In his book “Cyberthreats and International Law” (Eleven International Publishing, 2012), Georg Kerschischnig wrote:
“Even before the computer age, the term “hack” had changed its meaning from a technology-based practical gag to a clever technical solution (LÃ¶wgren Jonas, Hacker culture(s): Origins, lecture notes, February 23, 2000). The term “hacker” was initially used for people who absorbed the early ICT and practiced programming, which In the early days of computing was more or less a prerequisite to purposefully using a computer. With time, a hackersubculture formed and proclaimed its own ethics,striking a balance between digital anarchism and moral principles. Its members were deeply devoted to technical progress through unrestricted and open access to technology, in particular through open source software, and loathed regulation and control.
However, the general perception of hackers changed over the years. As a form of early
network hacks, so-called “phone phreaking” , a telephone scam aimed at obtaining free
phone calls, caused public resentment. Hacking finally earned its bad connotation when
computer networks emerged and hackers started to use their skills to sneak into other
people’s computers. Since the coming of the Internet era, the mainstream media have used
the term “hacker” almost exclusively with the connotation of cybercrime.
Eversince, the hacking community hasstrongly disassociated itself from these activities,
pointing to its hacker ethics, and referring to malevolent hackers as“crackers” (LÃ¶wgren Jonas, Hacker culture(s): Dimensions, lecture notes, February 23, 2000).
But then, from a legal perspective, where should one draw the line? Hacking encompasses various activities that, from an objective point of view, have multiple illegal elements. Many legal
systems criminalize intruding other people’s computers, no matter what the intentions or
ethics behind it may be. Although this puts hackers and crackers in the same boat, a
functional way to distinguish malevolent from benevolent hackers has evolved, namely
the classification into “black hat” and “white hat” hackers. The notion of hats is adequate,
because a hacker can wear both of them, depending on the aim of his ambitions. Indeed,
also the concept of a “gray hat” isself-evident, but again negatesthe advantages of a clearer
Black hat hackers are the ones the mass media refer to when they report on hacking.
From the ICT industry’s point of view, they are the kind of hackers that create mischief.
They illegitimately break into systems, thwart security measures, and research software
flaws without necessarily apprising the software developer of their findings. The primary
goal of black hats, however, is not necessarily to make a profit from their activities. Still,
no matter what their intentions may be, breaking into systems to show off their skills,
practicing, or even only raising awareness about security flaws – many legal systems
prohibit online trespassing and the tampering with other people’s systems. This is why
black hat activities are objectively considered illegal. Yet, the subjective level is slightly
different: if a black hat starts using his knowledge to commit a “real” crime, the hacker
community usually “excommunicates” him, and classifies him as cybercriminal.
White hat hackers, on the contrary, are those hackers that actually contribute to ICT
security. Many of them are former black hats that decided to bring their skills into play in
order to make a legitimate living. Some of them choose to switch sides because of moral
convictions; others have been indicted for their black hat activities and are subsequently
offered jobs at ICT security companies or government agencies;28 and others might just
decide to turn their hobby into their profession. They work as security consultants or in
the software and Internet industry. Their job is to find software flaws and report them
before the black hats do, to counter intrusions, identify attackers, and audit the security
infrastructure of their customers. For the sake of simplicity, no distinction will be made,
unless necessary, and the word “hacker” will exclusively be used for the malevolent sort