Some words are simple, like cracker; some sound more exotic, like samurai. But knowing the difference between the two—and acquiring some familiarity with other hacking terms—can help you understand potential security threats to your computer systems. This week’s Jargon Watch focuses on terms from the world of the hacker.
Hacker / hack
The term hacker originally referred to a good—even expert—programmer who could solve programming problems when there was no built-in function to do it. The solution was called a hack. However, both terms developed negative connotations after the press began using them to describe illegal computer break-ins. When hacks are taken to an illegal or malicious level, the hacker finds and exploits weak spots in the security system of a Web site or network. Journalists call these malicious persons hackers, but IT insiders often refer to them as crackers.
A cracker is someone who attempts (perhaps successfully) to break into someone else’s network or otherwise uses programming or expert knowledge to act maliciously. Crackers break into computer systems or networks to expose security holes, to steal information, to cause trouble, or just for the challenge of it. The results are generally expensive and damaging. Crackers may destroy files, steal financial information, leave behind viruses, and so on.
Hacker ethic is a set of principles that hackers often live by. It asserts that all technical information should be free to everyone, so gaining unauthorized entry into a system is not unethical if all you’re going to do is gain information. However, it is unethical—even to hackers—to do it for malicious reasons. Altering, removing, or destroying data or otherwise causing problems, injury, or expense to the network is considered unethical.
A hoover is a hacker who can suction a lot of information out of a network’s computer.
A samurai is an expert programmer who is hired to break into a company’s computer system or Web site to test for security holes.
Port-scanning is a favorite way for crackers to break into a security system. They use administration and downloadable hacking tools to send messages, one at a time, to ports in order to find out what ports are open and which computer services are running on those ports. Types of scans include the entire network (vanilla) or selected ports (strobe). Crackers try to hide their tracks by doing a stealth scan (which conceals their attempt to log on) or an FTP bounce scan (directed through an FTP server to disguise their location). They may send fragmented packets to get past a firewall, and they may do a sweep, which is a scan of the same port on many computers.
Sniffing is hijacking information intended for other computers as it goes over a shared network. Once a cracker obtains access to a network’s root (see below), the cracker puts that machine into promiscuous mode, which accepts all the packets running across the network, or into non-promiscuous mode, where it will capture sessions only from the machine it is running on. Sniffing is a very popular attack used by hackers.
Root / root dance
The Golden Fleece to a hacker is to gain root user status, since a root is the system administrator with unlimited access privileges. They can perform any and all network operations, which gives them unlimited power. In a UNIX system, crackers gain the ability to access password files and to override file permissions. They can also freely roam through the computer’s file directories. When crackers gain root user status, the door is wide open for them. No wonder they reportedly do a celebratory “root dance” when they finally succeed at gaining root access.
For additional information on security-related issues, check out some of the words we’ve previously covered in Jargon Watch—such as kernel, denial of service attack, Kerberos, and Trojan horse—in our downloadable Jargon Watch glossary. Next week, we’ll feature more security terms. If you’d like to suggest some security words, please send us an e-mail or post a comment below. Also, be sure to read the variety of security articles on TechRepublic, including “Would you risk hiring a hacker?” and an interview with SRA’s cyberterrorism expert.