A computer hacker is a person with advanced computer technology skills who is adept at finding vulnerabilities in software and computer systems. Malicious, or black hat hackers, are out to steal data, shut down websites, or otherwise cause harm, while ethical, or white hat hackers, help shore up a company’s or government agency’s online defenses. This guide explains everything you need to know about hacking, including what it is and how it works, the typical characteristics and motivations of hackers, and how to protect yourself from hacking.
What Is Hacking and How Does it Work?
Hacking is a major cybersecurity threat that encompasses a wide range of goals, including leaking passwords, stealing personal data, and locking or “encrypting” data to hold it for ransom. Typically someone hacks into a home or corporate network by exploiting a vulnerability, such as a weakly protected access point like a router. A hacker can also use various techniques, such as phishing, to lure people into providing sensitive information or downloading and installing malicious software on their laptop or tablet.
Some types of malware, like a RAT, enable hackers to control your machine, monitor your keystrokes, or make your home computer part of a botnet, or “zombie” computer army, that spews out spam and malicious software without you knowing it. A cybercriminal can also hack your smart devices connected to the internet, like your refrigerator, washer, dryer, or security camera. Hackers often exploit weaknesses in systems that aren’t updated regularly or lack good security features, such as strong passwords and multifactor authentication.
Characteristics of a Hacker
The early internet produced a number of notorious hackers, including teens who took down websites or entire computer systems or stole proprietary information. One individual, Kevin Mitnick of Mitnick Security – who became a security consultant after a stint in prison for stealing computer code from Sun Microsystems, Nokia, and other companies – called his exploits “trophy hunting.” One of the most infamous teen hackers, James Kosta, started at age 13 and hacked into big corporations, including the Pentagon’s network. He escaped prosecution by joining US Navy intelligence and the CIA later hired him as part of its cybersecurity team, according to an account he gave in a 2012 interview.
Hacking encompasses a wide range of cybersecurity threats, including stealing passwords, shutting down websites, and locking or “encrypting” data to hold it for ransom.
Today, individual hackers still try to commit identity theft, install viruses, steal passwords, or cause other problems. In addition, there are now groups of politically motivated hackers, or “hacktivists,” as well as cybercriminal gangs that, in some cases, are sponsored by or linked to nation-states. These groups are part of a global hacker culture and have effectively turned hacking into a worldwide enterprise, including buying and selling hacking tools on the dark web. The geopolitical evolution of hacking has forced governments to treat it as a national security and critical infrastructure threat rather than just a nuisance. The U.S. government’s Cybersecurity & Infrastructure Agency (CISA) leads anti-hacking efforts in Washington.
Motivations for Hacking
Hackers, whether they are individuals or part of a hacker community, have a variety of motives that sometimes overlap. These range from generating mischief to conducting corporate or political espionage. However, many people hack into devices and networks simply for profit.
Some of the most spectacular hacks have included a $10 million cyberheist in the 1990s from Citibank and a 2016 attack on the central bank of Bangladesh that diverted some $100 million. In both cases, much of the money has been recovered.
The average computer user is vulnerable to hackers seeking financial gain by stealing passwords, social security numbers, medical data, and other personal information. All of this can be bought and sold on the dark web and used for malicious purposes, including doxxing and identity theft.
Hacktivism has become a phenomenon in recent years, led by the loosely organized group called Anonymous which has attacked prominent organizations, including the Church of Scientology, the Islamic State, and child websites, since the early 2000s and boasted about its exploits on Twitter. An Anonymous offshoot known as LulzSec bragged about “disrupting and exposing corporations, governments,” among others, and whose exploits were described in criminal charges filed by the Justice Department in 2011. WikiLeaks is another well-known hacktivist group that has released confidential political and national security data, austensibly to promote “transparency.”
Hackers have a broad range of motives that sometimes overlap, from generating mischief to conducting corporate or political espionage. However, a lot of hacking is done simply for profit.
Hackers have taken industrial espionage high-tech with phishing attacks meant to gain access to corporate networks and email, including using spoofed messages to elicit financial transfers. In addition, the U.S. has frequently accused China of stealing trade secrets, and some companies have leveled similar accusations against competitors.
