back to article 'Ethical' hackers say: It's just hacker. To be one is no longer a bad thing

Ethical hacking is a "redundant term" but to be a "hacker" is no longer a bad thing, according to proponents of the cybersecurity art form known as "penetration testing". One-time Lulzsec hacker Jake Davis and his deportation-proof hacker mate Lauri Love appeared at a talk organised by pentesting biz Redscan in which the great …

  1. Anonymous Coward
    Anonymous Coward

    Ok...

    *tumbleweed*

  2. Blockchain commentard Silver badge

    Surely a hacker is someone who hacks things together (hardware or software). A cyber-criminal is someone who breaks into someone's computers.

    1. A K Stiles Silver badge
      Coat

      continuing the 'safe' analogy

      kind of like a safe-cracker really...

    2. Chronos Silver badge
      Flame

      Precisely

      The word never had the negative connotations portrayed until the bloody media (Bishop Facks voice) twisted it out of all recognition, probably at the behest of some Sir Humphrey who was worried that hacking things together rather than buying shit was fun and legions of technically literate hackers would be a little harder to bullshit.

      1. veti Silver badge

        Re: Precisely

        Yeah well, joke's on him then, because if there's anything the last 30 years have shown us, it's that "technical literacy" makes people, if anything, slightly more susceptible to bullshit. That's why so many engineers defected to Isis.

        Remember, this is Lauri Love we're talking about - self-confessed, indeed proud, hacker of a great many systems that he had no plausible right or reason to access. The only reason he's not in an American prison right now is because the UK gov't said, essentially, "we can't send him over there because he's not mentally competent to survive it". I'm struggling to see what makes him an authority on ethical anything.

    3. LucreLout Silver badge

      Surely a hacker is someone who hacks things together (hardware or software). A cyber-criminal is someone who breaks into someone's computers.

      I'd just add "without contractual permission" to that. I break into other peoples computers from time to time, but only on their specific prior request and with their full knowledge of what I'm up to along the way.

  3. Not also known as SC

    Hackers v Crackers?

    I thought that they already had the term cracker for the bad 'uns and hackers were the good guys / gals???

    1. Anonymous Coward
      Anonymous Coward

      Re: Hackers v Crackers?

      I'm surprised nobody kicks off about the term cracker being racially insensitive. That means something very different in some parts of the world.

      1. Khaptain Silver badge

        Re: Hackers v Crackers?

        In my part of this desperate planet, Western Europe, a cracker is something upon which you might add some cheese, or other savoury item, and then nibble on said delicacy..

        If it means something racially insensitive elesewhere then that is their problem because it means that they participate in the usually collective enjoyment of sharing canapés..

        So, hands of my cracker......

        Almost any word or combination of words will offend someone, somewhere on this planet.. You can't keep everyone happy, it just can't be done.

        And no, I don't want to know what your version means or who it offends.

        Alternatively a cracker, at least in my book, is someone who can, or who has removed the protection element from a given piece of software. Usually done through the software debug, reverse engineering or having successfully understood Fravia's various courses...

        1. JoeySter

          Re: Hackers v Crackers?

          Cracker, code cracker. Usually a passive exercise. Hacker, is more active. It doesn't tend to relate to hack together as much in programming. IE, a hack job. Instead it tends to relate to hack into, similar to break into. As in to hack and slash. It does get confusing because on the programming side it's also relevant to hacking something up and also hacking on the keyboard to create something. The term has quite a broad meaning given it really just means to crudely chop or peck at something. Crack can be similarly confusing because you can crack something apart to get inside. Generally though they were used passively and actively. It's one thing to solve a puzzle and another to apply various skills and knowledge to gain or force entry into something.

      2. stiine Silver badge

        Re: Hackers v Crackers?

        True, but we're not thin-skinned and we really don't care what you call us.

      3. LucreLout Silver badge

        Re: Hackers v Crackers?

        I'm surprised nobody kicks off about the term cracker being racially insensitive. That means something very different in some parts of the world.

        Yes, it meant something very different to the gang that were yelling it while stomping my face into the floor.

    2. bombastic bob Silver badge
      Devil

      Re: Hackers v Crackers?

      "already had the term cracker for the bad 'uns and hackers were the good guys / gals"

      This has been the case for 2 decades or more over on USENET. Also white-hat vs black-hat, etc..

      Also a hacker does not necessarily have to be related to computers. From various resources, the term 'hacker' may have originated from the use of an axe to make furniture. In short, it's someone who typically uses unconventional methods to get results, often superior results.

      Hackers find their way into engineering and "think on your feet" jobs. I expect there are hacker cops, hacker firemen, hacker soldiers and sailors, ALL the time!

