Like any tightly-knit subculture, hackers have accumulated thousands of words, terms, and ideas that are unique to insiders and make up hacker slang. So if you listen to two hackers talk, it might sound like English, but might as well be a completely new language. While you don’t need to know the meaning of every word (e.g. “back orifice”), there are some terms that are sort of important for everyone to know. When you read about hacking in the news or happen across a forum discussion, words that are relevant to things that might affect you should also be familiar to you.
This isn’t an exhaustive list of hacker slang and I have also omitted terms such as “virus” because they have become a part of common parlance and most people know what they mean. Instead, I have focused on words that are still relatively niche and specific to hacking and cybersecurity. With that bit of context out of the way, let’s look at these important bits of hacker slang and what they actually mean.
This is the bad kind of hacker. You know, the sort that breaks into a system and steals stuff. Black Hats are the opposite of White Hats, who work to legally test and improve security. When the news reports on computer criminals and refers to them as “hackers”, it’s the Black Hat variety being discussed.
Backdoors are more or less what the name suggests. It’s a way into a secured system that goes around the usual security measures. Backdoors are added to a system during its development. Most of the time it’s a deliberate action by the legitimate owner of the system. So that they know they always have a way in. Obviously, backdoors are not published or revealed, but an intrepid hacker might discover one, which is really a sort of jackpot. Sometimes backdoors are put in without the owner of the system knowing about it. It might be someone who worked on the software and wanted to infiltrate it later. It might even have been placed there by the government. Either way, whoever knows about a backdoor can do a lot of damage if they wanted to.
The hacker slang word “Botnet” refers to a network of devices (computers, smart TV, etc) that are all infected with malware or otherwise put compromised so that a single hacker can control all of them. The devices on the botnet can act together in order to do some task. They can be used to spread malware, often in order to expand the botnet itself, but the most common use of botnets is in the DDoS or distributed denial of service attack. Here all the devices bombard an online server with access requests, overwhelming it and making it impossible for legitimate users to access the service.
Botnets are one of the main reasons you have to fill in those annoying “I am human” checks on websites.
Brute Force Attack
A brute force attack is one that takes the simplest and most direct approach to break a security measure. For example, a brute force attack on a combination lock with three digits would be to start at 001 and try every number up to 999 in order to figure out the code. In other words, it’s simple systematic guessing. In practice, modern security systems are too complex to use a brute force approach, but how long a brute force attack would take is still used as a measure of best-case security.
This refers to the “cracking” of a system. It’s used in the same sense as “crack the code” or “cracking the case”. It can be applied to all sorts of computer-related hacks. When hackers defeat the copy protection on video games, the solution is referred to as a “crack”.
Another term for Black Hat hackers is also “cracker”, but that’s fallen almost completely out of mainstream use. The term is of course also applied to passwords and encryption.
A shortening of the word cryptography, this hacker slang term refers to just about everything related to encryption. Encryption is the practical application of cryptography. In practice, it’s the act of scrambling information using a sophisticated recipe called an algorithm. Only someone with the key to unscramble the message can read it. Hackers both work to defeat crypto and use crypto to protect themselves. With the rise of cryptocurrencies like Bitcoin, crypto has also become shorthand for that as well.
Dark Web and Deep Web
The Dark Web is one of the main hacker strongholds on the web. Using sophisticated encryption technology, it consists of websites that can’t be found using a normal search engine. The Dark Web has become synonymous with black markets and other illegal activities. However, even before that practice became possible it served as a safe haven for hackers. Thanks to the strong anonymity technologies in place, hackers can meet and discuss their craft on the Dark Web with little fear of being exposed.
The Dark Web is part of the “Deep Web”, with which it is often confused. The Deep Web is far less sinister, however. It’s simply all the internet-connected assets that search engines can’t discover and index. When you log into your Gmail account and get past the password prompt, you’re on the Deep Web. Hackers often explore the Deep Web to uncover company intranets and secured government network sites.
The most famous hacker convention and still the one that makes the headlines every year. This is where hackers from all walks of life come to show off the exploits they’ve developed and to learn from each other.
DEFCON is of course not the only hacker conference in the world, but it’s the Comic-Con of the hacker world. Maybe too mainstream for some, but all the cool kids still pay attention to it.
