A large body of research exists devoted to understanding and defining terms used to distinguish hackers based on their actions and beliefs. But additional terms may be needed.
Skilled hackers distinguish themselves from each other using the terms white-hat, black-hat, or gray hat. White hats are generally thought to be “ethical” hackers who work to find vulnerabilities in computer systems and programs, and may use unauthorized entry into systems to benefit the computer security industry.
Conversely, black hats seek these same vulnerabilities to gain access to information or to damage a computer system or network, often making them the focus of media and law enforcement attention.
Gray-hat hackers fall somewhere between these two camps, having unclear or changing motives depending on the specific situation.
These classifications, however, are fluid and vary based on individual opinions of the ethical nature of hacking. There is also some hostility toward these labels within hacker subculture, suggesting these terms may act as symbolic, but non-significant identifiers. Additionally, these terms do little to improve our ability to classify and understand the increasing severity of attacks against government, business, and home computer systems and the involvement of organized crime and state-sponsored groups in hacking.
Due to these issues, Max Kilger, behavioral profiler for the Honeynet Project, and I developed terminology to move beyond the somewhat arbitrary black-and-white (and gray) measurements to assess hacker activity. We initially published this framework in a paper last year.
We feel there may be greater utility in developing terms that consider the capacity of the hacker and his use of technology to more accurately reflect the impact of the norms and values of hacker subculture on human behavior. Also, these terms will allow investigators to consider all possible hacker motives, whether they be political or religious ideology, economic imperative, or simple curiosity.
We have developed two new value-neutral terms to identify and explore hacker behavior: "techcraft" and "makecraft" hackers. These words are a reflection of multiple aspects of hacker culture, interests, and actions. The word "craft" appears in both terms to recognize the ways that hackers manipulate technology, which appear almost magical to outsiders. We think that’s appropriate; the skills required to engage in a hack are well beyond the average end user, thus taking on an otherworldly quality.
In addition, hackers have been marginalized and demonized during the growth of the information society, leading some researchers to compare this process to witchcraft trials throughout history. As such, “craft” is used to identify perceptions of hackers by those outside of the hacker community.
The terms “tech” and “make” are an attempt to recognize the variations in technology use across the hacker culture. Makecraft hackers are considered producers of materials, such as new scripts, tools, and attack methods that have not been seen before. These materials may have malicious, benign, or beneficial utilities, depending on the user.
The techcraft hacker is, however, more of a consumer of materials and knowledge, who applies existing information and utilities to the devices he interacts with on a daily basis. The techcraft hacker may be just as skilled as a makecraft hacker, though he may apply his knowledge more for either the repair of systems or to complete a task with known tools and materials. Makecraft hackers are more interested in using their skills to identify and solve new problems, or create and use applications that have not been seen before.
The value-neutral schema we have developed removes the notion of black, white, and gray to instead consider how the application of knowledge affects the methods and tactics of a given hacker.
For example, a phishing attack with a well known toolkit, such as Nuclear Grabber, may be performed by a techcraft hacker. A spearphishing attack using an unknown Trojan or keylogger may, however, represent the work of a makecraft hacker, as he will have developed these tools independently.
As a whole, we believe the terms "makecraft" and "techcraft" may be successfully applied to both malicious and ethical hackers to help us better focus on, understand, and document hackers' actions.
— Thomas J. Holt is a criminologist specializing in computer crime, cybercrime, and technology