What Is Hacking?

One of the most well-known terms in the world of cybersecurity, “hacking,” refers to the intrusive activities linked to exploiting a computer system or a private network without authorized access. The concept of hacking is commonly characterized by a “hacker,” an individual skilled in computer systems and information technology. They apply their technical knowledge to overcome security barriers within a system by non-standard and often malicious techniques.

Hacking, or the behaviors inherent by most hackers, is generally identified as being synonymous with cyber attacks and other harmful or threatening acts. However, the terms “hackers” and “attackers” are not necessarily interchangeable, as some forms of hacking can have ethical and research-based intentions. Still, the threat of hacking is a serious matter that should not go overlooked in any context, especially as it pertains to cyber crime prevention and data breach protection.

Hacking is broadly defined as exploiting vulnerabilities in an organization's computer systems and networks to gain unauthorized access or control of digital assets. These activities involve identifying weaknesses in a computer system or network and further exploring and manipulating information with malicious or self-motivated intent.

In many cases, hacking involves a combination of technical knowledge, problem-solving skills, creativity, and persistence—all to bypass security measures and access private information or protected databases. While some forms of “white hat” hacking can be done ethically to improve security, it's most commonly conducted as a means to steal sensitive data, compromise systems, or spread viruses and malware.

A “hacker” traditionally refers to someone motivated by personal financial gain, information extraction, protesting, making a statement, or just because they can. However, it is now often mistakenly used to refer to cyber attackers who exploit these vulnerabilities solely for malicious purposes.

Attackers aim to gain unauthorized access to networks and computers, often for monetary gain or espionage purposes. But to defend against attackers and subsequent cyber threats, organizations can work with ethical hackers to identify and address vulnerabilities and make themselves a tougher target.

For centuries, the term “hacking” originally referred to a process of rough cutting or chopping in an imperfect manner. But it wasn't until 1955 that “hacking” was first used about technology at a meeting of the Technical Model Railroad Club to describe how club members modified the functions of their train sets.

Into the 1960s and 1970s, the term's use evolved into a more computational and tech-related context. And by 1975, a more formalized definition of hacking was adopted by The Jargon File (a dictionary of terms used by computer programmers) as “A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker.”

By this time, the word “hacker” was associated with cyber crime, often described as “security hacker.” It wasn't before the late 1980s when the first Internet hacker, Robert Morris, deployed the first ever “denial of service” attack due to a fault in the code. Otherwise known as the Morris Worm of 1986, the incident was intended to highlight security vulnerabilities but inadvertently caused extensive damage that lasted for several days.

During this era of technological advancement, a series of devastating hacking cases drew attention to the severity of these threats. In turn, this led to the creation of the first-ever cyber crime laws. As computer systems and technology rapidly progressed, hacking became increasingly sophisticated, and cyber attackers refined their techniques to steal data, commit fraud, and engage in other illegal activities.

Today, computer and network hacks come in many forms, ranging from elaborate SQL injection attacks to more traditional denial-of-service attacks. While many of these hacking techniques overlap into general forms of cyber attacks, some of the most prevalent types of cyber hacking include:

Malware Attacks

Malicious software, also known as malware, that infects a system and spreads without the user's knowledge or consent, damaging files, stealing data, or gaining unauthorized access.

Ransomware Attacks

Ransomware is an advanced form of malware that encrypts the victim's data and demands a ransom payment to effectively release and restore access to the files or system.

Phishing Attacks

Phishing is the fraudulent attempt to capture sensitive information (such as passwords, login credentials, or financial data) by pretending to be a legitimate or trustworthy entity via email, phone, or website.

Brute Force Attacks

A brute force attack is a trial-and-error method threat actors use to crack passwords or encryption keys by systematically trying every possible combination until the correct one is found. It can be time-consuming but is often effective against weak or simple passwords.

Man-in-the-Middle Attacks

Otherwise known as data eavesdropping, MitM is the interception and alteration of communications between two parties to steal sensitive data or confidential information or carry out damaging actions.

SQL Injection Attacks

Exploiting vulnerabilities in web applications that use SQL databases to steal or manipulate data by inserting malicious code into a SQL statement.