      But you'll probably find most of your computer-hacker types in engineering (electronics and computer, mostly), IT and security related, and so on.

      There's also hardware hacking, popular among RPi and Arduino fans.

      A 'good hack' might even be using spit and bailing wire to fix something... [this sort of repair goes WAAAaaay back, like a farmer that needed 'that' to work and only had some bailing wire and basic tools available to fix it]

    3. veti Silver badge

      Re: Hackers v Crackers?

      If the idea is to communicate with people, it's best to use words that they know and attach the meanings that they understand to them.

      The hacker/cracker distinction will fly in some contexts, but to expect everybody in the country to respect and maintain it - is not going to happen. It's like when "engineers" complain about sharing a job title with the guy who fixes the boiler. Sorry, but that's how the word is used. Get over it.

  4. Danny 2 Silver badge

    Grey hat hackers

    I never saw a coder wearing a hat. In the 1980s I was the only child at my school who wore a hoodie. I still do, because bad hair, not bad intentions.

    1. Anonymous Coward
      Anonymous Coward

      Re: Grey hat hackers

      Bad hair?

      You sure your mum isn't still doing your clothes shopping?

      1. Danny 2 Silver badge

        Re: Grey hat hackers

        Both are true.

    2. bombastic bob Silver badge
      Devil

      Re: Grey hat hackers

      I have a nice black western style hat, an Indiana Jones replica. but it does not affect my hacker style, which is white with a touch of grey.

      Hats came back for a short time in the 80's, probably because of Michael Jackson. Also Adam Savage from Mythbusters always wore a western style hat.

      A good example of 'grey hat' hacking: writing an anti-virus that propagates itself whenever an internet virus (think 'Code Red') tries to infect the machine that contains it, shutting down the virus on the 'attempting to infect you' infected machine, and THEN disinfecting the infected machine with your anti-virus, but without the machine owner's permission. Code Red actually made this possible, because it left a back door on a known port that could be exploited to shut down IIS, stopping future infections and the constant pounding on the rest of the internet.

      1. stiine Silver badge
        Trollface

        Re: Grey hat hackers

        You only used all caps for the word 'then'. Are you ok?

  5. David Nash Silver badge

    It doesn't matter what the origins or "real" meanings are, to the media hackers are bad, and so the term needs the "ethical" label when they are not.

    Similar to how the media redefined Troll to mean bully.

    1. Cav

      The media didn't redefine troll as bully. A troll is a trouble-maker.

      The origin of hacker, relating to technology, is from the 1950s and MIT, meaning anyone tinkering or working on tech. Intention is key. "Ethical" is not just necessary for "media reasons" but because there really are ethical and unethical hackers. If you intend to cause harm then you are unethical. The word hacker itself needs the adjective.

      1. DontFeedTheTrolls Silver badge
        Headmaster

        "The word hacker itself needs the adjective."

        A, with you.

        So it's like Journalist, and Ethical Journalist

  6. amanfromMars 1 Silver badge

    The Quicker Alternate Root ..... Quantum Communications?*

    And they're easy to find. Right? ®

    You might like to believe and think that they find you for Future Systems Field Testing. It prevents one from being left behind enfeebled and exercised by the past.

    What you know new today is surely proof of life and of progress here being made elsewhere new too.

    If you learnt nothing new today, you are in a State of Stasis ......in a being long gone and to be left behind for the future?

    If you know a few super state secrets, are they expensive to buy and store stealthily and securely, or grateful purchased at whatever cost to ensure with the remote virtual assurance of the SWIFT System, that fiat papers, which are as empowering endorsements with generous endowments, are still to be revered and held relevant and up to the future tasks of today via the simplest of expedients and experiments made available and tenable with many forms of secret state aided grants gladly payable to,... Well, Trusted Source and Well Trusted Sources are a Good Starting Point?

    Crikey, that question and sentence takes a few breaths.

    * Where this here is that there and together for elsewhere something else quite different and immensely engaging.

  7. 0laf Silver badge
    Meh

    Back in the day a long long time ago.... hacker were enthusiasts who toyed with systems and technology out of interest not malice.

    Crackers however hacked things for criminal intent.

    Delighted to see that after about 40yr we're back where we started.

  8. Anonymous Coward
    Anonymous Coward

    Developers Programmers

    Terms change, personally think hacking is no longer fit for purpose outside of the maker community

    If your a...

    pen testers and other professional hackers are "Security" Specialists, in much the same way a former special forces person is a "security" specialist

    State employed "security" specialists would have a rank belonging to which ever govt/miliatary budget pays for you

    Everyone else up to no good and a skiddy

    In v broad strokes

  9. imanidiot Silver badge

    RIght...

