The real meaning of “hack”

By Adam Penenberg
July 26, 2011

By Adam Penenberg
The opinions expressed are his own. This piece originally appeared in Fast Company.

Over the years I’ve published tens of thousands of words on “hackers.” I wrote “Hacking Bhabha,” a story about the “hack” of an Indian atomic research station, when gangs of computer miscreants went wilding through its servers, and the 1998 takedown of the New York Times website, which, for me, resulted in the threat of a justice department subpoena.

I interviewed Kevin Mitnick while he was still in prison and sat at my computer one night as someone who called himself MagicFX replaced eBay’s home page with his own that said: ”Proof by MagicFX that you can’t always trust people… not even huge companies.”

I profiled an IT consultant selling exploits to compromise software products as varied as Microsoft Office, Mozilla Firefox, SAP, and HP while working for HP in France. In my first book, Spooked, I dedicated a chapter to a hacker who was threatened by terrorists. I outed a guy who made up a whole magazine story about hackers extorting the corporations they penetrated, and fell for a hoax about a self-proclaimed online kiddie porn vigilante. And I’ve also been called a “talentless hack” by enraged readers, usually in invective-filled emails.

So if there are two words I’m familiar with, they’re “hack” and “hacker,” and I’ve done my fair share in graffitiing the web with their overuse. That’s why I say it’s time to re-examine how we use them, because they’re relied on far too often to describe all kinds of activities that don’t qualify as hacks or hacking. They’ve become so common they’ve lost all cachet–like ponytails and earrings on middle-aged dudes.

Think about it: Did Rupert Murdoch’s News of The World newspaper hacks “hack” voicemails, or did they trick people into providing passwords and conjured up various low-tech, “surprisingly dull” methods for fooling the phone system? When some numb-nuts spammer takes over your Facebook or Twitter account, do you really mean to say he hacked it, or did he access your account without permission by using brute force techniques to guess or steal your password? If a “phisher” commandeers your Hotmail or Gmail account to beseech people in your address book to wire money to London because you lost your passport, were you hacked or did he impersonate you to trick your contacts into wiring money?

If what NoTW, spammers, and phishers have done is hacking, then you’ve probably been guilty of hacking at one time or another, because this type of “social engineering” is all around us–on the train, on the web, in libraries, Congress, and on Madison Avenue. The panhandler on the subway hacked you when his sob story convinced you to fork over a buck. The spammer that got you to click to an online pharmacy hacked you. So do online marketers when they follow you around the web. A friend who borrows a student’s log-in credentials to access a university library database to pull up a few articles is a hacker. If you find yourself influenced by political ads or pontificating pundits on cable TV, you’ve been hacked. Have a craving for McDonald’s french fries? Maybe the millions the fast-food chain spends on advertising has a role in that. If so, you’ve been hacked.

While ridiculous examples, they aren’t that far afield from what NoTW minions did. I realize it’s not always easy to know when something goes from simple social engineering to true-blue hacking, because incidents that involve hackers don’t necessarily mean it’s hacking. When the group Anonymous unleashed attacks against sites operated by Hustler magazine, the Motion Picture Association of America, The Recording Industry Association (RIAA), and Sony, were those really hacks?

The attacks, known as distributed denial of service (DDoS), involve overwhelming sites with more traffic than they can stomach, the equivalent of convincing hundreds of thousands of people to call a single phone number at the same time, which would make it impossible for anyone to get through. None of the sites were breeched, no data was stolen. Many–me included–would argue this doesn’t qualify as a hack. (Others would).

But when hackers penetrated the Sony PlayStation Network in one of the all-time biggest data breaches in April, compromising 77 million user accounts, now that was a hack!

Recently, I had a discussion over Twitter with Gigaom writer Mathew Ingram, debating the use of the word “hack” to describe digital activist Aaron Swartz’s activities in a story Ingram wrote, titled “What Would Happen If You Hacked Into a Library?” In it, Ingram said that Swartz was “accused of hacking into the Massachusetts Institute of Technology computer network and downloading almost 5 million academic documents.” But nowhere in the criminal complaint (pdf) do prosecutors use the word “hack.” Instead, they claim that on several occasions Swartz visited MIT, hooked up his laptop to the network, registered under a pseudonym, and harvested millions of articles.

I told Ingram that if I were writing the story I might have used “accessed without permission,” “without authorization,” “illegally accessed,” or “tapped into,” but not “hacked.” Ingram replied, “The guy used software and other exploits to repeatedly disguise his PC and get around network blocks–that’s not hacking?” He added, “In common usage, hack refers to any unauthorized attempt to use technology for purposes other than those for which it was meant.” That’s too broad a definition, I replied. “Use your laptop as a step stool to break in to a building, by that definition you hacked the building.”

This prompted Jacob Harris, a self-described “news hacker” and senior software architect at The New York Times, to ask, “What is the minimal level of complexity you want for something to be called a hack?”

It’s a good question with no simple answer. In the 1990s there was a movement afoot to use “crackers” to describe those who maliciously break in to computers while saving “hackers” for those with a passion for tearing apart hardware, software, and products to see how they work. Alas, prescriptive attempts at influencing language rarely succeed, and this fell by the wayside. PC Magazine defines hacker, in part, as “any programmer … with a strong technical background who is ‘hacking away’ at the bits and bytes.” Merriam-Webster claims a hacker is either ” an expert at programming and solving problems with a computer” or “a person who illegally gains access to and sometimes tampers with information in a computer system.”

Promoting their own interests, some on the side of law enforcement define it way too broadly as “someone who gains unauthorized access to a computer system,” so if you ever as a practical joke changed your friend’s screensaver image to a picture of penguins playing the piano, you could be facing jail time. On the other end of the spectrum, there is the Pollyannaish “a person skilled with the use of computers that uses his talents to gain knowledge.” If I had my druthers I’d retrofit the Merriam-Webster definition of hacker to read: “A person who uses a computer to illegally gain access to and sometimes tamper with information in a computer system.”

