Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data. Hacking is not always a malicious activity, but the term has mostly negative connotations due to its association with cybercrime.
How does hacking work?
So, how do hackers hack? Hackers use a variety of techniques to achieve their aims. Some of the most common methods include:
Social engineering is a manipulation technique designed to exploit human error to gain access to personal information. Using a fake identity and various psychological tricks, hackers can deceive you into disclosing personal or financial information. They may rely on phishing scams, spam emails or instant messages, or even fake websites to achieve this.
Hackers use different ways to obtain passwords. The trial and error method is known as a brute force attack, which involves hackers trying to guess every possible combination to gain access. Hackers may also use simple algorithms to generate different combinations for letters, numbers, and symbols to help them identify password combinations. Another technique is known as a dictionary attack, which is a program that inserts common words into password fields to see if one works.
Infecting devices with malware
Hackers may infiltrate a user’s device to install malware. More likely, they will target potential victims via email, instant messages and websites with downloadable content or peer-to-peer networks.
Exploiting insecure wireless networks
Rather than using malicious code to infiltrate someone’s computer, hackers may simply take advantage of open wireless networks. Not everyone secures their router, and this can be exploited by hackers driving around looking for open, unsecured wireless connection. This is an activity known as wardriving. Once hackers are connected to the unsecured network, they only need to bypass basic security to gain access to devices connected to that network.
Gaining backdoor access
Hackers may create programs that search for unprotected pathways into network systems and computers. Hackers may gain backdoor access by infecting a computer or system with a Trojan horse, created by hackers to acquire and steal important data without the victim noticing.
Spying on emails
Hackers can create code which allows them to intercept and read emails. Most email programs today use encryption formulas which mean that even if hackers intercept a message, they can't read it.
Some programs allow hackers to track every keystroke a computer user makes. Once installed on a victim's computer, the programs record each keystroke, giving the hacker everything they need to infiltrate a system or steal someone’s identity.
Creating zombie computers
A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes a seemingly innocent code, a connection opens between their computer and the hacker's system. The hacker can then secretly control the victim’s computer, using it to commit crimes or spread spam.
What damage can hackers do?
Cybersecurity hacking can cause real havoc. Whatever technique hackers use, once they have gained access to your data or devices, they can:
- Steal your money and open credit card and bank accounts in your name
- Destroy your credit rating
- Request new account Personal Identification Numbers (PINs) or additional credit cards
- Make purchases on your behalf
- Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
- Obtain cash advances
- Use and abuse your Social Security number
- Sell your information to others who will use it for malicious purposes
- Delete or damage important files on your computer
- Obtain sensitive personal information and share it, or threaten to share it, publicly
Why do people hack?
Who are hackers and why do they hack? Motivations for hacking vary. Some of the most common include:
The biggest motivation is often financial gain. Hackers can make money by stealing your passwords, accessing your bank or credit card details, holding your information to ransom, or selling your data to other hackers or on the dark web.
Sometimes, hackers are motivated by stealing trade secrets from competitor companies. Corporate espionage is a form of hacking designed to access classified data or intellectual property in order to gain a competitive advantage over corporate rivals.
Nation states can use hackers for political purposes. This might involve stealing classified data, interfering with elections, accessing government or military documents, or attempting to cause political unrest.
Sometimes, hackers are motivated by anger – a desire to get revenge on individuals or organizations which they feel have wronged them in some way.
Hacking can be a form of civil disobedience. Some hackers use their skills to promote a particular political agenda or social movement.
Hackers can be motivated by a sense of achievement, that is, breaking ‘the system’. Hackers can be competitive, challenging each other and gaining recognition from their exploits. Social media gives them a platform to boast about their activities.
Not all hacking is malicious. Some hacking, for example, white hat hacking or penetration testing, is done to test vulnerabilities with the aim of improving security for all users. White hat hacking is therefore considered ethical hacking.
The history of hacking
While hacking these days has a mostly negative connotation, this wasn’t always the case. In the early days of computer hacking, hackers were seen as technology experts whose main motivation was to customize and optimize. As cybercrime evolved and became more complex and widespread, hacking became mostly associated with malicious activities. Let’s look at a brief history of hacking:
The term ‘hacking’ became associated with members of MIT’s Tech Model Railroad Club, who would ‘hack’ their high-tech train sets to modify their functions. They later moved on from toy trains to computers, experimenting with IBM 704s to try to expand the tasks that computers could carry out. Early hackers were interested in how they could explore, improve, and test the limits of existing programs. Their efforts often paid off, as they produced programs that were better than existing ones.
Computer hacking continued in the 1970s but diversified into telephone hacking. Phone hackers, also known as ‘phreakers’, tried to exploit operational characteristics in the telephone switching network, which had recently become completely electronic. John Draper achieved infamy when he discovered that a toy whistle found in Cap’n Crunch cereal produced the exact tone necessary – 2600 hertz – to indicate to long lines that a line was ready and available to route a new call. This allowed phreakers to dupe the network and make free long-distance calls. Interestingly, it was reported that Steve Jobs and Steve Wozniak were phreakers before founding one of the most successful computer companies in the world.
In the 1980s, personal computers were no longer limited to businesses or universities – they became more widely available to the public. This increase in availability led to a significant rise in computer hacking. The nature of hacking changed too. Before, hacking was often about improving computers however the newer breed of hackers were primarily motivated by personal gain, including pirating software, creating viruses and breaking into systems to steal information. The law started to recognize this new reality, with the passing of the Federal Computer Fraud and Abuse Act in the US.
