The term “hacking” and its variations are often overused today in place of other forms of cyber attacks. In practice, hacking refers to the act of breaking into a resource without the knowledge of its legitimate owner. So there are really only two main types of hacking: equipment hacking or online account hacking.
- What is hacking?
- What is hacking of a computer system?
- What is online account hacking?
What is hacking?
Hacking is the unauthorized access to a resource such as a computer, server, network, online service or cell phone. In practice, hacking can take two main forms: account hacking or equipment hacking. In both cases, the hacker’s objective is to take control of the resource in question (equipment or account) and/or to steal information (personal, confidential, etc.) in order to make malicious use of it: identity theft, bank fraud, money-making, espionage, sabotage, claims, blackmail, vandalism, etc.
In everyday language, hacking covers a whole range of very different meanings that are sometimes abused, whether for convenience, for short cutting, or because of a lack of knowledge of a subject that can quickly prove to be very difficult due to its technical nature.
Thus, we sometimes call “computer hacking” cyber-malware that is not. To be able to talk about hacking, there must necessarily be an intrusion, in other words, unauthorized access to a resource (equipment or an account). Without intrusion, there is no hacking.
However, hacking can have various causes or origins. There is a recurring confusion between the intrusion and the vector that allowed the intrusion into a resource.
For example, receiving a phishing message is not an intrusion per se, but it can be a vector of intrusion. That is, phishing can lead to hacking. Indeed, when a victim receives a phishing attempt by e-mail, there is no intrusion strictly speaking, neither on his online account, nor on his equipment.
On the other hand, a phishing attempt can in some cases generate an intrusion and, therefore, a hacking. This is the case, for example, if the victim, by clicking on the attachment of a phishing e-mail, unknowingly installs malicious software (virus) on his computer. In this case, the phishing e-mail is indeed an intrusion on the victim’s equipment. On the other hand, if the victim does not click on the attachment, no action will be taken. The phishing email will remain a futile attempt.
Another example, a ransomware attack can also occur as a result of a hacking attack. As explained in this article, ransomware is not always a simple virus but can also be an attack technique that can take different forms. It can be a hacking attack, in the sense of breaking into a victim’s computer network or equipment, in order to encrypt it and thus pursue different objectives (data theft, etc).
On the other hand, carrying out a denial of service (or DDoS) attack with the aim of saturating an organization’s server cannot really be considered as hacking, even if it is often called as such. Indeed, it is not strictly speaking an intrusion into a server, but the sending of multiple requests until it is saturated and can no longer respond.
What does hacking a computer system consist of?
A computer system (or information system) is a device, equipment or set of these materials, allowing to process and store data. Hacking of a computer system is defined as any unauthorized access to this system by a third party.
What types of equipment are involved?
For all categories of public, it can be the hacking of a computer, a mobile device (tablet, smartphone…), a connected object, etc. However, in the professional sphere, there may be other types of more specialized equipment such as servers, routers, networks, etc.
It should be noted that professionals have more equipment that can be hacked than private individuals, even if it may be the same types of equipment. Indeed, professionals have PCs, smartphones, tablets… just like some individuals have servers.
Nevertheless, professionals represent a more interesting and even more lucrative target for hackers, as they often have greater financial means, and may have particularly critical activities and/or confidential personal or professional data. The hacking of a professional computer system can thus have heavy consequences for the organization which is victim of it since it can involve the theft, even the total loss, of the data of the affected system.
What are the possible means of intrusion?
In practice, cyber criminals can use different methods to hack into a computer system:
- following the exploitation or use of a security flaw ;
- following the wrong configuration of a software or a device;
- following the infection by a malicious software (computer virus);
- following a fraudulent call or email (phishing message) intended to retrieve your account login information without your knowledge;
- following a password that is too easy to guess or a default password that has not been changed, etc.
Afterwards, the hacker may try to propagate to other equipment in the attacked network.
The origin of the intrusion can be external (cybercriminals) or internal (negligence of the owner of the equipment, a relative, an employee or a service provider; deliberate act of a disgruntled employee or service provider…).
What is online account hacking?
Online account hacking refers to a malicious individual taking control of an account at the expense of its legitimate owner.
Online account hacking is the second most common cyber threat encountered by both professionals and individuals.
What accounts are hackers interested in?
Online account hacking concerns all the online accounts of everyday life: email accounts, social networks, banking services, administrative sites, online commerce platforms, etc.
However, considering the richness and the number of data contained in email accounts (passwords, administrative documents, banking documents, personal exchanges, etc.) and the multiple possibilities and benefits that cybercriminals can get from them, email hacking seems to be the favorite target of hackers.
What are the possible ways of intrusion?
In practice, there are several ways for attackers to gain access to your account:
- following the hacking of an equipment. Indeed, once introduced on a victim’s equipment, the cybercriminal can steal the victim’s passwords and thus connect to his various online accounts (email, social networks…);
- following the use of the same password on several websites, one of which has been hacked;
- following a fraudulent call or email (phishing message) intended to retrieve your account login information without your knowledge;
- following a password that is too easy to guess or a default password that has not been changed, etc.