What's in a name? Defining "hacker" in 2018

If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness.

In reality, the word “hacker” applies to a much broader group of people, one that extends well beyond cybersecurity. Merriam-Webster defines a “hacker” as “an expert at programming and solving problems with a computer”.

If you picked 10 people off the street and asked them what a hacker is, they’d probably give something that sounds a lot like one of the definitions from The Jargon File from 1983:

 “[deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.” 

The unfortunate thing about this definition – which was not only the last of eight other definitions of the word in that seminal document, but also clearly marked as [deprecated] in the text – was the proposed alternative word “cracker”. Everyone hated that word back then, and they still do now…

As much as I dislike it, “hacker” is the dominant self-description amongst the cybercriminal community. The bad guys call themselves hackers. Add to this the fact that bad news has traditionally been more interesting than good news, and all of a sudden a benevolent term becomes one synonymous with malice.

The challenge this creates is when it crosses into the need for hackers – the good kind, I mean – to give feedback and act as a core part of the Internet’s immune system. Just like a real immune system, the benefit of helpers is made null and void if the system itself considers them harmful, and that’s exactly the position we find ourselves in today.

It’s difficult to argue that the vast majority of hackers are defenders operating in good-faith, when the cybercriminals in their ranks are so highly visible. This is a semantic problem, and its impact is broader than “a few cranky nerds” (as it is often dismissed as).

As the leader in crowdsourced security, it’s part of our duty to continue educating the market on the difference between a hacker and a cybercriminal, and to continue to push for clarity between the terms.

The burglar/locksmith comparison is our go-to:

 Burglar = Attacker, or cyber-criminal

Locksmith = Hacker

It’s pretty simple… A locksmith would make a great burglar, but they don’t want to cause harm. Instead, they look to use their skills to help. This is an accepted concept in the physical realm – but it continues to baffle people in the digital one.

One of our core values at Bugcrowd is this idea of thinking like a hacker. This idea of solving problems to achieve success in unique innovative ways is core to who we are as a company and I see this relentless innovation every day in the employees, customers, partners, and researchers who make up our Bugcrowd community. It’s part of our ethos, and one of the biggest reasons we’ve been so successful.