The word "Hacker"

That's pretty much what I do. I just shrug and say 'that depends on how you define 'hacker' '. For those smart enough to ask how I define the word, I am more than happy to explain. For the sheep who ask if can break into other peoples computers, I usually just say 'I guess not'. That's a white lie of a sort. I probably do have the skills to break into some of the completely unsecured systems around, but (believe it or not) I have never done so.

I skipped most of the replies to this thread because it's late and I wanted to write down what the word means to me.

I fell into "the scene" a little late. By 1987 the scene was in full swing and I was just another newbie then compared to those who were around in 82-84 and earlier. Back then being a hacker or a phreaker was doing illegal stuff. Illegal access of a computing device. I don't care if you were a 'good' hacker and applied security patches, closed holes, etc. You didn't belong on that system and you were not authorize to alter that system in any way, even to improve it.

Same went with all the old school phone phreaks would find busted trunks and call in posing as an employee to report the problem so it could be fixed. They were still illegally accessing the phone network.

The same thing applies today. I don't care if you only the best intentions. Illegally accessing a computer is a crime. Probing a system should be a crime. If you pulled into your driveway and see a person you don't know, walk up your drive way to your front door, reach down for the door knob, and give the knob a twist, that in itself may not actually be a crime but if I saw someone do that I'd pound the shit out of them. It might be consider intent to commit a crime, even if it's trespass. I'm not sure though.

I do agree that the media adds their own layer of hype to the word hacker as if every one of them were breaking into banks electronically and stealing YOUR money. In some cases this is actually true, in other cases its not.

But to summarize my opinion, I don't see a problem with the word hacker having an illegal stigma to it. Even if non-consentual probing of a network was illegal, it doesn't mean that would stop me from doing it. Riding the x.25 networks for free was illegal and many of us did it anyways. So if any aspect of what you're doing is technical and illegal, I don't have a problem being lumped in with "hackers".

There are a various kinds of "hackers". Malicious ones rm'ing systems, defacing websites, using denial of service against targets. There's also hackers like mrmojo of dis.org who was kind enough to do a 'security assessment' of my linux box, initially without consent, but he did inform me of things that needed to be looked at, and then asked if he should finish the job rooting my box. If I was normal joe blow clueless person I would have been freaked out that someone did that, but being who I am, I understood the mentality behind it and didn't have a problem with it at all.

Hell, there are "security consultants" who find vulnerabilities, write up an advisory, a white paper, and then ultimately a proof of concept script which gets released into the wild where it falls into the hands of malicious people who use what originally was a proof of concept script, and turn it into the next code red virus.

Does this improve network security? Yes, in the long run, after numerious machines get rooted to 'prove a concept'. I'm not saying I don't condone full disclosure. I believe it's helps technology grow. But there will always be a downside to it that cannot be avoided.

I think the main debate about the word 'hacker' from within the community is the weight in which the word should have when it comes to skill. Should a 'newbie' who downloads back orfice or netbus or one of the various distributed denial of service programs, and goes around using someone elses work to cause trouble, be considered a hacker. Many old school people say no. In most cases I would say no too, but then I got to thinking. I used to use someone elses 950 scanner to scan for 950 codes to make free long distance calls. I used someone elses wardialer to scan my local area for computers with modems hook to them. Many of the old school people have done that as well. I didn't write nuke.c to dump people off irc but I used that countless times, and so have many of you. Of course these programs encouraged me to write my own scripts and tools which was a fundamental building block in my exploration of computers, networks and the flaws in their security, so I can't dismiss these 'newbies' as not being hackers, as long as it leads to something more than just using other people's work.

And what about those whose "hacking career" never grow up beyond back orfice and netbus? They're just wannabe's, plain and simple. They're in it for the title and nothing more. These are the bulk of the people that do the most amount of abuse. They are nothing more than technological miscreants to the community. Web Vandals. To the press they are hackers. And maybe that's ok, because hackers actually do breaks laws, and it's really up to you to decide if this is the group you want to be lumped in with. The media can use terms like black hats, grey hats,and white hats, but they will never understand. Even with "high profile hackers" such as the l0pht crew, and Peter Shipley, who try and educate the media about what "real hackers" are all about, the media still doesn't and will not understand, because those people who are trying to educate the public have long since stopped being "hackers" in it's original sense from the 80's, and have crossed that line and have become "security consultants". The illegal aspect of what they do now is gone. Now they just provide a service after you've signed a consent form for penetration testing and pay them for their work when it's done. Sell outs? No. They need things like a place to live and food to eat like everyone else does. More power to them for doing what they love to do and getting paid good for it......Anyway..

Am I a hacker? Yes. I still cross that legal/illegal line from time to time. I may work as a network administrator. My job may be to make sure the network I admin is secure, but that's just my day job.

That was a long explanation ... though you make sense ... see you tomorrow.