The Macrosite for News, Analysis and Opinion about the Future of the Internet
Thomas J. Holt

A New Perspective on Hackers

Written by Thomas J. Holt
9/24/2009 14 comments
no ratings
DISCUSS     Email This

A large body of research exists devoted to understanding and defining terms used to distinguish hackers based on their actions and beliefs. But additional terms may be needed.

Skilled hackers distinguish themselves from each other using the terms white-hat, black-hat, or gray hat. White hats are generally thought to be “ethical” hackers who work to find vulnerabilities in computer systems and programs, and may use unauthorized entry into systems to benefit the computer security industry.

Conversely, black hats seek these same vulnerabilities to gain access to information or to damage a computer system or network, often making them the focus of media and law enforcement attention.

Gray-hat hackers fall somewhere between these two camps, having unclear or changing motives depending on the specific situation.

These classifications, however, are fluid and vary based on individual opinions of the ethical nature of hacking. There is also some hostility toward these labels within hacker subculture, suggesting these terms may act as symbolic, but non-significant identifiers. Additionally, these terms do little to improve our ability to classify and understand the increasing severity of attacks against government, business, and home computer systems and the involvement of organized crime and state-sponsored groups in hacking.

Due to these issues, Max Kilger, behavioral profiler for the Honeynet Project, and I developed terminology to move beyond the somewhat arbitrary black-and-white (and gray) measurements to assess hacker activity. We initially published this framework in a paper last year.

We feel there may be greater utility in developing terms that consider the capacity of the hacker and his use of technology to more accurately reflect the impact of the norms and values of hacker subculture on human behavior. Also, these terms will allow investigators to consider all possible hacker motives, whether they be political or religious ideology, economic imperative, or simple curiosity.

We have developed two new value-neutral terms to identify and explore hacker behavior: "techcraft" and "makecraft" hackers. These words are a reflection of multiple aspects of hacker culture, interests, and actions. The word "craft" appears in both terms to recognize the ways that hackers manipulate technology, which appear almost magical to outsiders. We think that’s appropriate; the skills required to engage in a hack are well beyond the average end user, thus taking on an otherworldly quality.

In addition, hackers have been marginalized and demonized during the growth of the information society, leading some researchers to compare this process to witchcraft trials throughout history. As such, “craft” is used to identify perceptions of hackers by those outside of the hacker community.

The terms “tech” and “make” are an attempt to recognize the variations in technology use across the hacker culture. Makecraft hackers are considered producers of materials, such as new scripts, tools, and attack methods that have not been seen before. These materials may have malicious, benign, or beneficial utilities, depending on the user.

The techcraft hacker is, however, more of a consumer of materials and knowledge, who applies existing information and utilities to the devices he interacts with on a daily basis. The techcraft hacker may be just as skilled as a makecraft hacker, though he may apply his knowledge more for either the repair of systems or to complete a task with known tools and materials. Makecraft hackers are more interested in using their skills to identify and solve new problems, or create and use applications that have not been seen before.

The value-neutral schema we have developed removes the notion of black, white, and gray to instead consider how the application of knowledge affects the methods and tactics of a given hacker.

For example, a phishing attack with a well known toolkit, such as Nuclear Grabber, may be performed by a techcraft hacker. A spearphishing attack using an unknown Trojan or keylogger may, however, represent the work of a makecraft hacker, as he will have developed these tools independently.

As a whole, we believe the terms "makecraft" and "techcraft" may be successfully applied to both malicious and ethical hackers to help us better focus on, understand, and document hackers' actions.

— Thomas J. Holt is a criminologist specializing in computer crime, cybercrime, and technology
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 2   Next >
webmultidimension
Rank: Cave Painter
Saturday October 3, 2009 7:00:43 AM
no ratings

I only have one probleme that estonish me on the hacking world , is how hackers
would benefict from hacking online datas ? blocking a website to be under services
as they targeted twitters over the last week with DOS attack , and many online services
targeted , we've been worrying about google and yahoo security as well .

Isn't a time to stop unhonnest actions , and do what make our web better security
and more safe ?

rjacksix
IQ Crew
Wednesday September 30, 2009 5:38:05 PM
no ratings

You make a good point, but the "labels" that you are both lamenting and wanting to create denote extremely different attributes of the same object (to use a programming analogy).  There maybe blackhat "makecraft" as well as whitehat "makecraft" "hackers." (although that term, is still hotly debated, though the battle has been lost in the media...the true term should be crackers but it is not spicy enough).

