What the Hack?!

The Oxford Dictionary defines ‘hack’ as: “Cut with rough or heavy blows in an irregular or random fashion”.

A second meaning follows: “Gain unauthorized access to data in a system or computer.”

It is this second meaning, that has caused controversy among many: ‘Hack’ used to have a positive feel; working on a tech problem in a different, more creative way than what’s outlined in an instruction manual. Even non-tech problems: Lifehack for example.

Similarly, a ‘hacker’ used to mean a person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. ‘Rooting’ Android devices, ‘Jailbreaking’ iOS to overcome their limits.

The word ‘cracker’ was suggested for the malicious members of the computer underground. However, instead of a division between the two, the following categories and terms emerged, each one subtley different to the next.

So I wrote this blog to provide some insight into these differences, rather than lumping everyone into the (possibly evil sounding) “hacker” group.

  • White hat: A white hat hacker breaks security for non-malicious reasons; to test security systems, perform penetration tests, or vulnerability assessments, for themselves or for clients.
  • Black hat: In contrast with the white, a black hat hacker breaks computer security for maliciousness or personal gain.
  • Grey hat: A grey hat hacker is between a black hat and a white hat hacker. A grey hat hacker may hack a system to notify its admins about the security vulnerability, then might offer to fix it for a fee. Grey hat hackers sometimes publish their findings to the whole world, instead of the admins. Even though they may not be hacking for personal gain, unauthorised access to a system can be considered illegal, not to mention unethical — well it’s a… grey area.
  • Blue hat: Blue hat refers to security consultants who are invited to test a system for exploits before its launch.
  • Elite hacker: Elite (1337 in Leet, see below) is used to describe the most skilled hackers.
  • Leet: A system of modified spellings where characters are replaced by similar looking glyphs. Also known as eleet or leetspeak.
  • Script kiddie: A script kiddie is an unskilled hacker who breaks into computers by using automated tools or scripts created by others, usually with little or no understanding of the underlying concept.
  • Neophyte: Someone who is new to hacking (also known as newbie or noob / n00b).
  • Hacktivist: A hacker who utilises technology to publicise a social, ideological, political or religious message.

Crystal clear right? Good! Because this is the first in a series of blogs I’ll be sharing where I’ll be referring back to these terms and definitions.

Until the next time, stay secure!

PUBLISHED BY

tunc

2 Apr. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more