A HACKER TAXONOMY by Gurney Halleck
Editorial Additions by Etaoin Shrdlu
/n./ [originally, someone who makes furniture with an axe] 1. A person who
enjoys exploring the details of programmable systems and how to stretch
their capabilities, as opposed to most users, who prefer to learn only the
minimum necessary. 2. One who programs enthusiastically (even obsessively)
or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value. 4. A person who is good at
programming quickly. 5. An expert at a particular program, or one who
frequently does work using it or on it; as in `a Unix hacker'.
(Definitions 1 through 5 are correlated, and people who fit them
congregate.) 6. An expert or enthusiast of any kind. One might be an
astronomy hacker, for example. 7. One who enjoys the intellectual
challenge of creatively overcoming or circumventing limitations. 8.
[deprecated] A malicious meddler who tries to discover sensitive
information by poking around. Hence `password hacker', `network hacker'.
The correct term for this sense is cracker. -- The Jargon File Version
The term "hacker" originated at MIT, from the Tech Model Railroad
Club. Its original
meaning is obscured, but it first started being used in the early
nineteen-sixties to refer to people who bucked conventional methods, and
approached technology from a more informal aspect. These people were tearing
down the existing technology, learning its inner workings and then reinventing
it. They took the original technology far beyond the capabilities that were
envisioned by the original makers. While the term now usually refers to those
working in the field of software, it was originally used in conjunction with
those working with electronics and hardware. It can be used in association with
any ingenious use of technology.
Since those early times, the meaning has changed profoundly in the mainstream
media. Soon after the release of the movie Wargames
it took on a new meaning. When Wargames was released, it was the early
nineteen-eighties, and personal home computers were just becoming popular. The
stereotypical image of the teenage geek using a computer to hack into corporate
and military computers was born, and a new generation bought into the myth of
It has become a derogatory term. Hackers are seen as technologically adept,
but they are also seen as people who are interested in doing damage, or causing
disruption. The media and the government have provided several examples of the
antisocial, criminal hackers -- such as Kevin Poulson
and Kevin Mitnick. The media hype is
provided, but the whole story
is seldom told. There is even a site that claims to educate kids about the evils
of hacking with a "Just Say
[ Top ]
The Hacker Landscape:
The hacker landscape is immense. Anyone can pronounce themselves a hacker --
kids trading games on Usenet, someone who just defaced a web page, or a
journalist who just learned Visual Basic. Not everyone is equal, and not
everyone is dangerous. The best way to dissect the culture is to evaluate three
features of a hacker -- Skill, Intention, and Motivation.
Most of the hacker population is not particularly skilled. Skill level is
subjective, and contains many gray areas. The largest group of self-styled
hackers is probably only capable of using a single operating system (Windows
95/98) and doesn't really understand how the technology works. Their main method
of hacking is downloading pre-canned programs, usually in binary (prebuilt)
form. This group is frequently referred to in the hacker community as Script
Kiddies. They do not have the capability to build their own exploits, or to
modify existing ones. This doesn't mean that they aren't dangerous. As the
latest exploits are released into the wild by their betters, the script kiddies
will download them, and try to attack systems. This can cause system
compromises, denial of service (DOS) attacks, or simply annoying network
traffic. Script kiddies will repeatedly try an exploit against machines that are
not vulnerable. Frequently, when they do compromise a
machine, they show that they have no clue as to what they are doing, like
trying to use MSDOS commands on a Unix machine.
A few have greater skills, gained through a formal education, or through self
education. This group has the capability to use and run several operating
systems. They have at least basic programming skills, and the ability to gain
additional skills if necessary. The low end of this group can take an exploit in
source form, do any additional setup steps required, and get it to compile on a
target system. Others are capable of modifying source code to compile and run on
nonnative systems and even develop custom variations of the exploit. This group
presents a challenge to the system administrator. You can expect more
sophisticated attacks from this group and you will see mutations of existing
attacks. To keep a system safe from this group will require a system
administrator that is well educated, up to date on the latest exploits, and is
creative enough to ID exploit variants and develop counter measures on the fly.
The last 1% (or even less) are the ones out there actually developing the new
exploits. Not only are they skilled programmers but they know the deep inner
workings of the systems that they intend to exploit. Even this group can be
stratified. The lower strata are creating exploits and releasing them into the
wild, usually not notifying software makers before release. The highest strata
are developing new exploits but are probably holding them very close. They are
either consulting with the software maker before public release or developing
these exploits to be held secret by larger organizations. One may never
effectively be able to protect themselves against this group. They are a
completely unknown factor - it is never known when they will develop something
new or from which direction it will come from. These are the people that make no
system 100% secure.
