A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. Crackers do this for profit, with malicious intentions, for some altruistic purpose or cause, to point out weaknesses in the system or just because the challenge is there.
The term cracker is not to be confused with hacker. Hackers are individuals who use a variety of computer and networking skills to solve a technical problem, whereas crackers employ their skills only to break in. They aren't concerned with what happens beyond that. As such, crackers are a type of hacker. Hackers may break in, making them a cracker, but then do something else when inside that makes them more than just a cracker.
Clifford Stoll tells a classic story of tracking down a cracker on the internet who broke into U.S. military and other computers in his book, The Cuckoo's Egg.
What does a cracker do?
Like hackers, crackers use many different methods to break into systems. Once inside, they may steal data, delete sensitive files, observe vulnerabilities, use proprietary software for free or do nothing. It doesn't matter -- if they broke into the system, they are a cracker.
A common example of cracking is jailbreaking a smartphone. Jailbreaking removes restrictions a manufacturer sets in the phone's software. By bypassing the restrictions, the user can perform more advanced functions on the phone or use it on a different network. The act of jailbreaking the phone is considered cracking.
Differences between hackers and crackers
The term hacker differs slightly from the term cracker. Hacker is a broader category that crackers fall into.
As previously mentioned, cracking covers the breaking-and-entering aspect of hacking, whereas hacking encompasses all the activity that precedes and comes after the break-in. Hacking includes manipulating the system once access has been gained. In the jailbreaking example above, the act of jailbreaking the phone is cracking, but what is done afterwards -- using the "cracked" device for something else -- falls under the umbrella of hacking.
Initially, the term hacker was applied to people who used their computing skills without malicious intent. That changed over time, and it was also applied to those with malicious intent. The term cracker was proposed to provide a distinction between skillful technologists with altruistic motives (hackers) and those with bad intent (crackers), but that distinction never gained much traction. Distinctions among the different types of hackers and crackers are usually referred to with the white hat, black hat, grey hat terminology.
However, it should be noted that people often don't distinguish between hackers and crackers, and they use these terms interchangeably. Also, although hackers and crackers, by definition, do not have to have malicious intent, some people assume malicious intent when either word is used in everyday context.
Types of crackers
The six main types of hackers are distinguished based on their intent and experience level. These six types also apply to crackers:
- Black hats. Black hat hackers and crackers have malicious intent. They break into a computer system aiming to harm it in some way. Black hats have been known to deface, disrupt and shut down websites and networks; steal and destroy data; expose vulnerabilities; and otherwise cause problems. Their motives are often financial gain; they also engage in cyberespionage.
- White hats. When the perpetrator has altruistic motives, they are often referred to as white hats. They break into a computer system aiming to strengthen it. They find vulnerabilities in the system and report them to the system's owner. The owner or administrator then reverse-engineers the cracker's methods to find out how they broke in, patch the vulnerabilities and strengthen network security. In hacking, white hats are sometimes labeled as ethical hackers. In many cases, white hats use legal means to gain access to systems. For instance, penetration testers (pen testers) are professional white hats, hired to test and strengthen corporate networks.
- Grey hats. Grey hats fall in between white and black hats. They generally do not have malicious intent, but they may exploit systems using illegal methods to find vulnerabilities. They are still not considered legitimate users by system administrators, no matter how valuable their findings. They may also release sensitive information to the public or sell it, unlike white hats, who would report back to the vendor or owner of the software or system.
- Red hats. Grey hats are sometimes referred to as red hats, a type of hacker that takes on a vigilante role. Red hats go after black hats and attempt to disarm them or otherwise bring them down. This term is more often used to describe hackers than crackers because it involves processes that go beyond breaking and entering.
- Green hats. Green hats are inexperienced hackers or crackers, seeking to gain experience and skills.
- Blue hats. Blue hats are inexperienced individuals who are not seeking to improve their skill level. Microsoft uses the term somewhat differently, employing blue hats to find vulnerabilities in unreleased products. The company also holds a BlueHat conference to bring together hackers and the company's engineers.
Crackers who do not have advanced knowledge of programming languages and computer systems are called script kiddies. They generally break into systems in simple ways, using preexisting hacking or cracking projects and scripts. Script kiddies need not be good or bad; they are simply crackers or hackers with limited know-how. Cracking might be more attractive to a script kiddie than hacking because hacking often involves more advanced knowledge and manipulation of the computer system.
TechTarget is responding to readers’ concerns as well as profound cultural changes when it comes to certain commonly used but potentially linguistically biased terms. In some cases, we are defaulting to industry-standard terminology that may be seen as linguistically biased in instances where we have not found a replacement term. However, we are actively seeking out and giving preference to terms that properly convey meaning and intent without the potential to perpetuate negative stereotypes.