    Are we sure these are the best people to be talking on the subject given their history?

  10. Mr Dogshit
    Paris Hilton

    Where does Jennifer Jacuzzi fit into this?

  11. Anonymous Coward
    Anonymous Coward

    Remember about a month back...

    ...when there was a story about the search for "stock pictures of infosec that does not involve hoodies or waterfalls of 0s and 1s"?

    Ironic that this story not only uses a thumbnail of a hoodie-wearing "hacker" being drenched by a shower of binary 1s and 0s, but that it's the exact same stock cliche they used for *that* story!

    (Now that I think of it, didn't The Matrix teach us that digital rain was supposed to be made up of backwards numbers and randomly messed-up Japanese characters anyway?)

    1. sum_of_squares
      Trollface

      Re: Remember about a month back...

      C'mon, we all know hackers wear hoodies all day e'ry day.

      Don't try to fool us!

  12. Anonymous Coward
    Anonymous Coward

    The difference between a regular hacker and an ethical hacker is permission and intent. Ethical hackers only hack on their own devices or they have obtained permission to hack someone else's device(s) and it's never done to bring damage or harm to the owner. "Cracker" on the other hand is something completely different that the media incorrectly perpetuated. Cracking is an activity through which access is gained to protected software... analogous to cracking a safe combination. The result of said activity was a "crack" that was applied to the software that allowed the user unrestricted access. A few of the more popular cracking groups from back in the day were Phrozen Crew, DEViANCE, and CONSPI4ACY. Go here for proper history lesson:

    https://en.m.wikipedia.org/wiki/List_of_warez_groups#Cracking_groups

    http://www.thefullwiki.org/Phrozen_Crew

    1. Mike 16 Silver badge

      Left to their own devices

      --- Ethical hackers only hack on their own devices or ... ---

      Trouble is (and I say this as someone called a hacker by others before the media got hold of the term), there are fewer and fewer cases of _anybody_ actually owning the devices currently in their homes or on their persons (but definitely not under their control). Imagine the trouble Winston Smith might have gotten into for even trying to find the off switch on "his" Telescreen.

  13. amanfromMars 1 Silver badge

    Real Prime Time Crack Hacker Thinking with Targets for Blasting and PenTesting

    "to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill." … Sun Tzu, The Art of War

    "Whoever controls the media, controls the mind" …. Jim Morrison

    "We are fast approaching the stage of the ultimate inversion: the stage where the government is free to do anything it pleases, while the citizens may act only by permission; which is the stage of the darkest periods of human history, the stage of rule by brute force." …. Ayn Rand

    "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein

    “The most dangerous man, to any government, is the man who is able to think things out for himself…Almost inevitably, he comes to the conclusion that the government he lives under is dishonest, insane, and intolerable.”—H.L. Mencken, American journalist

    “You shall know the truth and the truth shall make you mad.” ... Aldous Huxley

    "Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent's fate." …. Sun Tzu

    "The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary." ..... H. L. Mencken

    “I am concerned for the security of our great Nation; not so much because of any threat from without, but because of the insidious forces working from within.” ... Douglas MacArthur

    “In wartime, truth is so precious that she should always be attended by a bodyguard of lies.” … So said Winston Churchill, the grandmaster of fake news.

    Visionaries speculate about what is to come. Pioneers can report it to IT

  14. Disk0
    Coat

    It’s 2019 and

    Carbon meatbag units can still be easily compromised by misuse of technical vocabulary. It seems super-flu-ooze that any of this would need explaining in the vulture’s domain, heck I’m just a dorking cracker harkening to uncorker knackered croakers, and farked fruitarian fanware out of Cork, if possible esthaetically, which is very much metrically and morally snuberior to pan testing and makes for better copy.

  15. Anonymous Coward
    Anonymous Coward

    I agree. The term "Hackers" was coined at the MIT for people (usually computer people) who were using unconventional and witty ways to approach a goal. Throughout the early years/decades of what later would become the internet, "hackers" became more of an umbrella term for different areas of what is usually called hacking in the media: "phreakers" being the people trying break into systems connected to public telephone networks, "crackers" being people trying to crack software protection (usually offline) and so on..

    It's important to notice that "hackers" aren't merely the people trying to bypass protection measures, but it's a whole subculture with includes various fictional characters (Neuromancer being one of the most popular books here), events (i.e. capture the flag) and whatnot. Basically "hacking jargon" is closely intertwined with the internet culture in general and influence many different subgroups in the aftermath. Many contemporary references in gamer culture or general pop-culture actually come from the leetspeak of the "original nerds". For a quick reference duckduck the jargon file which might still be floating around somewhere in the interwebs.

