The term "hacker" originated at MIT, from the Tech Model Railroad Club. Its original meaning is obscured, but it first started being used in the early nineteen-sixties to refer to people who bucked conventional methods, and approached technology from a more informal aspect. These people were tearing down the existing technology, learning its inner workings and then reinventing it. They took the original technology far beyond the capabilities that were envisioned by the original makers. While the term now usually refers to those working in the field of software, it was originally used in conjunction with those working with electronics and hardware. It can be used in association with any ingenious use of technology.

Changing Semantics:

Since those early times, the meaning has changed profoundly in the mainstream media. Soon after the release of the movie Wargames it took on a new meaning. When Wargames was released, it was the early nineteen-eighties, and personal home computers were just becoming popular. The stereotypical image of the teenage geek using a computer to hack into corporate and military computers was born, and a new generation bought into the myth of hackers.

It has become a derogatory term. Hackers are seen as technologically adept, but they are also seen as people who are interested in doing damage, or causing disruption. The media and the government have provided several examples of the antisocial, criminal hackers -- such as Kevin Poulson and Kevin Mitnick. The media hype is provided, but the whole story is seldom told. There is even a site that claims to educate kids about the evils of hacking with a "Just Say No" campaign.

The Hacker Landscape:

The hacker landscape is immense. Anyone can pronounce themselves a hacker -- kids trading games on Usenet, someone who just defaced a web page, or a journalist who just learned Visual Basic. Not everyone is equal, and not everyone is dangerous. The best way to dissect the culture is to evaluate three features of a hacker -- Skill, Intention, and Motivation.

Skill:

Most of the hacker population is not particularly skilled. Skill level is subjective, and contains many gray areas. The largest group of self-styled hackers is probably only capable of using a single operating system (Windows 95/98) and doesn't really understand how the technology works. Their main method of hacking is downloading pre-canned programs, usually in binary (prebuilt) form. This group is frequently referred to in the hacker community as Script Kiddies. They do not have the capability to build their own exploits, or to modify existing ones. This doesn't mean that they aren't dangerous. As the latest exploits are released into the wild by their betters, the script kiddies will download them, and try to attack systems. This can cause system compromises, denial of service (DOS) attacks, or simply annoying network traffic. Script kiddies will repeatedly try an exploit against machines that are not vulnerable. Frequently, when they do compromise a machine, they show that they have no clue as to what they are doing, like trying to use MSDOS commands on a Unix machine.

A few have greater skills, gained through a formal education, or through self education. This group has the capability to use and run several operating systems. They have at least basic programming skills, and the ability to gain additional skills if necessary. The low end of this group can take an exploit in source form, do any additional setup steps required, and get it to compile on a target system. Others are capable of modifying source code to compile and run on nonnative systems and even develop custom variations of the exploit. This group presents a challenge to the system administrator. You can expect more sophisticated attacks from this group and you will see mutations of existing attacks. To keep a system safe from this group will require a system administrator that is well educated, up to date on the latest exploits, and is creative enough to ID exploit variants and develop counter measures on the fly.

The last 1% (or even less) are the ones out there actually developing the new exploits. Not only are they skilled programmers but they know the deep inner workings of the systems that they intend to exploit. Even this group can be stratified. The lower strata are creating exploits and releasing them into the wild, usually not notifying software makers before release. The highest strata are developing new exploits but are probably holding them very close. They are either consulting with the software maker before public release or developing these exploits to be held secret by larger organizations. One may never effectively be able to protect themselves against this group. They are a completely unknown factor - it is never known when they will develop something new or from which direction it will come from. These are the people that make no system 100% secure.

Battling brain cells is the common thread for protection here. A system administrator in the low 90% percentile skill level cannot protect himself against an attacker in the top 9%, and has absolutely no chance against anyone in the top 1%. If system security is of value, the defender must acquire and hold on to the brightest people in the field.

Intentions:

What are these hackers trying to do? The intentions almost fall out like Dungeons and Dragons characters: Good (Constructive), Evil (Destructive) or Neutral. Of course these are colored by what sides of the equation the defender and the hacker are on. Intentions can also change. A Neutral intention may develop into a Destructive intention or fall back to a Constructive one.

