Definitions of the Terms Hacker, Cracker and Coder

Introduction

There are frequent debates about the meaning of the terms "Hacker" and "Cracker". What is a Hacker? What is a Cracker? There are no conclusive definitions and if you ask randomly 5 people on the street, you probably end up getting 5 different explanations and definitions of those terms as well.

There are numerous discussions at online communities and blogs about this subject like this one* (see link at the end of this article) by documentary film director and computer history preservationist Jason Scott titled "ASCII" at TextFiles.com. It illustrates that the problem of differing understandings and meanings of the words is for a great number of people a very serious one. This is especially true for members of the IT security community.

This particular discussion got me thinking and I decided to attempt a new a different, but at the same time also more complete definition of the terms "Hacker" and "Cracker'. I would add to that mix the term coder, because it will become important in the details of the definition of each of those terms.

Disclaimer

There are three important facts that I would like to mention first.

1. There are hundreds of definitions for the term hacker out there and they are all different ranging from portraying a hacker as an ethical and selfless whiz kid who does things for the greater good to the evil and selfish wannabe who cannot create stuff himself and thus prefers to destroy other people's work.

2. The meaning of the word hacker did change over time. People used the word in much broader terms in the past and even outside of computers.

3. Mass media put their mark on the term and helped to add to the confusion and misconception.

I recommend avoiding the use of the words whenever possible, because everybody perceives and understands it different. Especially if you are using the words in a positive context are misunderstandings just waiting there to happen. Instead of cracker, use "computer-crack" or in instead of hack, use the term "exploit" or "work-around" instead for example. However, if you have to or want o use the terms, clarify what you mean by them and not just let the terms out there on their own.

The Definitions

My definitions incorporate the changes in the computer industry and the fact that it is not the world of single mainframe computers at individual universities anymore. Computers became a commodity and a large number of users are normal people today, who are not geeks and often not have very much practical understanding of the matter at the same time.

Definition of "Hacker"

A "hacker" is for me a person who is an "advanced power user" and not necessarily somebody who is a programmer. A person who analyses software, tests it, automates requests via tools to scan a broad range of possible options in a short time-period. A person who wants to gain access and or control over another system by exploiting known security flaws, using brute force (scanning, dictionary attacks etc.) or human weaknesses and flaws (why use parents the first name of one of their child's as password so often?).

He maybe finds technical security holes by accident, but is not the one who can seek them out as well. The hacker was spending time to find out the new frequencies for AT&T, MCI or SPRINT to break their lines, scanned for valid calling card numbers, attempts to find new working credit card numbers by creating similar siblings from an existing credit card that works etc.

Definition of "Cracker"

A "cracker" is for me somebody who "eats code raw", a person who is comfortable using software debugger, mostly doing debugging at the Assembler level. A cracker enjoys dissecting other people's code and "fixes" little inconveniences and "flaws" in software, like skipping license key input screens to speed up the software installation process. Crackers are not necessarily great programmers themselves, but have a deep understanding of technology and computer software.

Definition of "Coder"

A "coder" is somebody with remarkable programming skills. A coder is this type of person who spends countless hours on something of little or no practical value (just by itself), just because he wants to figure it out. Things like writing a program that listens to IO operations of a hardware component and displays it on the screen, which looks like your TV screen, if you did not select a TV channel, showing nothing but seemingly random noise.

Each One Could be One, Two or all Three of Them at the same Time

A hacker could be a cracker and coder as well, but often are the three different types of characters found in three distinct and different persons. They can excel by working together in conjunction with each other and as part of a group.

I reduced my definitions to what kind of skills each of them has and less on what exactly each skill is being used for. That each of the people is often living in its own little world is probably true. The world they live in is not always the same world normal people perceive as reality.

Hypothetical Collaboration between a Hacker, Cracker and Coder

If you ask how the collaboration between a hacker, cracker and coder would look like, here is how I see it. The hacker would be the person who is in charge and coordinates the efforts. He is the one who has clear goals and ideas in his head. He would be the one, for example, who thinks up how a tool would have to work to do something very specific. The coder could write that tool for the hacker.

A port scanner for example (just to keep it simple) could be such a tool. The hacker needs a cracker, if the hacker encounters specific software and cannot get around it by using brute force or guessing. He would try to get a copy and have the cracker take a look at it to find flaws or have him create an altered version, the hacker could try to sneak in as replacement for the original.

By Default Neither Good nor Bad

Here is a positive example to avoid the misconception that it is all about breaking into something and stealing data etc. What they do and what they do it for are two distinct and very different things and independent of the definition.

The coder writes a piece of software. The hacker tests the software thoroughly and approaches it from all kinds of different angles. He does in essence the quality assurance. The cracker is the one who is looking under "the hood" and checks the software for deep build in flaws and errors.

Quality Assurance

In the example of a piece of security software would the coder write the interface to enter the password, the encryption routines etc.

The cracker checks the code to make sure that the encryption is strong enough and that nothing is being exposed that reduces the effectiveness of the protection, like loading the key pairs in plain text into the memory for processing and stuff like that.

The hacker checks more like things such as minimum keyword length, supported characters and flaws in the interface.

The best encryption is worthless if the password can only be a set of numbers and the password is three digits long = only 1000 possible combinations which can be tried out in no time, via a script or even manually.

The best protection software is also useless, if you can simply press ALT-F4 and close it and then be able to move on and do what you want to do anyway. The hacker is the one who would look for this kind of stuff.

Conclusion

Keep in mind that none of the mentioned terms have a conclusive and generally accepted definition. The debate will continue and probably never end. However, the subject itself is very interesting and I hope that my arguments (just by themselves) added some value to the debate or at least had some entertainment value.

I am convinced that most people should be comfortable with my definitions and explanations, if they are thinking about it for a moment, including hackers, crackers and coders themselves.

* Here is the link to the mentioned blog post at ascii.TextFiles.com

Carsten Cumbrowski a.k.a. Roy/SAC used to be an active member of the so called "warez scene" in the past and involved with hackers and crackers as a consequence of this. His personal web site at RoySAC.com is dedicated to his activities in the scene. He also wrote about different aspects of computer security at his personal blog in the past.

Article Source: http://EzineArticles.com/?expert=Carsten_Cumbrowski