Battling brain cells is the common thread for protection here. A system
administrator in the low 90% percentile skill level cannot protect himself
against an attacker in the top 9%, and has absolutely no chance against anyone
in the top 1%. If system security is of value, the defender must acquire and
hold on to the brightest people in the field.
[ Top ]
What are these hackers trying to do? The intentions almost fall out like
Dungeons and Dragons characters: Good (Constructive), Evil (Destructive) or
Neutral. Of course these are colored by what sides of the equation the defender
and the hacker are on. Intentions can also change. A Neutral intention may
develop into a Destructive intention or fall back to a Constructive one.
Destructive (Evil): The intent is to either destroy the target,
disrupt the target's ability to function properly, or compromise for
ransacking/spring boarding. This may manifest itself in a web page defacement, a
DOS attack or the stealing of sensitive data for personal gain. Some times a
target will be compromised only to be used as a base to launch attacks at the
true target (spring boarding). No collateral damage may be seen by this site but
it has been successfully used to mask the attacker's point of origin.
Destruction and DOS attacks are usually the mark of the unskilled or under
skilled. Compromise, especially stealthy compromise, is the mark of an
Neutral: A neutral intent is where a hacker may break in, but just
looks around and does no damage. While most administrators may not think of this
as very neutral, it is in the parlance of hackers. In fact this is the credo of
ethic". Most of the old school hackers will fall into this category.
Constructive (Good): These are the people who are working directly in
the information security field. They are administering a system, or exploring
exploits in a safe environment (such as a closed network). A Constructive hacker
may have, at some time in their career, been a Neutral or even Destructive
hacker. Most hackers have a mischievous streak and can't help but to break the
rules once in awhile.
Motivation is the area that is the most difficult to pin down. Skills and
intentions can be generally categorized, but motivations are usually unique to
each hacker. Some of the most common motivations are below.
Technical Knowledge: Technical Knowledge has been seen as the main
motivation for the old school hacker. Often a hacker will, above all else, crave
a better understanding of how a system works. To do so requires going beyond the
confines of the normal user. Since a system administrator will seldom give
higher access to an unknown user, the knowledge seeking hacker will obtain
access on their own. A knowledge seeker is always in exploration mode. A closed
door is an irresistible temptation. In most cases, for the knowledge seeker, the
hack itself is the objective. Once the hack is completed, or the access gained,
the operation is completed.
Peer Respect: Peer Respect plays a significant roll in the hacker
community, especially among the younger or less mature members. Unfortunately,
this often manifests itself into a contest of damaging systems or defacing web
sites. By far the majority of web defacements are motivated by Peer Respect.
Control: Often the hacker is seeking some level of control. There is a
kind of high associated with gaining root or administrative access on a machine.
Root access is the holy grail of the hacker and is the badge of the 31337
(pronounce elite) hacker. Once root access has been obtained, it is
common for the hacker to send email to fellow hackers from the systems root
account to announce the conquest.
Ego: There are some hackers that have enough Ego to fill several
rooms. But, it is often found that their ego far outpaces their skill. Coupled
with a need for peer respect, this hacker may go after targets far beyond their
capabilities or play cat and mouse games with authorities -- often resulting in
capture. If a skilled hacker can control their ego and know their personal
skills and capabilities they are a much greater threat.
Fun: It has to be said that fun is an integral part of hacking. If
there wasn't some form of joy in hacking then few would get involved. Just like
any hobby it is a recreation for the hacker. Many hackers are gainfully employed
and not always in the field of system security. Hacking is their time to give
themselves intellectual challenges that might not be present in their school or
Moral Agenda: Hacking may be a means to and end for some. There are
Eco Hackers, Political Hackers and Ethical Hackers. They have latched on to a
personal crusade. Besides Peer Respect this is the next often seen motivation
for web defacements. "Free Kevin" has been the battle cry for many of them.
Often government and military sites are targeted due to political agendas
ranging from the disgruntled citizen to a radical political organization.
Moralistic agendas have been taken on by some
to form vigilante groups that fight for their causes with hacker skills. It is
expected that this will become a growing area for hacking in the future. As
governments and businesses develop a greater web presence this opens themselves
to attacks from any party that holds a grudge and Internet access.
