Not every “hack” is bad, and not every hacker is a criminal. In fact, many hackers secure websites and companies from malicious actors. Here’s how the terms got started—and how they became misunderstood.
The Neutrality of Hacking
When most people think of hackers, they likely think of people attempting to crack into websites, steal credit cards, and attack governments. You might picture someone in a dark jacket and sunglasses, staring at a screen full of ones and zeroes as they take down an electrical grid. However, hacking rarely looks like that, and not every hacker is engaging in criminal activity.
The act of hacking is generally a neutral thing. The word “hack,” when applied to machines, was likely first used at M.I.T. in 1955. Originally, it just referred to “working on” a technology problem in a creative way—going beyond the instruction manual—with no negative connotation. Eventually, the term hacking broadly referred to using one’s expertise and technical knowledge to gain otherwise restricted access to a computing system.
There’s also a common modern meaning of thinking of a clever, unexpected, or unorthodox solution to a problem, especially outside of technology. See “life hacks.” The purpose of hacking can either be illegal, such as stealing personal data, or entirely above board, such as obtaining crucial information about a criminal operation.
The most common type of hacking reported on and portrayed in the media is known as “security hacking.” This is hacking done by looking for security weaknesses or exploits to penetrate a computer system or network. Security hacking can be done by individuals, groups, government agencies, companies, or nation-states. There are many communities that have formed around security hacking, some of which are underground.
Hackers in the Media
The media is the biggest reason why many people think that all hackers are villains. In both the news and in fictional portrayals, hackers are almost always shown to be thieves who constantly break the law. Most news stories about hackers involve nation-states fighting against each other, online data breaches, and the activities of underground hacking networks. For example, one of the most high-profile hacks in the last decade was the hack on Sony Pictures, which resulted in the leak of emails, personal details, and upcoming movies.
Note: In some circles, the word “cracker” is used to refer to distinguishing criminals from hackers who use their skills for good. These criminals aren’t just hacking on interesting technology or improving security, but are “cracking” systems for fun or financial gain. These people generally call themselves “hackers,” and the popular notion of a “hacker” in mass media is roughly equivalent to a “cracker” in such circles. This term was an attempt to take back the word “hacker,” and it never really caught on in popular culture.
Many of the most enduring portrayals of hackers onscreen were crime and thriller movies released in the 1980s and 1990s, when the understanding of hackers and computers, in general, wasn’t very commonplace. A famous example is the 1995 movie Hackers, where a group of high school students steal millions of dollars by hacking into a corporation. The portrayal is incredibly unrealistic, but these films have remained a common idea of what hacking looks like.
Another commonly reported type of hacking in the media is hacktivism, which uses hacking to bring social issues to light. While Anonymous and other hacktivist groups exist and are quite active, the widespread, sensationalized reporting on them has undoubtedly contributed to the popular image of hacking.
White, Black, and Gray Hats
There are three primary types of hackers in the world of security hacking: white, black, and gray hats.
White hat hackers, also called ethical hackers, use their technical expertise to discover vulnerabilities in systems and create protections against attacks. Companies and security teams often hire them to look for potential exploits against their computer infrastructure. White hats often engage in an activity called “penetration testing,” where they attempt to perform a cyber attack on a system in the same way that a malicious hacker might. This helps companies to create safeguards against potential attacks.
Black hat hackers are those who use their knowledge for malicious purposes. They hack explicitly for criminal purposes, such as stealing credit cards or state secrets. Criminal hackers often work in teams and are part of more extensive criminal networks. They engage in practices such as phishing, ransomware, and data theft. These are the hackers often portrayed in the media.
Gray hat hackers are in the middle of white hats and black hats, operating in a moral and legal gray area. They are often independent and do not work for any particular company. These hackers will usually discover an exploit and then tell a company what it is and how to fix it for a fee.
Aside from security hacking, other kinds of hacking communities exist.
A large one is the device hacking community, which involves modifying various consumer gadgets to perform tasks or run software that they’re not designed to run. Some famous device hacks are jailbreaking on iOS and rooting on Android, allowing users to gain significant control over their own devices. Another type of hacking involves modifying game consoles to run homebrew, which are applications created by enthusiasts.
Another group is the larger software development and programming community, which also uses the word “hacker” to describe itself. Many esteemed organizations host events called “hackathons,” where teams of programmers, designers, and managers develop software from start to finish within a limited period of time.