The Most Important Hacker Slang to KnowLike any tightly knit subculture hackers, thousands of words and ideas have accumulated which are unique to insiders and make up hacker slang. So if you listen to two hackers chat, it might sound like English, but it might be a whole new language as well. Although you don’t need to know the meaning of each word (e.g. “back orifice”), some terms are important for everyone to know. You should also be familiar with terms when you read about hacking in the news or happen through a forum discussion which are important to issues that might concern you. This is not an exhaustive list of hacker slang and I also omitted terms like “virus” because they have become part of common language and most people know what it means. Instead I focused on words that are still relatively niche and that are specific to hacking and cybersecurity. Let’s look at these important bits of hacker slang with that bit of context out of the way and what they actually mean.
Black Hat
Botnet
“2/2.641.jpg” The hacker slang term “Botnet” refers to a network of devices (smart TV machines, etc.) that are all malware-infected or otherwise hacked so that a single hacker can monitor them all. The devices on the botnet can act together to accomplish some task. These can often be used to spread malware and extend the botnet itself but the most common use of botnets is in the DDoS or distributed service denial attack. Here all the devices bombard an online server with access requests that overwhelm it and make access to the service impossible for legitimate users.
Brute Force Attack
“2/2.642.jpg” A brute force assault is one that takes the simplest and most direct approach to breaking a security measure. For instance a brute force attack on a three-digit combination lock would be to start at 001 and try each number up to 999 to figure out the code. That is simple systematic guessing, in other words. Modern security systems are too complex in practice to use a brute force approach but how long a brute force attack would take is still being used as a measure of best-case safety. Fixing “2/2.643.jpg”
This refers to a system’s “cracking.” It is used in the same way as ‘ crack the code ‘ or ‘ crack the case ‘ It can be applied to all kinds of hacks relating to computers. When hackers defeat video games copy protection the solution is called a “crack.” Another term for Black Hat hackers is also “cracker” but that’s fallen out of mainstream use almost completely. Naturally the term applies also to passwords and encryption.
“2/2.644.jpg” This hacker slang term refers to just about everything related to encryption, shortening the word cryptography. Encryptioncryptocurrencies such as Bitcoin crypto are also becoming shorthand for that too.
Dark Web and Deep Web “2/2.645.jpg” One of the major hacker strongholds on the web is the Dark Web. It consists of websites that can not be found using a normal search engine, using sophisticated encryption technology. Black markets and other illegal activities have become associated with the Dark Web. However it served as a safe haven for hackers even before that practice became possible. With little fear of being exposed, thanks to the strong anonymity technologies in place hackers can meet and discuss their craft on the Dark Web. The Dark Web is a part of the “Deep Web,” often confused with it. However the Deep Web is much less sinister. It is literally all of the internet-connected properties that search engines are unable to locate and index. You are in the Deep Web when you log in to your Gmail account and get past the prompt for password. Hackers frequently explore the Deep Web to uncover intranets of companies and secure government networking sites. DEFCON:
2/2.647.jpg In spite of the strange name the “evil maid attack” is in fact quite easy to understand. The name comes from the idea that you’ve got someone with physical access to your computer like a homewife. If that computer is not secured against physical local access that person can do with it what they want. Evil maid attacks are the reason your computer phone or workstation should always be locked when you’re away. Even then, special methods of intrusion, such as malware-infected flash drives, can be used to also attack locked machines.
Exploit You will often hear the word “exploit” in any hacking debate. Finding exploits is one of a hacker’s prime activities. An exploit is some process or solution that harnesses a system’s vulnerability. Hackers are either looking for exploits to use them for their own purposes, or to warn the system owner to close the exploit.
Hacktivist
Exploit You will often hear the word “exploit” in any hacking debate. Finding exploits is one of a hacker’s prime activities. An exploit is some process or solution that harnesses a system’s vulnerability. Hackers are either looking for exploits to use them for their own purposes, or to warn the system owner to close the exploit.
Hacktivist
“2/2.648.jpg”
Hash
Hash is a food preparation style where the meat is chopped and then mixed with the potatoes and spices. It is often eaten along with eggs and toast as a breakfast dish. Wait hang the wrong thing on no. Hashing is a technique in which you execute a text string (such as a password) through a special math function. Then at the other end, you get value out. What makes hashing super useful is that it allows password-protected systems to validate your password without storing anywhere on the system the password.
