What is a Hacker? (and why you should become one)
Hackers. We’ve all seen them, in movies, tv shows, video games, and even on the news. By Hollywood’s standards, a hacker is a rebellious, self-taught teen or a programmer gone rogue, looking to start trouble. On the news we hear about them as foreigners, meddling in our elections and stealing from the elderly. In our own personal lives, hackers are a threat to our private information and a source of annoying internet spam.
But few of us have any real understanding of what a hacker actually is or what a hacker does.
What is Hacking?
Hacking is identifying weakness in computer systems or networks to exploit said weaknesses to gain access. A hacker will then use the computer system to commit illegal acts such as fraud, privacy invasion, and stealing corporate/personal data. Because computers have become a ubiquitous part of modern life, we’re all left exposed to the danger of being hacked.
In fact, hacking can be ultimately described as simply being an umbrella term for activity behind most of the malware and malicious cyberattacks on the computing public, businesses, and governments.
As such, hacking is not the exercise in teen rebellion movies are wont portray but a billion-dollar industry, whose adherents have established a criminal infrastructure that spans the globe.
There are many common hacking techniques, such as:
- Social Engineering
- Denial of Service (DDoS) Attacks
Botnets are networks of computers infected by a botnet agent that are under hidden control of a third party. They are used to execute various commands ordered by the attacker. Botnets are most commonly used for criminal operations that require distributed resources, and often the botnet agent is ordered to steal data from the local computer.
While hacking is technical in nature, hackers also use psychology to trick the user into clicking on malicious attachments or providing personal data.
Denial of Service (DDoS)
A distributed denial of service attack is a network attack wherein threat actors force numerous systems (usually infected with malware) to send requests to a specific web server to crash, distract, or disrupt it enough that users are unable to connect to it.
Ransomware is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. One of the most common ways that ransomware infects your computer is through malicious spam, which is unsolicited email that is used to deliver malware. The email might include booby-trapped attachments or links to malicious websites. They will often use social engineering to trick people into opening attachments or clicking on links.
A Trojan horse is a type of malware that disguises itself as legitimate software but can take control of your computer. They are often designed to damage, disrupt, steal, or inflict some harmful action on your data or network. Trojans will also use social engineering to trick the user into downloading it.
Similar to a regular virus, a computer virus is designed to spread from host to host and has the ability to self replicate. It is a type of malicious code written to alter the way a computer operates and is designed to spread from one computer to another. A virus attaches itself to a legitimate program or document in order to execute its code.
These methods are used by hackers worldwide to commit a long and varied list of cybercrimes, from identity theft to espionage.
*A brief note on cybercrimes
Most cybercrimes will fall under two categories:
- Criminal activity that targets computers
- Criminal activity that uses computers to commit other crimes
Cybercrime that targets computers is the type that often involves viruses and other types of malware.
Cybercrimes that use computers to commit other crimes may involve using networks to spread malware but may also spread other contraband such as illegal information or images.
The Department of Justice also recognizes a third category of cybercrime which is where a computer is used as an accessory to a crime. For example, using a computer to store stolen data.
After reading all this horror you might be thinking, “why is she telling me to become a hacker? This is illegal!”
Well…because there is still much more to hacking than computer viruses and cybercrimes.
Enter, ethical hacking!
Ethical hackers are the “good guys”, who happen to have the same skills as the “bad guys”. They are hired by organizations to look into the vulnerabilities of their systems and networks and develop solutions to prevent breaches. The company that owns the system or network allows Cyber Security engineers to perform such activities in order to test the system’s defenses. Thus, unlike malicious hacking, ethical hacking is a carefully planned, approved and most importantly, legal process.
Many consider it the technological version of the old adage “it takes a thief to catch a thief.”
Ethical (or Whie Hat) hackers must follow certain guidelines in order to perform hacking legally. Including but not limited to:
- An ethical hacker must seek authorization from the organization that owns the system.
- They must determine the scope of their assessment and make their plan known to the organization.
- They must report any security breaches/vulnerabilities found in the system.
- Once done, they must erase all traces of the hack in order to prevent malicious hackers from entering through identified loopholes.
Learning ethical hacking involves studying the mindset and techniques of malicious hackers, it is a skill that can be applied across industries and sectors.
What to Learn
Ethical hackers should have a wide berth of knowledge.
It is expected and in many cases required for a hacker to have in-depth knowledge of programming, scripting, networking, databases, operating systems, and servers. As well as knowledge of the many hacking tools available in the market.
Suggestions to get started:
For those looking to get started there are many resources and suggestions and it can seem overwhelming, but here are the some commonly taught in various bootcamps and college courses:
Networking is important because threats mostly originate from networks. You should know about all devices present in the network, how they are connected and how to know if they’re compromised.
Attacks are mainly targeted at databases. Knowledge of database management such as MYSQL and MSSQL will help you inspect operations carried out in databases.
Commonly taught languages are Java, C++, Python, and PHP. Some courses also teach Ruby.
It is important to know about all Operating Systems but most courses will teach you to use Linux, particularly Kali Linux.
Cryptology is an extremely important aspect of the job. It consists of Encryption and Decryption. Encryption is the method by which information is converted into secret code that hides its true meaning. Decryption is the process of transforming data that has been encrypted back to its unencrypted form. Both are paramount in the world of ethical hacking.
Why is ethical hacking important?
Ethical hacking might be one of the most important jobs of the modern era and here’s why.
Ethical hackers play a key role in the ongoing battle against human trafficking, drug trafficking, terrorism and many other crimes that have been aided by the advent of the internet. Many work with law enforcement, researchers and charities that often do not have the capabilities to scour the online black market or dark web. They work to develop technological solutions to enable continuous tracking, measuring and mapping of these illegal activities.
With the growth of technology and social media, selling drugs, humans and other contraband is just a click away. These websites make it easier than ever for the criminals and make forms of payment are nearly untraceable.
This is where the ethical hacker comes in. Ethical hackers are not vigilantes, however when they work alongside law enforcement and other experts they are able to rescue people in need and put criminals behind bars.
Earlier this year, Biko Georges, the foremost cybersecurity expert on the African continent helped take down a trafficking network that extended from Africa to the US. His investigation led to the rescue of 238 children and the arrest of 113 suspects.
So not only do white hat hackers protect private data but they also save lives!
It seems that ethical hackers might be the real world heroes we’ve been needing.