Distributed Denial-of-Service Attacks

Otherwise known as DDoS attacks, this activity involves overwhelming a target system or network with traffic or requests to cause service disruption or outage.

Zero-Day Exploits

Exploiting software applications or computer systems vulnerabilities that are unknown to the vendor or users to gain unauthorized access or cause damage.

Cross-Site Scripting (XSS) Attacks

Exploiting weaknesses in web apps to inject malicious scripts into the webpage viewed by users to steal data or perform unauthorized actions.

Session Hijacking

Similar to MitM attacks, session hijacking involves stealing an active session token or cookie to gain unauthorized access to a user's account or computer system.

Credential Reuse Attacks

Using stolen or leaked login credentials (usually obtained through phishing, password attacks, or physical means) to gain unauthorized access to other accounts or systems.

DNS Tunneling

Using Domain Network System (DNS) protocols to bypass security measures and exfiltrate data from a target network of interest.

Many different devices are vulnerable to cyber hackers, but some of the most common include:

• Computers – Common computer systems like laptops and PCs are prime targets for hackers due to the vast amount of personal and sensitive information they contain, such as financial data, login credentials, and personal documents. Computer systems are particular targets of cyber attacks on a commercial and enterprise level, given the value of assets associated with them.
• Mobile Devices – Mobile devices such as smartphones and tablets are also at risk of being hacked, as they often store sensitive information, including personal photos, messages, and emails. They can be particularly susceptible to hackers when using public Wi-Fi and shared networks.
• IoT Devices – Internet of Things (IoT) devices such as smart home appliances, security cameras, and even medical devices are common targets for hackers. These devices are often poorly secured and typically hacked to gain access to personal information or even to control the device remotely.
• Network Routers – Network routers, responsible for distributing Wi-Fi signals, are often targeted by hackers. Hacked routers provide a means to gain access to entire networks of devices, enabling hackers to access sensitive data and valuable digital assets.
• ATM Machines – Bank ATMs are also vulnerable targets to hackers motivated by financial incentives, as many ATMs often operate on outdated software and may be connected to an unsecured network. Flaws in card reader technology can also be used as a means of cyber hacking.

Additional devices vulnerable to cyber hackers that are often overlooked are things like internet-connected security cameras and IP cameras, smart TVs and smart appliances, and even baby monitors. It's critical to acknowledge that any device connected to the Internet is potentially susceptible to hacking, so it's important to take necessary precautions to ensure your technology is protected with whatever means possible.

Hackers can have significant effects and consequential impacts on individuals, businesses, and even entire countries, regions, and municipalities. Here are some of the most common effects of hacking at large.

• Financial Loss – Hackers that breach bank accounts can steal money or commit fraud, leading to substantial financial loss for individuals or businesses. The damages hackers introduce to computer systems can also result in costly repairs.
• Identity Theft – Hackers have been known to hijack sensitive personal information, such as birth dates, Social Security numbers, addresses, and credit card numbers, to maliciously commit various cyber crimes that fall under the category of identity theft.
• Data Breaches – Data breaches are one of the most detrimental forms of hacking, especially when data gets leaked to malicious parties. With these attacks, hackers can gain unauthorized access to confidential or sensitive data, like financial records, medical records, or intellectual property.
• Disruption of Services – In a hacked computer or network, the immediate outcome disrupts the normal function of websites, computer systems, or entire networks. Not only does this disrupt standard operations, but it can damage critical infrastructure.
• Cyber Espionage – Hackers can steal valuable information, such as government data, confidential information, or sensitive trade secrets, to gain a competitive advantage with political interests and foreign affairs or by putting national security at risk.
• Spread of Malware – The creation and distribution of malware, such as viruses or ransomware, are common ways for hackers to infect and damage computer systems, steal data, or demand ransom payments from organizations or individuals.

The impact of hackers can range from minor inconveniences to major disruptions. That's why individuals and organizations must take steps to prevent and mitigate the effects of hacking.

Although the sheer volume of hacking cases reaches the tens of thousands annually, a few monumental hacks stand out in history as the most damaging and impactful.

