The Changing Meaning of “A Hack”


 

In our first briefing of 2020, we will take a look at how the meaning of the noun “hack” has changed over the past decade - and why it matters.



 

What’s the point?

 

Language is how we convey information. And by defining words to mean specific things, the narrative of stories can be controlled. In all human stories, “good” should win over “evil”. And the only differences between the stories are the definition of those words and their many proxies. Just like the definitions of words like “freedom”, “fairness” and “safety” have changed over history to match the social norms of the day, the changing meaning of the word “hack” can teach us a lot about the trajectory that we as a society are currently on.



 

Word origins

 

While linguists disagree on the specifics, the most popular current theory that the word “to hack something” or “a hack job” comes from woodworking with an ax. Temporarily functional but not necessarily reliable or beautiful furniture and tools can quickly be created in this manner.

From there, in the early 1980s, the word was adopted by the burgeoning field of information technology. The meaning changed to represent writing quick and dirty code that was functional but otherwise shared the characteristics of the above-mentioned furniture: It was neither stable nor beautiful nor maintainable.

People who wrote such code were the first to be called “hackers”.

There is a large overlap between those able to write quick and dirty code that still works and those that understand computer systems very well. Incidentally, understanding a system very well is a prerequisite to breaking its security measures. As such, the people who broke into computer systems gradually took over the term “hackers”.

Notably, quick and dirty code is still referred to as “hacked together” or “a hack” in programming circles to this day. The code used by those bypassing security was re-branded as an “exploit”.



 

The 2000s

 

In the early 2000s, the word “hacker” was further refined to keep up with the evolving requirements. At first, those hacking for unethical reasons were named “crackers” but ultimately the terms “black hat” and “white hat” made their way into common parlance.

At this point in time - before state actors became widespread - the world of hacking was still somewhat black and white and the language reflects it.



 

The 2010s

 

The mid- to late-2010s saw the proliferation of state actors and cyber warfare. With it, all terms were re-defined once again. The distinction into black hat and white hat was largely dropped by the general public (but is still common in information security circles). Instead, the better public understanding of hacking and its many implications removed the need for categorical labels. No one would think of sorting soldiers into “black hat” and “white hat” groups since we understand that the definition ultimately depends on both the speaker and whose side they are on. Similarly, as hacking partially became viewed as a sort of warfare, the labels of black and white were dropped.

At the same time, the word “hack” in common language shifted from meaning the singular act of breaking into one system towards representing the entire process of a coordinated attack. This recent BBC article on cyberattacks against Australia is a good example of the new language. The entire multi-day campaign is referred to as the “hack”. Interestingly, even the attacker is merely stated as “Fancy Bear” in the singular.



 

The future

 

The language changes indicate that the view of hacking has shifted from a non-governmental activity into a military context over the past 15-20 years. It appears reasonable to assume that this trend will continue. Just like “an army” executes “a strike”, “an APT” now executes “a hack”. What was called “a hack” just 10 years ago would now commonly be referred to as “an attack” which is part of the hack.

The words are sure to keep changing their meaning - like all words do - but the evolution of “hack” and “hacker” over the past 15 years paint a surprisingly clear picture of the slow mainstreaming and militarizing of information security.