The Leading Hack

The term hack, which entered general usage with a new, nontechnological sense of 'solution' or 'work-around,' as in the phrase 'life hack,' in the previous decade has undergone an impressive divergence in meanings since it entered the English lexicon hundreds of years ago. However, as with the synonym kludge (also spelled kluge), the etymological origin of the word is disputed.

• The Reading Block
• The Learning Hack

2: Twitter's Bitcoin Scam Hack In July, Twitter was subject to a major hack that saw multiple high-profile accounts hijacked and used to spread malicious links as part of a scam to steal Bitcoin. It was later revealed that the hacker was a 17-year-old from Florida.

One school of thought is that hack simply derives from an Old High German word that refers to chopping. (A short, sharp cough is also called a hack.) From that meaning, it derived the figurative sense of crudely or ruthlessly working on something and then of simply toiling; by extension, the word was applied to being able or unable to manage or tolerate something: The now-rare expression 'You just can't hack it' expressed this idea.

• The hack has compromised local, state and federal agencies as well as major tech companies. US intelligence agencies attributed a sophisticated malware campaign to Russia in a joint statement.
• The campaign appears to be linked to a recently disclosed hack of security firm FireEye, a leading cyber company that has said the attackers obtained tools used to probe and test weaknesses in.

In the era of modern technology, two new senses arose: One who writes computer programs as a hobby is a hacker and produces hacks, but the label also came to apply to one who illegally accesses a computer system. Hack also came to mean 'creative solution to a computer problem,' so that, depending on context, a hacker may be benign or malicious.

But the technological sense is also said to have derived ultimately from the unrelated word hackney. The term stems from the place name Hackney, which now refers to a borough of London but in medieval times identified a marshy area; the etymology of the name is likely 'Haca's (or Haka's) island,' referring to an area of solid ground surrounded by marshlands that was associated with a person by that name.

Hundreds of years later, when the area had become drier, it was used as pastureland, and the name was employed to refer to horses used for hire and, specifically, to pull carriages. Later, a particular type of carriage, by association, came to be called a hackney. This type was often used for hire, which explains why hackney, and the shortened version hack, were preserved to refer to motorized taxicabs and, by extension, cab drivers.

The extension proliferated to denote people who, like the horses, performed routine or mercenary work; this included prostitutes and then writers for hire, who were considered to also be selling themselves (rather than writing as an artistic endeavor). 'Hackney writer' preceded 'hack writer' and simply hack to denote a mediocre or mercenary wordsmith. Hack also pertains, in the phrase 'party hack,' to a low-ranking functionary in a political organization. (The idea of the hackney horse's indiscriminate use led to the use of the term hackneyed to mean 'trite'; the word was applied, coincident with the sense of 'writer for hire,' to clichéd writing.)

Some people believe this evolution of hack, rather than the synonym for 'chop,' to be the source of the technological sense.

Meanwhile, the equestrian path is continuous: Hackney denotes a breed of horse suitable for ordinary riding (and a related pony breed). Hacking is an activity in eastern North America equivalent to the pastime of trail riding in the western regions of the continent, and hack shows are equestrian competitions in which the horse's manners, movement, and physical form are evaluated.

Want to improve your English in five minutes a day? Get a subscription and start receiving our writing tips and exercises daily!

Keep learning! Browse the Expressions category, check our popular posts, or choose a related post below:

The Reading Block

Stop making those embarrassing mistakes! Subscribe to Daily Writing Tips today!

• You will improve your English in only 5 minutes per day, guaranteed!
• Subscribers get access to our archives with 800+ interactive exercises!
• You'll also get three bonus ebooks completely free!

The Learning Hack

‘Hack the Building' Spotlights Vulnerabilities

Illustration: Getty

The Defense Department has long been sounding the alarm on the increased need for enhanced cybersecurity measures across its programs to protect data and communications. It has promoted better cyber hygiene among its employees and is now preparing the defense industrial base to begin hardening its networks through its Cybersecurity Maturity Model Certification regulation.

However, less attention has been paid to the physical side of cybersecurity — securing buildings, manufacturing centers and other infrastructure from exploitation via their surveillance cameras, thermostats and other gadgets and smart systems.

To tackle that, the Maryland Innovation & Security Institute, or MISI, and Dreamport — a partnership between MISI and U.S. Cyber Command — recently held an inaugural 'Hack the Building' event near Annapolis, Maryland. The objective? Have remote and on-site teams try and break into a fully-equipped 150,000-square foot 'smart' building, which posed as a fictitious defense company known as 'BCR Industries.'

The nation's most critical operations occur in facilities, said Armando Seay, director and co-founder of MISI and the organizer of Hack the Building.

