Ask the media, then ask an older programmer from the 80’s. Maybe ask your best friend and now, ask yourself:
Who or what is a “hacker”?
This one particular word is being misused by the general public for years now, drawing the picture of that lonely criminal, sitting in an all dark room watching the matrix intro while he punches the keycaps of his keyboard with the same amount of hate he has for the rest of the world.
Or something like that.
People like anonymous even confirm that bias we have in mind. A picture drawn by people that don’t even want to understand what a hacker is at all. By just reading the first three sentences of the english Wikipedia article about the “hacker culture”, it’s clear that the terms real meaning is not even close to the one most people actually know.
That’s the part I mean:
“The hacker culture is a subculture of individuals who enjoy the intellectual challenge of creatively overcoming limitations of software systems to achieve novel and clever outcomes. The act of engaging in activities (such as programming or other media) in a spirit of playfulness and exploration is termed “hacking”. However, the defining characteristic of a hacker is not the activities performed themselves (e.g. programming), but the manner in which it is done and whether it is something exciting and meaningful.”
Two of the three references are from Interviews with Richard Stallmann, founder of the GNU Project and developer of the GNU Compiler collection. Therefore, they aren’t as objective as I would want an article on Wikipedia to be. I also think the article is focused too much on technology, which somewhat confirms the bias hacking has. Still, it does a way better job explaining what actual “hacking” is then any news station I’ve heard off.
Let’s take the parts out, that I believe are the most important to define what hacking is:
- Enjoying the intellectual challenge
- In a spirit of playfulness and exploration
- It is something exciting
That’s it. A hacker is someone who does and enjoys the three steps above. Notice how I purposely avoided technical terms and generalized it to be that way. Hacking is a way of thinking, some say it’s a lifestyle even, but I wouldn’t go that far. Another way to say what the term means is this popular quote:
“A Hacker is someone who tries to find a way how to use a coffee machine to make toast.”
(Quote is from this book)
Hacking has many forms in this world. Apart from the classical approach of bypassing any sort of digital security measurement, (most hackers I know all found a way to bypass the Internet filter back in middle / high school) many enjoy picking locks as a challenge. Some other thing that is worth mentioning is anything related to Social Engineering, the art of “Hacking people”. You don’t use code to get to your goal, you use psychology and charisma. I’ve seen a Video where a guy ordered a burger and added a note where he asked to add extra cheese to his burger, but actually ordered a different burger. This was done unintentionally as he wanted to buy the referred burger first, but changed his mind. The stressed out fast food workers just assumed he had ordered 2 burgers because one was listed in the order and one was referred to in the note. So he got two burgers and paid for one. (Story told out of memory). He basically exploited the stress of the fast food place by simply implying something, not even with a provable bad intent. That’s definitely hacking in my opinion, but not technical at all.
Using Google Dorks to find vulnerable Systems, or just juicy files is another non-technical way of hacking. Digging through github repos or through pastebin, finding database dumps or config.php files including database passwords is something literally EVERYONE is capable of. But just thinking of using plain old Google to search for those kinda files is something most people don’t do. Whenever I show someone that I can use search parameters to access a whole lot of unprotected databases by typing ONE line into my browser they are shocked, even though, the thought isn’t even that abstract. Google crawls the whole Internet for Content to allow you to search for specific parts of it. Why shouldn’t it be able to find sensitive data like that? Think about that.
I hope that post was clear enough in explaining what a hacker actually does. It’s not about stealing peoples bank accounts nor about being an “ethical hacker” who respects the laws and reports vulnerabilities. That’s irrelevant.