Yes, let’s take these words back damnit! They are so often used incorrectly. Okay, I'm the first to admit, I'm not an expert when it comes to the English language. However, here's my take: First, "cyber" is NOT a noun. I think this is the first golden rule of "cyber" (ha! see, cyber noun is BAD). I've heard people saying things like, "This doesn't apply to "cyber." Cyber should be, first and foremost, a verb, like "cybersex" or "Hey baby, want to cyber?"
The grey area for me is using it as an adjective, like "cyberwar," "cyberwarrior," or "cyber attacks." I can see the point, it distinguishes war, warriors, and attacks from guns and ninja swords, to exploits and packets. However, it’s way over used, so please, please limit the usage of it as an adjective. As for the word “hacker,” the rule is simple, you can use it as a noun, "A hacker figured out how to transmit Zigbee packets." You can use it as a verb, "I want to hack my badge." We need to be careful not to use it to describe evil without another adjective. So, "Hackers gain unauthorized access to the bank." I'd prefer "evil hackers," but even then I have trained myself to use the word "attackers" instead.
The reason for my desire for clarity is that the definition of a hacker was someone who simply wanted to know how something worked years ago. Many times this involved breaking things to see how they worked. Also, in the early days of computers getting anything to work together usually involved taking apart other parts and cobbling them together. I remember my father working on old Triad systems and literally using a hack-saw to get what he needed out of them. He was (and still is) nuts and brilliant, and the man loved his hack-saws. The point is that when people call someone else a "hacker," I think of my father cussing and cutting out boards with a cigarette dangling from his mouth, then magically getting the damn thing to work. It was nuts and a bit scary. To this day it is the most impressive computer "hacking" I have ever seen. When someone equates that with a jackass who breaks into a system using a default password I get a bit pissed. The reason we need to fight to get this word back is because we need to show some respect for the people who were getting this "computer" stuff to work before it was cool, before there were Conferences and 20 podcasts on the topic.
And for the record, we do not need to call cyber-criminals (sorry Paul) hackers or even cyber-criminals for that matter. They are quite simply criminals. Do not make them any cooler or diversified than they actually are.
Originally discussed during episode 237
John Strand will be teaching SANS 660 Advanced Network Penetration Testing and Metasploit for Penetration testers This April in Reston, VA April 15 - 23.