Destructive (Evil): The intent is to either destroy the target, disrupt the target's ability to function properly, or compromise for ransacking/spring boarding. This may manifest itself in a web page defacement, a DOS attack or the stealing of sensitive data for personal gain. Some times a target will be compromised only to be used as a base to launch attacks at the true target (spring boarding). No collateral damage may be seen by this site but it has been successfully used to mask the attacker's point of origin. Destruction and DOS attacks are usually the mark of the unskilled or under skilled. Compromise, especially stealthy compromise, is the mark of an intelligent hacker.

Neutral: A neutral intent is where a hacker may break in, but just looks around and does no damage. While most administrators may not think of this as very neutral, it is in the parlance of hackers. In fact this is the credo of the "hacker ethic". Most of the old school hackers will fall into this category.

Constructive (Good): These are the people who are working directly in the information security field. They are administering a system, or exploring exploits in a safe environment (such as a closed network). A Constructive hacker may have, at some time in their career, been a Neutral or even Destructive hacker. Most hackers have a mischievous streak and can't help but to break the rules once in awhile.

Motivation:

Motivation is the area that is the most difficult to pin down. Skills and intentions can be generally categorized, but motivations are usually unique to each hacker. Some of the most common motivations are below.

Technical Knowledge: Technical Knowledge has been seen as the main motivation for the old school hacker. Often a hacker will, above all else, crave a better understanding of how a system works. To do so requires going beyond the confines of the normal user. Since a system administrator will seldom give higher access to an unknown user, the knowledge seeking hacker will obtain access on their own. A knowledge seeker is always in exploration mode. A closed door is an irresistible temptation. In most cases, for the knowledge seeker, the hack itself is the objective. Once the hack is completed, or the access gained, the operation is completed.

Peer Respect: Peer Respect plays a significant roll in the hacker community, especially among the younger or less mature members. Unfortunately, this often manifests itself into a contest of damaging systems or defacing web sites. By far the majority of web defacements are motivated by Peer Respect.

Control: Often the hacker is seeking some level of control. There is a kind of high associated with gaining root or administrative access on a machine. Root access is the holy grail of the hacker and is the badge of the 31337 (pronounce elite) hacker. Once root access has been obtained, it is common for the hacker to send email to fellow hackers from the systems root account to announce the conquest.

Ego: There are some hackers that have enough Ego to fill several rooms. But, it is often found that their ego far outpaces their skill. Coupled with a need for peer respect, this hacker may go after targets far beyond their capabilities or play cat and mouse games with authorities -- often resulting in capture. If a skilled hacker can control their ego and know their personal skills and capabilities they are a much greater threat.

Fun: It has to be said that fun is an integral part of hacking. If there wasn't some form of joy in hacking then few would get involved. Just like any hobby it is a recreation for the hacker. Many hackers are gainfully employed and not always in the field of system security. Hacking is their time to give themselves intellectual challenges that might not be present in their school or work environment.

Moral Agenda: Hacking may be a means to and end for some. There are Eco Hackers, Political Hackers and Ethical Hackers. They have latched on to a personal crusade. Besides Peer Respect this is the next often seen motivation for web defacements. "Free Kevin" has been the battle cry for many of them. Often government and military sites are targeted due to political agendas ranging from the disgruntled citizen to a radical political organization. Moralistic agendas have been taken on by some to form vigilante groups that fight for their causes with hacker skills. It is expected that this will become a growing area for hacking in the future. As governments and businesses develop a greater web presence this opens themselves to attacks from any party that holds a grudge and Internet access.

Free Access: The younger hacker or the foreign hacker may be seeking free access. Often the hacker doesn't have the financial capability to maintain a regular net presence and in many countries local phone calls and network access are charged at a metered rate. This financial burden often drives hackers to seek methods of free access. This can range from hijacking user accounts to stealing credit card numbers. The intent here is usually not direct monetary gain but extended or supplementary access to network communication. Free access is a common thread with Phreakers. They may hack to obtain free long distance voice access and have very little interest in the actual computer systems that they compromise.

Money: There are some hackers are truly in it for the money. They can be loners but may have been recruited by larger organizations. Activities can range from stealing credit card numbers, selling confidential information or opening "data pipes" for other groups. Money is a universal motivation in any field.

