What is hacking? Here is all you need to know about hackers in 2023. Hacking is the application of technical or technological knowledge to solve a problem or obstacle. Note that our definition of hacking intentionally contains no notion of illegality. Although many hackers use their skills for evil purposes, and although most people associate hacking with criminal activities or hacking, this is only one side of things.
There are many types, but in this article, we will focus on computer hacking. Depending on who you ask, you get two types of answers regarding the definition of hacking in this area:
- Traditionally, the computer hacker is an excellent programmer, hacker and enthusiast of computer culture.
- But many of us tend to think of hackers as criminals who gain access to computers or networks by circumventing security measures. It is generally this definition that the media have in mind when they use the term “hacker”, or “computer pirate”.
Generally, hackers use the term “cracking” to define the criminal circumvention of a security system, much like when a thief manages to open a safe. So what is a hacker? Quite simply, a hacker is someone who applies their computer skills in an effort to solve a problem.
What are the three types of hackers?
Depending on their motivations, hackers can be “black hat hackers” (malicious, or pirates), “white hat hackers” (benevolent, or “ethical hackers”) or grey (in between). Let’s see what characterizes them and how to distinguish them.
The malicious hacker, or hacker, corresponds to the profile of the cybercriminal described above. It bypasses cyber security systems to gain illegal access to computers or networks. If he discovers a security flaw, he will either exploit it for his own account or make it known to other hackers, generally in exchange for a sum of money.
Most of the time, the objective of the black hat hacker is to earn money, by seizing it directly or by stealing it, selling pirated information or by trying to extort money. But most of the time, he’s just trying to create as many problems as possible.
White hat hackers, or ethical hackers, are the opposite of black hats. They are equally skilled, but rather than applying those skills for criminal purposes, they seek to help companies strengthen their IT security systems. The white hat hacker intentionally tries to break into a system, with the authorization of its owner, in order to identify weak points in order to be able to remedy them. This type of work is called “ethical hacking”.
Many white hat hackers are employed by large companies as part of their cybersecurity policy. Others offer their computer security testing services as consultants or freelancers. These services can go beyond simple entry into the cybersecurity system and can for example involve testing employees through phishing campaigns aimed at increasing the level of security of credentials.
Grey hat hackers
Between these two opposing profiles are the so-called “ grey hat hackers ”. They are not as altruistic as ethical hackers, but they are not true cybercriminals. While ethical hackers have permission to test systems for vulnerabilities, grey hat hackers do without that permission.
Some of them behave like mercenaries: after discovering a security breach, they contact the company concerned to offer their services in exchange for a reward. Others act to force an unwilling company to fix a known vulnerability. A notable example of grey hat hacking occurred in 2013 and forced Facebook to recognize a security flaw and fix it after ignoring the hacker’s warnings.
The main types of hacking
It is possible to distinguish several types of hacking depending on the security vulnerabilities. Individuals, groups of hackers, companies and administrations all indulge in activities similar to security hacking when they feel the need to do so. Let’s look at three of the most common types of hacking first.
Hacking with a financial objective
Solo black hat hackers, like hacker collectives, are usually thieves. Their cybercrimes aim to steal money directly, facilitate its theft through data hijacking, or resell data to other cybercriminals.
If a hacker manages to get your credentials (or even a few pieces of personal information about you), they may try to guess your password or trick you into phishing, otherwise known as phishing. But regardless, the end goal is still to grab your money.
Data theft is a good example of hacking for financial gain. Hackers break into a website’s servers, collect data from that site’s users, and then resell what they stole. In 2017, the US-based credit company Equifax announced that it had suffered a gigantic data theft affecting more than 147 million people.
The stolen data was not limited to names and dates of birth, but also included social security and driver’s license numbers as well as hundreds of thousands of credit card details. The loss of this data has left many customers vulnerable to identity theft and fraud.
The competition between companies is fierce, and it is not very surprising that some of them do not hesitate to get their hands dirty to beat the competition. Business-to-business industrial espionage is the professional application of hacking, malware, phishing, and other shady espionage techniques to obtain inside information about a competitor. This is also called information hacking.
Sometimes this is simply hiring a disgruntled employee from another company, but there are other more technical solutions. In 2017, courts in the United States indicted three people linked to the computer security company Boyusec (in its long-form Guangzhou Bo Yu Information Technology Company Limited) for industrial espionage. These three people had broken into the systems of various companies, including Moody’s Analytics and Siemens, to recover secret information and intellectual property data.
