What is black hat hacking

White Hat and Black Hat: Debate on racism about names for hackers

The controversial question of whether certain terms in the IT world are discriminatory is now also sparked by the hacker terms white hat and black hat. The latest debate was triggered by Google's Android security chief David Kleidermacher, who canceled his appearance at the US edition of the major Black Hat security conference. Kleidermacher justified this by saying that the terms white hat and black hat should be replaced by other, less prejudiced words.

Just like the terms whitelist and blacklist, the hacker names would carry on the harmful cliché of good white and bad black, explained Kleidermacher. He also suggested that in future it would be better to speak of "person-in-the-middle" attacks rather than man-in-the-middle. Even if changing the language is only a small part of the fight against discrimination, it is still important and good to have the debate about it, emphasized Kleidermacher.

Good and bad, black and white

White hats are hackers who use their technical knowledge and skills constructively, uncover security gaps and help improve IT security. Black hat, on the other hand, is a term used for criminally acting hackers who, for example, commit theft or intentionally cause damage. The terms are mostly traced back to a convention in certain western films from the 20th century: Heroes wore white hats and the villains black.

Numerous dissenting voices referred to exactly this, reports the IT side Zdnet. According to the critics, there is simply no reference or even value statements to human skin color. Likewise, allegations of "virtue signaling" against clothing makers are loud, that is, the mere display of a moral stance and an overreaction to the mere use of the word "black".

Apparel makers also received approval, but overall the dissenting voices in the security community prevail, estimates ZDnet the mood. The organizers of Black Hat had already declared their solidarity with the Black Lives Matter movement last month. So far, however, the organizers have not let through an intention to rename their own fair to "Unethical Hacker" or something similar.

Master and slave on the blacklist

The debate about technology terminology without presumed discrimination has been going on for a long time in numerous IT companies and developer communities. In the wake of the protests that flared up after the violent death of the African American George Floyd, the discussions have often gained pace and sharpness. The terms master and slave as well as blacklist and whitelist are seen as problematic.

For example, Twitter recently announced that it would replace these technical terms, which were perceived as sensitive, with others. The developer Regynald Augustin published a list of changes, including gender-neutral formulations, via Twitter. The version management platform GitHub had previously announced the search for alternative terms, and Google projects such as Chrome, Android and the Go programming language also want to make the linguistic change. The debate has recently reached the Linux kernel development community - in the form of a patch proposal for documentation and coding style guidelines.

As early as 2014, for example, the Drupal developers initiated the departure from the master / slave terminology and replaced it with the terms primary and replica. Others followed suit - including the developers of the Python programming language, the Chromium open source browser project and the PostgreSQL and Redis database systems.

The wrong side of the story?

However, there are also examples of projects that decide against terminology changes. A vote by the steering committee of the Open SSL project, called OMC, was recently against replacing terms. The submitter of the relevant pull request, Akamai employee Rich Salz, then announced his departure from the project. The OMC would be on the wrong side of history, Salz justified his move.

(axk)

Read comments (839) Go to homepage

Newsletter

Don't miss any news! Every morning the fresh news overview from heise online