Boredom: Sometimes the hacker is drawn in due to boredom. Either a lack of interest or lack of challenge in their job or school will provide the motivation to seek hacker activities. An informal survey shows that many hackers are easily bored due to ADD, ADHD, depression or tangential thought processes making it difficult for them to conform to regular school and work activities. Most hackers are self educated. Even when possessing a formal education they seek opportunities to self educate in noninstitutional settings. Hackers are drawn to new challenges, and may work feverishly to reach a single goal only to drop the whole project once the initial objective is met.

Aliases:

Many Hackers utilize Aliases in their activities. An alias provides both a level of abstraction from their true identity and a recognizable signature in the community. It should not be assumed that just because a hacker uses an alias that their intentions are destructive. Use of an alias does not mean that a hacker is actively hiding their true identity or that they are "deep underground". Aliases provide a level of abstraction from the hackers work-a-day identity and activities. Aliases can also provide a non-gender specific and non-age specific identity. Most hackers wish to be judged by their knowledge and experience, not on their gender, age, job title or degree. Aliases can range from nonsense words to popular characters in literature. They can be references to technology or special interests and can provide an insight to the hackers personality and skills.

Typical Hacker Profiles:

Below are listed some of the more common hacker profiles. Again, this is not intended to be an all inclusive list. New hacker types spring up so quickly that it is difficult to keep track of them. But, more often than not they will possess some of or a combination of the qualities listed below.

The "Old School Hacker": Usually more mature in both age and personality the old school hacker is more intent on expanding their knowledge base. They may have passed through a Cracker or Warez stage in their career but have moved on to more personally fulfilling pursuits. More settled down than others you may find them as professionals in corporate or academic settings. They have a strong adherence to the hacker ethic in that they explore but do no damage while still maintaining that mischievous streak . They are usually tempered in the knowledge that could do a lot more damage than they actually do but the risks of such activity out weight any transient benefits. As a result, they usually frown on destructive hacking and may be thought of having sold out or gone corporate by the younger members of the hacker community. Often, they will be will versed in multiple operating systems including several flavors of Unix and are capable programmers.

The "New School Hacker": Still enamored with the pursuit of power and ego the New School Hacker seeks to be the rebel. They crave to have society fear them while on the other hand they try to publicly justify their actions. They usually possess low to moderate skill level and tend to congregate in informal groups that actively advertise their 31337ness (eliteness). Quick to squabble with other hacker groups they often partake in challenges to one-up each other in system intrusion and web page defacement. Most of their knowledge will be with Windows or Macintosh products with some venturing in to the Unix world. They may be just starting to learn programming and the members are often of high school and college age.

The "Script Kiddie": Either new to the hacker scene or unwilling to invest in new skills the Script Kiddies entertain themselves by downloading and using the latest attack programs and scripts. More often than not they are working exclusively with Windows machines and have no programming knowledge and very little system knowledge. The Script Kiddie is more interested in effect than knowledge and will use their programs to wow and annoy friends and strangers. They actively seek out new sploits (exploits -- i.e. attack programs) and may feverishly protect their stash. If the Script Kiddie took the time to educate them self they might graduate to the level of New School Hacker. Many of the Script Kiddies congregate on AOL and are prevalent in online chat rooms or IRC (Internet Relay Chat).

The "Warez Kids": The Warez Kid's main objective is to pirate software. This may include attack scripts but is mainly targeted towards PC applications, media files and game machine software. Their form of hacking is confined to trading illegal copies of software either through IRC, FTP or Web pages and trading cracks or codes to overcome software copy protection. The best skilled are developing software patches to eliminate copy protection or developing new methods of ripping (copying) and distributing their warez. They like the Script Kiddie they can be ravenous about protecting their collection of software and actively engage in an underground bartering market of copied software. Often, the warez kid is an additive game player and is compelled to have the latest and greatest ("zero-day") version of any game. Sites that are major game developers like ID software, developer of Doom and Quake, are the target of hacking attempts to get pre-release versions of their games.

