The language of hacking


cyber resilienceGuest Blog

Madeline Cheah, Senior Cyber Security Analyst, HORIBA MIRA, investigates the culture of hacking

Understanding the language of hacking is the key to understanding its culture. The terms hackers use and the way they communicate gives an insight into the way they work, and may even explain why they may seem like they are on the fringes of society. So, what is a hacker? What about a troll, a h4xx0r, a cracker, a hacktivist, a script kiddie, a phreaker, a SMisher or a n00b?

If I asked you what any of the above look like, would you immediately think of a pallid young man, wearing a face covering, working under the glare of the computer screen, and living in subterranean quarters? Would they be criminals or spies or otherwise working in a dark underworld of nefarious activity?

And if I asked you what a hacker does for a living? Would it be a response filled with yet more lingo, such as pwning sysadmins, click-jacking, (or lately, more likely crypto-jacking) or doxing?

The reality is different. A hacker is actually any person who creatively works around or overcomes limitations of systems to achieve new things. This creative person can be anyone at all, these new things could be benign, benevolent or malicious, and the word “systems” is not limited to software or even computer systems.

Of course, there are criminal individuals who do attack software systems for a variety of reasons. It’s why we have professionals who have made cybersecurity their business. But what skills are needed in the field of cybersecurity? We know about the engineers, the mathematicians and the computer scientists of course. However, judging by the wide range of activities that hackers are involved in, and the subculture that can be glimpsed through the words given above, it seems we also need experts in disciplines not typically considered “cyber”.

For example, design disciplines could help us with usable security, the end-goal being that even those who are not comfortable with technology and have little knowledge of the field are able to protect themselves in cyberspace. Psychology could help us understand the hacker mind-set, both for educational purposes and, like with traditional crime, digital forensic investigations. Linguistics could help us understand the origins of malware through computer fonts and messages, helping to distinguish between a “lone wolf” and a group acting with the tacit approval of a nation state.

Understanding of the law and what is required legislatively is essential on diverse fronts, from securing our products and services, to keeping our children safe from cyber-bullying, online harassment or worse. It is also a necessary ingredient in the exploration of the larger, societal questions such as the relationship between privacy, surveillance and human rights. Ethicists can help inform us about difficult issues such as employment of former convicted black-hats and putting them in charge of the sensitive information that companies usually hold close to their chest.

This brings us to the big question: where are we going to find all these people?

The field is, unfortunately, not yet diverse demographically, never-mind from a cross-disciplinary perspective. For example, statistics will tell you that only 11% of people working in cybersecurity are women. This is important because early research shows women may take a different approach to cybersecurity in their personal lives in.  For example, they are more likely to have privacy settings set up and up to date, and are more likely to restrict social media access appropriately. Having these experiences might mean that they also approach engineering and derive solutions in different ways.

There is also the issue of the number of unfilled positions – it is estimated that there will be 1 million to 1.5 million vacant roles by 2020. Diversifying the workforce could mean bringing in much needed, additional, qualified personnel.

So, how do we attract a more diverse workforce? It’s all about representation. Advertising with terms such as “cyber-ninja” is thought to have a negative effect on attracting diverse candidates. The use of tools such as Textio can flag up language that is biased either way, helping attract a diverse array of applicants. Images in the media (remember the man in the balaclava?) can be counter-acted with a professional take that welcomes expertise from multiple domains. Enthusiasm and passion for knowledge in the field should be stoked at all levels, from schoolchildren to those looking to have a second career. After all, as we move towards a world where there are smart watches, smart phones, smart cars, smart homes, smart offices, smart buildings and a “cloud” that encompasses every aspect of our lives, we are going to need people who have, in the language of hackers: m4d sk1llZ.