Your JoeDog has blogged about cyber intrusions recently. (Yeah, we know, how about discussing something else?) In these discussions, he tends to avoid the terms “hacked” or “hackers.” While those words commonly refer to infiltrations and intruders, they are erroneously applied by the tech media. Hacking is an ethic to which hackers subscribe.
This ethic was popularized by Steven Levy in the book “Hackers.” To Levy, the last true hacker was Richard Stallman, founder of the Free Software movement.
In the early 1980s, software producers began putting restrictions on their products and stopped distributing their source code. This put a damper on the hacker community which was used to a free flow of information. Stallman was peeved that he couldn’t freely alter, copy and share licensed software with colleagues. It struck him as highly unethical. In “Hackers” he contrasted this ethic with his own:
“The hacker ethic refers to the feelings of right and wrong, to the ethical ideas this community of people had—that knowledge should be shared with other people who can benefit from it, and that important resources should be utilized rather than wasted.”
When it became apparent that he couldn’t fight City Hall, Stallman decided to build his own operating system. Its copyright would mandate code sharing. You could use the source however you liked as long as you published your changes and made the source available. Distributors could not restrict access to the code. This is the essence of the GNU Public License.
So the key points of hacker ethics were free access, freedom of information and the betterment of all. Yet somehow the term is now almost universally known for breaking-and-entering. Are these people hackers? Well, maybe.
Your JoeDog considers guys like Richard Stallman hackers. He considers himself a hacker as well. When dickheads were attacking his site, he published his method of thwarting them. That’s hacking. Breaking-and-entering guys? They’re just dicks.
Unfortunately, Your JoeDog doesn’t control the lexicon so the term is now applied to the world of cyber-security. And within that community, subcultures have formed. We now have white-hat, black-hat and grey-hat hackers. The first group is dedicated to finding, publishing and fixing security flaws. They are most assuredly hackers that Stallman would recognize.
Black-hats are dedicated to finding and exploiting computer vulnerabilities. Are they hackers? It’s a tricky question: they could be. There are many who publish and share their vulnerabilities. They may do that for LULZ instead of a desire to share for the betterment of the community but the result is the same. These guys often benefit the community but it’s a small community comprised of other black-hats. They tend to restrict information to the outside world.
Grey-hats are morally ambiguous types who fall in between the white and black communities. Your JoeDog considers them the least likeable of all the dark side. Grey-hats are the guys who will work within the white-hat community then sell a zero-day exploit on the black market. Fsck those guys.
As a general rule, if the tech media properly applies the term “hacker” then it probably pulled a Homer, i.e., properly applied the term despite the ignorance of the author.