity get the better of them. One can easily imagine that a couple of newspaper articles referring to a self-described "hacker" getting in trouble with university administrators (or even the law) could lead to the term taking on a kind of life of its own as more and more journalists made faulty assumptions — or even conscious decisions — about how the term should be used in sensationalistic reporting.

Reactions to this from the decentralized, amorphous hacker community have been many and varied, but perhaps most notable among them have been attempts to deprecate the misuse of the term in popular media by replacing it with terms that are either more appropriate or more insulting (or both), but are always distinct from "hacker" in some way. An early attempt was to apply the word "worm", and in retrospect it is easy to see how that would never make it into mainstream journalism. A slightly less early attempt, and one that is championed in the Jargon File, is "cracker", explained in some sources as a portmanteau of the phrase "criminal hacker". The latter is also described as appropriate due to its use in reference to criminals who break into safes: "safe crackers".

Unfortunately for such attempts, the effort has met with mixed success at best. In fact, technical journalists and similar technology media have been increasingly infected with this tendency to abuse the term "hacker" over the years, including the misuse of the term in articles right here at TechRepublic by subject matter experts in their particular fields. From such technically oriented media, it has also leaked into the fringes of hacker culture, such that some have started using the terms "white hat", "gray hat", and "black hat" to refer to various ethical classifications of people who possess the skills necessary to commit computer crimes, whether they use them to criminal ends or not. Such usage is still objectionable to many who feel that the broader uses of the term "hacker" are being marginalized while people unworthy of the term are being backdoored into it.

Of course, the question of whether a term specific to people who use computers to nefarious ends is even needed is an obvious point of contention. Just as we do not refer to mass murderers who commit their crimes with knives by a term different from those who do so with bombs (mass stabber?), there seems little need to refer to people who commit (for instance) fraud with computers with a separate specific term from that used for those who commit fraud with postal mail. Both are "fraudsters", and often "con artists" of some description. In fact, while there seems to be some almost pathological need to sensationalize criminals who use computers as their tools of choice with a romantic name, there seems no particular need in popular media to do the same for those who commit crimes with postage stamps.

Some of us have simply taken to referring to people who commit crimes, using computers, by purely descriptive terms. One of my favorites is "malicious security cracker", because it perfectly describes the breed: people who crack security with malicious intent. One need not have the skills and knowledge of a proper hacker to crack security; in fact, as demonstrated by those specimens many people call "script kiddies," who do nothing but use automated tools created by other people to enact some kind of juvenile mischief.

Occasionally, the more bland term "criminal" is still used as intended when referring to people who commit crimes, even when the crimes involve computer networks. This is a good choice far more often than it is actually used, particularly if you have any interest in avoiding insult to the very people who helped create the Internet itself: real hackers.

Some have argued that a purely democratic descriptivist approach should be taken to defining the term. Because more people (or so they claim) associate the term "hacker" with people who commit criminal acts with computers, we should just accept that as the standard meaning of the word, they say. The problem with this is one that academic linguistic descriptivists would recognize as significant, however: there is another use for the term that has no meaningful, really appropriate alternative. To simply assign the word a definition in line with journalistic misuse due to perceived popularity of that usage is to strip another definition of its word. Meanwhile, perhaps dozens of terms can be applied in cases of criminals using computers to malicious ends.

This topic has been addressed to some extent already in the article Hacker vs. Cracker here at TechRepublic. It is one of those topics that is never really settled, however, as proved in discussion following Deb Shinder's article Hiring hackers: The good, the bad and the ugly [sic]. Inspired in part by that article, and in part by community member Neon Samurai's comment that he would "like to see a rebuttal from any of the authors who does have an accurate understanding of the community," the purpose of this article is to make the topic fresh again in the minds of TechRepublic's readers (and contributing writers).

If you absolutely must use some hyped-up, thoroughly unnecessary, sensationalistic term, consider "cybercriminal" as an option. It seems that "cyber" as a prefix is all any term needs to make it exciting in the eyes of the gullible and ignorant. If such excitement is your aim, "cybercriminal" is certainly shinier, newer, and more delicious than "hacker".

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks