Hackers make terrible criminals. For all their technological sophistication, hackers (even what the media call 'crackers') tend to have no idea how to commit what we think of as 'crimes.' The worst you can say about most hackers is that they are generally a pain in the backside of corporate America. They tend to embarrass people with power. Hackers like to trade on the fact that they are smarter than their competition, more clever, able to learn things and know things that have the potential to embarrass people who are rich and powerful. They like to explore and to learn things they aren't supposed to know. They like to know how things work and how to exploit them when they don't work properly.

For the most part they can do that. And they tend to do just that, often and in increasingly sophisticated ways. This isn't to say what they do isn't often illegal; it is.

A few hackers are even malicious. Their idea of maliciousness consists of deleting files, altering web pages, posting stolen credit card numbers, and the like. These things are crimes and they should be. But the nature of their criminality is different from what we have come to expect from our criminals. No one robs a bank to prove that the safe was easy to crack. No one commits mail fraud to embarrass the Postmaster General.

What makes hackers' crimes different from most other types of crime to which they are often compared is that hackers rarely profit from their crimes. Moreover, they tend not to even try to profit. There are, of course, counter-examples ('Agent Steal' hacking a bank, and Kevin Poulsen's notorious radio call-in hacks, which netted him trips, Porsches and cash), but for the most part, hackers don't even think in terms of money.

Even Kevin Mitnick, who was accused of doing hundreds of millions of dollars of damage to Sun, Motorola, Nokia, Fujitsu and half a dozen other corporations, was never accused of trying to profit from his hacking; the evidence for any damage whatsoever is extremely tenuous. The only evidence ever presented of damage was so absurd as to be laughable (e.g., accusing Mitnick of doing $10 million of damage to the UNIX operating system because he was in possession of a copy of its source code, code which was available to students for less than $100). In 20 years of hacking, he has never made a penny from his exploits. Great hacker. Terrible criminal.

The purpose of these comparisons is illustrate the fact that we have entered a new age of computer crime. With the rise of E-commerce, the development of the 'net as a commercial entity, and unparalleled media attention, the profit motive for computer crime has entered the stratosphere. Recently, Janet Reno dubbed it a 'huge growth industry.' She's probably not wrong.

What Reno and other agents of law enforcement are talking about is not hacking, it is crime. It is the kind of crime where people are hurt, money is stolen, fraud is committed, and criminals are make money. It is not the grey area of electronic trespass or rearranged Web pages. It is not the world of electronic civil disobedience and 'hacktivism.'

It is the world of computer crime, and what needs to be rethought is the way in which the media talks about it. The new era of computer crime is going to be about profit, not exploration. It will be about posting fake news releases to drive stock prices, rather than replacing the front page of the New York Times with porn and political rants. In short, it will be about money, and that makes it a different kind of crime.

In fact, the differences between the kinds of damage done by hackers' hacks and pranks and that inflicted by these new computer criminals (even the recent enial of Service attacks) has to do with money, pure and simple. Hacking the New York Times makes a point. It may even cost them money, lost ad revenue, etc., but it does so indirectly. The point of the Times hack was to protest, to say something, to demonstrate. But knocking EBay and ETrade offline had no such agenda, at least none which is immediately apparent or which intuitively makes sense. The goal was to interfere with service and to cost them money.

What is to come is a new age of cybercrime, driven by profit. It will resemble the kind of crime to which we have all become accustom. For the new age of cybercrime, we need a new vocabulary. To that end, we should start calling cybercrime what it is, crime. And we should call the people who commit those crimes what they are, cyber criminals.

We will make a huge mistake if we confuse these two things. Hacking is, and has always been, about exploration. There is a hacker ethic which is very much alive and well. That ethic is about increasing security, it is about learning how things work, and, in more than a few cases, it is about making hacking known in events ranging from the publication of technical papers, security releases, and tools to juvenile acts of rebellion. The two things it has never been about are damage and profit. Those things are what seperate hacking from cybercrime, and most of the hackers who have the respect of the hacking and security communities can't run far enough away from them.

Ask a hacker about the recent denial of service attacks and they will all tell you the same three things: 1) it was a low rent hack - any kid with a modem and a weekend could figure out how to do; 2) we learned nothing new about the 'net, programming, hacking, or security from it; and 3) the technology to run this kind of attack has been around for years. For a group who prides themselves on being clever, associating hackers with this kind of attack is an insult.

What we need to be on the watch for is the kind of media representations that will conflate these two ideas: hacking and cybercrime. To do so is to confuse exploration with criminality. This won't be a hard sell to an American public that is already scared of most of what is happening online and that has never understood hackers' motives, even when they were completely benign.

Not separating hackers from cybercriminals not only does a huge injustice to hackers and hacking, it provides law enforcement the tools they need to begin an assault on privacy, encryption, and exploration. Yahoo!, EBay, ETrade, Amazon.com, and ZDNet were not hacked. They were the victims of cybercrime. The sooner the media and the American people figure this out, the safer we will all be.