Media coverage of data breaches is increasing rapidly, especially with the public’s watchful eye on organizations and the vulnerable systems they work with — easy targets for exploitation. However, the less-than-dramatic truth is that the frequency and scale of data breaches hasn’t really soared* in the past decade, even if people are still at great risk of having their data exposed. The media itself has brought on the hype and created a fear culture around data breaches and malicious attackers.
And who are these malicious attackers? Well, according to the media, they’re the hackers. We’re living in a time when the media uses the term “hacker” in a primarily derogatory sense, to describe cybercriminals, the ones we must fight against, the bad guys who put our valuable private information at risk.
Never mind that we’re not likely to take the necessary steps to protect that information, but that’s a different subject…
So who are the hackers? Is the term even being used correctly?
The definition of a hacker may vary depending on who you ask, but in most cases involving media coverage, they’re actually talking about “crackers.”
So now we need to ask, are the terms “hacker” and “cracker” that different? And if so, what are the methodologies that separate them?
To truly understand their similarities and differences, we first need to learn what hackers and crackers are. And that is precisely what we’ll be discussing in today’s post.
What is a hacker?
If we turn to the formal definition in the Internet Users’ Glossary under RFC 1392, a hacker is “A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where ‘cracker’ would be the correct term.”
In simpler terms, a hacker is someone who uses his/her skills and knowledge to find vulnerabilities in computer systems and helps improve and patch those vulnerabilities. The knowledge they possess about programming, various computer languages, code and general computer security is advanced and used for morally good purposes. They’re normally security professionals who can be hired by organizations to try and break into their systems, to audit DNS and their networks so they can identify any flaws they may have. They’re often employed as part of the red team and blue team.
When hackers find a vulnerability or a threat, they document the process and notify the organization who hired them, or the software vendor who built the system, so that the vulnerability can be fixed before being exploited by malicious actors.
We often see the term white hat, or ethical hacker, linked to these good guys who use their skills for defense purposes.
Hackers are those who build and create. They learn and discover different computer systems, networks and often have previous experience in programming which only adds to their extensive knowledge. They build secure environments.
The saying “know your attacker” is never truer than when talking about hackers and their work; they use the same tools, software and even techniques as crackers. Hackers know what attackers look for when they’re planning an attack, so they can proactively protect against them. They build software and tools that might even be the same ones that crackers use, but they use them to improve security, not break it.
The approach hackers take is also similar to the one crackers use; they get into systems and networks to find loopholes in security, but the motivation behind their actions is purely non-malicious and ethical. They work with permission from the company who owns the system they’re trying to break, and who is always informed of the end results. Because of hackers, vulnerabilities can be patched and threats avoided. Hackers’ practices don’t involve anything illegal and don’t damage any data they come in contact with; they utilize their skills for a positive benefit.
Follow us on Twitter to receive updates!Follow @SecurityTrails
What is a cracker?
Let’s now jump to the formal definition of a cracker: “A cracker is an individual who attempts to access computer systems without authorization. These individuals are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system.”
Crackers are also called “black hats.” They look for backdoors in programs and systems, exploit those backdoors, and steal private information for use in a malicious way.
While hackers work to help organizations and individuals secure their systems and networks, crackers have a different objective in mind. When they break the security of a network, they do it illegally without the owner’s permission and they do it for personal gain. The skills and knowledge they possess are used expressly to breach security with malicious intent. Their goal may be to steal credit card information, to get private data that can be leveraged for illegal activity, to get private data and sell it, or to simply destroy the data.
Crackers are the culprits who engage in cybercrime; they launch phishing campaigns on company employees, and crack devices ranging from routers and laptops to printers and fax machines to get into an organization’s network. They often prey on companies when they’re at their most vulnerable, such as during mergers and acquisitions, or they attack vendors in an organization’s supply chain as they’re most often the weakest link.
All attack vectors for crackers have the same final outcome: obtaining data illegally. The data can be compromised, but not always — as crackers can have different motivations behind their illegal activities.
What motivates crackers?
Hackers create, crackers break and destroy. Crackers are often driven by financial gain: we’re largely familiar with ransomware attacks where a cracker breaks into a system through phishing email and a malicious attachment, then blocks access to a computer or data and threatens the victim with exposing their private data if a ransom is not paid. Some crackers will also steal credit card information, or any other private information they can use, to access victims’ bank accounts and steal money from them.
There are, of course, other motivations that push crackers to engage in illegal activity. There are cases where crackers have breached a network merely to show off and gain publicity. With so much of the media covering breaches, it’s no surprise that many will want to use that to make themselves “famous”, especially since some types of cybercrime don’t require a high level of skill. We can also find crackers who want to break software by reverse engineering, to exploit its weaknesses. And there are also some who do it just for fun.
While hackers work to help organizations and individuals secure their systems and networks, crackers have a different objective in mind.
Yes, there are crackers out there who will break a system merely to show off their skills, without a single intention of tampering with or harming data.
Differences between hackers and crackers
By now, many differences between hackers and crackers might seem obvious, but let’s review their core differences:
Hackers are the good guys, white hats who break into networks to discover loopholes, and to restore the security of corrupted networks to build a secure system. They never do it illegally and always inform their hiring organization or individual of their actions. They’re a great weapon in the hunting down and catching of crackers. Crackers, however, will break into the same system for personal, financial or any other kind of gain without the knowledge or permission of the system owners, for the purpose of engaging in illegal activities.
Hackers possess the ability to create programs and software tools; they’re skilled in multiple codes and languages and have advanced knowledge of various select computer languages. Crackers, on the other hand, don’t need to possess a deep well of knowledge, save for the one on how to actually break a system, and we don’t normally see them being skilled enough to create their own programs. Even with so few crackers skilled enough to create tools and software to help them exploit the weaknesses they discover, we should never ignore their threat.
Nothing is black and gray in IT when it comes to hackers and crackers. That’s where gray hats come into play.
The easiest way to describe gray hats is that they are individuals who only act illegally with the purpose of improving the security of the system or network they’ve broken into. They won’t have the permission of the organization or software vendor before looking for vulnerabilities, and might even report back to ask for renumeration, their fee for discovering a vulnerability. They often exploit a discovered vulnerability with the goal of raising awareness.
Even with the media painting all hackers as inherently bad and attaching negative connotations to them, we need to remember that not everything is as the media sees it, and that not all hackers and crackers are equal. The world would be a much scarier place with a lot more cybercrime if hackers weren’t actively discovering vulnerabilities and stopping the threats crackers pose. And if we didn’t have gray hats, we’d have to say that the world is completely presented in black and white, which we know isn’t true.
Are you a hacker or merely interested in protecting yourself from crackers? Try our SurfaceBrowser™ to see all your public-facing digital landscape, ranging from IP addresses, domain names, open ports and much more. Book a demo with our sales team or try a 7-day trial for only $49!
Sign up for our newsletter!