What is hacking?
Hacking
refers to activities that seek to compromise digital devices, such as
computers, smartphones, tablets, and even entire networks. And while hacking
might not always be for malicious purposes, nowadays most references to
hacking, and hackers, characterize it/them as unlawful activity by
cybercriminals—motivated by financial gain, protest, information gathering
(spying), and even just for the “fun” of the challenge.
Many
think that “hacker” refers to some self-taught whiz kid or rogue programmer
skilled at modifying computer hardware or software so it can be used in ways
outside the original developers' intent. But this is a narrow view that doesn't begin to encompass the wide range of
reasons why someone turns to hacking. (For an in-depth look at hackers, read “Under the hoodie: why
money, power, and ego drive hackers to cybercrime” by Wendy Zamora.)
Hacking
is typically technical in nature (like creating malvertising that deposits
malware in a drive-by attack requiring no user interaction). But hackers can
also use psychology to trick the user into clicking on a malicious attachment
or providing personal data. These tactics are referred to as “social engineering.”
“Hacking has evolved from teenage mischief
into a billion-dollar growth business.”
In
fact, it's accurate to characterize hacking as an over-arching umbrella term
for activity behind most if not all of the malware and malicious cyberattacks
on the computing public, businesses, and governments. Besides social
engineering and malvertising, common hacking techniques include:
Botnets
Browser hijacks
Denial of service (DDoS) attacks
Ransomware
Rootkits
Trojans
Viruses
Worms
Botnets
Browser hijacks
Denial of service (DDoS) attacks
Ransomware
Rootkits
Trojans
Viruses
Worms
As
such, hacking has evolved from teenage mischief into a billion-dollar growth
business, whose adherents have established a criminal infrastructure that
develops and sells turnkey hacking tools to would-be crooks with less
sophisticated technical skills (known as “script kiddies”). As an example,
see: Emotet.
In
another example, Windows users are
reportedly the target of a wide-spread cybercriminal
effort offering remote access to IT systems for just $10 via a dark web hacking
store—potentially enabling attackers to steal information, disrupt systems,
deploy ransomware, and more. Systems advertised for sale on the forum range
from Windows XP through to Windows 10. The storeowners even offer tips for how
those using the illicit logins can remain undetected.
History of hacking/hackers
In
its current usage, the term dates back to the 1970s. In 1980, an article
in Psychology Today used the term “hacker” in its title: “The
Hacker Papers,” which discussed the addictive nature of computer use.
Then
there's the 1982 American science fiction film, Tron, in which the
protagonist describes his intentions to break into a company's computer system
as hacking into it. The plot of another movie released the next year, WarGames,
centered on a teenager's computer intrusion into the North American Aerospace
Defense Command (NORAD). It was a fiction that introduced the specter of
hackers as a threat to national security.
“A gang of teenage hackers broke into computer
systems throughout the United States and Canada.”
Turns
out, art was prologue to reality in that same year when a gang of teenage
hackers broke into computer systems throughout the United States and Canada,
including those of Los Alamos National Laboratory, Sloan-Kettering Cancer
Center, and Security Pacific Bank. Soon afterward, a Newsweek article
with a cover shot of one of the young hackers was the first to use the term
“hacker” in the pejorative sense in the mainstream media.
Thereafter,
Congress got into the act, passing a number of bills concerning computer crime.
After that, throughout the rest of the 1980s, any number of hacker groups and
publications formed in America and abroad, attracting hacking enthusiasts in
pursuit of diverse missions—some benign, others not so much. There were
spectacular attacks and break-ins into government and corporate computers, more
anti-hacking legislation, and many noteworthy arrests and convictions. All the
while, popular culture kept hacking and hackers in the public consciousness
with a parade of movies, books, and magazines that are dedicated to the
activity.
For
a lengthy timeline of hacker history, including the emergence of terrorist and
state-sponsored hacking in the modern era, go here.
Types of hacking/hackers
Broadly
speaking, you can say that hackers attempt to break into computers and networks
for any of four reasons.
- There's criminal financial gain, meaning the theft of
credit card numbers or defrauding banking systems.
- Next, gaining street cred and burnishing one's
reputation within hacker subculture motivates some hackers as they leave
their mark on websites they vandalize as proof that they pulled off the
hack.
- Then there's corporate
espionage, when one company's hackers
seek to steal information on a competitor's products and services to gain
a marketplace advantage.
- Finally, entire nations engage in state-sponsored
hacking to steal business and/or national intelligence, to destabilize
their adversaries' infrastructure, or even to sow discord and confusion in
the target country. (There's consensus that China and Russia have carried
out such attacks, including one on Forbes.com. In addition, the recent attacks on
the Democratic National Committee [DNC]
made the news in a big way—especially after Microsoft says hackers accused
of hacking into the Democratic National Committee have exploited
previously undisclosed flaws in
Microsoft's Windows operating system and
Adobe Systems' Flash software. There are also
instances of hacking courtesy of the United States government.)
