Hacker and Cracker

May 21st, 2008 at 16:57 · Filed Under Blogging, Call Me a Geek, Computing, Hacking, Security

I received an email from my sister, M. In her email, she pointed out I should not label myself as “hacker”. Well, I could not agree to her opinion so I decided to write this post entry to clear the name for all hackers.

Many people have watched too much Hollywood movies and have developed a perception that hackers are bad guys. They do not understand, nor can distinguish the difference between Hacker and Cracker.

Very well, Hacker and Cracker are like Good Sorcerer and Bad Sorcerer. Hackers are generally referring to a group of programmers or software engineers who dwell into codes of a computer system to find faults or loop holes so that the functionality, usually, security of the computer system can be improved. Hackers are also contributing to many open source device drivers to be used in open source software such as Linux. They study how a device communicates with a computer system without any documentation from the manufacturer (sometimes, some device manufacturers are reluctant to release technical information fearing their competitors may steal their secrets) and write codes to allow the device to communicate with the operating system.

Some hackers visit websites to look for security loop holes and put a file there to indicate their successful hack. Usually, they cause no disruption or damage but to alert system administrator of such security vulnerabilities. One of my website was hacked by hacker from Turkey last week. No damage or disruption caused but simply alerted me of security vulnerability. I quickly corrected the security flaw.

Hackers also study computer codes (binary or source) to learn about a computer software system so to rebuild another similar computer software system for the interest of know-how or to improve the software system. Instead of hacking, reverse engineering best described this type of activity.

Crackers, on the other hand, have the intention to harm or steal. They look for security vulnerabilities to get access into your computer system to cause disruption or steal your information for illicit purposes. Their ultimate goal is to cause damage or to gain something from you to be used for illicit activities, such as stealing your financial accounts or credit cards data for their financial gain.

There are many hacker organizations, for instance, BlackHat. It holds many international technical conferences and training around the world to improve information security.

Laypersons who do not understand the meaning of hacker generally think hacker is a bad guy. Being a hacker myself (sometimes), I just want to clear the name for hackers. And to show the good nature of a hacker, please read here and here.

Tags:

Comments

12 Responses to “Hacker and Cracker”

Zhang Wei on May 21st, 2008 17:54 1

I absolutely agree with Adrian. Most people know only hacker but lack of understanding the differences between hacker and cracker.

Being a software engineer myself developing software for satellites in Xian, I often need to do some hacking to learn how some codes work and to find security loop holes. Due to incomplete technical documentation, my team also do a lot of reverse engineering or hacking to learn about software systems developed by other developers.
Adrian Hoe on May 21st, 2008 17:57 2

I didn’t know you do reverse engineering until your post.
Adrian Hoe on May 21st, 2008 17:58 3

I usually reverse engineer from source codes rather than from executable codes.
Zhang Wei on May 21st, 2008 23:07 4

I prefer reverse engineer from source codes too but I hate bumping into obfuscated C codes!
Adrian Hoe on May 22nd, 2008 8:32 5

You will hate dragon very much because she was once notoriously known (among her peers) for writing obfuscated C code.

Now, she writes beautiful Ada codes!
Zhang Wei on May 24th, 2008 21:41 6

Obfuscated code is to prevent others from understanding your code, or to slow down the process of reverse engineering.

Not a good practice in our field. I think dragon has a reason to do so.

张薇
dragon on May 25th, 2008 15:51 7

One of the main reasons I wrote obfuscated code was to prevent my works being copied by others. The rests were just out of fun.

龙
Adrian Hoe on May 30th, 2008 10:54 8

A great way to fight plagiarism! Smart idea.
Allison on October 5th, 2008 18:57 9
I’m studying basic cyberlaw and I read about hacking and cracking. Both are treated as crime in law context.

These two have particularly caught my attention because I remember you wrote about the differences between a hacker and a cracker.

My lecture notes has rather vague definitions in both hacking and cracking. It says:

“Hacking in simple terms means an illegal intrusion into a computer system or network.”;
“The motive behind the crime could be as a result of greed, power, publicity, revenge, adventure, desire to access forbidden information, etc.”
(refer to Section 3, Malaysia’s Computer Crimes Act 1997)

Whereas cracking means “an illegal intrusion into a computer system or network with a criminal intention of causing harm”.
(refer to Section 4, Malaysia’s Computer Crimes Act 1997)

In fact, both definitions could apply to cracking alone, right?