Cybersecurity researchers later linked Boyusec to the Chinese hacker group APT3 or Gothic Panda, which appears to have ties to the Chinese Ministry of State Security, which logically brings us to the third episode of our trilogy…
The potential fallout from hacking security systems is such that even governments seek to take advantage of it. All over the world, countries are engaged in behind-the-scenes cyber warfare activities. All the countries know that the others are doing it, but all play the surprise when one of them gets caught red-handed.
Sometimes governments (and the hacker groups whose activities they promote) directly attack other governments. The possibility that some governments will use their private or public companies to carry out offensive operations abroad is also a source of concern. This is why the companies Huawei and Kaspersky have been identified as potential security risks. But most of the time, these are country-backed hackers attacking companies, institutions (e.g. banking) or infrastructure networks.
In July 2019, Microsoft admitted to having informed, during the previous year, nearly 10,000 people who had been the target of hacking attempts of this type. The majority of these attacks came from groups with obvious links to Russia, Iran and North Korea. State-sponsored hacking is most of the time particularly difficult to prove because governments steer clear of hacking activities through intermediary groups.
What is the origin of hacking?
The philosophy of hacking dates back long before the invention of the computer. The desire to experiment, manipulate and deform an object to test its limits and sometimes demonstrate how it can be broken is an integral part of the human experience.
When the computer made its appearance, it was only natural that it should not simply be seen as an everyday object, but also as a challenge to be met, even on a playground.
In its most positive expression, hacker culture emphasizes creativity and technological skills. Hackers of all ages seek to experiment and explore, view technologies from different angles and answer the perennial question « What if…? » « .
Like the mountaineer George Mallory who explained that he wanted to conquer Everest “Because it is there”, hackers also seek to show off their skills by solving technological problems. And when you hear people around you talking about « life hacks », these tips that simplify everyday life, they use the term « hack » in the same spirit.
Although there is nothing malicious about hacking in the beginning, this desire can sometimes lead computer buffs into murkier waters. Big companies tend to resent having their security systems broken into without their permission, and they often resort to lawsuits to set an example of hackers who have gone too far.
Is hacking illegal?
Whether or not hacking is a cybercrime depends on just one thing: consent. Ethical white hat hackers obtain clearance before attacking systems and are obligated to report any vulnerabilities they encounter. Outside of this context, hacking in the field of security is an illegal activity.
Criminal hackers or hackers, who act without consent are breaking the law. Nobody is going to allow you to do an act of hacking if you explain before you act that you are looking to steal money or professional secrets. Black hat hackers, therefore, work in the shadows. Even grey hat hacking can be dangerous if the target decides to press charges against you after you reveal what you did.
It goes without saying that if you are a victim of a security-related hack, it is completely illegal. If this happens to you, report the scam or hacking attempt immediately. You can limit the damage on your side and also prevent the pirate from making other victims.
Devices most vulnerable to hacking
It’s impossible to predict what a skilled hacker is capable of if given enough time and resources. Many multinational corporations have found themselves at the mercy of a motivated hacker determined to circumvent even their strongest security measures.
But of all the devices around us at home or in the office, some are easier targets than others. Although your iPhone is extremely durable, not all consumer electronics are. Here is a small list of the devices most at risk:
- Smart devices: Many IoT devices lack the same security protections built into computers and mobile devices. If a hacker recovers your data from a leak, they can exploit anything they find to break into your smart network and jump from one device to another.
- Routers: You can’t even imagine how many people have never changed their router’s default credentials. You may even be one of them. Hackers know which devices come with which credentials, and they can test Wi-Fi networks to see if that information is still valid. Routers and smart devices are particularly vulnerable to botnet-type malware, which can include them in a distributed denial-of-service (DDoS) attack.
- Webcams: If you are still using a standalone webcam, it has the same vulnerabilities as any other connected object. Laptop users are also at risk from rootkits, a type of malware that gives hackers access to a device at any time, including the user-facing camera. It may therefore be interesting to stick a piece of opaque adhesive on this camera.
- Email: This is not a device, but emails are a popular target for hackers. Passwords leak regularly during data thefts, and if you use the same password for your email and other services, you’re leaving the door wide open to hackers.
- Jailbroken phones: iOS devices, and to a lesser extent Android devices, are extremely resistant to hacking. If you have jailbroken your device (that is, removed the security measures built in by the manufacturer), you will be more vulnerable to hacking, unless you are familiar with the countermeasures to adopt.
