Newsgroups: alt.security,comp.security.misc,alt.folklore.computers Subject: Spiders on the Net Date: March 14, 1993 From: Andrew Burt It suddenly came to me yesterday -- a solution to the terminology problem that's appeared so often in these groups regarding "hacker" vs. "cracker". I've never been comfortable with the term "cracker" as applied to system intruders. As others have pointed out, it is fairly overloaded with other meanings already, such as (1) the wafer-like food one might have with cheese, (2) people addicted to crack cocaine, (3) local derogatory term in some parts of the country. I haven't yet seen any system intruders label themselves as crackers, either; a proper term would hopefully be acceptable to both those who do it and those who don't. Something the media could grasp as well would be desirable. As has been debated repeatedly, "hacker" is not the right term for system intruders per se, plus it makes communication difficult when "hacker" keeps meaning different things. Beyond "cracker" being pretty overloaded, not to mention just plain silly sounding, it doesn't have any decent imagery to go with it: Would you say "A cracker left some crumbs on my system"? "I found a cracker and ate him"? Ugh. But taking the generic way out, e.g., calling someone who intrudes and damages the system a "vandal", or other existing nasty words, isn't very catchy. Nor are the intruders likely to call themselves vandals, etc. In other words, while I do maintain that this class of people needs a name, one that they can call themselves and everyone else can call them also, I also maintain that the existing names don't work. But yesterday, as I was trying to explain to someone about intruders, the right word just popped up, and the more I think about it, the more I think it is the perfect term: Spider. Like a spider in your basement. Think about this... - Spiders sneak in through the tiniest holes, which you often don't even know you have. - Spiders get in no matter how hard you try to keep them out. - You don't see spiders most of the time -- but they're there. - Indeed, spiders are just about everywhere. - Spiders run away when you try to catch them, but they don't actually leave. - Spiders don't just pass through, they hide out in dark corners of your (basement, system). - Spiders may leave accidental messes behind when they get nervous (ever seen a spider poop because you're trying to get it? Yechh!). - Many people are unnecessarily afraid of spiders. - Some people, however, tolerate spiders as long as they don't get in the way. - They're annoying, but most spiders don't harm anything. - Spiders don't like to be exposed. - Some spiders are poisonous, but most aren't. - Spiders leave messes behind (like webs, or the weblike strands they use to drop down from ceilings) intentionally (because it's part of what they are), but not maliciously. - Spider messes act like signs that spiders are or have been there -- but you don't know which. - It's hard to reason with a spider; they just see things differently. - Spiders don't often "understand" the hole they're entering with (e.g., they don't realize, say, an open window was not opened so they could enter, they just happened to be there; they have no concept of "window" per se -- by analogy, many computer spiders don't have a clue why a hole is a hole, and couldn't have created it themselves, they just know how to use it). - More than one spider will often come in through the same hole, at different times (esp. if you haven't fixed the hole). - Spiders are often jittery, jumping nervously at nearby movement (but sometimes stupidly sitting in one place when they ought to run for their life). - Spiders often are thought to be bugs (class Insecta) but aren't (they're class Arachnida). (e.g., looking for a computer bug that causes strange behavior may actually be the result of an intruder, not a bug.) - Indeed, many Spiders collect and feed off bugs. - Spiders often spin intricate webs to continue their existence (to catch food, passwords, etc.) - One spider may lay eggs, bringing you more spiders. - Spiders are mostly solitary. - Some spiders think they're freedom fighters (ah, um, Spiderman). - Spiders have a mostly bad reputation. - Most people try to squish spiders when they discover them. - Spiders are hard to find when you decide to look for them. - Spiders may have some minor benefit to you (catching bugs, exposing holes), but you almost certainly wouldn't invite spiders in for just this purpose; and you could probably argue successfully you'd rather have the bugs and not the spiders. Anyway, you get the point. The more I think about it, the better it seems to fit. I thus propose we dump "cracker" and use "spider" instead. If this turns out to be widely acceptable, then we should educate the media to use the proper terminology (and, I think, "spider" has a certain immediate recognition factor among laymen, which "hacker" and esp. "cracker" lack). Hacker, then, can return to its prior meaning, in the sense of "clever programmer". (Of course, one individual could still be both a hacker and spider. My experiences, though, suggest that most spiders are not very good programmers, i.e., not hackers.) "Spider" also brings with it a rich imagery for describing spider-like things. For activities, we have "spinning", for example. They weave webs. Catch bugs. And so on. It might sound, from reading the above analogies, that I'm not averse to spiders (the computer kind, aka "crackers"). I'd like to make it clear, in fact, that I am spider-averse -- but, the fact is, I believe most of what I said up there, to the point that I feel (without substantial investments into "real" security by vendors) that they are something that must be lived with. Much as I feel it's impossible to rid your house of spiders permanently, I feel it's impossible to rid the net of them. I haven't seen the term spider applied in a computing fashion before, and even if it has been, it's certainly not common. This strikes me as a perfect use for it. So, if you like it, adopt it, use it, publicize it.