Hacking is an attempt to exploit a computer system or a private network inside a computer. To better describe hacking, one needs to first understand hackers. One can easily assume them to be intelligent and highly skilled in computers. In fact, breaking a security system requires more intelligence and expertise than actually creating one. There are no hard and fast rules whereby we can categorize hackers into neat compartments. However, in general computer parlance, we call them white hats, black hats and grey hats. White hat professionals hack to check their own security systems to make it more hack-proof. In most cases, they are part of the same organization. Black hat hackers hack to take control over the system for personal gains. They can destroy, steal or even prevent authorized users from accessing the system. They do this by finding loopholes and weaknesses in the system. Some computer experts call them crackers instead of hackers. Grey hat hackers comprise of curious people who have just about enough computer language skills to enable them to hack a system to locate potential loopholes in the network security system. Grey hats differ from black hats in the sense that the former notify the admin of the network system about the weaknesses discovered in the system, whereas the latter is only looking for personal gains.
So what is a hacker? Based on how we’ve defined hacking here, a hacker is someone who leverages their technical skills and knowledge to solve a problem or challenge. Again, there’s nothing inherently bad about it.
When hackers breach a computer network or system, that’s called security hacking. And though the media typically depicts hackers as cyber criminals who thrive on stealing data and wreaking all sorts of other digital havoc, that type of illegal hacking is properly termed cracking.
The first people to apply the term hacking in a technological context were the members of MIT’s Tech Model Railroad Club. After the Second World War, these students started to use hacking to describe creating an innovative solution to a technical challenge. As computers emerged in the 1960s, curious club members took the term with them as they entered a new technological space.
But it wasn’t until the 1980s that hacking exploded. For the first time, computers were available to the general public, and at affordable prices — almost anyone could buy a computer and experiment with hacking. And experiment they did: Criminal hacking became so prevalent that in 1986, the US passed the Computer Fraud and Abuse Act, the world’s first anti-cyber crime law. Many of the world’s most dangerous hackers in recent years take their cues from those early pioneers.
Common techniques used in hacking.
Now that we’ve covered what hackers do, how do they do it? Depending on what the hacker is after, and who they’re targeting, they’ve got a wide range of hacking techniques at their disposal. Let’s dive into the various types of computer hacking by taking a closer look at several of the most common hacking examples.
Phishing is a sneaky kind of cyber attack in which a cyber criminal attempts to fool their targets into divulging sensitive personal information like passwords or credit card details. The attacker can then use that information to hack into a victim’s accounts and commit fraud or theft, often by making purchases or applying for loans using the victim’s information.
Many phishing attacks are conducted via email. The phisher will send an email that mimics an official communication from a trusted party, such as a bank, hoping that the victim will fall for the ruse and reply with the requested information. Other attackers will phish with text messages, phone calls, or through social media platforms.
D.N.S spoofing is a technique that tricks your browser into sending your internet traffic to the wrong place. Websites and web servers have two ways of identifying themselves online. The first is the domain name, which is what you enter into the address bar of your browser. The second is the IP address, which is a string of numbers that helps any device on the internet identify any other device it’s communicating with.While people use domain names, computers use IP addresses. The dns or domain name system, links the two together. It’s like a phone book with all the names and numbers of anyone you’d ever need to call, except it’s for websites. dns spoofing, also known as dns cache poisoning, is when a hacker alters the dns information so that a domain name points to a different IP address from the one it should — toward a malicious website controlled by the hacker.
Sometimes, your browser will request the DNS information from a dedicated DNS server, and some DNS spoofing attacks target those servers. But if you’re visiting a site you’ve been to before, your browser has the DNS information stored locally in a cache. So, other DNS attacks will manipulate, or poison, the DNS cache on your computer, usually via malware.
Either way, the result is that your browser leads you away from the actual website you want to visit and instead takes you to the hacker’s site. DNS spoofing is a popular setup for a pharming attack, where a hacker creates an imitation of a trusted website to trick you into “logging in” with your username and password. Once you do, the hacker has your credentials. Pharming and phishing attacks are both frequent precursors to identity theft and identity fraud.
Cookie theft.
Also known as session hijacking, cookie theft happens when a hacker captures session data and uses it to impersonate you on a website that you use. Cookies are tiny little files that websites store in your browser so that they can remember your settings, behavior, and preferences. And a session is an exchange of data between you and a web server, from the time you begin using a site until you leave it or close your browser.
Some cookies are helpful — they remember your username and password, or your location, or which items you’ve placed in your shopping cart. Some websites use cookies that can log your actions: what you click on and when, or which search terms you use. And third-party tracking cookies follow you around the internet — monitoring the digital trail you leave behind online — then report back to advertisers so they can target you with ads they think you’re more likely to click.
If you’re browsing on an unsecured Wi-Fi network, a hacker can intercept the cookie that identifies you to the website you’re using. Then, the hacker can send that cookie back to the website to impersonate you and take actions on your behalf — such as logging into your bank account and helping themselves to your funds.
Cross-site scripting.
Cross-site scripting (XSS) is a type of website attack in which a hacker injects, or adds, their own code into a legitimate website. That then causes the website to behave differently, typically with adverse effects on other users.
Many hackers use XSS attacks to hijack a victim’s session cookies in a cookie theft attack (as described in the section above). Other hackers will use XSS to turn legitimate websites into phishing portals that can log and capture all the data you enter while there — such as your username and password.
Because these attacks happen to a website, and not to you directly, it’s the website administrator’s job to prevent cross-site scripting. In the hands of a skilled hacker, many XSS attacks are impossible to detect by those who visit an infected website.
SQL injection.
SQL injection (SQLI) is another type of attack in which a hacker injects their own code into a website. But instead of modifying the way a website works, SQL injection attacks target the database stored on a website’s server. The aim is to copy, alter, delete, or otherwise modify the database.
For example, a hacker may breach a website’s database with SQL injection and cause the database to export a list of user information, which the hacker can then use to commit identity theft. Or, they may simply delete large amounts of data, resulting in massive financial damages and chaos for the targeted company.
As with cross-site scripting, preventing SQL injection attacks largely falls to website developers and database administrators. It’s their responsibility to make sure their websites don’t have vulnerabilities that hackers can exploit with SQLI.