As hacks abound--Rupert Murdoch, LulzSec, Anonymous--journalists are throwing the term around for any crime in which technology is involved, but there's some debate on the actual definition of the term. It's about time we unpacked its varied meanings. Murdoch is in the midst of a hacking scandal. Or is he? Can we really call it a "hacking" scandal? Or, did News of the World do something shady that doesn't exactly fall under the category of hacking?
There's a difference between social engineering and hacking. Sometimes people trick other people into giving them something they shouldn't. Like, in the case of NoTW, voicemail passwords. That's not hacking, but rather "social engineering," argues Adam Penenberg in Fast Company.
If what NotW, spammers, and phishers have done is hacking, then you've probably been guilty of hacking at one time or another, because this type of "social engineering" is all around us--on the train, on the web, in libraries, Congress, and on Madison Avenue. The panhandler on the subway hacked you when his sob story convinced you to fork over a buck.
Murdoch's "hacks" didn't really hack voicemails, but tricked people into providing passwords using various low-tech methods, continues Penenberg. And, just because these types of incidents involve "hackers" like LulzSec or Anonymous (or Murdoch), that does not necessarily mean a hack has happened. "I realize it's not always easy to know when something goes from simple social engineering to true-blue hacking, because incidents that involve hackers don't necessarily mean it's hacking."
A true hack involves breached servers and stolen data. Last week, when GigaOm reported a hack at the MIT library, Penenberg questioned the legitimacy of calling the incident a "hack." Digital activist Aaron Swartz had "hacked" into the Massachusetts Institute of Technology computer network and downloaded almost 5 million documents. "None of the sites were breeched, no data was stolen. Many--me included--would argue this doesn't qualify as a hack." For Penenberg, a genuine hack involves a data breach, like the Sony Playstation Network hack back in April--hackers broke into PlayStation's system and stole user credit card data--Now, that's a hack!
No, hacking is when people use technology to do shady things. As more people use technology to dupe people, the term can and should be applied to these situations, argues GigaOm's Matt Ingram. "The guy used software and other exploits to repeatedly disguise his PC and get around network blocks--that's not hacking... In common usage, hack refers to any unauthorized attempt to use technology for purposes other than those for which it was meant." Within these parameters the News of the World scandal falls into the category of hacking, but Penenberg counters that this definition is too broad. The New York Times's senior software architect Jacob Harris responded in a tweet, "What is the minimal level of complexity you want for something to be called a hack?" When does something move beyond security breach, into hack territory? It's a good question with no simple answer. Harris thinks Penenberg should lighten up. "Language morphs. I don't necessarily object to 'hack' being used for simple attacks (esp. if attack simple in hindsight), but...," he tweeted. As hack enters our lexicon, and as people begin using it in these broader terms, it will take on a new meaning, and as much as Penenberg wants us to use the "correct" definition, he may not be able to stop the natural development of language.