Hacking or Cracking? who u with?

"Cracker - This is the common term used to describe a malicious hacker. Crackers get into all kinds of mischief, including breaking or "cracking" copy protection on software programs, breaking into systems and causing harm, changing data, or stealing. Hackers regard crackers as a less educated group of individuals that cannot truly create their own work, and simply steal other people's work to cause mischief, or for personal gain."

"Hacker - This is someone that seeks to understand computer, phone or other systems strictly for the satisfaction of having that knowledge. Hackers wonder how things work, and have an incredible curiosity. Hackers will sometimes do questionable legal things, such as breaking into systems, but they generally will not cause harm once they break in. Contrast a hacker to the term cracker."

Looks good. These are definitely two different types of people, so I understand why a hacker would get upset at being called a cracker. This is the part that gets me, though: "Hackers will sometimes do questionable legal things, such as breaking into systems, but they generally will not cause harm once they break in." I have a few problems with this.

1. Generally? "He breaks into cars and joyrides, but he generally returns them."
2. Questionable legal things? No, breaking into systems one does not own is unquestionably illegal in the U.S.
3. Even so, let's assume the hacker does nothing illegal. How is a company supposed to know the difference between the hacker and the cracker?

Follow me for a minute here: I own a company, NetNut, and it has a computer connected to the internet. Stored on this computer is my secret data. Rufus T. Wanklehacker wakes up one morning and decides to try to break into NetNut's computer. He finds a security hole and succeeds. After he is done, he restores the computer the state he found it in and reports the security flaw to NetNut, so they can fix it. Across the street, MaCooter Q. Buttcracker is just getting up. He decides he'd like to get a piece of that secret data of mine. So he breaks into NetNut's computer and gets the data. He then restores the computer to the state he found it in, and just in case there are any audit logs he doesn't know about, reports the security hole(s) he found when breaking in. In this way he can claim he is just a harmless hacker and avoid prosecution, so long as no one finds out he looked at secret data.

See where I'm going with this? This is not an implication that all hackers have malicious intent. I'm all for the idea of peer-review, publication of security flaws, open-source, etc. But when a hacker breaks into a live system and wants a company to "take his/her word" that no harm will come of it... please. No harm will come of it if the person is truly a harmless hacker, but why would a company want to take the risk?


My question is this: What does a hacker want from the law? Why should a company, after receiving an email about a security flaw from a hacker who broke in, trust that the hacker did not do anything to harm the company? Why should a legal deterrant not come into effect until the company starts losing money? An analogy: "Stealing cars should not be illegal. The owner of the car should not be able to prosecute until the car is actually sold on the black market." Long story short, a cracker is a malicious hacker (see definition above). Malice is not the most measureable aspect of a person. So until the CIA with its drug tests figures out how to determine the exact level of malice in a person's brain, hackers are going to have to find a more obvious way to differentiate their actions from that of crackers if they expect the law, the media, and the corporations not to come down on them.