Hacking (also called cyber hacking) is the use of unconventional or illicit means to gain unauthorized access to a digital device, computer system or computer network.
The classic example of a hacker is a cybercriminal who exploits security vulnerabilities or overcomes security measures to break into a computer or computer network to steal data. But hacking does not always have malicious intent. A consumer who jiggers their personal smartphone to run custom programs is also, technically speaking, a hacker.
Malicious hackers have built a enormous cybercrime economy, where outlaws profit by launching cyberattacks or selling malware or stolen data to one another. By one estimate (link resides outside ibm.com), this underground market is the world's third-largest economy behind the US and China.
On the other end of the hacking spectrum, the cybersecurity community depends increasingly on ethical hackers—hackers with helpful rather than criminal intentions—to test security measures, identify and address security flaws, and prevent cyberthreats. Ethical hackers make an excellent living by helping companies shore up their security systems, or by working with law enforcement to take their malicious counterparts down.
Malicious hackers (sometimes called “black hat hackers”) carry out cyberattacks themselves, or develop malware or exploits that they sell to other hackers on the dark web (see, for example, ransomware-as-a-service arrangements). They may work alone or as part of an organized hacker or cybercriminal group.
Financial gain is the most common motivator for malicious hackers. Typically they
Steal information or personal data—login credentials, credit card numbers, bank account numbers, social security numbers—they can use to break into other systems or commit identity theft.
Launch social engineering attacks, such as phishing or business email compromise scams, to trick people into sending money or sensitive data to them.
Practice extortion—e.g., use ransomware attacks or distributed denial of service (DDoS) attacks to hold data, devices or business operations hostage until the victim pays a ransom. According to the X-Force Threat Intelligence Index, 27 percent of cyberattacks extort their victims.
Conduct corporate espionage for hire, stealing intellectual property or other sensitive from their client company’s competitiors.
But malicious hackers can have different or additional motivations for committing or enabling cyberattacks. For example, a disgruntled employee might hack an employer’s system purely for spite over being denied a promotion.
Ethical hackers (sometimes called "white hat hackers") use their skills to help companies find and fix security vulnerabilities so malicious actors can't use them.
Ethical hacking is a legitimate profession, and ethical hackers often work as security consultants or employees of the companies they're hacking. Ethical hackers follow a strict code of conduct: they always get permission before they hack, don't do any damage, and keep their findings confidential.
One of the most common ethical hacking services is penetration testing, in which hackers launch mock cyberattacks against web applications, networks, or other assets to find their weaknesses. They then work with the owners of the assets to remediate those weaknesses. Ethical hackers may also conduct vulnerability assessments, analyze malware to gather threat intelligence, or participate in secure software development lifecycles.
Some hackers don't fit neatly into the ethical or malicious camps. These hackers (sometimes called “gray hat hackers”) break into systems without permission, but they don't do it for malicious purposes. Instead, these hackers tell the companies they hack about the flaws they find in their systems. They may offer to fix vulnerabilities in exchange for a fee or even a job offer. While they have good intentions, these vigilante hackers can accidentally tip off malicious hackers about new attack vectors.
Some amateur programmers simply hack for fun, to learn new things, or to gain notoriety for breaching difficult targets.
‘Hacktivists’ are activists who hack systems to bring attention to social and political issues. The loose collective Anonymous is probably the most well-known hacktivist group, having staged attacks against targets like the Russian government (link resides outside ibm.com).
State-sponsored hackers have the official backing of a nation-state. They work with a government to spy on adversaries, disrupt critical infrastructure, or spread misinformation. Whether these hackers are ethical or malicious is in the eye of the beholder. For example, the Stuxnet attack on Iranian nuclear facilities—believed to have been carried out by the US and Israeli governments—is likely to be considered ethical by anyone who views Iran's nuclear program as a threat.
There's no such thing as a “typical” hack. Hackers use different tactics depending on their goals and the systems they're targeting. A hack can be as simple as sending out mass phishing emails to steal passwords from anyone who bites or as elaborate as an advanced persistent threat (APT) that secretly lurks in a network for months, waiting for the chance to strike.
That said, hackers do share a standard set of tools they tend to use.
Specialized operating systems: While hackers can launch attacks from standard Mac or Microsoft operating systems, many use customized OSs. For example, Kali Linux, an open-source Linux distribution designed for penetration testing, is popular among ethical hackers.
