Hacker Speak: Understand the Slang

Hackers are inventive in many ways. Their lingo is no different. Like many groups, they have their own unique insider words and terminology. It’s a language that’s constantly evolving. While you don’t need to know the meaning of every word, it’s helpful to know terms relevant to things that might affect you.

Some hacker slang, such as “virus” and “malware,” has become common knowledge. This list focuses on 20 terms that are specific to hacking and cybersecurity.

  • Black Hat

This is the bad kind of hacker—the type that breaks into a system and steals stuff. Black Hats are the opposite of White Hats, who work to legally test and improve security.

  • Backdoor

A backdoor is a way into a secured system that evades the usual security measures. Backdoors are added to a system during its development. Often it’s a deliberate action by the owners of the system, so they always have a secret way in. When a hacker discovers a backdoor, it’s a jackpot and they can do a lot of damage if they want.

  • Botnet

Botnet refers to a network of devices (computers, smart TV, etc.) that are all infected with malware so that the hacker can control all of them. The devices on the botnet can act together to do a task and to spread malware. The most common use of botnets is the DDoS or distributed denial of service attack. All the devices bombard an online server with access requests, making it impossible for legitimate users to access the service. Botnets are one of the reasons you have to fill in the “I am human” checks on websites.

  • Brute Force Attack

When a hacker tries to guess a system’s password by guessing all the passwords with an automated search. For example, a brute force attack on a combination lock with three digits would be to start at 001 and try every number up to 999 in order to figure out the code.

  • Cracking

This refers to the “cracking” of a system. Its use is similar to “cracking the code” or “cracking the case”. It applies to all sorts of computer-related hacks.

  • Crypto

Cryto is an abbreviation of the word cryptography and refers to anything related to encryption. Encryption is the act of scrambling information. Only someone with the key to unscramble the message can read it. Hackers work to defeat crypto and they use crypto to protect themselves. Crypto also refers to cryptocurrencies such as Bitcoin.

  • Dark Web and Deep Web

The Dark Web consists of websites that can’t be found using a normal search engine. It’s a safe haven for hackers to meet up and discuss their craft. The term has become synonymous with black markets and other illegal activities.

The Deep Web is far less sinister. It’s all the internet-connected assets that search engines can’t discover and index. When a person logs into their email account and gets past the password prompt, they’re on the Deep Web. Hackers often explore the Deep Web to uncover company intranets and secured government network sites.

  • Doxxing

Exposing a person’s sensitive personal information, such as addresses, phone numbers, credit cards, and Social Security Numbers, on the internet.

  • Grey Hats aka Hacktivists

Grey Hats use Black Hat techniques, but they don’t do it for profit; they’re hacking because they’re on a mission (that can be good or bad). If someone is a grey hat, they might be a hacktivist . . . someone who hacks to make a political or social statement.

  • Infosec

The is short for information security: the practice of protecting the information, foreseeing risk, and implementing preventative measures. Infosec is comprised of encryption, firewall implementation, and antivirus development. White Hats care about Infosec because they implement it. Black Hats care about it because they want to defeat it.

  • Jailbreak

This term is known best in relation to Apple devices. Apple can control what software people are allowed to run. This is referred to as a “walled garden.” “Jailbreaking” a system means removing the control systems put in place by the maker of the device so that a person can do what they want with it.

  • Plaintext

Plaintext is a string of text that has no encryption and can be read by anyone. Sometimes when you read about data breaches, you might read that “users passwords were stored as plaintext”, which means the hackers could see the passwords without having to break any encryption.

  • Pwned

Pwned comes from the word “owned”. It’s a common misspelling since the “o” and “p” keys are next to each other on a keyboard. To “Pwn” something is to defeat it. If a company got “pwned” it means a hacker broke their security and accessed the data.

  • RAT

A RAT is a Remote Access Trojan. It is malware that infects a machine and then provides a backdoor for its master to take over that machine completely. With the RAT on your system, the hacker has complete admin control. They can do just about anything, including watching you via the webcam or erasing all your data.

  • Replay Attack

A replay attack is a way to fool a network authentication system. It works by recording the information sent by a legitimate user or system and then playing it back to the authentication system–making it think the hacker is the legitimate user.

  • Rootkit

A rootkit is a collection of software tools that allow the hacker to gain low-level, all-powerful control over a computer, network, or software product. Rootkits are almost impossible to detect, which means many victims don’t know they have been compromised. Smartphones are often the target of Rootkits, giving the hacker to all kinds of personal information.

  • Side-Channel Attack

A side-channel attacks is any method of getting secret information from hardware using a different “channel” that hasn’t been secured. For example, deducing the actual bits of data a hard drive is reading and writing based just on the sounds it makes.

  • Sniffing

Sniffing is capturing unencrypted data as it transmits over a network. Sniffers can be used to diagnose network issues or steal sensitive information.

  • Spoofing

The act of spoofing means to make it appear as if something is not what it really is. For example, email spoofing is a technique where an incoming email looks like it came from one person’s address but was actually sent by a hacker.

  • Zero-Day Attack

This refers to a vulnerability in a system or software that no one knew about until the attack began. It means there is usually no defense for it at first, leading to massive damage. In a zero-day attack, the target has “zero days” to do anything about it.

This list is by no means exhaustive. And it’s helpful for more than just deciphering news in the headlines. The terminology illustrates a few of the sophisticated techniques hackers are using. This is just the top of the iceberg. Awareness can llead to greater understanding, which leads to possible prevention or mitigation of cyberattacks.

Posted in:
About the Author

DM Studler

DM Studler, M.Acc., CPA, CFF is the founder of SDC CPAs, LLC. and has worked employee dishonesty claims in excess of $82,000,000, both domestic and internationally. She speaks across the country on a regular basis and is highly esteemed among her colleagues.