Hacker: Security expert
There is a third meaning which is a kind of fusion of the positive and pejorative senses of hacker. The term white hat hacker is often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Many such people are employed by computer security companies (such professionals are sometimes called sneakers).
White hat hackers often overlap with black hat depending on your perspective. The primary difference is that a white hat hacker claims to observe the hacker ethic. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem without requiring support from a system manufacturer.
An example of a hack: Microsoft Windows ships with the ability to use cryptographic libraries built into the operating system. When shipped overseas this feature becomes nearly useless as the operating system will refuse to load cryptographic libraries that haven't been signed by Microsoft, and Microsoft will not sign a library unless the US Government authorizes it for export. This allows the US Government to maintain some perceived level of control over the use of strong cryptography beyond its borders.
While hunting through the symbol table of a beta release of Windows, a couple of overseas hackers managed to find a second signing key in the Microsoft binaries. That is without disabling the libraries that are included with Windows (even overseas) these individuals learned of a way to trick the operating system into loading a library that hadn't been signed by Microsoft, thus enabling the functionality which had been lost to non-US users.
Whether this is good or bad may depend on whether you respect the letter of the law, but is considered by some in the computing community to be a white hat type of activity. Some use the term grey hat to describe someone on the borderline between black and white.
Jargon File definition
The following is the definition given by the most recent edition of the Jargon File (a dictionary of hacker jargon), which emphasizes the positive sense of "hacker". The definitions in this dictionary were not made through research into common usage, but reflect to some extent the opinions of its editors. Hence, the following is accepted by some but not all of the hacker community.
[originally, someone who makes furniture with an axe]
The term `hacker' also tends to connote membership in the global community defined by the net (see the network and Internet address). For discussion of some of the basics of this culture, see the How To Become A Hacker FAQ. It also implies that the person described is seen to subscribe to some version of the hacker ethic.
- A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
- One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
- A person capable of appreciating hack value.
- A person who is good at programming quickly.
- An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
- An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
- One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
- [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabe.
This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.
The earliest Stanford revisions of the Jargon file (1975) did not describe the term so positively, including only definitions 4, 5 and 8. The current definition was written in more or less its current form around 1980 at MIT. Definition 8 was "deprecated" in the 1990s by Jargon File editor Eric S. Raymond, a known advocate of the positive usage of "hacker".
Summary of terms
Guru, Wizard: Types of hacker in the positive sense.
Cracker, Black-hat: A hacker in the negative sense.
Script kiddie: A hacker, in the negative sense, with little or no skill. A script kiddie simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing.
White-hat, Sneaker, Grey-hat: A hacker who breaks security but who does so for altruistic or at least non-malicious reasons. The darker the hat, the more the ethics of the activity can be considered dubious.
Note also that even among users of the positive sense of "hacker", the noun hack usually means kludge and thus nearly always has a negative connotation. Meanwhile, the verb hack can share the same positive connotations.
Intruders and criminals
Note that many of these have since turned to fully legal hacking.