How to know if you have been hacked
Depending on the type of malware used by the hacker, the symptoms of the hack may vary. Here is a small list of what you can see if a hacker has broken into one of your devices:
- You no longer have access. If a hacker manages to steal your credentials, they can change your password and you will no longer be able to access your account. In this case, immediately initiate a password reset and enable two-factor authentication if available.
- Your device is behaving abnormally. Has your computer or mobile device changed behaviour overnight? Have you noticed different passwords, drastically different settings, new files or strange changes to existing files? Has your antivirus software been disabled? Are new programs or applications starting on their own? Does your webcam or microphone turn on even when you’re not using them? These symptoms may indicate hacker intrusion.
- Your social networks are going crazy. If your family, friends, and colleagues start reporting to you that they are receiving strange messages from you, change your passwords immediately. Same thing if you notice the content on social media that you haven’t posted yourself. These are two common signs of social media hacking.
- The hacker contacts you. A ransom note from ransomware on your computer is a sure sign of a hack. The hacker may also contact you directly to tell you that your devices have been attacked and/or that he has recovered confidential information about you. Note, however, that extortion attempts can be a bluff, especially if the hacker has presented you with no clear evidence of the information they have about you.
- Your browser is behaving strangely. Many hacking operations take place through your browser. Unintentional redirects (when you try to visit a page, but another opens when you didn’t ask for it) often indicate something fishy. Also, be aware of toolbars or extensions that you did not add yourself. These appearances are often due to malware.
- You are flooded with pop-ups. Adware and scareware make extensive use of pop-ups to get your attention. An explosion of pop-ups is proof that a hacker has successfully placed malware on your device.
- Someone is spending your money or stealing from you. If you see charges accumulating and you have not purchased these items or services, contact your bank immediately to freeze your accounts and credit cards. Same thing if you notice that your account balance has changed. You may be a victim of identity theft following a data leak caused by a hacker. Hackers often sell stolen personal data on the dark web.
Tips to prevent hacking
Pirates operate like lions: they attack prey that they have identified as vulnerable and incapable of defending themselves. By taking a few preventative measures, you can make it harder for them and they will turn to an easier target.
- Use a unique password for each account. If a hacker gets one, they can only use that account. Even if he tries this password on other accounts, if it’s a unique and strong password, he won’t be able to get far.
- Update your software. Outdated software is vulnerable, but up-to-date software is less so. Use automatic updates on all your devices, programs and apps.
- Don’t click on strange ads or links. Hackers can embed malware in advertisements, using the technique of “malvertising” (malicious advertisements). They can do the same with infected sites to cause “stealth downloads” of malware to your device when you visit those sites. Only click on links that you know is reliable.
- Promote HTTPS encryption. HTTPS encryption is one of the easiest ways to check if a website is secure. If the site uses this secure protocol, you will see a small padlock icon in the browser’s address bar and the URL will start with « HTTPS ». Do not enter any personal information on sites that use simple HTTP.
- Change the default username and password for your router and smart devices. Offer at least some resistance to hackers before they infiltrate your home network. The first step when installing a new router or smart device is to change the login information.
- Do not perform any personal activity on public computers. Use them for general searches, that’s all. Do not log in to your personal accounts, the machine may contain spyware.
Keeping your phone safe from hackers
Turn off Bluetooth.
When you’re not using Bluetooth, turn it off. Keeping your Bluetooth on but dormant opens another back door for computer hackers.
Don’t use unsecured public Wi-Fi.
Password-free, widely used Wi-Fi networks have no security features. As such, they’re prime targets for computer hackers.
Get a security app.
Install a security app on your phone, just as you should install a firewall, antivirus software and an anti-spyware package on your computer. Popular options include Avast, Kaspersky Mobile Antivirus and Bitdefender.
Use a better passcode.
Unlock codes like 0000 and 1234 are easy to remember, but they’re also easy to guess. Instead, opt for a randomly generated, six-number passcode.
Switch off autocomplete.
Autocomplete is the feature that guesses what you’re typing and completes the word, phrase or other information for you. While convenient, this tool all but hands your email address, mailing address, phone number and other important information to hackers. Switch it off.
Clear your browsing history.
Your mobile web browser has a browsing history, too. Clear it often – including cookies and cached files – to give hackers as little information as possible to work with if they do break into your phone.
How to secure your computer from hackers
Use a firewall.
Windows and macOS have built-in firewalls – software designed to create a barrier between your information and the outside world. Firewalls prevent unauthorized access to your business network and alert you to any intrusion attempts.
