Hacking glossary

Real hackers and security experts have helped us write this list of terms so you can cut through all the jargon and get to the heart of what’s really going on in the murky work of hacking.


You’ll need an alias—a false identity—to conceal a genuine one in the physical or digital worlds.


Secret entry points to a system or piece of software. Backdoors are either built into code, for governments and companies to access, or planted maliciously by hackers.


Blackhats are malicious hackers, out to infiltrate computer systems. They're in it for personal gain, looking for sensitive information, or to damage something. An intelligence service, perhaps. A bank. Or maybe you.


For a totally discreet purchase you might consider using Bitcoin: A digital currency that you can freely trade and use to make anonymous purchases, both online and increasingly in the physical world.


If someone wants to bring down something big or decrypt a particularly important file, they might need an army—an army of hacked and compromised computers. That’s a botnet. The hacker will point the botnet at the target and overload it until it crashes, or reveals its secret.


A cipher scrambles your message into nonsense by substituting (and adding to) the letters in it. For someone to read it, they’ll either need the key or to be skilled at cryptanalysis.


The art of deciphering coded messages without being told the key.


You are a mathematical master of making and breaking codes.


Break a code, with or without a key.

Distributed Denial of Service (DDoS)

A favorite way for hacktivists to topple an online target. Feed it too much. Cram it with so much traffic—known as junk packets—that the server gives in and the computer or website crashes. That’s a DDoS attack.


If you want information on someone, you need to get their documents. Their docs. That’s doxing. Only now it’s not just docs. It’s anything online: social accounts, images, personal data. It might take you a while, cross-referencing accounts and usernames, but it’s probably your only chance of discovering your target’s real identity.


How do you protect your data? Encrypt it with a cipher. If you want to read it again you’ll need to decrypt it with a key.


As a grayhat hacker you break the law by hacking systems without permission, but not out of malice. Maybe you’re motivated by the potential for a reward or maybe you have a political goal (see Hacktivist).


You’re not here to steal. You’re here to make a point. While activists might paint slogans on the wall, a hacktivist might make their political point by defacing an organization’s website. (See also Grayhat)

Junk packets

If a hacker wants to take a large website offline quickly, they might send it an enormous amount of junk packets. They are simple internet connection requests, like those sent by everyday users, except sent rapidly in great numbers at once, which will eventually crash the target—like trying to fit thousands of people into a revolving door.


In secure, encrypted systems sometimes the same key—usually a string of letters and numbers—locks and unlocks your data. And sometimes the sender and recipient have different keys, which makes life even safer. Protect any keys that unlock important data: If your enemies find the key, you’re doomed.


Short for “malicious software,” malware is any software or program designed to damage or hack its targets, including ransomware, RATs, and spyware.

Man in the middle

Someone who secretly hacks their way into communications between people or computers. The man in the middle can extract data from the traffic—or even insert their own data, so their targets hear what they want them to hear.

Operational Security (OpSec)

If you want to hold onto your secrets and identity, you’ll need good OpSec. That means hiding your IP address, not leaking any personal information, and keeping all your conversations private and not logged.

Penetration testing (Pentest)

If there are weak points in your computer network, you need to know about them before someone else does. So you run a penetration test (or “pentest”). You bring in the experts to deliberately attack your system. They’ll tell you where there are chinks in the armor—and how to fix them before it’s too late.


That email in your inbox. It looked okay at first. But there’s something slightly off about it and you don’t recognize the sender. It could be phishing: a hook aiming to catch your private data. Spear-phishing is worse: a more targeted approach designed to look like it’s come from someone you trust. Beware but don’t fret. If you ignore phishing emails, nothing can come of them.


The clue’s in the name. Ransomware (from “ransom” plus “malware”) steals your data and holds it hostage, demanding a bitcoin payment for its return. Some ransomwares even delete files for every minute the ransom isn’t paid.

Remote administration tools (RATs)

RATs are well-named. They’re pieces of software that hide in the dark corners of your computer. And once a RAT is in, it can give a hacker access. Sometimes full administrator access. Watch out for RATs.

Script kiddy

If you’re a seasoned hacker, you look down on anyone who can’t create hacking code from scratch, and needs to borrow other people’s scripts and tools. You call them script kiddies.


A shell? More like a seed. This is a piece of code hackers plant on a website that gives them access whenever they want it. Once they’re in, they can start changing things in the network—and open up even more access.


This is malware designed to monitor your computer and potentially steal your data.


Is there a crack in your system? A weak spot, an error, some unusual code that a hacker can use to get in? That’s your vulnerability. And if you’re not careful it could give someone access to your whole network.


Sometimes attack is the best form of defense. That’s why an organization hires you: the whitehat. Your mission is to break into the system: test it, find its weaknesses. Then show your client how to make it stronger. The better you attack, the better they can defend. (Also see Penetration Testing.)

SPYSCAPE has also worked with British and American intelligence officers to make a glossary of the spy terms you need to know. Click here for more...