Free Access: The younger hacker or the foreign hacker may be seeking
free access. Often the hacker doesn't have the financial capability to maintain
a regular net presence and in many countries local phone calls and network
access are charged at a metered rate. This financial burden often drives hackers
to seek methods of free access. This can range from hijacking user accounts to
stealing credit card numbers. The intent here is usually not direct monetary
gain but extended or supplementary access to network communication. Free access
is a common thread with Phreakers. They may hack to obtain free long distance
voice access and have very little interest in the actual computer systems that
Money: There are some hackers are truly in it for the money. They can
be loners but may have been recruited by larger organizations. Activities can
range from stealing credit card numbers, selling confidential information or
opening "data pipes" for other groups. Money is a universal motivation in any
Boredom: Sometimes the hacker is drawn in due to boredom. Either a
lack of interest or lack of challenge in their job or school will provide the
motivation to seek hacker activities. An informal survey shows that many hackers
are easily bored due to ADD, ADHD, depression or tangential thought processes
making it difficult for them to conform to regular school and work activities.
Most hackers are self educated. Even when possessing a formal education they
seek opportunities to self educate in noninstitutional settings. Hackers are
drawn to new challenges, and may work feverishly to reach a single goal only to
drop the whole project once the initial objective is met.
[ Top ]
Many Hackers utilize Aliases in their activities. An alias provides both a
level of abstraction from their true identity and a recognizable signature in
the community. It should not be assumed that just because a hacker uses an alias
that their intentions are destructive. Use of an alias does not mean that a
hacker is actively hiding their true identity or that they are "deep
underground". Aliases provide a level of abstraction from the hackers work-a-day
identity and activities. Aliases can also provide a non-gender specific and
non-age specific identity. Most hackers wish to be judged by their knowledge and
experience, not on their gender, age, job title or degree. Aliases can range
from nonsense words to popular characters in literature. They can be references
to technology or special interests and can provide an insight to the hackers
personality and skills.
Typical Hacker Profiles:
Below are listed some of the more common hacker profiles. Again, this is not
intended to be an all inclusive list. New hacker types spring up so quickly that
it is difficult to keep track of them. But, more often than not they will
possess some of or a combination of the qualities listed below.
The "Old School Hacker": Usually more mature in both age and
personality the old school hacker is more intent on expanding their knowledge
base. They may have passed through a Cracker or Warez stage in their career but
have moved on to more personally fulfilling pursuits. More settled down than
others you may find them as professionals in corporate or academic settings.
They have a strong adherence to the hacker ethic in that they explore but do no
damage while still maintaining that mischievous streak . They are usually
tempered in the knowledge that could do a lot more damage than they actually do
but the risks of such activity out weight any transient benefits. As a result,
they usually frown on destructive hacking and may be thought of having sold out
or gone corporate by the younger members of the hacker community. Often,
they will be will versed in multiple operating systems including several flavors
of Unix and are capable programmers.
The "New School Hacker": Still enamored with the pursuit of power and
ego the New School Hacker seeks to be the rebel. They crave to have society fear
them while on the other hand they try to publicly justify their actions. They
usually possess low to moderate skill level and tend to congregate in informal
groups that actively advertise their 31337ness (eliteness). Quick to squabble
with other hacker groups they often partake in challenges to one-up each other
in system intrusion and web page defacement. Most of their knowledge will be
with Windows or Macintosh products with some venturing in to the Unix world.
They may be just starting to learn programming and the members are often of high
school and college age.
The "Script Kiddie": Either new to the hacker scene or unwilling to
invest in new skills the Script Kiddies entertain themselves by downloading and
using the latest attack programs and scripts. More often than not they are
working exclusively with Windows machines and have no programming knowledge and
very little system knowledge. The Script Kiddie is more interested in effect
than knowledge and will use their programs to wow and annoy friends and
strangers. They actively seek out new sploits (exploits -- i.e. attack
programs) and may feverishly protect their stash. If the Script Kiddie took the
time to educate them self they might graduate to the level of New School Hacker.
Many of the Script Kiddies congregate on AOL and are prevalent in online chat
rooms or IRC (Internet Relay Chat).
The "Warez Kids": The Warez Kid's main objective is to pirate
software. This may include attack scripts but is mainly targeted towards PC
applications, media files and game machine software. Their form of hacking is
confined to trading illegal copies of software either through IRC, FTP or Web
pages and trading cracks or codes to overcome software copy
protection. The best skilled are developing software patches to eliminate copy
protection or developing new methods of ripping (copying) and distributing their
warez. They like the Script Kiddie they can be ravenous about protecting their
collection of software and actively engage in an underground bartering market of
copied software. Often, the warez kid is an additive game player and is
compelled to have the latest and greatest ("zero-day") version of any game.