Make sure the firewall is enabled before you go online. You can also purchase a hardware firewall from companies such as Cisco, Sophos or Fortinet, depending on your broadband router, which also has a built-in firewall that protects your network. If you have a larger business, you can purchase an additional business networking firewall.
Install antivirus software.
Computer viruses and malware are everywhere. Antivirus programs such as Bitdefender, Panda Free Antivirus, Malwarebytes and Avast protect your computer against unauthorized code or software that may threaten your operating system. Viruses may have easy-to-spot effects – for example, they might slow your computer or delete key files – or they may be less conspicuous.
Antivirus software plays a major role in protecting your system by detecting real-time threats to ensure your data is safe. Some advanced antivirus programs provide automatic updates, further protecting your machine from the new viruses that emerge every day. After you install an antivirus program, don’t forget to use it. Run or schedule regular virus scans to keep your computer virus-free.
Install an anti-spyware package.
Spyware is a special kind of software that secretly monitors and collects personal or organizational information. It is designed to be hard to detect and difficult to remove and tends to deliver unwanted ads or search results that are intended to direct you to certain (often malicious) websites.
Some spyware records every keystroke to gain access to passwords and other financial information. Anti-spyware concentrates exclusively on this threat, but it is often included in major antivirus packages, like those from Webroot, McAfee and Norton. Anti-spyware packages provide real-time protection by scanning all incoming information and blocking threats.
Use complex passwords.
Using secure passwords is the most important way to prevent network intrusions. The more secure your passwords are, the harder it is for a hacker to invade your system.
More secure often means longer and more complex. Use a password that has at least eight characters and a combination of numbers, uppercase and lowercase letters, and computer symbols. Hackers have an arsenal of tools to break short, easy passwords in minutes.
Don’t use recognizable words or combinations that represent birthdays or other information that can be connected to you. Don’t reuse passwords, either. If you have too many passwords to remember, consider using a password manager, such as Dashlane, Sticky Password, LastPass or Password Boss.
Keep your OS, apps and browser up-to-date.
Always install new updates to your operating systems. Most updates include security fixes that prevent hackers from accessing and exploiting your data. The same goes for apps. Today’s web browsers are increasingly sophisticated, especially in privacy and security. Be sure to review your browser security settings in addition to installing all-new updates. For example, you can use your browser to prevent websites from tracking your movements, which increases your online privacy. Or, use one of these private web browsers.
Beware of email messages from unknown parties, and never click on links or open attachments that accompany them. Inbox spam filters have gotten pretty good at catching the most conspicuous spam. But more sophisticated phishing emails that mimic your friends, associates and trusted businesses (like your bank) have become common, so keep your eyes open for anything that looks or sounds suspicious.
Back up your computer.
If your business is not already backing up your hard drive, you should begin doing so immediately. Backing up your information is critical in case hackers do succeed in getting through and trashing your system.
Always be sure you can rebuild as quickly as possible after suffering any data breach or loss. Backup utilities built into macOS (Time Machine) and Windows (File History) are good places to start. An external backup hard drive can also provide enough space for these utilities to operate properly.
Shut it down.
Many businesses, especially those operating a web server, are “all systems go” all the time. If you’re not operating a complex internet-based company, however, switch off your machine overnight or during long stretches when you’re not working. Always being on makes your computer a more visible and available target for hackers; shutting down breaks the connection a hacker may have established with your network and disrupts any possible mischief.
Not everyone needs to take this route, but if you visit sketchy websites, expect to be bombarded with spyware and viruses. While the best way to avoid browser-derived intrusions is to steer clear of unsafe sites, virtualization allows you to run your browser in a virtual environment, like Parallels or VMware Fusion, that sidesteps your operating system to keep it safer.
Secure your network.
Routers don’t usually come with the highest security settings enabled. When setting up your network, log in to the router, and set a password using a secure, encrypted setup. This prevents intruders from infiltrating your network and messing with your settings.
Even if cybercriminals gain access to your network and files, encryption can prevent them from accessing any of that information. You can encrypt your Windows or macOS hard drive with BitLocker (Windows) or FileVault (Mac), encrypt any USB flash drive that contains sensitive information and use a VPN to encrypt web traffic. Only shop at encrypted websites; you can spot them immediately by the “HTTPS” in the address bar, accompanied by a closed-padlock icon
Use two-factor authentication.
Passwords are the first line of defence against computer hackers, but a second layer boosts protection. Many sites let you enable two-factor authentication, which boosts security because it requires you to type in a numerical code – sent to your phone or email address – in addition to your password when logging in.