Hacking is not a crime – and the media should stop using 'hacker' as a pejorative

Hackers are friends not foes, says Alyssa Miller in this opening argument for our latest debate

Register debate Welcome to the latest Register Debate in which writers discuss technology topics, and you – the reader – choose the winning argument. The format is simple: a motion is proposed, the argument for the motion is published today, and the argument against will be published on Friday.

During the week you can cast your vote using the embedded poll, choosing whether you're in favor or against the motion. The final score will be announced next Tuesday, revealing whether the for or against argument was most popular. It's up to our writers to convince you to vote for their side.

This week's motion is: Hacking is not a crime, and the media should stop using 'hacker' as a pejorative.

And now, arguing FOR the motion is ALYSSA MILLER...

Using the term “hacker” to describe cyber criminals is an unfortunate habit that plagues modern media. The accompanying imagery of hoodie-clad individuals hunched over computer displays in darkened rooms exacerbates the issue. The predominance of associating hacker with cyber criminals has exploded as cyber-attacks and breaches have become regular topics in mainstream media. However, using “hacker” in such a pejorative manner is perilous, both for its lack of precision and the counter-productive impact it can have on society.

Hacker has been used in connection with technology since at least the 1950s when a student in MIT’s Tech Model Railroad Club (TMRC) produced a dictionary of terms that defines both “hack” and “hacker.” At the time, the terms didn’t denote any form of criminality or ill intent. In fact in an annotated version of the dictionary that Peter Samson republished in September of 2005, he states his intended meaning of a hack as an “unconventional or unorthodox application of technology” and a hacker as one who “avoids the standard solution.”

However, since those beginnings, hacker has taken on more of a dual meaning. The concept of good and bad hackers is evident across society. The Oxford, Cambridge, and Merriam-Webster dictionaries each provide dueling definitions of hackers as both technology enthusiasts and criminal actors. Three popular hacker movies of the 1990s – Sneakers, Hackers, and The Net – depict conflicts between good hackers and criminal hackers. Including both noble and malicious actors under the same hacker umbrella confirms that hacking is a concept that is separate from one’s motivations or intentions.

The false equivalence between hacker and cyber criminal is also evident when, in some cases, the perpetrators of a crime may not be hackers at all. In a world where malware, ransomware, and other tools of the criminal trade are packaged and sold as commodity kits requiring no technological expertise, claiming the user of such a kit to be a hacker is dubious at best. Stating that hackers stole 3 million health records when the actors are not known is akin to claiming firearms enthusiasts robbed a bank simply because they were armed with guns.

Stating that hackers stole 3 million health records when the actors are not known is akin to claiming firearms enthusiasts robbed a bank simply because they were armed with guns

But it’s more than just the lack of precision that is problematic. Using hacker as a pejorative also distorts social views of hackers, fostering the belief that hackers are inherently malicious in nature. However, corporate America has shown us that clearly this is not the case. Hundreds of thousands of people are employed world-wide as so-called ethical hackers to help businesses find and remediate security vulnerabilities in their systems. Some organizations leverage bug-bounty programs, paying hackers that find and report security flaws in their systems. As Keren Elazari, security analyst and speaker put it, hackers are “the immune system of the internet.”

Allowing our media representations to portray hacker as equivalent to criminal actors makes the work of principled hackers even harder. For instance, in April of 2019, YouTube infamously banned “Instructional hacking and phishing” videos on their platform. Over the following months, many online content creators whose videos helped hackers learn the trade and advance their skills to perform better in their jobs, saw their channels demonetized and their content removed from the site. Thus, important resources for developing skilled defenders against cyber-criminals all at once were taken away.

It is important that the media be an active participant in accurately portraying the difference between hacking and criminal activity. Using inexact language and negatively influencing societal perception only serves to drive a wedge between those that count on technology to support their digital way of life and those best equipped to help defend it. ®

Cast your vote below, though you may want to wait until you see the against argument, published on Friday. You can track the debate's progress here.

JavaScript Disabled

Please Enable JavaScript to use this feature.

Alyssa Miller is a life-long hacker, security advocate, and cyber security leader. She is the Business Information Security Officer (BISO) for S&P Global Ratings and has over 15 years experience in security roles. She is heavily involved in the cyber-security community as an international speaker, author, and advocate. Alyssa is a member of the WiCyS Racial Equity Committee, Chapter Leader for Women of Security (WoSEC), and board member for Blue Team Con and Circle City Con. Her views, research, and career journey have been featured in “Tribe of Hackers: Blue Team”, SC Magazine, Cybercrime Magazine, and various other media appearances.

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022