WHENEVER A BREACH or attack happens to a site or service, you can almost guarantee that the work ‘hack’ will be used in some form.
It’s a catch-all term for any security breach that may occur even though the term itself isn’t a negative one.
So what is hacking?
From a computer networking perspective, hacking is when you modify or change the normal purpose of a programme or system to do something else.
Hacking isn’t necessarily a bad thing. Some computer engineers and programmers engage in it to find weaknesses and flaws, or to create new uses for existing services.
Yet for many, it’s a word associated with attacking services online or gaining unauthorised access to computer networks, which isn’t really fair to those who hack for ethical reasons (White Hat hackers) or want to improve a service.
Is there a better term to use?
Some prefer to use the term ‘cracking’ to describe those who attack and break into a computer network. But if you do use the term hacking, it’s better to say what type it is.
There are a number of different terms to use, but these are the three main types.
White Hat – These are experts who hack for good or ethical reasons like testing their own security or working with a company to help identify problem areas.
Black Hat – The exact opposite of a White Hat hacker. They attack and break security for personal gain or for other malicious reasons. Any major hacking incident that is reported in the news is done by Black Hat hackers.
Grey Hat - As you may have guessed, this is a mixture of the two. They don’t necessarily attack or compromise a system for personal gain but they do it without permission.
They may disclose their actions publicly or tell the company involved directly. Sometimes they may offer to fix it for a price.
And what are the different types of attacks?
Again, there’s quite a number of them, but the ones that crop up regularly include:
Brute force attacks – This is an attempt to log into a service repeatedly and guess the right username and password through automation.
This usually succeeds when poor passwords or usernames are used. Most sites bypass this by only allowing you to enter a password or username a certain number of times before it locks you out.
This is what is believed to have happened when photos from a number of celebrities were taken from iCloud and published online back in September.
DDoS - Distributed Denial of Service, this is when you overwhelm servers with a flood of fake traffic, causing sites to go down. This is what happened when both Playstation 4 and Xbox One servers went down during Christmas
Man-in-the-middle attack – This is when someone is able to monitor and modify any data passing between you and the person/organisation/service you’re communicating with.
The Superfish bug, which was found on a number of Lenovo computers, had a flaw which would allow this to happen.
So what can I do to prevent this from ever happening?
Well, there’s no surefire way to keep things 100% safe, but you can make things as difficult as possible for them. Here are some precautions you can take.
- Use password managers to create complex passwords.
- Use two-factor authentication where possible.
- Don’t save any sensitive information on the cloud.
- Don’t use default passwords or usernames.
- If you have to enter in sensitive information on a site, always make sure the URL has HTTPS in it.
To embed this post, copy the code below on your site
have your say