Hacking? Hacker? What?
When someone mentions the term “Hacker” why does the mind directly picture a hooded figure in front of a laptop with a black screen and green text? Is it because hoodies are one of the best clothing inventions out there and the staple of a Work From Home attire? OR is it because of Rami Malek’s fantastic portrayal of Elliot Alderson in Mr Robot?
Wikipedia’s opening statement on the term hacker is as follows-
“A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means”.
So theoretically, anyone with some sort of advanced IT knowledge who solves problems can be a hacker. (With or without the hoodie)
In reality, a hacker is a term used to describe an individual (or a group of individuals) who are able to break one or more of the pillars of cyber security (Check this if you haven’t already!). Any individual who is able to access and interact with data/resources they are not permitted to or are able to “mess with” systems to deter them from functioning in their desired state may be termed as a “Hacker”.
As I am sure we ALL have heard the term “mess with” to have a negative connotation — hacking and hackers are more often than not considered to be bad actors. The individuals that “hack” with the intention of causing harm (financially, emotionally, physically, etc) are termed as Unethical hackers (lets just called them “bad actors”).
Bad actors (in my opinion) are largely categorized into 2 broad types based on their motivation –
Financially Motivated bad actors — These people are generally just after the $$$ and will do anything to extract as much $$$ as they can. There are many ways to do this….(not giving you the secret sauce yet ;) )
Government/Country focused bad actors — This group of bad actors are not JUST motivated by $$$. Their elixir lies in the impact they can cause to a country’s government or government network.
Now, like in every superhero movie (and multiple mythological stories) — with every darkness, there is a light. The “light” here are the “good actors” termed as ETHICAL hackers. These individuals are as talented as the bad actors and have a similar set of skills, however they use these skills to identify weaknesses in the same attack surface and help to fix them — or simply just mess with the systems to make sure no one else can mess with them.
This method of “breaking in without you noticing” is VERY effective as it provides a radical view into the weaknesses of networks and systems which may easily get overlooked by those closely involved in designing them. As Gordon Ramsey has taught us in many many episodes of Hell’s Kitchen — telling people how to solve their mistakes isn’t nearly as effective as showing them their mistake (or in his case — yelling at them until their face falls off).
HOW DO I HACK ?!
(PSA — The title was clickbait)
Obviously this post cannot teach you how to hack. BUUUUUT there are some things that all of us need to understand about how we interact with the digital world around us keeping the intention of the “bad actor” in mind. –
Attackers generally tend to “exploit” known “vulnerabilities” in applications, websites, etc. to hack into systems. So when that annoying new update comes in for your phone or your banking app — please read the proposed updates and install the update. KEEP IN MIND THAT YOU SHOULD ONLY EVER DOWNLOAD PATCHES AND UPDATES FROM A VERIFIED SOURCE.
Don’t over expose your personal information. Lets be real for a minute…Keeping your instagram public and posting stories about your “mother’s maiden name” or the “street you grew up on” isn’t impressing anyone BUT the hacker trying to break into your account with the same security questions. So the NEXT TIME YOU DECIDE TO POST SOMETHING EXTRA PERSONAL — IT IS TMI AND YOU DON’T NEED TO.
PA$$WORDS P4$$W0RD5 PASSWORDS. See what I did there? No? Good. (this is a topic which deserves its own post). BUT make sure you have a strong password and you DO NOT give it to anyone. Not even your one true love on Valentine’s Day.
You don’t really know who you message over the internet. Cyber professionals think in a certain way while designing and implementing security controls called “ASSUME BREACH”. That means that we have to assume that whatever system you have, always assume that it has been breached and then decide how to secure it. Similarly, whenever interacting with anyone over any internet based application, assume that the individual may be breached (they may not read CyberWaala so def get them on here ;) )
Attackers do not always go for the “crown jewels” directly. They sometimes try to lure the guard away from the tower and take the stairs instead of the elevator to access the bathroom and change into a guard outfit before actually stealing the jewels (phew! Long sentence –take a breath). While you are being vigilant and securing your applications which are super important, the hacker may be targeting your new Worldle app (my starting word is “about. Here’s some free alpha)
#StaySecured!!