You know in some countries like India, the law does not even distinguish between hacking and cracking. So long an unauthorized access is initiated, it is termed as “hacking” regardless intentions. In other words, all sorts of cyber crime conducted by the crackers are accounted “hacking”. Pretty derogatory to those professional hackers (and to you), eh?

Have you ever read the book Cybercrime: A Reference Handbook, authored by Bernadette H. Schell and Clemens Martin? One of its chapters tells the nature as well as the history of hacking and cracking. It has also included some interesting case studies that distinguish between the “good guy” (hacker) and the “bad guy” (cracker).

About the “Good Sorcerer” and “Bad Sorcerer” you mentioned, they are actually more precisely termed as “White Hats ” for ethical hackers and “Black Hats” for crackers. These two terms originated in US from black-and-white western movies, where often, the heroes would wear white hats and the villains would wear black hats.

The book also includes six principles of White Hat Hacker’s Ethic which are quoted from the other book:
1. Access to computers–and anything that might teach individuals something about the way the world works–should be free.
2. All information should be free.
3. Authority should be mistrusted, and decentralization of information should be promoted.
4. Hackers’ status in their community should be judged by their hacking prowess, skill sets, and outcomes–and not by irrelevant criteria such as formal educational degrees, age, race, or societal position.
5. Both art and beauty can be created on computer.
6. Computers can, indeed, change one’s life for the better.
~ Steven Levy, 1984.
Correct me if I’m wrong. These are exactly your ideals of “civilization” in your 文明和野蛮 post, yes?

I have a funny idea actually, hope you don’t mind. I think maybe I should dub you “Mr. White Hat” for you’ve upheld these principles so strongly. The name certainly suits you because you have been wearing a natural white hat (hair) for years.

Back to the topic. Now I wonder. Why did the Black Hat founder name its organization as “Black Hat” instead of “White Hat” in the first place?
Adrian Hoe on October 6th, 2008 7:36 10

Yes. Black hats are indeed referring to malicious hackers and white hats are referring to ethical hackers. I don’t know why Black Hat founder, Jeff Moss’s (also founded Defcon), intention of naming Black Hat. My guess is that he believes in “Good guys still wear black.” Bad guys wear black but not all guys in black are bad. This is based on the ambiguity of the word hackers.

Hacker and cracker disambiguate the ambiguity. Both terms are product of modern/advanced society. There are a lot of grey areas between both.

The Malaysia’s Computer Crime Acts show the immaturity and incapacity to differentiate hacking and cracking. It is stupid to give definition to ambiguity such as hacking without knowing the black (bad) and white (good) and the grey sides of it.

Although I labeled myself as hacker, but my skill is inadequate to become a hacker myself. I labeled myself hacker because I like hacking and sometimes I hack. Speaking of skill level, I am still far behind than those people in Black Hat, Defcon, etc.
Adrian Hoe on October 6th, 2008 7:39 11

文明和野蛮 or civilized and barbaric are also ambiguities in many context depending how and from which perspective you see it. In a civilized society, the use of law to suppress its people is hegemony and barbaric. Treating prisoners badly, providing them dog food, etc is barbaric in a civilized society.
Allison on October 6th, 2008 9:15 12

Adrian: “My guess is that he believes in “Good guys still wear black.” Bad guys wear black but not all guys in black are bad.”

If so, isn’t “Grey Hat” a better term? I read about “Grey Hat” from wikipedia. I don’t know how exactly the Turkish hacker did to your website but it seems he is better categorized into this “hat group” huh?

Actually, none of these terms (hacking and cracking) are found in the statute. The statute merely defines the offensive acts that shall be treated as crime. One should see most of them apply to crackers if he knows how to differentiate hacking and cracking.

The problem is many law lecturers do not have a deep understanding in this area and they barely scratch the surface of it. Thus wrong concept has been passed down from generation to generation. I believe such phenomenon happens somewhere else. Some people could have realized it, but I can tell majority of them never. Frankly, if I had never read your post, I would stick to the wrong concept too. Anyway, I agree that the Malaysian cyberlaw is still at an immature stage.