What is a Hacker?
Hacker – a technological crossover artist
“A hacker is someone who tries to find a way to make toast with a coffee machine.”1 This is a well-known quote that describes one version and perspective on hackers. Another version and perspective is that “the annual damage to the German economy as a result of cyberattacks amounts to 223 billion euros”.2
From a neutral point of view, a hacker is simply a person who explores the limits and mechanisms of a technology, a computer, a programme, a network or a website.3 Similar to a journalist, the term hacker is not protected. This leads to a list of interpretations, below are some of them:
A hacker is a person who
- enjoys exploring programmed systems, gaining knowledge and building skills.
- understands circumventing or overcoming limitations as an intellectual challenge.
- programs (well) with great enthusiasm.
- knows a specific programme inside out.
- appreciates the value of hacks.
- seeks access to knowledge, information or resources that he or she and others are denied.
The person does not have to
- sit in front of a computer disguised with a hoodie and/or sunglasses.
- work in a dark room lit only by the monitor light.
- be active on several computers at the same time.
- living in the single mother’s basement or garage.
In other words: there are many (pre-)judgements and clichés that are conveyed in various feature films or TV series, but must have little in common with reality. In short: there is no such thing as a typical hacker.
Types of hacker
Although there is no such thing as a typical hacker, there are usually three types:
- A black hat hacker is a person who acts with criminal intent. For example, he or she wants to steal data or install ransomware. He or she is not interested in sounding out technologies, but in maliciously crossing borders.
- A white-hat hacker is a person who penetrates a system or network but does not cause any damage. What sounds a bit strange at first glance makes sense if this person is acting on behalf of the system or network operator. Companies have a great interest in identifying and closing their own IT vulnerabilities before competitors or criminals can take advantage of them. Security authorities (usually) have an interest in protecting companies from attacks. Any sounding out of a system with its corresponding protection systems is therefore done in consultation.
(In requirements engineering, so-called misuse cases offer an approach to identify the misuse of products or functions. The aim is to derive requirements from the findings in order to make products, functions, systems, etc. more secure).
- In the case of a gray hat hacker, it is not possible to directly determine the intention behind the attack on a system, network or website. In some cases, the persons involved want to publish “secret” data in order to draw public attention to grievances. In other cases, it is about blackmail, with the aim of getting organisations to take certain actions. Grey is neither white nor black, grey is grey.
The motivation is therefore decisive for the categorisation. Interestingly, this leads to a conceptual distinction that, while not universally found in common usage, is indicative of an underlying ethic:
Hacker versus cracker
In the 1980s, media became aware of hackers and focused their articles mainly on the security breaches or criminal activities committed by a few individuals. They ignored everything else that had to do with hacking. The result: the public’s perception and the self-perception of many hackers are still very different today. This misunderstanding could easily be corrected by distinguishing between hacking and cracking, between hacker and cracker. A black hat hacker is a cracker, he is criminal and acts unethically. In contrast, the white-hat hacker acts like an ethical hacker4 , for whom various principles of hacker ethics apply. These principles are named by the Chaos Computer Club:5
- Access to computers and everything that can show you how this world works should be unlimited and complete.
- All information must be free.
- Distrust authority – promote decentralisation.
- Judge a hacker by what he does, not by common criteria such as appearance, age, species, gender or social standing.
- You can create art and beauty with a computer.
- Computers can change your life for the better.
- Don’t trash other people’s data.
- Use public data, protect private data.
These principles of hacker ethics are intended as a guide and a basis for discussion.
Impulse to discuss:
What measures do you think are useful to make employees aware of the dangers of hacking?
Notes (Partly in German):
 The quote comes from Herwart Holland-Mortiz, also known as Wau Holland. He was a co-founder of the Chaos Computer Club.
 Deutsche Welle: 220 billion euros in damage due to cyber attacks.
 Since hacking has become a kind of popular sport and there are, for example, growth, life or trash hacks, it could also be a person who solves problems in an unorthodox way, creates workarounds or misuses products and services.
 Various courses or certificates on this can easily be found on the internet.
 Hacker ethics is based on the book Hackers – heroes of the computer revolution by Steven Levy.
And here you will find additional information from the t2informatik Blog: