Defining "Hacking"

Hacking is, unfortunately, a loaded term. Most unfortunately, much of the loading was done by the mass media looking for yet another scary crime story. We need to set the record straight, and separate a special kind of knowledge, mindset, and skill from ill-advised, nuisance, or criminal behavior that might abuse this knowledge.

A doctor knows ways to harm humans, and might criminally abuse this knowledge. A locksmith is equipped to crack banks' vaults. A policeman is trained to use and is armed with deadly weapons. Yet neither of them is defined by the potential misuse of the special skills they possess. Similarly, hacking is a special technological skill that can be misused, but should not be defined by its misuses.

For our discussion throughout this site, we use the term hacking to refer to the skill to question security and trust assumptions expressed in software and hardware, including processes that involve a human-in-the-loop (a.k.a. "social engineering").

Trust

Trust plays a huge role in societies and economies. It plays an equally large or larger role in software and computer engineering, since no engineer would be able to build a complex system without relying on the components outside his/her control or scope of expertise to operate as expected. Wrong trust assumptions lead to disasters in both societies and technologies; ubiquitous lack of trust ("low trust") makes it hard to both bootstrap successful social structures and build complex systems (if nothing about the system's state can trusted, its internal logic cannot meaningfully function; if nothing about a processing pipeline can be relied on, processing cannot meaningfully proceed).

Engineers, in particular software engineers, have formalized their trust assumption as "layer models" their system designs follow, such as the 7-layer "ISO networking model" (e.g.,[1] [2], etc.) The borders of these layers become natural boundaries of trust (blocks below boundaries are counted on developers to not "move"), and of expertise.

It is the essence of the hacker mindset and skill to question such assumptions of engineering trust.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License