By Kevin Beaver

Most people have heard of hackers. Hackers (or external attackers) try to compromise computers, sensitive information, and even entire networks for ill-gotten gains — usually from the outside — as unauthorized users. Hackers go for almost any system they think they can compromise. Some prefer prestigious, well-protected systems, but hacking into anyone’s system increases an attacker’s status in hacker circles.

Hacker has two meanings:

  • Traditionally, hackers like to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work — both mechanically and electronically.

  • In recent years, hacker has taken on a new meaning — someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into, or crack, systems with malicious intent. The gain they seek could be fame, intellectual property, profit, or even revenge. They modify, delete, and steal critical information as well as take entire networks offline, often bringing large corporations and government agencies to their knees.

The good-guy (white hat) hackers don’t like being lumped in the same category as the bad-guy (black hat) hackers. (In case you’re curious, the white hat and black hat terms come from old Western TV shows in which the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Gray hat hackers are a little bit of both. Whatever the case, most people have a negative connotation of the word hacker.

Ethical hackers (or good guys) hack systems to discover vulnerabilities to protect against unauthorized access, abuse, and misuse. Information security researchers, consultants, and internal staff fall into this category.

Many malicious hackers claim that they don’t cause damage but instead help others for the “greater good” of society. Yeah, right. Malicious hackers are electronic miscreants and deserve the consequences of their actions.

Be careful not to confuse criminal hackers with security researchers. Researchers not only hack aboveboard and develop the amazing tools that we get to use in our work, but also they (usually) take responsible steps to disclose their findings and publish their code.