Infosec
What most people call “cybersecurity” hackers are called infosec which is, of course, short for security of information. This is the general practice of protecting the risk-predicting information and putting in place measures to prevent potential attacks. White Hats are obsessed with infosec, because they are the ones who enforce it. Black Hats are concerned about it, because they want to defeat this thing. Infosec consists of practices such as implementation of firewall encryption and the development of antivirus among others.
“2/2.649.jpg” This is a term which also has a certain mainstream spread. The general public probably knows best about tablets and iPods in relation to Apple phones. If you’ve never used an Apple mobile device before you know that Apple controls pretty much what software you’re allowed to run. You won’t find apps that let you emulate retro game systems, for example, on their app store. This is generally referred to as a “walled garden” but from the hacker’s point of view this is a prison. So “jailbreaking” a system essentially means removing the control systems set up by the device’s maker to allow you to do what you want with it. From game consoles to an in-car entertainment system the term can apply to anything. It is now jailbroken if a hacker removes artificial restrictions from any digital system.
While the word “nonce” may sound like an English insult it has a specific technical meaning. In cryptography a nonce is a value of numbers that is only used once and then discarded. In the authentication process one of the main uses for a nonce is. Since a nonce can not be reused, and usually accompanies a specific timestamp, it means hackers can not use a replay attack to infiltrate a system. In cryptocurrencies the nonce also has an important function using block-chain technology.
Pentest
Penetration testing is a fusion term. “Penetration” refers to making it past measures for network security and gaining access to the information within. White Hat hackers are hired to perform Pentesting which simply means they are trying to hack the system without actually doing any harm to it. If they succeed they will report to their customers how the hack has been achieved and how it can be fixed. Phishing
“2/2.650.jpg” The term “fishing” is a social engineering exploit that attempts to fool people into voluntarily passing on their username and password. Usually by email linking to a fake replica of a real site. The victim types in their credentials and sends them directly to the hacker who initially set up the fake site. Like real phishing, most of your attempts won’t be successful, but the small number of possible hits is usually worth waiting for.
Ciphertext is the opposite of plaintext. In other words, it is a string of text that has absolutely no encryption and can be read by anybody. Sometimes you might see a phrase like “users passwords were stored as plaintext” when you read about data breaches in the news, which means the hackers could see the passwords without breaking any kind of encryption. Traditional emails are sent as plaintext so anybody can intercept them and read them. HTTPS encryption is practically the default standard these days so it’s pretty rare to find things stored or transmitted in plaintext.
Pwned Another hacker slang corruption of the word “Pwned” in English comes from the word “owned.” It is a common misspelling since on a QWERTY keyboard the “o” and “p” keys are next to each other. It developed into a word in its own right after a while. To “Pwn” is to defeat something. If a company “got pwned” it means that a hacker broke their security and had its way with the data. RAT
A RAT is a Trojan Remote Access. A type of malware that infects a target machine, and then provides its master with a backdoor to take over that machine altogether.
Ransomware
“2/2.651.jpg” Ransomware is a particularly nasty form of malware which uses the encoding power to really ruin someone’s day. The software quietly encrypts information on a hard drive of the victim. Then when the time is right it will flash a message to the user stating that they will lose their information forever if they do not pay a ransom amount.If your password is the same as another one that generates the same hash value, then in seconds it will crack it. Simply look up entries in a huge table, since it takes very little computing power. So why is it that not everyone uses rainbow tables? Put simply, they’re huge. Multiple terabytes of storage available. But that is less of a problem these days.
Red and Blue Teams
A Red Team consists of a group of people working against another organization to help them improve. Call it a kind of wargaming. White Hat hackers organize themselves into a Red Team and then attack the system of their clients as if they really were an enemy group of hackers. On the other side is the Blue Team which assumes the role of defending the Red Team system. Just as nobody uses real bombs here in an army training wargame. The Red Team is exposing system weaknesses while the Blue Team is helping to develop effective defenses against whatever the Red Team comes up with. If everyone does their job correctly it makes it much harder for real enemy hackers to bypass the existing security measures. Replay Attack
A replay attack is a pretty clever way of fooling a network authentication system into allowing you to in or do something you want. Basically it works by recording the information sent to the authentication system by a legitimate user or system and then playing it back. To make it think that you are the legitimate user. Replay attacks are quite well understood and there’s some kind of built-in countermeasure in just about all authentication systems in use today. Such as using a Nonce (see above) and including precise timestamps as part of each message so that it will be rejected with the same timestamp on a message. The replay attacks have of course become more sophisticated. The KRACK replay attack in the recent past has in essence made millions of WPA networks unsafe.
