Writers Talk About Writing
The Language of Cyber-Malfeasance
I have only a glancing relationship with the fascinating world of computer security. But I've realized recently that even we non-experts have a pretty rich vocabulary for the many flavors of ill intent in the world of computers and beyond.
Let's start with the bad guys themselves. These days, someone who breaks into computers is a hacker, even in the industry press. Frustrated purists insist that hacking is a misunderstood term and suggest (largely in vain) that a better word is cracker, i.e., one who cracks the security on a computer.
In his book Hackers: Heroes of the Computer Revolution, Steven Levy says that a hack is old (pre-computer) M.I.T. lingo for an elaborate prank. This term got to be applied to any feat that showed panache and technical virtuosity. (A classic hack was to pick locks just for fun, and a guide to lock picking, allegedly from M.I.T., has been floating around for decades.) The free-software guru Richard Stallman summed it up this way: "Playfully doing something difficult, whether useful or not, that is hacking." This sense of hack and hacking translated easily to computers when they arrived.
But by the early 1980s (and to the community's alarm), the term had taken on sinister overtones, and the sense of "breaking in" became firmly established in the common parlance. Soon enough, however, various retronyms established themselves, and these days we have ethical hackers and white-hat hackers who use their powers to test security or report on vulnerabilities. Using the same cowboy-movie metaphor, black-hat hackers are the true bad guys. (Within the programming community, a hack continues to have multiple meanings, not all bad, as suggested by the entry for hack in the Jargon File.)
One motivation for hacking is to simply steal information from your computer. Or hackers might break into a website to deface it, or hijack the site and steal its traffic. A more sophisticated hack is to plant software that carries out the hackers' evil intentions, for which the general term is malware. We all know about viruses, which infect your computer and then run the code that's in their payload. Although the term virus is often used as a general synonym for malware, a more precise definition is that a virus is malware that can replicate itself and spread. A virus requires human intervention before it can spread; in contrast, a worm is a type of malware that can spread itself automatically to other computers on a network.
To get a virus onto your computer, a hacker might create a Trojan horse (or just Trojan), which looks like legitimate software but isn't. An insidious form of Trojan is scareware, which displays a legitimate-looking banner on your computer that reports "Your computer is infected!" and then offers to "clean" your computer. When you click the button to agree, the program actually installs a virus.
A virus might install a keylogger (a form of spyware) that records your keystrokes (including any web addresses and passwords you enter) and transmits them to the hacker. Or the virus might simply turn your computer into a zombie that passively awaits orders from a remote controller. Hackers try to create networks of zombies — botnets — that can be used to do things like send reams of email. Botnets can also be used to attack a website by swamping the site with requests in order to overload the site's servers. This is referred to as a denial of service (DoS) attack, or when it comes from a botnet, a distributed denial of service attack (DDoS).
As noted, the color of a hacker's hat might vary. "Anonymous" is the name of a cooperative that has used DoS attacks against PayPal, Amazon, Visa, and MasterCard, often in support of the Wikileaks site. This type of hacking is sometimes known as hacktivism. And it's believed by some that the Stuxnet worm was specifically created to infect and disrupt computers in the Iranian nuclear program, an effort that some have labeled patriot hacking. (The ethics of these types of hackery is left as an exercise for the reader.)
But there's more badness than just breaking into computers. In email, and as we all know, the floods of messages enabled by botnets are known as spam, a term that we seem to owe to the classic Monty Python skit of that name. A lot of spam hopes to sell you things, but spam is also a vector for social engineering, broadly defined as trying to get victims to do some of the hackers' work for them. One scam is to lure the recipient into visiting a website that can infect the user's computer with a virus. Another scam is phishing, or trying to fool users into entering passwords or credit-card numbers, usually by directing the user to a website that looks legitimate but of course isn't.
Any site that hosts conversations between people can have its woes. Internet groups and blog comments are often disrupted by trolls, who deliberately make inflammatory posts in order to stir things up. (The standard advice to ignore these people is usually phrased as "don't feed the troll.") To avoid being banned, a troll might create sockpuppets, or alternate identities. (People also create sockpuppets to make it look like different people support the poster's viewpoint, or just to stuff restaurant or book reviews.) Even if people aren't deliberately disruptive, Internet communications seem to somehow encourage people to flame one another via personal attacks, which can lead to flame wars, which are free-for-alls of hostile posts and counter-posts.
It isn't always about computers. Telephone networks have their own set of hacks. An activity that started in the 1960s was phreaking (phone + freaking), which was an attempt to crack phone networks — for example, by manipulating the tone system to get free long distance service. (Long before they founded Apple together, Steve Jobs and Steve Wozniak bonded in high school over their interest in phreaking and in the blue boxes created for this pastime.)
Not all hacking has evil intention. A mild prank is to get someone to click a link that just lands them on something unexpected (and supposedly funny). An early variation was to duckroll someone, leading the victim to a picture of a duck on wheels. If the link leads to a video of Rick Astley singing "Never Gonna Give You Up," the victim has been rickrolled. (As one person explained, "This is usually considered a major let-down.") While these are not particularly elegant hacks, they do at least conform to the early hacking spirit of harmless fun.
And of course bad intentions always keep up with the times. As people have moved from computers to smartphones, malfeasance has expressed itself not only in the usual hacking vectors like phishing, but in new ones like sexting and cyberbullying, not to mention the scandalous hacking of voicemail systems that brought down Robert Murdoch's News of the World. Whatever technology we might be using in 50 years, you can be sure that there will be plenty of people trying to exploit it for underhanded purposes, and that we'll have new terms to describe it.