The "Phreaker": The Phreaker is wholly different breed of hacker and often prefers not to be referred to as a hacker (a separate taxonomy could be done for The Phreaker). The Phreaker is discussed here because they often use hacking tools to obtain their objective which is knowledge of and access to the telephone system. With the telephone system now almost exclusively (in the U.S.) controlled by computer, the successful phreaker must have some hacking skills. As with the hacker, the skill level varies greatly, ranging from basic toll fraud to a deep understanding of telephone systems. Phreaking was much more tied with hacking in the days prior to the Internet when hacking information and warez were traded exclusively via dial up bulletin board systems (BBS). To access these BBSs, often located outside of the local calling area, the hacker had to learn phreaking skills to circumvent long distance charges. The modern phreaker will concentrate on infiltrating the network of telephone switches and corporate PBX systems providing them with free long distance service and at times the ability to reroute or eavesdrop on telephone calls.

The "Cracker": The term cracker is sometimes used in the media but is usually used by hackers to differentiate themselves from these criminals. While the hacker is supposed to conform to the hacker code of ethics the cracker is someone with malicious intent, who is out for destruction or personal gain.

The "Glam Hacker": (A new term invented by the author and associates) The Glam Hacker is keenly interested in the hacker scene. While they may possess a full range of skills they are interested in presenting a certain persona. They are often adorned in multi-colored hair, multiple piercing, tattoos, or a Goth look . The Glam Hacker is often used in the news and advertising media to represent the whole of hacker society when actually they occupy a small niche.

The "Ethical Hacker": Not to be confused with the "hacker ethic" - Ethical Hackers are using their skills to fight a perceived ethical battle. One of the best known is EHAP (Ethical Hackers Against Pedophilia). Their reported activities have ranged from simple reporting of child pornography material online to actively breaking into sites to destroy child pornography servers. These reports have often been exaggerated or fabricated so it is difficult to determine their true activities and effectiveness. There has been much debate in the hacker community about ethical hacker groups. Since, in many instances, the activities of the Ethical Hacker conflicts with the Hacker Ethic. While some hackers see ethical hacking an opportunity to use their skills for good and to help build a positive image for hackers in the media and amongst law enforcement others have seen them as providing hackers justification for vigilantism and destructive activities.

The "Lamer" : Lamer, Luser, Clueless, Newbie, Cluebie -- all are the unskilled and unwashed masses of the hacker community. A deprecating term, the Lamer has little to no skill and has even less knowledge of hacker society. Asking trivial and unintelligible questions and causing flame wars are typical of the Lamer.

The "Poser": As with any culture or sub-culture there are outsiders that will attempt to portray themselves as insiders. This is true in the hacking world too. The Poser will exaggerate their skill level and boast of elite hacks to gain acceptance and access to hacker groups. A knowledgeable hacker should be able to ferret out posers fairly quickly although those less skilled or experienced may be sucked in by their tall tails. The Poser is different than the Charlatan in that the Posers motivation is mainly group acceptance. Posers usually start a quick back peddling when confronted with intelligent challenges to either their claimed skills or deeds

The "Charlatan": Hacker culture has evolved beyond its underground status and has developed into a viable business opportunity. Government agencies and corporations are hiring hackers for security work, system administration and as high paid consultants. Hackers are hosting security related web pages which can attract big money advertisers. They are producing cutting edge security tools both commercially and open source. Book deals are being cut and movies are being made. Where there is a buck to be made the Charlatan will materialize so, it is no surprise that there is an increasing number of them appearing in the hacker society. There was even a site devoted to uncovering one of these Charlatans. Unfortunately, even after they are exposed, either the word doesn't get out or their rhetoric is so strong that they continue to be referenced as credible sources in the main stream media and in professional circles. Like any other good con artist they can still make their marks and retain their zealots after damaging exposure.

The "Hacker Groupie": Like any other sub-culture or fringe culture, the novelty and rebelliousness that it represents attracts groupies. Usually they are associated with the more organized hacker groups but can be centered around specific individuals. Not all groupies are female, the boys are attracted to strong, rebellious, personality cults also. At least one hacker group (although tongue-in-cheek) actively encourages groupie like devotion and regularly puts on a show at hacker conventions which are a cross between revival sermon and rock show.

The "Uber Hacker": The elite of the elite: the Uber Hacker knows all, sees all, and can walk through walls like a ghost. He is more a mythical creature than an actual group or individual.

