Wysopal used to be known as "Weld Pond," a member of security-research group L0pht Heavy Industries, a legitimate but unconventional business that made its name in the 1990s by uncovering and disclosing software vulnerabilities. In 1997, it released L0phtCrack, a tool that could be used to audit and reveal Windows passwords. L0pht (pronounced "loft") was condemned for releasing the password cracker, but Wysopal says the group's mission was misunderstood. The goal of L0pht was to raise security awareness and to provide security professionals with tools "as powerful as the tools people use to break into things," he says. And some organizations saw the advantage. "I think the General Accounting Office was our first paying customer."

The distinction between hacker and legitimate security researcher can be difficult to make. In 2001, Maiffret's firm, eEye Digital Security, found a weakness in Microsoft's Internet Information Services server software. The security firm notified Microsoft about the flaw, and Microsoft issued a patch. But a month later, the notorious Code Red worm raced through the Internet and attacked hundreds of thousands of unpatched systems around the globe by taking advantage of the security weakness eEye discovered.

The hacker community itself makes that distinction by referring to white-hat and black-hat hackers, which reflects what sociologist Bernhardt Lieberman refers to as the "dual nature of hacking." There are hackers who are enthusiasts who try to push technology as far as it can go to learn how things work, and there are hackers who are serious threats to businesses and systems, whose intrusions and malicious code cause great pain.

The terms hack and hacker originated in the 1950s at The Model Railroad Club at the MIT. The image of the computer hacker has been romanticized in popular culture in movies such War Games and Hackers. Today, however, the word hacker is commonly used to refer to criminal--or at least arrant--activity. "It's come to mean anyone who works their way around legitimate controls in systems," says Herb Mattord, an information systems instructor at Kennesaw State University in Georgia.

Those clinging to a less-tainted definition of hacker don't think of themselves as criminals. Most say they just want to learn more about computers, says sociologist Lieberman, director of the research firm Social Inquiry and professor emeritus of sociology at the University of Pittsburgh. Lieberman has conducted detailed interviews with 42 hackers, analyzed the content of 2600: The Hacker Quarterly magazine, and attended hacker gatherings.

When asked about their motives for hacking, nearly 100% say they hack for intellectual challenge, to increase knowledge, to learn about computers and computing, or to understand how things work. However, 14% cite attacking authority and the government among their motivations. And 7% say it's to attack capitalism, break the law, or become well-known.

InformationWeek posted a series of questions on hacker bulletin boards and Web sites seeking to understand why hackers hack. The responses were illuminating, yet sometimes troubling. "Hacking to me is a way of life. The infinite quest for knowledge is quite stimulating," says Bio_XP. "Being a hacker forces you to think outside the box and look at problems (computer-related or not) in a whole new way. Hackers solve problems that affect us as well as others. By developing software, patches, etc., we help many people, [and] in addition, we help technologies improve and therefore progress."

Another, called LiquidFish, says he hacks because he's always thinking about the vulnerabilities of things and how they can be exploited. "It's just part of who I am," he says. "This extends to every new thing I'm introduced to, not just computer related."

One hacker, whose handle is "unnamed," says motivations vary with each person. "Some like to hack to test their skills and knowledge or just to outsmart an admin," he says. "Others just are adrenaline junkies that like the rush."