Hacking really achieved notoriety in the 1990s, with some high-profile cybercrimes and arrests. Notable hackers in this decade included Kevin Mitnick, Kevin Poulsen, Robert Morris, and Vladimir Levin, who were convicted of crimes ranging from stealing proprietary software and tricking radio stations to win expensive cars to launching the first computer worm and carrying out the first digital bank heist.
Government agencies and large corporations were increasingly subject to cybersecurity hacking. Prominent victims included Microsoft, eBay, Yahoo! and Amazon, who all fell victim to Distributed Denial of Service attacks. Famously, the US Department of Defense and the International Space Station both had their systems breached by a 15 year old boy.
With the internet now a central part of daily life, hacking became more sophisticated than ever. New cyber threats emerged on a regular basis. During this decade, the hacktivist group known as Anonymous came to prominence, exposing government secrets and leading digital crusades which they believed furthered the public interest. In response to both hacktivists and rising cybercrime, governments, big corporations and computer giants worked hard to improve their systems. Cybersecurity experts continue to innovate to stay one step ahead of the hackers.
FAQs about hacking
What is hacking?
Hacking is a broad term for a range of activities that aim to compromise computers and networks, by identifying and then exploiting security weaknesses. Hacking is not always a malicious activity, but the term has mostly negative connotations due to its association with cybercrime.
What are the different types of hacking?
Hackers can be divided into categories known as black hat, white hat, and gray hat. The terms derive from the old Western movies of American popular culture, where the protagonists wore white or light-colored hats, and the antagonists wore black hats. Essentially, what determines the type of hacker is their motivation and whether they are breaking the law. Black hat hackers have malicious intent whereas white hat hackers are considered ethical hackers. Gray hat hackers fall in between. You can read a more comprehensive explanation of hacker types here.
What is ethical hacking?
Ethical hacking involves identifying weaknesses in computer systems or networks – but instead of exploiting those weaknesses, as malicious hacking does, the purpose is to devise countermeasures which overcome those weaknesses. Essentially, the aim is to improve security for all.
Ethical hackers are also known as white hat hackers, and they operate by permission of whoever owns the computer system or network they are hacking. They report all the weaknesses they have identified to the owner, as well as informing hardware and software vendors of any vulnerabilities they have found. They protect the privacy of the organization which has been hacked.
You can protect yourself against hackers by following good cybersecurity hygiene. Here are some key hacking prevention tips to bear in mind:
Use strong passwords
A big part of hacking is getting hold of users' passwords. It is therefore essential to use a strong and unique password for each online account. A strong password is made up of at least 12 characters – ideally more – and is a mix of upper- and lower-case letters, numbers and special characters. It can be difficult keeping track of multiple passwords, so using a password manager can help.
Use multi-factor authentication (MFA)
Turn on two-factor or multi-factor authentication for as many of your online accounts as possible. MFA uses a second piece of information – often a code generated by an app or sent via SMS – alongside a password, adding another layer of security to your accounts.
Be vigilant against phishing
Successful hacking often starts with phishing emails or texts. Be alert: when a new email or text message arrives, and it includes a link or attachment, our initial instinct can often be to click or tap on it. Avoid this temptation – don’t open messages from unknown senders, never click on a link or open an attachment in an email you’re not sure about and delete messages you suspect to be spam.
Manage your digital footprint
A digital footprint is the data you leave behind when using the internet. It’s a good idea to proactively manage your digital footprint – steps you can take include:
- Deleting old accounts and apps you no longer use
- Reviewing your privacy settings on social media and ensuring these are set to a level you feel comfortable with
- Being careful about what you post and avoiding disclosing personal or financial details about yourself in public
- Checking your browser for cookies and regularly deleting unwanted cookies
- Using privacy tools such as anonymous browsers, private search engines or anti-tracking tools
Keep your devices and software up to date
Updates typically include the latest security patches – that is, solutions to the security vulnerabilities which hackers love to exploit. By making sure that your operating system, applications, and devices are kept up to date, you maximize your security against hackers.
Keep devices secure
Keep devices stored securely. Always lock your devices using either fingerprint recognition, a secure PIN (not something obvious like your date of birth) or a unique gesture. Install Find My iPhone (Apple) or set up Find My Device (Android) in case your phone goes missing.
Avoid questionable websites
Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them. Only carry out transactions on websites which have an up-to-date security certificate – they will start with HTTPS instead of HTTP and there will be padlock icon in the address bar. Be selective about who you share your data with.
Turn off features you don’t need
Hackers can use certain features on your phone to identify your information, location, or connection. To prevent this, turn off your GPS, wireless connection, and geo-tracking when you don’t need them.
Don’t access personal or financial data with public Wi-Fi
When you go online in a public place using a public Wi-Fi connection, you have no direct control over its security. If you are using public Wi-Fi, avoid carrying out personal transactions such as online banking or online shopping. If you do need to do this, use a Virtual Private Network or VPN. A VPN will protect any data you send over an unsecured network. If you don’t use a VPN, then save any personal transactions until you are able to use a trusted internet connection.
Use a good quality antivirus
Make sure that you have the best security software products installed on your device. A good antivirus should work 24/7 to secure your devices and data, blocking common and complex threats like viruses, malware, ransomware, spy apps and all the latest hacker tricks.
- Kaspersky Anti-Virus
- Kaspersky Internet Security
- Kaspersky Password Manager
- Kaspersky Secure Connection
- What to do if your email is hacked
- How to remove a hacker from your smartphone
- How to prevent ransomware
- How to clear your cache and cookies in multiple browsers