Hacker versus Cracker!

Takeaway: The word “hacker” gets used in a pejorative sense by journalists an awful lot. Some people think this is perfectly reasonable; others find it offensive, and recommend an alternative term for that meaning. Read on to find out why.

In mainstream press, the word “hacker” is often used to refer to a malicious security cracker. There is a classic definition of the term “hacker”, arising from its first documented uses related to information technologies at MIT, that is at odds with the way the term is usually used by journalists. The inheritors of the technical tradition of the word “hacker” as it was used at MIT sometimes take offense at the sloppy use of the term by journalists and others who are influenced by journalistic inaccuracy.

Some claim that the term has been unrecoverably corrupted, and acquired a new meaning that we should simply accept. This descriptivist approach is predicated upon the assumption that there’s no reasonable way to communicate effectively with the less technically minded without acquiescing to the nontechnical misuse of the term “hacker”. I believe it’s still useful to differentiate between hackers and security crackers, though, and that terms like “malicious security cracker” are sufficiently evocative and clear that their use actually helps make communication more effective than the common journalistic misuse of “hacker”.

I think it’s useful to differentiate especially because there are many situations where “hack”, and its conjugations, is the only effective term to describe something that has nothing to do with malicious violation of security measures or privacy. When you simply accept that “hacker” means “malicious security cracker”, you give up the ability to use the term to refer to anything else without potential confusion.

Both are distinct from people whose interest in technical matters is purely professional, with no desire to learn anything about the subject at hand other than to advance a career and make a living. Many hackers and security crackers turn their talents toward professional ends, of course, and some security crackers got where they are only through professional advancement, but one definitely need not have a professional interest to pursue the path of either a hacker or a security cracker.

A hacker, in the classic sense of the term, is someone with a strong interest in how things work, who likes to tinker and create and modify things for the enjoyment of doing so. For some, it is a compulsion, while for others it is a means to an end that may lead them to greater understanding of something else entirely. The RFC 1392: Internet Users’ Glossary defines “hacker” as:

A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular. The term is often misused in a pejorative context,
where “cracker” would be the correct term. See also: cracker.

The Jargon Wiki’s first definition for hacker says:

A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

A security cracker, meanwhile, is someone whose purpose is to circumvent or break security measures. Some security crackers end up using their powers for good, providing penetration testing services or otherwise making efforts on the side of the angels. Many others use their powers for evil, however, as we are all too painfully aware. Both RFC 1392 and the Jargon Wiki provide definitions of “cracker” that support this use of the term.

Maintaining distinct terms for distinct phenomena is an important aspect of communication, as demonstrated in the incident I described in Managers and technologists live in different worlds, where a company executive and I used the same term to refer to two different things and failed to communicate effectively as a result. When two different phenomena acquire the same label, as in the case of hackers in the classic sense on one hand and malicious security crackers on the other, either something has to give or discussion is bound to suffer from confusion that could easily have been avoided.

The more easily relabeled of the two uses of the term “hacker” is the malicious security cracker: it is not only the more recent phenomenon to acquire that label, but also the one whose meaning is most easily evoked by an alternative term. This is why, when you read an article of mine that talks about malicious security crackers, I use the term “malicious security cracker” — and in an article that talks about hackers in the classic sense of the term, I try to differentiate clearly between these two uses of the term “hacker” before using it myself.

For purposes of clarity when communicating with others about security issues, I recommend you do the same.

Difference Between Computer Virus, Worm, and Trojan Horse

Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three.One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from their often damaging effects.
What Is a Virus?

A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.
What Is a Worm?

A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
What Is a Trojan horse?

A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
What Are Blended Threats?


Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit vulnerabilities.To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time.Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.