Evil Maid Attacks
Despite the weird name, the “evil maid attack” is actually pretty easy to understand. The name comes from the idea that you have someone like a housemaid with physical access to your computer. If that computer is not secured against local physical access, that person can do what they want with it.
Evil maid attacks are the reason you should always lock your computer, phone or workstation when you’re away. Even then, special intrusion methods, such as malware-infected flash drives, can be used to attack machines that are locked as well.
You’ll hear the word “exploit” often in any discussion around hacking. Finding exploits is one of the primary activities of a hacker. An exploit is some method or approach that takes advantage of a weakness in a system. Hackers look for exploits either in order to make use of them for their own purposes or to warn the owner of the system in order to close the exploit.
Hacktivists are politically-motivated hackers who use their knowledge of computer security to achieve political goals. For example, a hacking group might break into a government system in order to extract information for whistleblowing purposes. They might launch a DDoS attack against a company they disagree with politically. The most famous hacktivist group is probably Anonymous, who has become the public face of the hacker community as far as the media is concerned.
Hashing is a style of food preparation where you chop up meat and then mix it with potatoes and spices. It’s often eaten as a breakfast dish, with eggs and toast.
Wait, hang on, no that’s the wrong thing. Hashing is a technique where you run a string of text (such as a password) through a special mathematical function. You then get value out at the other end. What makes hashing super useful is that it allows password-protected systems to validate your password without actually storing the password anywhere on the system.
When you try to log in and enter your password, the hash function is applied to whatever you type in. If the resulting value matches the stored one, you can come in. It’s impossible to convert the hash value back into the original password string, so having the hash values doesn’t really help other than giving you something to compare your brute force password guesses to.
What most people call “cybersecurity” hackers call infosec, which is, of course, short for information security. This is the overall practice of protecting the information, foreseeing risk and putting measures in place to prevent potential attacks. White Hats care about infosec because they are the ones implementing it. Black Hats care about it because it is the thing they want to defeat. Infosec is made up of practices like encryption, firewall implementation, and antivirus development, among others.
This is a term that actually has some mainstream spread as well. The general public probably knows it best in relation to Apple phones, tablets, and iPods. If you’ve never used an Apple mobile device before, you may not know that Apple pretty much completely controls what software you are allowed to run. You won’t find apps on their app store that, for example, let you emulate retro game systems.
Generally, this is referred to as a “walled garden”, but from the hacker perspective, this is a jail. So “jailbreaking” a system essentially means removing the control systems put in place by the maker of the device so that you can do what you want with it. The term can apply to anything from game consoles to an in-car entertainment system. If a hacker removes artificial restrictions from any digital system it is now jailbroken.
This is a corruption of “lol”, which is internet-speak for “laugh out loud”. One of the largest hacktivists groups, Lulsec, takes its name from this term as well.
When asked why they pulled off a particular hack, many hackers would say it was “for the lulz”. This means, basically, that is was done as a joke or simply because they could.
While it may sound like an English insult, the word “nonce” has a specific technical meaning. In cryptography, a nonce is a number value that is used only once and then discarded. One of the main uses for a nonce is in the authentication process. Since a nonce can’t be reused and usually goes with a specific timestamp, it means that hackers can’t use a replay attack to infiltrate a system. The nonce also has an important function in cryptocurrencies using block-chain technology.
This term is a fusion of penetration testing. “Penetration” refers to making it past network security measures and gaining access to the information within. White Hat hackers are hired to perform Pentesting, which simply means they try to hack the system without doing any actual damage to it. If they are successful, they will report to their clients how the hack was achieved and how it can be fixed.
Derived from the word “fishing”, phishing is social engineering exploit that tries to fool people into voluntarily handing over their username and password. Usually by way of an email that links to a fake replica of a real site. The victim types in their credentials and sends them straight to the hacker who set up the fake site in the first place. As with real phishing, most of your attempts aren’t going to be successful, but the small number of eventual hits are usually worth the wait.
Plaintext is the opposite of ciphertext. In other words, it’s a string of text that has no encryption at all and can be read by anyone. Sometimes when you read about data breaches in the news, you might see a phrase like “users passwords were stored as plaintext”, which means the hackers could see the passwords without having to break any sort of encryption.
