In the first episode of SwigCast, we took a closer look at that person in the black hoodie – the one hunched over a computer screen, typing sinister code… the hacker

Click play to listen now. Also available on SoundCloud and all major podcast platforms

The fight to reclaim the term ‘hacker’ starts here

In the early days of computing, ‘hacker’ was generally a positive term.

It started to gain traction through the Unix hack culture that took place at US universities in the ’60s and ’70s – an era recorded in free software guru Eric Raymond’s ‘A Brief History of Hackerdom’ and articles by GNU creator Richard Stallman, among others.

The inaugural edition of SwigCast – featuring an interview with ethical hackers Paul Johnston and Santiago Diaz – explores these ideas and delves into why better representations of hackers is needed today more than ever.

“Right now, ‘hacker’ is used in an entirely different connotation,” said Johnston.

“It’s not kept with its original meaning of someone who likes to look under the bonnet, or somebody who likes to tinker.

Johnston explained how the term ‘hacker’ is typically used today with a negative connotation, one that is predominately linked with criminality and the now all-too-familiar black hoodie stock image.

“Very occasionally, in non-mainstream media, you hear people using it in its original sense,” Johnston said.

Phreaks and Phrack

The once niche area of information security makes the origin of the term ‘hacker’ difficult to pin down.

But, according to the tech and science blog Many But Finite, the first known recorded usage of the word came in 1963 with an article that ran in MIT’s The Tech newspaper, and referred to the practice of phone phreaking.

“Many telephone services have been curtailed because of so-called hackers,” the article, dated November 20, reads.

“The hackers have accomplished such things as tying up all the tie-lines between Harvard and MIT, or making long-distance calls by charging them to a local radar installation.”

While this sounds more like students having a laugh, rather than the work of some evil mastermind, in the years that followed, the term hacker became synonymous with criminality – what’s more accurately described as a ‘cracker’.

Instead of hacking to find out how systems work, the ‘cracker’ was someone who would break into systems without authorization and with a general disregard for any of the resulting consequences of doing so.

‘Cracker’, however, was eventually replaced by the term ‘hacker’ in mainstream culture – a terminology that was well entrenched before ‘The Hacker Manifesto’ was published by the Phrack e-zine in 1986, as something of a rallying counter-cry to the criminal uses of the term.

The IETF Internet Users’ Glossary, which was published in January 1993, continued to attempt to reclaim the term hacker for the forces of light, defining it here as “a person who delights in having an intimate understanding of the internal workings of a system, computers, and computer networks in particular.”

But despite these efforts to reclaim the narrative, the term continues to be misused.

“The drift in meaning of the word hacker reflects an unfortunate shift in society as a whole,” Johnston said.

“Decades ago, almost every home garage was full of tools for tinkering with cars, lawnmowers, and home appliances.

“Tinkering was celebrated, and the word ‘hacker’ had a positive connotation,” he explained.

“In the modern era, cars and appliances are not user serviceable. They are sealed units with tinkerers locked out.

“And the once celebrated hackers are now a shadowy group to be feared.”

Does it even matter if the meaning of the term ‘hacker’ has become distorted?

Many people in the infosec community are to a less or greater extent resigned to the misuse of ‘hacker’, as The Daily Swig discovered when we canvassed opinions on social media.

Others joke that the term ‘hackers’ dates back to the era of Viking raids, or other outlandish explanations.

Johnston explained that the negative connotations were acting as a barrier for young people, stopping them from gaining the kinds of practical knowledge needed to excel in infosec.

“Some years ago, I remember being at career fairs trying to recruit pen testers, and we had sort of a few key skills that we were looking for, and our earlier experience had been that if people had these skills it meant that people had tried to learn stuff, that they had great understanding,” he said.

“And then at some point, we seemed to hit a point where people would turn up and they would kind of have the skills, they would have ticked the boxes, but they would not have the underlying understanding, and I feel that [what] this represented was a change in the education system.

“And it meant these people were educated to exactly hit these required skills, but they didn’t have the hacker mindset, and that was a massive barrier to them succeeding.”

This is a point that’s been echoed by the UK’s National Cyber Security Centre, which said at a recent university cybersecurity competition that the ‘geek stereotype’ was contributing to the skills shortage.

Correct use of the term ‘hacker’ also helps the public understand reports of digital crime. When ‘hackers’ make the news, it tends to be about a nation-state cyber-attack or major bank heist – these are arguably criminals and not hackers.

Trying to break into a system is, perhaps counterintuitively, the best way of finding security weaknesses and remediating them. That’s why ethical hackers play such an important role in cyber defense.

Diaz explained: “I think a very common perception of hackers is that you hack into something in the first place because you want to have some profit out of it, you’re gaining access into a system where you’re not authorized to go into in the first place.

“More and more people become aware that there is a whole consultancy industry in information security, and it might be strange even for tech savvy people, as you say, to listen to a description of a job where you are a hacker who is trying to find the bugs and the holes before actual hackers do it, and that’s a bit contradictory isn’t it?

“I think it has to do with the negative connotations that the world hacker has in the media, which is what people are used to hearing.”

The stock image

Creating an inclusive environment is important in filling the skills gap, but media representations of hackers, and their depiction of the wider infosec community, seldom boast diversity.

Visual representations are key to informing and creating narratives in a digital environment, and the pictures found in any stock image gallery tend to either criminalize or glorify hackers.

In addition, hackers are almost invariably depicted as young, white men. Minorities and women seldom get a look in.

The issue extends beyond image galleries. Hackers in hoodies – normally up to no good – are everywhere, from indie films and video games to mainstream media. More positive application of the term already exists – if you look long and hard enough.

One thing that’s come from left field within the hacker scene is nerdcore rap. As with any music genre, it’s a wide spectrum of different artists ranging from musicians that rap about games and comics, to ones rapping about hacking.

But is this enough? Is it time for us to reclaim the term ‘hacker’? Or is it time for the mainstream media to finally catch up?

SwigCast is a regular podcast that puts a variety of infosec topics under the microscope