“I was hacked!”
As people continue to spend more of their time online doing more of their day to day work, I hear people talk about hacking more than ever. But that raises the question: what is “hacking”? And do people use the term correctly?
Depending on who you ask, hacking can have a couple of definitions. Some attacks can be considered hacking without a doubt, while others… not so much. In this post we’ll give an overview of some of the cases when people or businesses might say they were “hacked”.
The classic form of hacking often has to do with security problems in software or operating systems. By exploiting these flaws cybercriminals can access data that isn’t intended to be public. This is why it’s important to keep your software up to date! These kinds of attacks are often called “cracking” by the technology community to distinguish them from other forms of hacking.
Viruses, worms, and Trojan horses
Instead of formatting your computer or displaying messages on your screen, today’s malicious software often sits invisibly in the background, using your computer to carry out attacks. A computer might be used to send out spam, cause a denial of service attack (see below), or other crime. Good anti-virus and computer security software helps defend your computer against these kinds of attacks.
Phishing happens when a criminal tries to trick you into sending your personal information – whether it’s a login to a site, your credit card information, or something else – to a criminal. This can happen if you click on a link in a forged email, on a bad website, or sometimes even on social media. Always be sure to check the validity of a site before you enter your login or other personal information on it, and never send your personal information to anyone unless you know they’re authorized to request it. We’ve covered phishing a number of times before on the blog.
Sometimes “hacks” don’t have anything to do with login information or security problems with software; they happen because a person who isn’t supposed to have access to an account finds a way in. This can happen if you leave a device open on a table without a password or if you use a public computer (for example, at a library) and forget to log out of a site like Facebook or your bank. It’s important to make sure employees who are no longer employed from a company don’t have access to the company’s social media or other administrative accounts, too.
Denial of service
A denial of service attack (and its big brother, the distributed denial of service attack, or DDoS) happens when a criminal overloads a site with requests to view pages. This bogs down the server and essentially creates a traffic jam, preventing other people from accessing the site. Typically in these cases no user data is at risk. Read more about DDoS attacks on our blog post, “Why a Site Doesn’t Load“.
Saying something stupid
Of course, saying an account was hacked can be a convenient excuse as a cover for saying something stupid. “I would never say something like that,” someone may say. “It must have been an old employee with the password, or someone hacked our site!” In these cases being cautious with what you say before you post is your best bet.
Building and creating
The unfortunate part about the word “hacking” is that it is so often associated with criminal acts. In fact hacking is a much broader field than just trying to steal personal information; it’s a desire to make something work in an unconventional way. If you’d like to learn more about the benefits of positive hacking, including the expanding field of civic hacking, listen to Catherine Bracy’s great TED Talk, “Why good hackers make good citizens“.
When you hear about a site or person being hacked, it’s important to remember that not all “hacking” is the same. It’s important to ask if your user data or other personal information was compromised. And do your part by making sure your software is updated, your passwords are strong, and you’re being cautious about the email and messages you receive!