“2/2.652.jpg” One of the most powerful weapons in the Rootkit hacker toolkit is a collection of software tools enabling the hacker to gain all-powerful low-level control over a computer network or software product. Rootkits are also nearly impossible to detect which means that many victims don’t know they’ve been compromised. Smartphones are often the target of Rootkits these days which in some cases gives the hacker access to the victims all life.
Script Kiddie A derogatory slang term for hackers aimed at people who call themselves hackers but lack the knowledge and ability to do the title justice. Script Kiddies use the software tools and techniques created by other people. Usually without really understanding what they do, or how the attack works on a technical level. A “script” is a set of automated instructions for executing computer tasks. While hackers are writing scripts Script Kiddies are simply copying and reusing them. Which is the term’s initial meaning.
Side-Channel Attack
Some seriously creative and out-of – the-box hacking approaches. Basically it’s any way that hasn’t been protected to get secret information from hardware using a specific “net.” For example, deducting the actual bits of data a hard drive reads and writes based only on the sounds it produces. There are plenty of established side-channel attack vectors and I am sure more will come up as time goes by hackers. For now here’s a sample: Power monitoring monitoring power consumption to deduce information Electromagnetism measuring leaked electromagnetism to extract plaintext and crypto key Optical attacks using high-resistance photos and cameras to find sensitive data Side-channel attacks are worthy of their own detailed article and are endlessly fascinating. Social Engineering
“2/2.653.jpg” The term used in a system’s loop for the theory and practice of attacking the human. Social engineering is basically a mixture of trickster lore for psychology and trust that hackers can use to get all kinds of information out of people. That is easier than attacking technological measures such as firewalls and strong encryption more often than not. Basically why try cracking the lock when if you fool them, the person who has the keys hands them over. Cutting people out of the safety systems is a good way to limit social engineering’s scope. As is the cybersecurity training of workers in businesses which can be targeted in this way. Spoofing
The spoofing act means making it appear as though something is not what it really is. For instance, email spoofing is a technique in which an incoming email looks like it came from the address of one person but was actually sent by a hacker. Spoofing location is a method which makes it look like someone is in a different physical location than they really are. It’s the technical stage digital identity theft executed.
State Actor State actors are somebody or a group of people who have the support of a sovereign nation-state to hack. After a hack is detected, security experts or hacking community members might say something like “we think the attack was carried out by a State Actor,” which simply means that it was ordered by a government someplace.
Warez
This hacker slang is a “wares” word corruption. Warez are machine copies which are illegal. It includes cracks for the popular games and software packages. Both the cracks themselves and the pirated content are deemed warez. Warez sources may also provide malware copies but that is not what most people mean when using the word.
Zero-Day Attack
A holy grail of Black Hat Hacker and also known as the Zero-Day Exploit is a hacker slang word that refers to a system or software vulnerability that nobody knew about until the attack actually started. Which means that at first there is generally no defense for it which leads to massive damage. That’s why White and Grey Hat Hackers privately inform institutions of the exploits they find so they can patch the issue before it becomes public. A malicious hacker discovering a zero-day exploit has basically all of his Christmases coming at once. It’s a chance to have your way with the system that you are compromising. So, What’s the Street Word (Hacker Slang)?
Boy that’s a lot of slang from hackers. At the same time it’s a lot to take in but hopefully we’ve cut the list down to just the most useful words. You are practically an honorary member of the hacker collective after reading all of that!If your password is the same as another one that generates the same hash value, then in seconds it will crack it. Simply look up entries in a huge table, since it takes very little computing power. So why is it that not everyone uses rainbow tables? Put simply, they’re huge. Multiple terabytes of storage available. But that is less of a problem these days.