Industrial/Foreign Espionage: This is a serious individual or group funded through either a corporation or a government. They are a real and true threat and have the skills, resources and financial backing to meet their objectives. They are a very different beast than the main stream hacker and will rarely be seen attending the larger hacker gatherings in the open. When one thinks of information warfare, these are the people that are the primary threat. They have a professionally crafted agenda and will have specifically selected targets. They may use other less skilled hackers (knowingly or unknowingly) to provide a smoke screen for their activities. They will operate from both the inside and outside of a target and may coerce or buy help from insiders.

The "Freelance Hacker": The freelance hacker is a hired gun. They may be given a target and objective and be compensated when the task is completed. Or, they may open up a data pipe, allowing their customer to explore and siphon out data of interest from a target. The freelancer is probably used by individuals or groups that cannot afford to assemble an espionage team or who want to maintain a greater distance from the hacking activity. Also, they have been used by lawyers and private investigators to obtain information to support criminal and civil suits.

The Virus Coder: Like the Phreaker, the Virus Coder constitutes a separate breed of hacker. They may be exclusively interested in the development of virus code. With the advent of highly interconnected systems and the use of embedded application scripting languages we are now seeing the expansion of virus coders into new technology areas. Trojans, worms and viruses - once separate entities - are now being integrated together to create stealthy, fast spreading, remotely deployable, and highly destructive pieces of code. Devices like Melissa, BO2K, and Bubbleboy will be the progenitors of highly integrated and multifaceted viral delivery systems.

The "Black Hat Hacker": This is a general term for a hacker that does not follow the hacker code of ethics or who is involved in cracking.

The "White Hat Hacker": This is a general term for a hacker that does follow the hacker code of ethics, or a hacker who is involved in securing and protecting information systems.

The "Social Engineer": Social Engineering is often just a single skill of hackers, but some have as much talent in this area as they do in the technical field. Social Engineers exploit what is often the weakest point in computer security - people. Preferring to work via phone, although some work face-to-face and via email, the social engineer can obtain critical pieces of information to compromise computer systems. It has been demonstrated repeatedly that social engineering is a quick, low risk, and very effective method of gathering passwords, technical and personal information. Even when passwords are not directly obtained, personal information like pet names, hobbies, phone or employee numbers can aid the hacker in guessing user passwords. A name, date of birth and social security number is all that is required for the social engineer to obtain personal and financial data which can lead to identity theft. Trashing, the act of rummaging around in personal or corporate trash bins, often provides the hacker with valuable information. Lists of user accounts, default passwords, system/network details, corporate phone books and other information commonly found in trash bins provide essential information for planning attacks.

The "Cypherpunk": The Cypherpunk is a separate class of hackers, and may not generally associate themselves with hacker society as a whole. The Cypherpunk is particularly interested in encryption, cryptography, and the protection of privacy. This interest can range from active usage of encryption algorithms, to the development of new algorithms and cryptography. Recent contests sponsored by some of the major vendors of commercial encryption tools has fired a significant interest in encryption and cryptography. Massive distributed computing efforts have been launched to break many of the common encryption algorithms. As of this writing, one of these efforts against RC5-64 is running at 126.95 gigakeys per second.

The Cypherpunk is often associated with the protection of civil liberties, and free speech. Many cypherpunks are libertarians, and are sponsers of anonymous remailers, publicly available encryption, and strong protectors of privacy and other democratic ideals. Privacy in an open society requires anonymous transaction systems. -- Eric Hughes, A Cypherpunk's Manifesto

Summary:

Hacker society is extremely varied and may be more varied than most social groups. It is constantly changing, splitting, rejoining and recreating itself. The only common bond among hackers is the love of technology and an almost genetic need to learn and explore. This need can not be quenched by laws, social etiquette, or national boundaries. Even in countries with extreme penalties, the hackers continue their craft. When properly harnessed the hacker can be a powerful technological innovator. Otherwise, they have the potential to be damaging to computer and network systems. If one is to either harness or defend against the hacker, then understanding is critical. Regardless, hackers will continue to push the boundaries of technology and socially acceptable behavior.

Last modified: Sat Jun 7 20:04:00 PDT 2003