A hacker is an individual who uses computer, networking or other skills to overcome a technical problem. The term hacker may refer to anyone with technical skills, but it often refers to a person who uses his or her abilities to gain unauthorized access to systems or networks in order to commit crimes. A hacker may, for example, steal information to hurt people via identity theft, damage or bring down systems and, often, hold those systems hostage to collect ransom.
The term hacker has historically been a divisive one, sometimes being used as a term of admiration for an individual who exhibits a high degree of skill, as well as creativity in his or her approach to technical problems. However, the term is more commonly applied to an individual who uses this skill for illegal or unethical purposes.
Types of hackers
The security community has informally used references to hat color as a way different types of hacker are identified, usually divided into three types: white hat, black hat and gray hat.
- White hat hackers, also known as ethical hackers, strive to operate in the public’s best interest, rather than to create turmoil. Many white hat hackers work doing penetration testing, hired to attempt to break into the company’s networks to find and report on security vulnerabilities. The security firms then help their customers mitigate security issues before criminal hackers can exploit them.
- Black hat hackers intentionally gain unauthorized access to networks and systems with malicious intent, whether to steal data, spread malware or profit from ransomware, vandalize or otherwise damage systems or for any other reason — including gaining notoriety. Black hat hackers are criminals by definition because they violate laws against accessing systems without authorization, but they may also engage in other illegal activity, including identity theft and
- Gray hat hackers fall somewhere between white hat hackers and black hat hackers. While their motives may be similar to those of white hat hackers, gray hats are more likely than white hat hackers to access systems without authorization; at the same time, they are more likely than black hat hackers to avoid doing unnecessary damage to the systems they hack. Although they aren’t typically — or only — motivated by money, gray hat hackers may offer to fix vulnerabilities they have discovered through their own, unauthorized, activities rather than using their knowledge to exploit vulnerabilities for illegal profit.
Hackers of all types participate in forums to exchange hacking information and tradecraft. There are a number of hacker forums where white hat hackers can discuss or ask questions about hacking. Other white hat forums offer technical guides with step-by-step instructions on hacking.
Forums and marketplaces serving black hat hackers are often hosted on the dark web, and offer black hat hackers with an outlet for offering, trading and soliciting illegal hacking services.
Criminal hackers, who sometimes lack their own technical skills, often use scripts and other specifically designed software programs to break into corporate networks. This software may manipulate network data network connection to gather intelligence about the workings of the target system.
These scripts can be found posted on the internet for anyone, usually entry-level hackers, to use. Hackers with limited skills are sometimes called script kiddies, referring to their need to use malicious scripts and their inability to create their own code. Advanced hackers might study these scripts and then modify them to develop new methods.
Hacker vs. cracker
The term hacker was first used in the 1960s to describe a programmer or an individual who, in an era of highly constrained computer capabilities, could increase the efficiency of computer code in a way that removed, or “hacked,” excess machine-code instructions from a program. It has evolved over the years to refer to a person with an advanced understanding of computers, networking, programming or hardware.
For many in technology, the term hacker is best applied to those who use their skills without malicious intent, but over time the term has been applied to people who use their skills maliciously. To counter the trend of labeling skillful technologists as criminals, the term cracker was proposed for criminal hackers, with the intention of removing the stigma from being labeled a hacker.
Within the hacker-cracker framework, hackers are those who seek to identify flaws in security systems and work to improve them, including security experts tasked with locating and identifying flaws in systems and fixing those vulnerabilities. Crackers, on the other hand, are intent on breaching computer and network security to exploit those same flaws for their own gain.
While technologists have promoted use of the term cracker over the years, the distinction between differently motivated hackers is more commonly referenced by the use of white hat, gray hat or black hat. In general use, cracker hasn’t found much traction.
While many famous technologists have been considered hackers, including Donald Knuth, Ken Thompson, Vinton Cerf, Steve Jobs and Bill Gates, black hat hackers are more likely to gain notoriety as hackers in mainstream accounts. Gates was also caught breaking into corporate systems as a teenager before founding Microsoft.
Some notorious black hat hackers include:
Anonymous is a group of hackers from around the world who meet on online message boards and social networking forums. They mainly focus their efforts on encouraging civil disobedience and/or unrest via denial-of-service attacks, publishing victims’ personal information online, as well as defacing and defaming websites.
Jonathan James gained notoriety for hacking into multiple websites, including those of the U.S. Department of Defense and NASA, as well as for stealing software code when he was a teenager. In 2000, James became the first juvenile — he was just 16 years old — to be incarcerated for computer hacking. He committed suicide in 2008 when he was 25 years old.
Adrian Lamo hacked into the systems of several organizations, including The New York Times, Microsoft and Yahoo to exploit their security flaws. Lamo was arrested in 2003, convicted in 2004 and sentenced to six months of home detention at his parents’ home, two years’ probation and ordered to pay about $65,000 in restitution.
Kevin Mitnick was convicted of a number of criminal computer crimes after evading authorities for two and a half years. Once one of the FBI’s Most Wanted for hacking into networks of 40 high-profile corporations, Mitnick was arrested in 1993 and served five years in a federal prison. After his release, Mitnick founded a cybersecurity firm to help organizations keep their networks safe.