Countries, such as Russia, China, and North Korea, have long been linked to hacking to further their geopolitical goals. They have been accused of disrupting critical systems, stealing data from government networks, and spreading propaganda and disinformation on social networks.
In recent years, some governments have begun collaborating with criminal gangs in what analysts call a “web of profit” that combines cybercrime and espionage.
“Nation-states are knowingly engaging with this web of profit – buying and trading in tools, data, services, and talent – to further their strategic interests or ‘keep their hands clean’ of misdeeds by using proxies for cyberattacks,” says Ian Pratt, HP Inc.’s global head of security for personal systems, in a cybersecurity report.
Other hackers like Mitnick simply want to showcase their skills. For example, a 15-year-old Canadian hacker in 2020 managed to shut down CNN’s website. Child prodigy hacker Kevin Poulsen, now a journalist who writes about security matters, was arrested in 1991 after hacking into the phone lines of a radio station to win an automobile. He recounts his story in a 2011 book.
Tools Hackers Use
Criminals use an array of hacking techniques, sometimes combining two or more.
- Distributed denial of service (DDoS) attacks that take down systems by flooding them with traffic, often with botnets;
- Browser hijacks that can direct users to spoofed websites for malware or clicks;
- Ransomware that locks or encrypts files and data if a ransom is not paid;
- Phishing emails that look legitimate and get recipients to give up login credentials or other personal information;
- Trojans that appear innocuous but that include viruses that inflict damage or steal data;
- Computer worms that replicate and deliver malware to other machines.
For years, ethical hackers – sometimes known as white hat hackers to distinguish them from black hat hackers, or criminals – have been paid to hack into networks to help find and patch vulnerabilities before they can be exploited. Many organizations, ranging from major corporations to the Pentagon, have been offering “bug bounties” to get hackers to find these vulnerabilities. “We haven’t been able to write software that doesn’t have bugs, and you need to have a front door to report those to fix them,” says Joseph Lozenzo Hall a senior vice president at the Internet Society.
Ethical hackers can face obstacles due to a federal law that prohibits most “unauthorized” access to computer systems. As a result, Hall says that some choose to disclose any flaws they find anonymously to avoid possible legal repercussions.
How to Prevent Hacking
Cyberthreats can come from a variety of sources, but some common sense measures can help protect you from hackers and prevent identity theft and other harm.
Update your devices regularly
Regularly update your software and apps on your laptop, tablet, and other devices. Don’t forget about your router and connected devices, like your home security system and security cameras. “It’s annoying sometimes, but you have to update to have the best protection,” says Ben Sadeghipour, head of hacker education at the security firm Hacker One.
Cyberthreats can come from a variety of sources, but some commonsense measures can help protect you from hackers and prevent identity theft.
Install antivirus software
Antivirus software is a good first line of defense, as many of these programs offer broad protection against spyware, adware, and other threats. Good antivirus software will update itself automatically. Third-party paid software is often better than Windows Defender or other antivirus protection that may be built into your device’s operating system.
Use strong passwords
Users need strong passwords of at least eight characters, but preferably 12 or more. Include symbols and numbers as well as letters. You need a different password for each app and service, so that if a cybercriminal cracks one, he or she can’t access multiple accounts. Experts say a password manager is the best way to create unique, hard-to-guess passwords without having to remember them.
Watch for new hacker tricks and techniques designed to steal your identity or otherwise cause you harm. For example, as people get wise to phishing emails, some criminals are now sending text messages. These are often purportedly from your bank or other financial institution, claim your account is locked, and ask you to reset your password. Others have sent USB drives to employees disguised as thank you messages, which install ransomware when they are plugged into a device.
If you think you’ve been a victim of hacking that could lead to ID theft, report it immediately. The sooner your bank and other financial institutions know about the crime, the less damage the thief can do.
Related 360 Reviews
Why You Can Trust Us
At U.S. News & World Report, we rank the Best Hospitals, Best Colleges, and Best Cars to guide readers through some of life’s most complicated decisions. Our 360 Reviews team draws on this same unbiased approach to rate tech products that you use every day. The team doesn’t keep samples, gifts, or loans of products or services we review. In addition, we maintain a separate business team that has no influence over our methodology or recommendations.