Red and Blue Teams
A Red Team consists of a group of people working against another organization to help them improve. Call it a kind of wargaming. White Hat hackers organize themselves into a Red Team and then attack the system of their clients as if they really were an enemy group of hackers. On the other side is the Blue Team which assumes the role of defending the Red Team system. Just as nobody uses real bombs here in an army training wargame. The Red Team is exposing system weaknesses while the Blue Team is helping to develop effective defenses against whatever the Red Team comes up with. If everyone does their job correctly it makes it much harder for real enemy hackers to bypass the existing security measures. Replay Attack
A replay attack is a pretty clever way of fooling a network authentication system into allowing you to in or do something you want. Basically it works by recording the information sent to the authentication system by a legitimate user or system and then playing it back. To make it think that you are the legitimate user. Replay attacks are quite well understood and there’s some kind of built-in countermeasure in just about all authentication systems in use today. Such as using a Nonce (see above) and including precise timestamps as part of each message so that it will be rejected with the same timestamp on a message. The replay attacks have of course become more sophisticated. The KRACK replay attack in the recent past has in essence made millions of WPA networks unsafe.
“2/2.652.jpg” One of the most powerful weapons in the Rootkit hacker toolkit is a collection of software tools enabling the hacker to gain all-powerful low-level control over a computer network or software product. Rootkits are also nearly impossible to detect which means that many victims don’t know they’ve been compromised. Smartphones are often the target of Rootkits these days which in some cases gives the hacker access to the victims all life.
Script Kiddie A derogatory slang term for hackers aimed at people who call themselves hackers but lack the knowledge and ability to do the title justice. Script Kiddies use the software tools and techniques created by other people. Usually without really understanding what they do, or how the attack works on a technical level. A “script” is a set of automated instructions for executing computer tasks. While hackers are writing scripts Script Kiddies are simply copying and reusing them. Which is the term’s initial meaning.
Side-Channel Attack
Some seriously creative and out-of – the-box hacking approaches. Basically it’s any way that hasn’t been protected to get secret information from hardware using a specific “net.” For example, deducting the actual bits of data a hard drive reads and writes based only on the sounds it produces. There are plenty of established side-channel attack vectors and I am sure more will come up as time goes by hackers. For now here’s a sample: Power monitoring monitoring power consumption to deduce information Electromagnetism measuring leaked electromagnetism to extract plaintext and crypto key Optical attacks using high-resistance photos and cameras to find sensitive data Side-channel attacks are worthy of their own detailed article and are endlessly fascinating. Social Engineering
“2/2.653.jpg” The term used in a system’s loop for the theory and practice of attacking the human. Social engineering is basically a mixture of trickster lore for psychology and trust that hackers can use to get all kinds of information out of people. That is easier than attacking technological measures such as firewalls and strong encryption more often than not. Basically why try cracking the lock when if you fool them, the person who has the keys hands them over. Cutting people out of the safety systems is a good way to limit social engineering’s scope. As is the cybersecurity training of workers in businesses which can be targeted in this way. Spoofing
The spoofing act means making it appear as though something is not what it really is. For instance, email spoofing is a technique in which an incoming email looks like it came from the address of one person but was actually sent by a hacker. Spoofing location is a method which makes it look like someone is in a different physical location than they really are. It’s the technical stage digital identity theft executed.
State Actor State actors are somebody or a group of people who have the support of a sovereign nation-state to hack. After a hack is detected, security experts or hacking community members might say something like “we think the attack was carried out by a State Actor,” which simply means that it was ordered by a government someplace.
Warez
This hacker slang is a “wares” word corruption. Warez are machine copies which are illegal. It includes cracks for the popular games and software packages. Both the cracks themselves and the pirated content are deemed warez. Warez sources may also provide malware copies but that is not what most people mean when using the word.
Zero-Day Attack
A holy grail of Black Hat Hacker and also known as the Zero-Day Exploit is a hacker slang word that refers to a system or software vulnerability that nobody knew about until the attack actually started. Which means that at first there is generally no defense for it which leads to massive damage. That’s why White and Grey Hat Hackers privately inform institutions of the exploits they find so they can patch the issue before it becomes public. A malicious hacker discovering a zero-day exploit has basically all of his Christmases coming at once. It’s a chance to have your way with the system that you are compromising. So, What’s the Street Word (Hacker Slang)?
Boy that’s a lot of slang from hackers. At the same time it’s a lot to take in but hopefully we’ve cut the list down to just the most useful words. You are practically an honorary member of the hacker collective after reading all of that!