Analysis Tech

What is a “hacker” anyway?

Language is an evolutionary process. All words are “made up” at some point, and at another point, they gain enough acceptance by general society that they become “real.” Take “hangry” and “TL;DR” as examples. As slang as we think they are, Merriam-Webster has officially added them to their dictionary this year, among many others.

When I was growing up, the term “hacker” simply meant someone that took the available resources, whether that be equipment, code, or something else, and used those resources to build something outside of the original design. Taking parts from a dishwasher to repair a dryer? Hacker. Using computer code designed to solve one problem to run a different kind of process? Still a hacker.

These days, the term is associated with nothing but bad. I attribute this primarily due to media coverage — good things rarely get reported on, but all of the catastrophic breaches by hackers almost always do. As such, hackers become synonymous with bad. Interestingly, however, Merriam-Webster’s definition of the term “hacker” encompasses this disparity with definitions including “an expert at programming and solving problems with a computer” or “a person who illegally gains access to and sometimes tampers with information in a computer system.”

What does this mean?

What’s the difference between a good and a bad hacker? Simply put: intent.

Similar to legal jargon concerning various offenses in the physical world, hackers are generally addressed by means of intent. If there simply was no intent and the hacker found a security hole in a website, that doesn’t make him or her a criminal (or does it? I won’t get into cyber laws in this article). If another hacker found that same security hole and decided to take advantage of it for monetary gain or for stealing information that he or she shouldn’t have access to, then the story changes.


Enter the hats

Remember the old western movies? The good guys always wore white hats and the bad guys donned their black hats — a simple distinction that has kept true to the cyber world today. With this concept, the cyber world distinguishes between good and bad with colored hats. From there, it is further broken down into the slang terminologies generally only used by those in the field.

Black Hat

  • Script kiddies – those with just enough ability to run programs and/or scripts developed by other hackers (such as this program designed to overwhelm websites to take them down).
  • Crackers – derived from safe crackers, cyber crackers are those who are skilled at bypassing defenses.
  • Exploiters – those who understand vulnerabilities well enough to exploit the various weaknesses present in the code.

White Hat

  • Ethical hackers – break into programs and websites for the sole purpose of reporting the security issue to their client, and in most cases, how to fix it.
  • Penetration testers – pretty much synonymous with ethical hackers.
  • Vulnerability assessors – those who carry out vulnerability assessments. I differentiate this category from others due to the fact that they don’t leverage vulnerabilities, they report on them. This role is designed for companies to leverage to better understand their security holes.

But wait, there’s more!

Nothing is ever as simple as black and white, so we’ll add a third category to the mix — grey hats.

Grey hats are the mercenary equivalents — those who don’t bother with the moral distinction of good or bad, but will generally work for whatever purpose results in a fatter wallet or best aligns with their interests.

Now, while the term “hacker” has made it into the dictionary, the hats may not have. Depending on your source, you’ll come across green/blue/red/purple and maybe even other hats. The above is summarized from my ten years of experience in the cyber security world.


Photos courtesy of Pixabay and Wikimedia Commons

0 0 votes
Article Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
2 years ago

Very interesting Alex!

2 years ago

Thank you Alex. Years ago (6 or 7) when covering a booth at a security trade show in NYC, the exhibitor next to me was a Cyber Security company, mostly consisting of Ethical hackers. In conversation at the time they mentioned to me that cell phones did not have a lot of security and they recommended not doing banking by phone. Do you have any comments on this.

Susan B
Susan B
2 years ago

Great explanation, Alex. You made it easy for someone electronically illiterate to understand the finer points of “hacking”. Thank you for that.

Luke Ryan
2 years ago
Reply to  Susan B

Right? He’s like a translator for all things tech. I’ve got him on speed dial for all my computer problems!!

Would love your thoughts, please comment.x
%d bloggers like this: