Last week’s class session about computer security reminded me of my childhood fascination about computers and hacking. The term “hacking” nowadays is associated with breaking into computer systems, unleashing viruses and other malicious software, defacing websites, or carrying out denial-of-service attacks. However, hacking wasn’t always about performing unauthorized or illegal computer activities. A hacker simply used to mean a computer enthusiast who delights in solving computer problems and overcoming limits of computer systems. The hacker does this out of intellectual curiosity or simply for the thrill of being able to accomplish the difficult or the “impossible” (and for bragging rights as well). I read somewhere that a hacker is someone who loves the challenge of “taking things apart to find out what makes them tick.”
Hacking, however, is now most commonly associated with computer security. To differentiate themselves from those with less “noble” intentions, hackers have coined the terms “white hat” and “black hat” hacking. White hat hackers are those who are especially adept at uncovering weaknesses in computer security. They may work for companies or governments to help make computer software or systems more secure. There are legitimate hacking conventions or contests in the US, where experts and enthusiasts share their knowledge and exhibit their hacking skills.
Black hats or “crackers” are also skilled in computer security, but they “crack” software or systems and exploit vulnerabilities for profit or some other malicious design. The “phone phreakers,” who exploited telecommunications systems, were allegedly the first crackers. John Draper a.k.a. “Cap’n Crunch” used the whistle that came with the cereal box to make free long-distance calls. Draper would later befriend Steve Wozniak and Steve Jobs, who also reportedly engaged in phreaking during their university days.
Somewhere in between the white hats and the black hats are the “grey hats” who expose security flaws and post information about the same, including the prescribed fix, on the internet. Sometimes they inform the vendor or owner of the hacked computer software or system before publishing their findings. According to a 1999 NY Times article, L0pht Heavy Industries is one such group.
There are also the “script kiddies” who are not really programmers or computer experts; they simply utilize freely available information and tools about hacking or cracking. Finally, there are the “hacktivists,” such as the hacker group Anonymous, who typically hack or crack computer systems to communicate political protests.
I believe, however, that no individual or group fits squarely into any of these categories. A script kiddie can be a hacktivist, who may also be affiliated with a white hat, a grey hat, or a black hat hacker group. A white hat hacker can don a black hat any time. A cracker may even decide to throw away his or her black hat, as in the case of reformed hacker Kevin Mitnick, who was once America’s most wanted computer criminal and who is now a computer security consultant. White hats, grey hats, and even black hats, may work for legitimate companies, or with governments, to test computer software or systems for vulnerabilities, or to monitor and catch the “bad guys.”
The point is not all hackers are bad. And, yes, not all hackers are good. Which one are you?
C M Prado, Entry # 9