PlayStation Network Hack

Sony PlayStation's gaming network was hacked in 2011, resulting in an epic case that impacted 77 million consoles and almost a month-long shutdown on the gaming system's network. Although they never identified the hacker responsible for the data breach, Sony estimated $171 million in financial losses from the incident.

DoD and NASA Hacks

In 1999, a teenager hacked into NASA's computer networks and the Department of Defense (DoD). The hacker downloaded software from NASA that was valued at $1.7 million. While this historic hack against two of the most prominent U.S. governmental organizations had little damaging impact overall, the teenager's actions resulted in NASA's networks shutting down for three weeks.

Yahoo Data Breach

In 2013, Yahoo encountered two hacking incidents that resulted in one of the largest data breaches in history, impacting over 3 billion user accounts. The breach was executed by four Russian agents that were recruited through a hacker-for-hire scheme. While the breach affected billions of accounts, the biggest concern involved targeted attacks on high-profile U.S. Intelligence officials, opening the door to potential cyber espionage.

There are many ways that individuals and organizations can effectively protect their digital assets from hackers. For individuals looking to prevent hackers from hacking personal computers and devices, several cybersecurity best practices can be employed.

• Maintain strong, complex passwords – According to UC Santa Barbara Information Technology, the longer a password is, the better. Whenever possible, use at least 16 characters.
• Set up multifactor authentication – In addition to a strong password, include a layer of security protection using two-factor or multifactor authentication.
• Install antivirus and anti-malware software – Software programs that detect and remove viruses and malware are essential in protecting your computer system and ensuring your data is safe.
• Stay alert about suspicious emails – Avoid clicking questionable links or opening attachments to emails you don't recognize.
• Minimize your online footprint – While not always applicable to certain individuals, reducing the amount of information available about you online can make you less of a target to hackers.
• Avoid public Wi-Fi networks for personal or financial data – Never use public Wi-Fi to access sensitive personal accounts, like bank accounts, online wallets, or trade accounts where financial exchanges occur.
• Backup your computer – Backing up your data is critical to quickly recovering in the instance hackers do succeed in hacking your computer.
• Properly dispose of electronic devices – Make sure to properly erase and dispose of old computers and devices that may have contained personal information and login credentials.

For businesses, institutions, and governmental agencies, additional cyber security protocols should be leveraged to prevent hackers effectively.

• Use firewall protection – Firewalls are a fundamental cybersecurity measure for businesses. They're the first line of defense in preventing unauthorized access to a network and alerting your team when any intrusion attempts occur.
• Leverage encryption – Even if hackers successfully access an organization's network, encryption can effectively prevent them from breaching or accessing any data.
• Establish a dedicated insider threat role – In larger organizations, insider threats are a genuine concern. Creating a dedicated insider threat role can help unify teams to quickly identify, investigate, and respond to inside threats when they occur.
• Conduct phishing simulations – Investing in phishing simulations enables teams to effectively test employees and help them understand how phishing attacks occur. These simulations are usually part of a more comprehensive cybersecurity awareness training program.
• Educate remote employees on cybersecurity policies – With remote and hybrid working dynamics now the new normal, employees working from home need as much awareness and understanding of cybersecurity best practices as those in the office.
• Make employee privacy a high priority – Anonymize any data collected from employees for insider threat prevention and clearly communicate policies and guidelines about the organization's cybersecurity standards.
• Create a cybersecurity awareness training program – Critical for all types of organizations, cybersecurity awareness training helps equip employees with the awareness and understanding to effectively identify potential threats and attacks.
• Monitor user and file activity – Implementing the right user and file activity monitoring solution in an organization's network is one of the most effective methods of hacker prevention.

For additional insights, see more cybersecurity best practices for businesses and complex organizations.

Proofpoint offers the tools and expertise to help organizations better protect their computers and networks from hackers. Because the threat of hacking and cyber attacks involves both technological solutions and personnel training, Proofpoint helps organizations from beginning to end by implementing the proper cybersecurity measures while deploying the training programs to educate teams on best practices of threat avoidance and mitigation.