Traditional emails are sent as plaintext, so that means anyone can intercept and read them. These days HTTPS encryption is practically the default standard, so finding things stored or transmitted in plaintext is pretty rare.
Another hacker slang corruption of an English word, “Pwned” comes from the word “owned”. It’s a common misspelling since the “o” and “p” keys are next to each other on a QWERTY keyboard. After a while, it became a word in its own right. To “Pwn” something is to defeat it. If a company “got pwned” it means a hacker broke their security and had their way with the data therein.
A RAT is a remote access trojan. A type of malware that infects a target machine and then, in turn, provides a backdoor for its master to take over that machine completely.
With the RAT on your system, the hacker has complete admin control. They can do just about anything, including watching you via the webcam or erasing all your data. The best-known RAT is probably the Back Orifice rootkit. Hey look at that, we ended up talking about Back Orifice anyway.
Ransomware is a particularly nasty form of malware that uses the power of encryption to really ruin someone’s day. The software quietly encrypts information on the victim’s hard drive. Then, when the time is right, it will flash a message to the user stating that if they do not pay a ransom amount, they will lose their information forever.
Payment is usually demanded in cryptocurrency. The malware is designed to set up a secure chat between the victim and hacker, without revealing their location or identity. As with all trojans, the software is usually hidden in something else that the user actually wanted. Infected email attachments are a common vector, but pirated software is also a common vector.
If you’ve read the entry above about “hashing” you’ll know it is a one-way process. You can’t derive the password from the hash value. So even if you steal the hash values, you have no idea which password text would generate a hash that matches it.
The most straightforward way to get past this is also the least practical. You get a piece of software that starts at one end of all the possible combinations of letters, numbers, and characters and then proceeds to hash them one-by-one until it finds one that produces the same hash as the one you have. Then you know that string will produce a hash that passes the password check. When a brute force password cracking attempt is made, the software takes a given guess and then runs it through the hash function. Then it takes the hash value and compares it against the stolen one. If they match the process ends and the password is cracked. Computing and comparing hashes like this take lots of processioning power and time.
Rainbow tables are a way to speed up slow password cracking. A rainbow table is a collection of password hashed and their matching strings that have been computed before. So if the password you are trying to crack is the same as a password that has been cracked before or a dictionary attack password that has already been computed.
If your password is the same as another one that produces the same hash value, it will be cracked in seconds. Since it takes very little computing power to simply look up entries in a huge table. So why doesn’t everyone use rainbow tables? Simply put, they are massive. Requiring multiple terabytes of storage. That’s less of an issue these days though.
Red and Blue Teams
A Red Team is a group of people who work against another organization with the purpose of helping them improve. Think of it as a form of wargaming. White Hat hackers organize themselves into a Red Team and then attack their client’s system as if they were really an enemy hacker group. On the other side is the Blue Team, who take on the role of defending the system from the Red Team. Just as in an army training wargame, no one is using real ammunition here. The Red Team exposes weaknesses in the system, while the Blue Team helps develop effective defenses against whatever the Red Team comes up with. If everyone does their job right, it makes it much harder for actual enemy hackers to defeat the security measures in place.
A replay attack is a pretty clever way to fool a network authentication system into letting you in or doing something you want it to. Basically, it works by recording the information sent by a legitimate user or system and then playing it back to the authentication system. Making it think you’re the legitimate user.
Replay attacks are pretty well understood and just about all authentication systems that are in use today have some sort of built-in countermeasure. Such as using a Nonce (see above) and including precise timestamps as part of each message, so that the same timestamp on a message means it will be rejected. Of course, replay attacks have become more sophisticated. In the recent past, the KRACK replay attack essentially made millions of WPA networks insecure.
One of the most powerful weapons in the hacker toolkit, a Rootkit is a collection of software tools that allow the hacker to gain low-level, all-powerful control over a computer, network or software product. Rootkits are almost impossible to detect as well, which means many victims don’t know they have been compromised. These days smartphones are often the target of Rootkits, which gives the hacker access to the victims entire life in some cases.