'Everyone wants to talk about the network,' he said. 'Everyone wants to talk about the weapons systems. Where are those things being developed? Inside of a building.'

There is often a disconnect between those who run a company's network security and physical security, he said.

'The fire alarm isn't the responsibility of the cyber person, neither is the elevator, neither is the access control — it's left to facilities,' Seay said. 'All of those systems that I just mentioned, the surveillance cameras included, are all subject to cyber attack. But they don't really work together. It's two separate disciplines that don't intersect nine times out of 10 in most government [facilities] and even in the corporate world.'

In one infamous example, a massive cyber breach into retail giant Target's computer network in 2013 was conducted via an HVAC system, he noted.

'It's easier to get in via that HVAC system that's got a little antenna or device that's communicating with a network inside the building than it is to try to attack the network inside the building,' he said.

Organizers held the Hack the Building event at the former headquarters of an internet service provider. It had a data center, a security operations center, old surveillance cameras and even backup batteries in the basement that emitted noxious gases and were reliant on exhaust fans to remove them from the building.

'It was crazy. We were like, ‘This is perfect,'' Seay said.

The event differed from other similar cyber gatherings, he noted.

'Everyone simulates it,' he said of cyber attacks on physical infrastructure. 'They do tabletops, and that's better than nothing, but they're not as effective as doing the real thing ... where you get literally a sensory reaction.'

Given the rising importance of securing controlled unclassified information — which the Pentagon aims to do with its CMMC regulation — organizers of Hack the Building included fake CUI in the networks, Seay said.

Because of the pandemic, the event was held physically and virtually. There were about 30 teams which came from industry, federal labs, academia and government agencies. Groups participating on-site out of the building's parking lot were limited to two people, he said. The event was livestreamed on Twitch.

'Attacks were coming from all over the country,' Seay said. 'The density of the ... fictitious adversarial attack was huge. It wasn't one team.

It wasn't two teams. There wasn't a lab environment. There were people from all over the country, different teams, collegiate teams, military teams, commercial teams, attacking the building anyway they could.'

Some of the teams focused on breaking into the building's IT systems, Seay said.

'They were completely missing the target,' he said. 'They would spend so much time trying to hack a Linux system or Windows system.'

The groups that took that approach didn't realize there were faster and more stealthy ways to accomplish their objective, he said.

'That's one thing that we learned from the event was, wow, the nation needs more education, more realistic exercises around this topic, because ... everyone focuses on the IT,' he said.

• The hack has compromised local, state and federal agencies as well as major tech companies. US intelligence agencies attributed a sophisticated malware campaign to Russia in a joint statement.
• The campaign appears to be linked to a recently disclosed hack of security firm FireEye, a leading cyber company that has said the attackers obtained tools used to probe and test weaknesses in.

In the era of modern technology, two new senses arose: One who writes computer programs as a hobby is a hacker and produces hacks, but the label also came to apply to one who illegally accesses a computer system. Hack also came to mean 'creative solution to a computer problem,' so that, depending on context, a hacker may be benign or malicious.

But the technological sense is also said to have derived ultimately from the unrelated word hackney. The term stems from the place name Hackney, which now refers to a borough of London but in medieval times identified a marshy area; the etymology of the name is likely 'Haca's (or Haka's) island,' referring to an area of solid ground surrounded by marshlands that was associated with a person by that name.

Hundreds of years later, when the area had become drier, it was used as pastureland, and the name was employed to refer to horses used for hire and, specifically, to pull carriages. Later, a particular type of carriage, by association, came to be called a hackney. This type was often used for hire, which explains why hackney, and the shortened version hack, were preserved to refer to motorized taxicabs and, by extension, cab drivers.

The extension proliferated to denote people who, like the horses, performed routine or mercenary work; this included prostitutes and then writers for hire, who were considered to also be selling themselves (rather than writing as an artistic endeavor). 'Hackney writer' preceded 'hack writer' and simply hack to denote a mediocre or mercenary wordsmith. Hack also pertains, in the phrase 'party hack,' to a low-ranking functionary in a political organization. (The idea of the hackney horse's indiscriminate use led to the use of the term hackneyed to mean 'trite'; the word was applied, coincident with the sense of 'writer for hire,' to clichéd writing.)

Some people believe this evolution of hack, rather than the synonym for 'chop,' to be the source of the technological sense.

Meanwhile, the equestrian path is continuous: Hackney denotes a breed of horse suitable for ordinary riding (and a related pony breed). Hacking is an activity in eastern North America equivalent to the pastime of trail riding in the western regions of the continent, and hack shows are equestrian competitions in which the horse's manners, movement, and physical form are evaluated.

Want to improve your English in five minutes a day? Get a subscription and start receiving our writing tips and exercises daily!

