The Wonderful World of Hacking

I’ve always been fascinated by hackers ever since I saw the movie Hackers, which I now know does NOT accurately portray what being a hacker consists of. Hackers are an interesting bunch. Why? Because their reasons for doing what they do can vary the full length of the spectrum.

Let me explain

Back before computer systems and the internet got to be wildly popular, the term “hacker” was used to embody the tinkerers of software or electronic systems. These hackers enjoyed learning (and exploring) all they could about computers and the way they operated. In the beginning, hacker was a term that was used to describe a person who was really awesome at working with computers.

Now…it’s taken on a slightly different and somewhat complex meaning.

When you hear the term hacker, you automatically think of someone who tries to gain entry to a website or system to do something malicious, whether that be stealing information, defacing a website, etc. The term hacker now refers to someone who maliciously breaks into systems for personal gain. But the key phrase within that sentence is personal gain. What is personal gain? Well…it could be just about anything.

SOME OF THE REASONS WHY HACKERS HACK:
  1. Profit – this could be money or this could be web traffic.
  2. Notoriety – some hackers like to hack for the esteem it brings them in the hacking community.
  3. Hacktivism – hackers try to disseminate political or social messages and campaigns to raise awareness surrounding a certain issue or issues.
  4. Hobby – others do it because they want to see what they can break into, how hard it is, and so on.
  5. Because they can – yup, some do it just because they can.

Now, just like hackers hack for varied reasons, there are also several types of hackers out there and their motivations are varied as well.

TYPES OF HACKERS:
  1. Script Kiddies – these hackers are considered (in the hacking world) to be novices. They take advantage of hacker tools and upload scripts to different places (often times, without knowing what that script will do or how damaging it’ll be) for the fun of it. Hence the name, Script kiddies.
  2. Hackers for Hire – these hackers are the mercenaries of the cyber world. People will enlist their services for money.
  3. Cyberterrorists – usually they attack government networks or power/utility grids. These hackers will crash systems and steal government top secrets (aliens, UFO’s, stuff like that!). Very dangerous hackers, very dangerous!
  4. Criminal Hackers – often a part of an organization of hackers, they are very skilled in breaking into systems (often times, without a trace) and either stealing credit card info or personal identification information.
  5. Security Researchers – these guys are the good guys, the ones who find flaws in companies and organizations’ systems and bring them to light without causing harm. They’re also the ones who develop the tools to use against malicious hackers.

Now let’s talk a little bit about the different categories of hackers, they can all be described by colors. I know, pretty cool, huh?

CATEGORIES OF HACKERS:
  1. White Hat Hacker — the good guys!
  2. Black Hat Hacker — the bad guys!
  3. Grey Hat Hacker — kinda the in-betweeners, sometimes for good, other times, not so much.
  4. Blue Hat Hacker — the ones who get paid to uncover vulnerabilities (I feel like these guys should be called the green hat hackers, but that’s just me).

So, now that you have an idea of what types of hackers are out there, and before we get into what types of security threats are out there, let’s take a look at why it’s getting increasingly easier to hack systems and websites.

  • Networks, nowadays, are extremely widespread and we are all connected
  • Lots of hacking tools available
  • Many and many wifi networks that are open
  • Applications have complex codebases
  • Generations of our kids are getting super smart when it comes to computers
  • Anonymity

There are sooo many things that people should be concerned with if they are on the internet, have a website that they manage, pay for products online, or have personal identifiable information online. If you don’t participate in any of the preceding things, then you are a hermit and stop reading this post. Ha!

But hacking happens every single day. Every. Single. Day. Every. Single. Hour. Wrap your head around that! It does happen and if you have not been hacked, then you’re lucky, but it will eventually happen to you unless you take proper action, which I’ll write about in an upcoming post. But (and this list is by no means complete) here are different ways hackers can mess with you or your systems.

TYPES OF ATTACKS:
  1. Brute Force – these attacks are when a hacker keeps on trying to gain access to your login credentials on any number of password protected sites, by continually trying different password combinations. Almost like a guy trying to break down your door. When ramming his foot into it doesn’t work, he’ll try a battering ram, when that doesn’t work, maybe he’ll try to pick the lock. Hence, brute force. These happen on my WordPress sites everyday.
  2. DoS / DDoS – ahh, the infamous Denial of Service or Distributed Denial of Service. This is an attack that’s designed to flood a website or network with traffic overload to render it inoperable. The group Anonymous (which is a network of hackers that primarily hack to bring certain issues to light) is well-known for a series of public DDoS attacks. Interesting group and I would never want to do anything to upset them, that’s for sure!
  3. SQL Injection – SQL stands for Structured Query Language, which is used for communicating with databases. The injections are attacks that “inject” (obviously) malicious code into a database to gain access to that database.
  4. Cross-Site Scripting (XSS) – this is a vulnerability which allows hackers to insert client-side (meaning executed by a user’s web browser) scripts into pages on a website or application. Then they can go on and do anything malicious or see certain activity, etc.
  5. Cross-Site Contamination – this is when hackers gain access to a “secure” site by infiltrating it from a site that’s not secure, but on the same server. We see this a lot when people have outdated CMS installs on the same server they have the updated ones on.
  6. Phishing Emails – have you ever gotten an email asking you to update your profile on Facebook, but it looks a little off? That’s because it probably is! Phishing emails are exactly that, they’re when hackers are fishing for information. You’ll get an email that looks a lot like it came from Facebook (the good phishing emails are the ones where you can’t tell the difference) asking you to put in your password or personal information. Hackers are able to log what you do on these sites/emails, so don’t ever click anything in an email unless you absolutely trust the source, but even then you can’t be 100%, be careful!
  7. Social Engineering – this is a method many hackers use that relies on interacting with humans. It’s basically getting a person to be relaxed enough to offer up information they normally wouldn’t give out. So, if you’re ever on the phone with someone (a person you don’t know, like someone claiming to be from the post office or some other government agency) and they ask you what your mother’s maiden name is, don’t give it out unless you are absolutely positive you’re speaking to the proper person.

Again, this is by no means a complete list, but these are some of the common things hackers will try. The best way to protect yourself is by getting a service like Sucuri’s AntiVirus or Firewall plans, making sure to keep your systems updated, and by being informed. Make yourself aware when you’re online and be cognizant of what you are clicking on and activity in general. And luckily, you won’t be another statistic of getting hacked!