Sites that are major game developers like ID software, developer of Doom and
Quake, are the target of hacking attempts to get pre-release versions of their
The "Phreaker": The Phreaker is wholly different breed of hacker and
often prefers not to be referred to as a hacker (a separate taxonomy could be
done for The Phreaker). The Phreaker is discussed here because they often use
hacking tools to obtain their objective which is knowledge of and access to the
telephone system. With the telephone system now almost exclusively (in the U.S.)
controlled by computer, the successful phreaker must have some hacking skills.
As with the hacker, the skill level varies greatly, ranging from basic toll
fraud to a deep understanding of telephone systems. Phreaking was much more tied
with hacking in the days prior to the Internet when hacking information and
warez were traded exclusively via dial up bulletin board systems (BBS). To
access these BBSs, often located outside of the local calling area, the hacker
had to learn phreaking skills to circumvent long distance charges. The modern
phreaker will concentrate on infiltrating the network of telephone switches and
corporate PBX systems providing them with free long distance service and at
times the ability to reroute or eavesdrop on telephone calls.
The "Cracker": The term cracker is sometimes used in the media but is
usually used by hackers to differentiate themselves from these criminals. While
the hacker is supposed to conform to the hacker code of ethics the cracker is
someone with malicious intent, who is out for destruction or personal gain.
The "Glam Hacker": (A new term invented by the author and associates)
The Glam Hacker is keenly interested in the hacker scene. While they may possess
a full range of skills they are interested in presenting a certain persona. They
are often adorned in multi-colored hair, multiple piercing, tattoos, or a Goth
look . The Glam Hacker is often used in the news and advertising media to
represent the whole of hacker society when actually they occupy a small niche.
The "Ethical Hacker": Not to be confused with the "hacker ethic" -
Ethical Hackers are using their skills to fight a perceived ethical battle. One
of the best known is EHAP (Ethical Hackers Against Pedophilia). Their reported
activities have ranged from simple reporting of child pornography material
online to actively breaking into sites to destroy child pornography servers.
These reports have often been exaggerated or fabricated so it is difficult to
determine their true activities and effectiveness. There has been much debate in
the hacker community about ethical hacker groups. Since, in many instances, the
activities of the Ethical Hacker conflicts with the Hacker Ethic. While some
hackers see ethical hacking an opportunity to use their skills for good and to
help build a positive image for hackers in the media and amongst law enforcement
others have seen them as providing hackers justification for vigilantism and
The "Lamer" : Lamer, Luser, Clueless, Newbie, Cluebie -- all are the
unskilled and unwashed masses of the hacker community. A deprecating term, the
Lamer has little to no skill and has even less knowledge of hacker society.
Asking trivial and unintelligible questions and causing flame wars are typical
of the Lamer.
The "Poser": As with any culture or sub-culture there are outsiders
that will attempt to portray themselves as insiders. This is true in the hacking
world too. The Poser will exaggerate their skill level and boast of elite hacks
to gain acceptance and access to hacker groups. A knowledgeable hacker should be
able to ferret out posers fairly quickly although those less skilled or
experienced may be sucked in by their tall tails. The Poser is different than
the Charlatan in that the Posers motivation is mainly group acceptance. Posers
usually start a quick back peddling when confronted with intelligent challenges
to either their claimed skills or deeds
The "Charlatan": Hacker culture has evolved beyond its underground
status and has developed into a viable business opportunity. Government agencies
and corporations are hiring hackers for security work, system administration and
as high paid consultants. Hackers are hosting security related web pages which
can attract big money advertisers. They are producing cutting edge security
tools both commercially and open source. Book deals are being cut and movies are
being made. Where there is a buck to be made the Charlatan will materialize so,
it is no surprise that there is an increasing number of them appearing in the
hacker society. There was even a site devoted to uncovering one of these Charlatans. Unfortunately, even after
they are exposed, either the word doesn't get out or their rhetoric is so strong
that they continue to be referenced as credible sources in the main stream media
and in professional circles. Like any other good con artist they can still make
their marks and retain their zealots after damaging exposure.
The "Hacker Groupie": Like any other sub-culture or fringe culture,
the novelty and rebelliousness that it represents attracts groupies. Usually
they are associated with the more organized hacker groups but can be centered
around specific individuals. Not all groupies are female, the boys are attracted
to strong, rebellious, personality cults also. At least one hacker group (although tongue-in-cheek)
actively encourages groupie like devotion and regularly puts on a show at hacker
conventions which are a cross between revival sermon and rock show.