Ultimately, though, barring a widely accepted definition (I won’t hold my breath) what I want is greater precision and the end of hack as a catchall to describe anything that has to do with computer security. If a hacker deploys a buffer overflow attack to penetrate a network, say that. If she deploys social engineering and fools an administrator into passing over passwords, write it. If he defaces a website, that’s the terminology you should use.

Because you can hack software, hardware, a car, radio, website, and even chicken. Whether you’re a journalist, blogger, or commenter, you should move beyond glib terminology to words that are more accurate and descriptive. It’s our job.

Adam L. Penenberg is a journalism professor at NYU and a contributing writer to Fast Company. Follow him on Twitter: @penenberg.

2 comments

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/

Good article Adam. For example – if a programmer wrote 100 lines to do a job, and another programmer does the same job in fewer lines of code, say 60 – it’s a hack. And hack does not necessarily mean use of technology. Even religion is a hack – for proper exploitation of it can make people behave or do things in a certain way. Human emotions such as love, fear, hate, anger, faith, trust – all can be exploited for hacking :)

Im reminded of the Fravia’s (fravia+) classic Reality cracking lab articles.

I hope this article is read by one and all.

rajsm, creator – MalCon.

Posted by MalCon | Report as abusive

[...] Fast CompanyNYU journalism professor Adam Penenberg writes that the News of the World phone hacking scandal is a sign that the word “hacking” has become a catch-all term for all sorts of computer-related trickery. In many cases, News of the… Read more Share this: Tweet this! [...]

I came across the title of this article and was curious. The first part of the article was all about Mr. Penenberg trying to convince us that he is an expert on hacking. All Mr. Penenberg convinced me is that he is a prolific writer and uses his interpretation of hack and hacker in his writings.

Mr. Penenberg is definitely correct in that these terms are overused and misused. What he fails to mention (or perhaps is not aware) that both terms were widely used long before becoming exclusively used in technology.

Back in the early 1980′s while I was at MIT, the terms hack, hacking and hacker were widely used, sometimes associated with technology but not exclusively. For more information on the “real” meaning of hack I would suggest reading the book “Nightwork” by T. F. Peterson.

Often in the English language, certain words have a standard definition or origin, but a more common use of the word that does not necessarily adhere to the strict definition or original use of the word. The collection of terms associated with the word hack have become exclusively associated with computers and the Internet, while at the same time lack a bounded definition.

For me, I’d change the Merriam-Webster definition of hacker and revert back to the original MIT definition: “…someone who does some sort of interesting and creative work at a high intensity level. This applies to anything from writing computer programs to pulling a clever prank that amuses and delights everyone…”. Quote courtesy of the MIT IHTFP Hack FAQ site (I came across the title of this article and was curious. The first part of the article was all about Mr. Penenberg trying to convince us that he is an expert on hacking. All Mr. Penenberg convinced me is that he is a prolific writer and uses his interpretation of hack and hacker in his writings.
Mr. Penenberg is definitely correct in that these terms are overused and misused. What he fails to mention (or perhaps is not aware) that both terms were widely used long before becoming exclusively used in technology.
30 years ago while I was at MIT, the terms hack, hacking and hacker were widely used, sometimes associated with technology but not exclusively. For more information on the “real” meaning of hack I would suggest reading the book “Nightwork” by T. F. Peterson.
Often in the English language, certain words have a standard definition or origin, but a more common use of the word that does not necessarily adhere to the strict definition or original use of the word. The collection of terms associated with the word hack have become exclusively associated with computers and the Internet, while at the same time lack a bounded definition.
For me, I’d change the Merriam-Webster definition of hacker and revert back to the original MIT definition: “…someone who does some sort of interesting and creative work at a high intensity level. This applies to anything from writing computer programs to pulling a clever prank that amuses and delights everyone…”. Quote courtesy of the MIT IHTFP Hack FAQ site.
I came across the title of this article and was curious. The first part of the article was all about Mr. Penenberg trying to convince us that he is an expert on hacking. All Mr. Penenberg convinced me is that he is a prolific writer and uses his interpretation of hack and hacker in his writings.

Mr. Penenberg is definitely correct in that these terms are overused and misused. What he fails to mention (or perhaps is not aware) that both terms were widely used long before becoming exclusively used in technology.
30 years ago while I was at MIT, the terms hack, hacking and hacker were widely used, sometimes associated with technology but not exclusively. For more information on the “real” meaning of hack I would suggest reading the book “Nightwork” by T. F. Peterson.

Often in the English language, certain words have a standard definition or origin, but a more common use of the word that does not necessarily adhere to the strict definition or original use of the word. The collection of terms associated with the word hack have become exclusively associated with computers and the Internet, while at the same time lack a bounded definition.

For me, I’d change the Merriam-Webster definition of hacker and revert back to the original MIT definition: “…someone who does some sort of interesting and creative work at a high intensity level. This applies to anything from writing computer programs to pulling a clever prank that amuses and delights everyone…”. Quote courtesy of the MIT IHTFP Hack FAQ site..

Posted by readyforthenet | Report as abusive

[...] was, no gratuitous plug here).   While in the technology section,I came across a blog titled “The real meaning of hack” by Adam Penenberg.  Anyone who knows me would realize that a blog title like this is a great way [...]

[...] The real meaning of “hack”Reuters Blogs (blog)Over the years I've published tens of thousands of words on “hackers.” I wrote “Hacking Bhabha,” a story about the “hack” of an Indian atomic research station, when gangs of computer miscreants went wilding through its servers, …and more » [...]