    My personal definition of "hackers" would be: "People who don't like technical restrictions and try to break the rules."

    If we are nitpicking, hacking doesn't even have to refer to IT (see the term "life hacks"), this is also the FSF/GNU definition of the usage of the word hacking:

    https://www.gnu.org/philosophy/words-to-avoid.html#Hacker

    Stiff I think it's kinda ironic that the "Free software song" of the FSF start with the words:

    "Join us now and share the software; You'll be free, hackers, you'll be free."

    Because of the close relationship of hackers and "security breakers", the term hacker was used by the media for decades to describe what the GNU project would call "crackers". Personally I think the word hacker is so common that this whole debate is a moot point, media will always use the word hacker for "people breaking into computer systems".

    So basically we are just talking marketing here. Maybe a CEO feels more comfortable with paying for "InfoSec experts" than paying for *gulp* hackers. Maybe we feel better by claiming "Nah, I'm not black hat haxx0r, not even a grey hat!". Maybe we want to distinguish certain groups by saying "he's not one of THOSE guys, he's an ethical hacker!".

    At the end of the day it's all just hacking. "Security experts" like to look down at skiddies (aka. "skript kiddies"), but isn't this who most security experts started in the first place? To me these are all simply different stages of development. A 20 y/o guy might feel more inclined to deface some website of people with bad political opinions. A 40 y/o dad of three children has a responsibility for his family and tries to protect companies he would have attacked 20 years ago. A guy who is good with codecs refers to himself as "cracker", because today things are so difficult that nobody can be a jack-of-al trades anymore. But still that's all just a matter of personal opinions and tools. It's all just hacking, so calm the flip down.

    It's just "hacking" mom, no biggie.

  16. DontFeedTheTrolls Silver badge
    Childcatcher

    Ethical Hacker, Ethical Paedophile

    If you are hacker, claiming to be ethical or not, you are on the criminal side of the fence.

    Penetration Tester is the approved term for someone whos engagement is by contract to undertake the activities.

    It might be the same skills in use, but it remains critical to keep the distinction otherwise all sorts of bedroom based keyboard junkies will justify their hacking by claiming it was ethical. Or are we suggest such a thing as an Ethical Paedophile exists?

    1. amanfromMars 1 Silver badge

      Re: Ethical Hacker, Ethical Paedophile

      Can you imagine the anxious consternation in Unethical Paedophile Groups?

      What think they of a such a shift in emphasis, and the likely worthy penalty for unethical non-compliance?

      Warrant those vast mined fields of deserved calamities and you be practically on your own and virtually excommunicated. It is most definitely an extremely quick self-destructive path to continue to travel whether just starting out or consistently returning to with unethical thoughts to exercise and realise.

      Now it cannot be said an Inscrutable Informative Warning was never given and received.

  17. jake Silver badge

    Definitions ... in this context, of course.

    A hacker is somebody who takes things apart ("hacks") to see how stuff works. They can often figure out how to put it back together and make it work better than the original. Hackers built TehIntraWebTubes, and many other things that you use every day of your life.

    A cracker is a minor subset of hacker. Crackers break into things after figuring out how to get past their security, usually using the work of actual hackers. Most hackers can crack (but don't, unless asked; it's an ethics thing), but most crackers can't hack their way out of a wet paper bag (see: Script Kiddies).

    The article only mentions cracking. I'll leave it as an exercise for the reader to decide if it discusses any skiddies, or if any actual hackers were consulted.

  18. JoeySter

    The wheel turns...

    Being a hacker wasn't much of a bad thing culturally baring context. Originally hackers weren't considered criminals but people with super computing powers that could be either good or bad. At least in media portrayals. In the real world of crime most hackers fell into the category of activists or people exploiting systems that shouldn't have been exploitable.

    When I was a kid hacking was a defacto passtime online. Everyone did it to some degree, it was cool and an intellectually stimulating as well as enlightening exercise. Hacking was the national sport of the internet. Some people played Starcarft, some people played Runescape, but everyone hacked.

    It's more in the modern era that it takes on a worse meaning more consistently because of the modern reach of technology. Historically hackers were hacking banks, governments, etc. They weren't hacking you or more specifically private individuals at scale. People in generally at global scale weren't traditionally targets of hacking.

    Hacking has also taken a turn into being taken up by serious or organised crime and institutes people don't have a very high opinion of.

  19. Anonymous Coward
    Anonymous Coward

    The Richer you are the less ethical standards you hold.

    The Richer you are the less ethical standards you hold.

    Some of my Clients have been sh*t, but I only accept contracts that make me happy with myself.

    I wish they could drop the hoody bravado though, most of us are over twelve.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019