There's
even another category of cybercriminals: the hacker who is politically or
socially motivated for some cause. Such hacker-activists, or “hacktivists,”
strive to focus public attention on an issue by garnering unflattering
attention on the target—usually by making sensitive information public. For
notable hacktivist groups, along with some of their more famous undertakings,
see Anonymous, WikiLeaks,
and LulzSec.
“Today's cybersecurity frontier retains that
Wild West vibe, with white hat and black hat hackers.”
There's
also another way we parse hackers. Remember the classic old Western movies?
Good guys = white hats. Bad guys = black hats. Today's cybersecurity frontier
retains that Wild West vibe, with white hat and black hat hackers, and even a
third in-between category.
If
a hacker is a person with deep understanding of computer systems and software,
and who uses that knowledge to somehow subvert that technology, then a black
hat hacker does so for stealing something valuable or other malicious reasons.
So it's reasonable to assign any of those four motivations (theft, reputation,
corporate espionage, and nation-state hacking) to the black hats.
White hat hackers, on the other hand, strive to improve the security of an
organization's security systems by finding vulnerable flaws so that they can
prevent identity theft or other cybercrimes before the black hats notice.
Corporations even employ their own white hat hackers as part of their support
staff, as a recent article from
the New York Times online edition highlights.
Or businesses can even outsource their white hat hacking to services such
as HackerOne,
which tests software products for vulnerabilities and bugs for a bounty.
Finally,
there's the gray hat crowd, hackers who use their skills to break into systems
and networks without permission (just like the black hats). But instead of
wreaking criminal havoc, they might report their discovery to the target owner
and offer to repair the vulnerability for a small fee.
Latest hacking news
Hacking on Android phones
While
most associate hacking with Windows computers, the Android operating system
also offers an inviting target for hackers.
A
bit of history: Early hackers who obsessively explored low-tech methods for
getting around the secure telecommunication networks (and expensive
long-distance calls of their era) were
originally
called phreaks—a combination of the words phone and freaks. They were a defined
subculture in the 1970s, and their activity was called phreaking.
Nowadays,
phreakers have evolved out of the analog technology era and become hackers in
the digital world of more than two billion mobile devices. Mobile phone hackers
use a variety of methods to access an individual's mobile phone and intercept
voicemails, phone calls, text messages, and even the phone's microphone and
camera, all without that user's permission or even knowledge.
“Cybercriminals could view your stored data on
the phone, including identity and financial information.”
Compared
to iPhones, Android phones are much more fractured, whose open-source nature
and inconsistencies in standards in terms of software development put the
Androids at a greater risk of data corruption and data theft. And any number of
bad things result from Android hacking.
Cybercriminals
could view your stored data on the phone, including identity and financial
information. Likewise, hackers can track your location, force your phone to
text premium websites, or even spread their hack (with an embedded malicious
link) to others among your contacts, who will click on it because it appears to
come from you.
Of
course, legitimate law enforcement might hack phones with a warrant to store
copies of texts and emails, transcribe private conversations, or follow the
suspect's movements. But black hat hackers could definitely do harm by
accessing your bank account credentials, deleting data, or adding a host of
malicious programs.
Phone
hackers have the advantage of many computer hacking techniques, which are easy
to adapt to Androids. Phishing,
the crime of targeting individuals or members of entire organizations to lure
them into revealing sensitive information through social engineering, is a
tried and true method for criminals. In fact, because a phone displays a much
smaller address bar compared to a PC, phishing on a mobile Internet browser
probably makes it easier to counterfeit a seemingly trusted website without
revealing the subtle tells (such as intentional misspellings) that you can see
on a desktop browser. So you get a note from your bank asking you to log on to
resolve an urgent problem, click on the conveniently provided link, enter your
credentials in the form, and the hackers have you.
Trojanized apps downloaded from unsecured marketplaces are another
crossover hacker threat to Androids. Major Android app stores (Google and
Amazon) keep careful watch on the third-party apps; but embedded malware can
get through either occasionally from the trusted sites, or more often from the
sketchier ones. This is the way your phone ends up hosting adware, spyware, ransomware,
or any other number of malware nasties.
“Bluehacking gains access to your phone when
it shows up on an unprotected Bluetooth network.”
Other
methods are even more sophisticated and don't require manipulating the user
into clicking on a bad link. Bluehacking gains access to your phone when it
shows up on an unprotected Bluetooth network. It's even possible to mimic a
trusted network or cell phone tower to re-route text messages or log-on
sessions. And if you leave your unlocked phone unattended in a public space,
instead of just stealing it, a hacker can clone it by copying the SIM card,
which is like handing over the keys to your castle.
Hacking on Macs
Lest
you think that hacking is only a Windows problem, Mac users, be assured—you are
not immune.
For instance, in 2017 a
phishing campaign targeting Mac users, mostly in Europe. Conveyed by a Trojan that was
signed with a valid Apple developer certificate, the hack phished for
credentials by throwing up a full-screen alert claiming that there's an
essential OS X update waiting to be installed. If the hack succeeded, the
attackers gained complete access to all of the victim's communication, allowing
them to eavesdrop on all web browsing, even if it's an HTTPS connection with
the lock icon.