The "Uber Hacker": The elite of the elite: the Uber Hacker knows all,
sees all, and can walk through walls like a ghost. He is more a mythical
creature than an actual group or individual.
Industrial/Foreign Espionage: This is a serious individual or group
funded through either a corporation or a government. They are a real and true
threat and have the skills, resources and financial backing to meet their
objectives. They are a very different beast than the main stream hacker and will
rarely be seen attending the larger hacker gatherings in the open. When one
thinks of information warfare, these are the people that are the primary threat.
They have a professionally crafted agenda and will have specifically selected
targets. They may use other less skilled hackers (knowingly or unknowingly) to
provide a smoke screen for their activities. They will operate from both the
inside and outside of a target and may coerce or buy help from insiders.
The "Freelance Hacker": The freelance hacker is a hired gun. They may
be given a target and objective and be compensated when the task is completed.
Or, they may open up a data pipe, allowing their customer to explore and
siphon out data of interest from a target. The freelancer is probably used by
individuals or groups that cannot afford to assemble an espionage team or who
want to maintain a greater distance from the hacking activity. Also, they have
been used by lawyers and private investigators to obtain information to support
criminal and civil suits.
The Virus Coder: Like the Phreaker, the Virus Coder constitutes a
separate breed of hacker. They may be exclusively interested in the development
of virus code. With the advent of highly interconnected systems and the use of
embedded application scripting languages we are now seeing the expansion of
virus coders into new technology areas. Trojans, worms and viruses - once
separate entities - are now being integrated together to create stealthy, fast
spreading, remotely deployable, and highly destructive pieces of code. Devices
BO2K, and Bubbleboy will be the
progenitors of highly integrated and multifaceted viral delivery systems.
The "Black Hat Hacker": This is a general term for a hacker that does
not follow the hacker code of ethics or who is involved in cracking.
The "White Hat Hacker": This is a general term for a hacker that does
follow the hacker code of ethics, or a hacker who is involved in securing and
protecting information systems.
The "Social Engineer": Social Engineering is often just a single skill
of hackers, but some have as much talent in this area as they do in the
technical field. Social Engineers exploit what is often the weakest point in
computer security - people. Preferring to work via phone, although some work
face-to-face and via email, the social engineer can obtain critical pieces of
information to compromise computer systems. It has been demonstrated repeatedly
that social engineering is a quick, low risk, and very effective method of
gathering passwords, technical and personal information. Even when passwords are
not directly obtained, personal information like pet names, hobbies, phone or
employee numbers can aid the hacker in guessing user passwords. A name, date of
birth and social security number is all that is required for the social engineer
to obtain personal and financial data which can lead to identity theft.
Trashing, the act of rummaging around in personal or corporate trash bins, often
provides the hacker with valuable information. Lists of user accounts, default
passwords, system/network details, corporate phone books and other information
commonly found in trash bins provide essential information for planning attacks.
The "Cypherpunk": The Cypherpunk is a separate class of
hackers, and may not generally associate themselves with hacker society as a
whole. The Cypherpunk is particularly interested in encryption, cryptography,
and the protection of privacy. This interest can range from active usage of
encryption algorithms, to the development of new algorithms and cryptography.
Recent contests sponsored by some of the major vendors of commercial encryption
tools has fired a significant interest in encryption and cryptography. Massive
distributed computing efforts have
been launched to break many of the common encryption algorithms. As of this
writing, one of these efforts against RC5-64 is running at 126.95 gigakeys per
The Cypherpunk is often associated with the protection of civil liberties,
and free speech. Many cypherpunks are libertarians, and are sponsers of
anonymous remailers, publicly available encryption, and strong protectors of
privacy and other democratic ideals. Privacy in an open society requires
anonymous transaction systems. -- Eric Hughes, A
Hacker society is extremely varied and may be more varied than most social
groups. It is constantly changing, splitting, rejoining and recreating itself.
The only common bond among hackers is the love of technology and an almost
genetic need to learn and explore. This need can not be quenched by laws, social
etiquette, or national boundaries. Even in countries with extreme penalties, the
hackers continue their craft. When properly harnessed the hacker can be a
powerful technological innovator. Otherwise, they have the potential to be
damaging to computer and network systems. If one is to either harness or defend
against the hacker, then understanding is critical. Regardless, hackers will
continue to push the boundaries of technology and socially acceptable behavior.
modified: Sat Jun 7 20:04:00 PDT 2003
[ Top ]