 

If you want to convey a sense of purpose to the hacker, then the hats apply.  If you want to convey a sense of "craftsmanship" or skill then your lablels apply.  However, the community has already come up with less eloquent labels for the capacities that you seek to identify (script kiddie and 733t come to mind ;) ).

 

The taxonomy is what it is....trying to change it from the outside will have no effect at this late stage in the game....

 

 

tsaleem
IQ Crew
Monday September 28, 2009 5:41:55 AM
no ratings

Thanks for bringing up facts dlavie! 

I personally think the majority is already confused over "classification schemes" of cyber criminals and any further work in to this should focus on simplifying matters. 

Mashka
Researcher
Sunday September 27, 2009 1:59:55 AM
no ratings

Thomas, thank you so much for this interesting article. I have a question, though:Why it is so important to have a  decent terminology on that topic?

Thomas J. Holt
Thinkernetter
Friday September 25, 2009 3:38:24 PM
no ratings

Sure, it may seem that this is a question of semantics, but it is also a point to understand the divergence in the types of hackers. 

We may be able to better classify and attacker and their habits through the use of these terms rather than just saying they are a blackhat or whitehat. 
So, these terms can be informed by any demographic and attitudinal knowledge that we can develop on attacker profiles.

 

Chris Poley
Thinkernetter
Friday September 25, 2009 8:09:33 AM
no ratings

Mr. Holt, With all due respect to your profession, in this specific instance it appears symantical to classify specific terms. Not that either term in and of itself are not important in the context of your line of work, but wouldn't it be more advantageous to direct your efforts in providing a composite profile of these specific characteristics to the hacker?

dlavie
IQ Crew
Friday September 25, 2009 2:43:58 AM
no ratings

It's time that mainstream media gave "hackers" a break.

Read Steven Levy's "Hackers: Heroes of the Computer Revolution".  The term hackers, originated from the MIT Model Railroad Society.  It basically defined a person that would "kludge" together a solution for a problem.

Somewhere along the line the Media industry decided to demonize the term and lump a bunch of bad citizens into it.  "Crackers", "ScriptKiddiez", "WarezDudez" to name a few terms don't follow the Hacker's Ethic or Code and as such are not hackers.

The Code according to Steven Levy

  •  Access to computers- and anything which might teach you something about the way the world works - should be unlimited and total. Always yield to the Hands-On Imperative!  
  • All information should be free.  
  • Mistrust Authority - Promote Decentralization.  
  • Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.  
  • You can create art and beauty on a computer.  
  • Computers can change your life for the better.

    • I am proud to consider myself a hacker, whether it's finding that undocumented feature of Excel or extending the gas mileage of my lawn mower.

    Princess_dascho
    IQ Crew
    Thursday September 24, 2009 6:08:48 PM
    no ratings

    My question is: I hacking a legalized activity? Who will likely be put in prison when caught? the gray hacker, the black hacker or the white one?

    It is often said that hackers use to spread malware on the web. Could we say that this is usually done by the black or the gray ones?

    Thomas J. Holt
    Thinkernetter
    Thursday September 24, 2009 4:12:01 PM
    no ratings

    These are all excellent points.

    We did not develop these terms as a means of improving prosecutiorial success.  Rather, we think it is helpful from a classifcation framework.  If you're working in security for a financial institution or government agency, anyone who is playing around in your network or with customer data is clearly violating the law and your network space.  So, the value in our scheme is identify whether this person is working with new tools and resources or acting in an innovative way that we've not seen before, or taking the same tools that we know or have seen before to cause harm rather than simply noting there is a "black hat in the system."

    Now sure, a white hat may do this same thing and report it to the system administrator or security group, but we'd still be concerned that they got in in the first place.

    Recognizing the attack vector and qualities of the attacker may be more useful for classifying a threat. 

    On Mary's point, we would definitely try to explore and apply this framework in the field.

    Let me know if any of what I just said makes sense.