Credential-cracking tools: These programs can uncover passwords by breaking encryptions or launching brute-force attacks, which use bots or scripts to automatically generate and test potential passwords until one works.
Port scanners: Port scanners remotely test devices for open and available ports, which hackers can use to gain access to a network.
Vulnerability scanners: Vulnerability scanners search systems for known vulnerabilities, allowing hackers to quickly find entryways into a target.
Packet analyzers: These tools analyze network traffic to determine where it's coming from, where it's going, and—in some cases—what data it contains.
Malware: Malicious software, or malware, is a key weapon in malicious hackers' arsenals. Some of the most commonly used malware types include:
Ransomware locks up a victim's devices or data and demands a ransom payment to unlock them.
Botnets are networks of internet-connected, malware-infected devices under a hacker's control. Hackers often use botnets to launch distributed denial of service (DDoS) attacks.
Trojan horses disguise themselves as useful programs or hide within legitimate software to trick users into installing them. Hackers use Trojans to secretly gain remote access to devices or download additional malware without users knowing.
Spyware secretly gathers sensitive information—like passwords or bank account details—and transmits it back to the attacker.
In the early 1980s, a group of young hackers known as the 414s breached high-profile targets like Los Alamos National Laboratory and Sloan-Kettering Cancer Center. While the 414s did it for fun and caused little real damage, their hacks motivated the US Congress to pass the Computer Fraud and Abuse Act, which officially made malicious hacking a crime.
One of the first computer worms, the Morris worm was designed and released onto the early internet in 1988 as an experiment. However, it ended up causing more damage than intended. The worm forced thousands of computers offline and racked up an estimated USD 10,000,000 in costs related to downtime and remediation. Robert Tappan Morris, the worm's programmer, was the first person to receive a felony conviction under the Computer Fraud and Abuse Act.
In 2021, hackers infected Colonial Pipeline's systems with ransomware, forcing the company to temporarily shut down the pipeline supplying 45 percent of the US East Coast's fuel. Hackers used an employee's password, found on the dark web, to access the network. The Colonial Pipeline Company paid a USD 5 million ransom to regain access to its data.
Any organization that relies on computer systems for critical functions—which includes most businesses—is at risk of being hacked. There is no way to stay off hackers' radars, but companies can make it harder for hackers to break in.
According to IBM's Cost of a Data Breach report, stolen and compromised credentials are the most common attack vector for data breaches. Requiring strong passwords can make it harder for hackers to steal credentials, and multi-factor authentication (MFA) makes it so that a pilfered password isn't enough to get in. Some organizations mandate password managers to help employees create different passwords for different accounts and avoid reusing passwords.
Social engineering attacks, sometimes called "human hacking," use psychological manipulation rather than technological means. Training employees to recognize and respond to social engineering attacks can help make these scams less effective.
Hackers often look for easy targets, choosing to breach networks with well-known vulnerabilities. A formal patch management program can help companies stay updated on security patches from software providers, making it harder for hackers to get in.
Firewalls and intrusion prevention systems (IPSs) can help detect and block hackers from entering a network. Security information and event management (SIEM) software can help spot hacks in progress. Antivirus programs can find and delete malware, and endpoint detection and response (EDR) platforms can automate responses to even complex hacks like APTs. Remote employees can use virtual private networks (VPNs) to shield traffic from eavesdroppers.
It's mentioned above but bears repeating: Ethical hackers are one of the best defenses against malicious hackers. Ethical hackers can use vulnerability assessments, penetration tests, red teaming and other services to find and fix vulnerabilities and security issues before hackers and cyberthreats can exploit them.
Outsmart attacks with a connected, modernized security suite. The QRadar portfolio is embedded with enterprise-grade AI and offers integrated products for endpoint security, log management, SIEM and SOAR—all with a common user interface, shared insights and connected workflows.
Proactive threat hunting, continuous monitoring and a deep investigation of threats are just a few of the priorities facing an already busy IT department. Having a trusted incident response team on standby can reduce your response time, minimize the impact of a cyberattack, and help you recover faster.
Stop ransomware from interrupting business continuity, and recover quickly when attacks occur—with a zero trust approach that helps you detect and respond to ransomware faster and minimize the impact of ransomware attacks.
Cybersecurity threats are becoming more advanced and more persistent, and demanding more effort by security analysts to sift through countless alerts and incidents. IBM Security QRadar SIEM makes it easy to remediate threats faster while maintaining your bottom line. QRadar SIEM prioritizes high-fidelity alerts to help you catch threats that others simply miss.