Terms 12 Definitions and Questions Hacker Hacker is a term used to describe different types of computer experts. The meaning of the term, when used in a computer context, has changed somewhat over the decades since it first came into use, as it has been given additional and clashing meanings by new users of the word. Currently, "hacker" is used in two main ways, one complimentary and one negative. It can be used in the computing community to describe a particularly brilliant programmer or technical expert (for example: "Linus Torvalds, the creator of Linux, is a genius hacker."). In popular usage and in the media, however, it generally describes computer intruders or criminals. A possible middle ground position observes that "hacking" describes a collection of skills, and that these skills are utilized by hackers of both descriptions, though for differing reasons. The companion situation which illustrates this is the skills involved in locksmithing, specifically picking locks, which is a skill which can be used for good or evil. Cracker A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system. Hacker / Cracker Q/A Q: What is l33t speak? A: Pronounced “leet speak”, from “elite”. A system of spellings of English words or phrases using numbers and symbols to replace common letters and featuring deliberate misspellings. Supposedly the “language of hackers”, in reality it’s used more seriously by the “script kiddie” crowd, although it is commonly used jokingly by experienced Internet users. http://www.bbc.co.uk/dna/h2g2/A787917 l33t Some common l33t words/phrases: 0wn3d – beaten in a humiliating fashion, compromised h4x0r - hacker, can be used for a real hacker or simply a very skillful person. l4m3r - Lamer, someone who is lame, someone who uses an unfair tactic or generally makes the things around him or her less fun. n00b - Short for noobie, misspelling of newbie; someone who is new to something, or just not very good at it. L33t was brought into the height of its popularity by the webcomic “Megatokyo”, with the following early strip: l33t Hactivism Formed by combining “hack” with “activism,” hacktivism is the act of hacking into a Web site or computer system in order to communicate a politically or socially motivated message. Unlike a malicious hacker, who may disrupt a system for financial gain or out of a desire to cause harm, the hacktivist performs the same kinds of disruptive actions (such as a DoS attack) in order to draw attention to a cause. For the hacktivist, it is an Internet-enabled way to practice civil disobedience and protest. Hactivism Q/A Q: Give me 1 pro and 1 con to hactivism, in terms of the person doing it. A: Pro: Their message is seen by all the people who would normally use a resource (it’s down in the case of DoS, a web page is defaced, etc.) Con: Hactivism is illegal. In addition to potentially getting you arrested, it links your cause to criminal actions and vandalism, which can have negative PR. White Hats The term is derived from American western movies, where the good cowboy always wore the white cowboy hat and the bad cowboy always wore a black one. "White Hat" usually refers to hackers who don't break the law, commit any offense or engage in any malicious activity as part of their hacking. The term is now commonly used by security consultants who offer hacking/penetration testing as part of their services. When they find a hole in the system they alert the operators so they can fix it. Black Hats A malicious or criminal hacker. This term is seldom used outside of the security industry and by some modern programmers. The general public use the term hacker to refer to the same thing. “Black hat” hackers steal information, plant viruses, and wreak havoc. Grey Hats "Grey Hat" is the term often given to hackers whose actions are not malicious but whose hacking methods may cross legal or ethical lines. It's also used to categorize hackers who may at one stage have broken the law in their hacking activities, but who have since come across to the more ethical white side. “Gray Hat” describes a cracker who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts without malicious intent. The goal of a gray hat is to improve system and network security. However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. This differs from the white hat who alerts system owners and vendors of a vulnerability without actually exploiting it in public. “Grey Hat” Hackers don’t commit crimes but may give information to Black Hat Hackers who will. Hat colors Q / A Q: Why (as a grey hat) post flaws publicly? A: Many times, white hats say that when they notify a company privately of a security flaw, the company ignores them or attempts to silence them. By posting the flaw publicly, the company is forced to take action to correct the flaw, lest it leave a known security hole in place. Script Kiddies In computing, a script kiddie (occasionally script bunny, script kitty or skiddie) is a derogatory term for inexperienced crackers who use scripts and programs developed by others, without knowing what they are or how they work, for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems (see DoS). In general, they do not have the ability to write these kinds of programs on their own. Such programs have included WinNuke applications, Back Orifice, and Sub7.Script kiddies, instead of attacking an individual system, often scan thousands of computers looking for vulnerable targets before initiating an attack. This is similar to wardialing and wardriving in which the attacker isn't looking at one specific system, but instead anything that is open and looks interesting. The term is also often used as a derogatory moniker for individuals who do not contribute to the development of new security-related programs, especially exploits, but rather benefit from the work of others. Sys Admin The term system administrator, abbreviated sysadmin, designates an employment position of those people responsible for running technically enchanced information systems or some aspect of them. They often deal with the setup and maintenance of computers and networks. System Administators also work on more than just computers, such as the interaction between humans and technology, and the enhancement of business process's through technology.