It was several months ago that I noticed the discussion at Jason Scotts blog about the definitions for hacker and cracker. I would add to that mix the term coder, because it will become important in the details of own definition of each of those terms.
Three important facts will I mention right from the start:
- There are hundreds of definitions for the term hacker out there and they are all different ranging from portraying a hacker as an ethical and selfless whiz kid who does things for the greater good to the evil and selfish wannabe who cannot create stuff himself and thus prefers to destroy other people’s work.
- The meaning of the word hacker did change over time. People used the word in much broader terms in the past and even outside of computers.
- Mass media put their mark on the term and helped to add to the confusion and misconception.
I recommend avoiding the use of the words whenever possible, because everybody perceives and understands it different. Especially if you are using the words in a positive context are misunderstandings just waiting there to happen. Instead of cracker, use “computer-crack” or in instead of hack, use the term ”exploit” or “workaround” instead for example. However, if you have to or want o use the terms, clarify what you mean by them and not just let the terms out there on their own.
My definitions incorporate the changes in the computer industry and the fact that it is not the world of single mainframe computers at individual universities anymore. Computers became a commodity and a large number of users are normal people today, who are not geeks and often not have very much practical understanding of the matter at the same time.
A “hacker” is for me a person who is an “advanced power user” and not necessarily somebody who is a programmer. A person who analyses software, tests it, automates requests via tools to scan a broad range of possible options in a short time-period. A person who wants to gain access and or control over another system by exploiting known security flaws, using brute force (scanning, dictionary attacks etc.) or human weaknesses and flaws (why use parents the first name of one of their child’s as password so often?). He maybe finds technical security holes by accident, but is not the one who can seek them out as well. The hacker was spending time to find out the new frequencies for ATT, MCI or SPRINT to break their lines, scanned for valid calling card numbers, attempts to find new working credit card numbers by creating similar siblings from an existing credit card that works etc.
A “cracker” is for me somebody who “eats code raw”, a person who is comfortable using software debugger, mostly doing debugging at the Assembler level. A cracker enjoys dissecting other people’s code and “fixes” little inconveniences and “flaws” in software, like skipping license key input screens to speed up the software installation process. Crackers are not necessarily great programmers themselves, but have a deep understanding of technology and computer software.
A “coder” is somebody with remarkable programming skills. A coder is this type of person who spends countless hours on something of little or no practical value (just by itself), just because he wants to figure it out. Things like writing a program that listens to IO operations of a hardware component and displays it on the screen, which looks like your TV screen, if you did not select a TV channel, showing nothing but seemingly random noise.
Each One Could be One, Two or all Three of Them at the same Time
A hacker could be a cracker and coder as well, but often are the three different types of characters found in three distinct and different persons. They can excel by working together in conjunction with each other and as part of a group.
I reduced my definitions to what kind of skills each of them has and less on what exactly each skill is being used for. That each of the people is often living in its own little world is probably true. The world they live in is not always the same world normal people perceive as reality.
Hypothetical Collaboration between a Hacker, Cracker and Coder
If you ask how the collaboration between a hacker, cracker and coder would look like, here is how I see it. The hacker would be the person who is in charge and coordinates the efforts. He is the one who has clear goals and ideas in his head. He would be the one, for example, who thinks up how a tool would have to work to do something very specific. The coder could write that tool for the hacker.
A port scanner for example (just to keep it simple) could be such a tool. The hacker needs a cracker, if the hacker encounters specific software and cannot get around it by using brute force or guessing. He would try to get a copy and have the cracker take a look at it to find flaws or have him create an altered version, the hacker could try to sneak in as replacement for the original.
By Default Neither Good nor Bad
Here is a positive example to avoid the misconception that it is all about breaking into something and stealing data etc. What they do and what they do it for are two distinct and very different things and independent of the definition.
The coder writes a piece of software. The hacker tests the software thoroughly and approaches it from all kinds of different angles. He does in essence the quality assurance. The cracker is the one who is looking under “the hood” and checks the software for deep build in flaws and errors.
In the example of a piece of security software would the coder write the interface to enter the password, the encryption routines etc.
The cracker checks the code to make sure that the encryption is strong enough and that nothing is being exposed that reduces the effectiveness of the protection, like loading the key pairs in plain text into the memory for processing and stuff like that.
The hacker checks more like things such as minimum keyword length, supported characters and flaws in the interface.
The best encryption is worthless if the password can only be a set of numbers and the password is three digits long = only 1000 possible combinations which can be tried out in no time, via a script or even manually.
The best protection software is also useless, if you can simply press ALT-F4 and close it and then be able to move on and do what you want to do anyway. The hacker is the one who would look for this kind of stuff.
That is my take on this whole thing and I am convinced that most people would be comfortable with it, if they think about it for a moment, including hackers, crackers and coders themselves.
What are your thoughts on this subject? Feel free to comment below.
Carsten aka Roy/SAC