A derogatory hacker slang term aimed at people who call themselves hackers, but lack the knowledge and skill to do justice to the title. Script Kiddies use software, tools, and techniques that other people have created. Usually without really understanding the principles of what they are doing or how the attack works on a technical level. A “script” is a set of automated instructions to perform tasks on a computer. While hackers write scripts, Script Kiddies just copy and reuse them. Which is the original meaning of the term.
Side-channel attacks are some seriously creative and out-of-the-box approaches to hacking. Basically, it’s any method of getting secret information from hardware using a different “channel” that hasn’t been secured. For example, deducing the actual bits of data a hard drive is reading and writing based just on the sounds it makes.
Side-channel attacks work by defeating the security of a system by attacking a vector that the designers never even thought to secure.
There are plenty of established side-channel attack vectors and I’m sure as time goes by hackers will come up with more. For now, here’s a sample:
- Power monitoring – monitor power consumption to deduce information
- Electromagnetism – measure leaked electromagnetism to extract plaintext and crypto keys
- Optical attacks – using high-res photos and cameras to find sensitive data
Side-channel attacks are worthy of their own detailed article and are endlessly fascinating.
When you send an email, the actual bits of data that the email consists of having to travel as digital, electrical or optical pulses. They have to move through the networks and systems that stand between you and the destination computer. Along the way, anyone who has access to those networks can see each packet as it passes. This is known as sniffing and can happen in various ways.
Now, sniffing is actually a normal part of network administration. The network admin and the hardware controlling the flow of data need to know things about the packets in order to work properly, rather than just passing them blindly along.
Hackers can use sniffing to their advantage in various ways. For example, if you have a WiFi network without any encryption, anyone with a WiFi device and the right software can passively monitor that network communication. The same goes for public WiFi networks, even if they are password protected. Since everyone has the password for that network, so it might as well be open. It’s the cardinal reason you should use a VPN when on public WiFi.
The term for the theory and practice of attacking the humans in the loop of a system. Social engineering is basically a mix of psychology and confidence trickster lore that hackers can use to get all sorts of information out of people. Which is more often than no way easier than attacking technological measures such as firewalls and strong encryption. Basically, why try to crack the lock when the person who has the keys will hand them over if you fool them.
Cutting people out of security systems is a good way to limit the scope of social engineering. As is cybersecurity training of staff in businesses who may be targeted in this way.
The act of spoofing means to make it appear as if something is not what it really is. For example, email spoofing is a technique where an incoming email looks like it came from one person’s address, but was actually sent by a hacker. Location spoofing is a method that makes it look as if someone is in a different physical location than they really are. It’s digital identity fraud performed at the technological level.
A state actor is someone or a group of someones who have the backing of a sovereign nation-state to perform hacks. After a hack is detected, security experts or members of the hacking community might say something like “we think the attack was performed by a State Actor”, which just means that a government somewhere ordered it.
This hacker slang is a corruption of the word “wares”. Warez are illegal copies of software. This includes cracks for popular software packages and games. The cracks themselves and the pirated content are both considered warez. Sources of warez may also provide copies of malware, but that’s not what most people mean when they use the word.
Warez sites used to be prolific, but with an overall shift to subscription-based, always-connected services it’s becoming less viable. For example, cracked standalone versions of Adobe Photoshop were abundant, but the company has now permanently moved to its “Creative Cloud” model. Which means you couldn’t buy a standalone package even if you wanted to.
A holy grail of Black Hat Hacker and also known as a Zero-Day Exploit, this is a hacker slang word that refers to a vulnerability in a system or software that no one knew about until the attack actually begins. Which means there is generally no defense for it at first, leading to massive damage. This is why White and Grey Hat Hackers privately inform institutions of exploits they find so that the issue can be patched before being made public.
A malicious hacker that discovers a zero-day exploit basically has all their Christmases come at once. It’s an opportunity to have your way with the system you compromise.
So What’s the (Hacker Slang) Word on the Street?
Boy, that’s a lot of hacker slang. It’s a lot to take in at the same time, but hopefully, we’ve cut the list down to only the most useful words. After reading all of that you’re practically an honorary member of the hacker collective!
Which important terms would you suggest we add? Let us know down below in the comments. Lastly, we’d like to ask you to share this article online. And don’t forget that you can follow TechNadu on Facebook and Twitter. Thanks!