     

    Mary Jander
    Thinkernetter
    Thursday September 24, 2009 3:58:06 PM
    no ratings

    I can see your point Tom in trying to classify hacks according to action; but as Amy R-N states below, it's still important to characterize the activity as on the side of legal networking or not. And if not, the classifications you provide then give a way to break down what kinds of bad actions are being taken.

    Do you have any plans to do surveys using the new characterizations?

    Page 1 of 2   Next >
    The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
    previous posts from Thomas J. Holt
    Thomas J. Holt
    Thomas J. Holt   8/27/2009   19 comments
    There is no denying the degree to which social networking sites have become part of the landscape of the Internet. And maintaining profiles across multiple sites has become a common Internet experience.
    Thomas J. Holt
    Thomas J. Holt   8/10/2009   20 comments
    There is clear evidence that hacking and malicious software are tremendously costly for businesses and home users alike. So why do people do it?
    Thomas J. Holt
    Thomas J. Holt   7/18/2008   7 comments
    When it comes to cybercrime, a great deal of attention has been paid to the financial damages that result from malware infection and data loss due to intrusions. A great deal of research has also been invested in understanding economic cybercrimes, such as phishing and carding.
    Thomas J. Holt
    Thomas J. Holt   6/4/2008   6 comments
    There are constant reports about new malicious software distribution, intrusions into sensitive networks and large-scale data theft by attackers from around the globe. New software solutions and tools will certainly help to protect networks, though there is a greater security problem that will not diminish through technological means: the end users.
    IETV: the thinkerNet on film
    5
    of
    Kim Davis
    Big-Data Can’t Always Sell Wine
    5|21|13   |   2:23   |   4 comments

    Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
    Paul J. Fleuranges
    Digital Signage Keeps NYC Subway Straphangers on Track
    5|6|13   |   3:51   |   No comments

    New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
    Kim Davis
    Fast Forward to the Future
    4|23|13   |   2:29   |   20 comments

    A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
    Mitch Wagner
    Google Launches Its Most Depressing Service Yet
    4|15|13   |   2:59   |   10 comments

    Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
    Second Shooter
    Argument Over Top-Level Domains Is 'Stupid'
    4|11|13   |   2:07   |   3 comments

    The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
    Kim Davis
    Ladies, Your Tablet Awaits
    3|21|13   |   2:22   |   37 comments

    ePad Femme is the world’s first tablet “made exclusively for women.”
    Wisdom of the Big Chair
    NFC Moves Into the Mainstream
    3|20|13   |   2:16   |   No comments

    While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
    Wisdom of the Big Chair
    Integrating Security Into Your Cloud Contract
    3|19|13   |   3:35   |   No comments

    Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
    Brian Baron
    How Edmunds.com Collects Customer Information
    3|18|13   |   1:15   |   No comments

    Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
    Brian Baron
    How Edmunds.com Uses Analytics to Customize Site
    3|14|13   |   0:47   |   No comments

    The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
    an IBM information resource
    sponsored content
    big blue blog
    Todd Watson
    an IBM information resource
    sponsored content
    Expert Integrated Systems: Changing the Experience & Economics of IT
    In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
    READ THIS eBOOK
    your weekly update of news, analysis, and
    opinion from Internet Evolution - FREE!
    REGISTER HERE
    Wanted! Site Moderators
    Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

    Please email: moderators@internetevolution.com
    Internet Evolution – not for thickies
    Keep Critical Data With a Knowledge Management System
    Taimoor Zubair
    Fortune 500 companies lose at least     $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
    CLICK FOR MORE
    M2M: Rise of the Machines? Not Yet
    David Weldon
    In the 1970 science fiction thriller     Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
    CLICK FOR MORE
    Is Your Site .Com or .Irrelevant?
    Dan Cypra
    Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
    CLICK FOR MORE
    IT Helps Companies Find the Water
    Matt Heusser
    I've been writing about how the next evolution of the Internet might just be an advertising revolution, and how corporate IT can stay involved as the enablers and providers of the technologies that make this possible.
    CLICK FOR MORE
    Is Your Site .Com or .Irrelevant?
    Dan Cypra
    Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
    CLICK FOR MORE
    M2M: Rise of the Machines? Not Yet
    David Weldon
    In the 1970 science fiction thriller     Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
    CLICK FOR MORE
    Is Your Site .Com or .Irrelevant?
    Dan Cypra
    Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
    CLICK FOR MORE