Keep learning! Browse the Expressions category, check our popular posts, or choose a related post below:

The Reading Block

Stop making those embarrassing mistakes! Subscribe to Daily Writing Tips today!

• You will improve your English in only 5 minutes per day, guaranteed!
• Subscribers get access to our archives with 800+ interactive exercises!
• You'll also get three bonus ebooks completely free!

The Learning Hack

‘Hack the Building' Spotlights Vulnerabilities

Illustration: Getty

The Defense Department has long been sounding the alarm on the increased need for enhanced cybersecurity measures across its programs to protect data and communications. It has promoted better cyber hygiene among its employees and is now preparing the defense industrial base to begin hardening its networks through its Cybersecurity Maturity Model Certification regulation.

However, less attention has been paid to the physical side of cybersecurity — securing buildings, manufacturing centers and other infrastructure from exploitation via their surveillance cameras, thermostats and other gadgets and smart systems.

To tackle that, the Maryland Innovation & Security Institute, or MISI, and Dreamport — a partnership between MISI and U.S. Cyber Command — recently held an inaugural 'Hack the Building' event near Annapolis, Maryland. The objective? Have remote and on-site teams try and break into a fully-equipped 150,000-square foot 'smart' building, which posed as a fictitious defense company known as 'BCR Industries.'

The nation's most critical operations occur in facilities, said Armando Seay, director and co-founder of MISI and the organizer of Hack the Building.

'Everyone wants to talk about the network,' he said. 'Everyone wants to talk about the weapons systems. Where are those things being developed? Inside of a building.'

There is often a disconnect between those who run a company's network security and physical security, he said.

'The fire alarm isn't the responsibility of the cyber person, neither is the elevator, neither is the access control — it's left to facilities,' Seay said. 'All of those systems that I just mentioned, the surveillance cameras included, are all subject to cyber attack. But they don't really work together. It's two separate disciplines that don't intersect nine times out of 10 in most government [facilities] and even in the corporate world.'

In one infamous example, a massive cyber breach into retail giant Target's computer network in 2013 was conducted via an HVAC system, he noted.

'It's easier to get in via that HVAC system that's got a little antenna or device that's communicating with a network inside the building than it is to try to attack the network inside the building,' he said.

Organizers held the Hack the Building event at the former headquarters of an internet service provider. It had a data center, a security operations center, old surveillance cameras and even backup batteries in the basement that emitted noxious gases and were reliant on exhaust fans to remove them from the building.

'It was crazy. We were like, ‘This is perfect,'' Seay said.

The event differed from other similar cyber gatherings, he noted.

'Everyone simulates it,' he said of cyber attacks on physical infrastructure. 'They do tabletops, and that's better than nothing, but they're not as effective as doing the real thing ... where you get literally a sensory reaction.'

Given the rising importance of securing controlled unclassified information — which the Pentagon aims to do with its CMMC regulation — organizers of Hack the Building included fake CUI in the networks, Seay said.

Because of the pandemic, the event was held physically and virtually. There were about 30 teams which came from industry, federal labs, academia and government agencies. Groups participating on-site out of the building's parking lot were limited to two people, he said. The event was livestreamed on Twitch.

'Attacks were coming from all over the country,' Seay said. 'The density of the ... fictitious adversarial attack was huge. It wasn't one team.

It wasn't two teams. There wasn't a lab environment. There were people from all over the country, different teams, collegiate teams, military teams, commercial teams, attacking the building anyway they could.'

Some of the teams focused on breaking into the building's IT systems, Seay said.

'They were completely missing the target,' he said. 'They would spend so much time trying to hack a Linux system or Windows system.'

The groups that took that approach didn't realize there were faster and more stealthy ways to accomplish their objective, he said.

'That's one thing that we learned from the event was, wow, the nation needs more education, more realistic exercises around this topic, because ... everyone focuses on the IT,' he said.

However, there were teams that shined during the event such as Carnegie Mellon University, Johns Hopkins University and George Mason University, he said.

Successful teams 'didn't waste their time on frivolous attacks against IP assets or tools that would not have met their objective,' he said.

'They pivoted directly to the ... interconnected devices immediately and they were good at it and they were fast.'

In the future, organizers plan to break up Hack the Building — which was a four-day event, including a conference — into smaller exercises that will take place every few months, Seay said.

During the first quarterly event, participants will begin in the 'lobby' of a building, he said. If they can get through it, they can qualify for the next exercise which will be on the second floor, and so forth.

'One of the things we realized is that we had a lot of people that did not know what they were doing,' he said. 'I don't believe there's anything wrong with that. … Part of the exercise was to learn. But the leading, mature people who really know this, ... we don't want to get mixed in with kindergartners. Put them in another room and let them play there.'

Topics:Cyber

Related Articles