Skip to main content
Move the World.

To visualize how hacking works, I like to think about my grandparents’ house. It was a modest three bedroom block house in rural Florida with windows in every room, a front door and a back door, a garage with a door leading into the house and another door leading into the backyard, and a doggie door leading from the backyard into my grandfather’s study.

The reason I think of their house as a metaphor for hacking is because in a physical sense, it was very hackable. The windows could be smashed or jimmied; the doors could be forced or picked; and a small enough burglar could slither in through the beagles’ doggie door without breaking a single latch. Once inside, there were things to steal and places to hide.

The big difference between their physical home and most of our digital homes is that the latter have exponentially more points of entry. Smartphones, laptops, and online accounts provide multiples vectors for intrusion. And unlike our physical homes, it’s not always clear when someone’s penetrated our digital domains.

We talk about those vulnerabilities and the people committed to protecting them in our Coded series, including an episode about Lavabit founder Ladar Levison, who played a significant role in the Edward Snowden case.

whatishacking_ladar
Ladar Levison, founder of the secure email service, Lavabit

Given the national and international conversations we’ve been having about hacking over the last six months, and the premiere of Coded , we thought we’d step back to address the basics of hacking. This list is by no means comprehensive, but it covers some of the most common — and deleterious ways — in which malicious actors can infringe on your digital privacy.

Malware/Spyware/Ransomware
The malware (“mal” meaning bad, “ware” meaning software) of the early 2000s was famous for its destructiveness. Once a user had accidentally installed the notorious ILOVEYOU program (by clicking on an attachment in an email with the subject line “I love you”), the program would replace most of the files on their computer with copies of itself, and then send additional copies of itself to the people in their Microsoft Outlook address book, which allowed the program to cause billions of dollars in damage around the world. The program also made it difficult-to-impossible to reboot the computer.

The people who make and circulate malicious Spyware programs don’t want you to know they’ve gained access to your computer.

Today’s malware is far more subtle. The people who make and circulate malicious Spyware programs don’t want you to know they’ve gained access to your computer. Because if you knew your hardware had been compromised, they wouldn’t be able to watch you through your webcam, or track your keystrokes as you log into online accounts.

Ransomware circulators, meanwhile, do want you to know they’ve broken in, but instead of destroying your data, they block your access to it. Want it back? Pay them in bitcoin.

In the cases of both Ransomware and Spyware, the intrusion often results from careless web behavior. Sometimes the programs are packaged with software users actually want (like torrenting applications and browser extensions). Other times, the programs are embedded in web pages, ads, and even documents.

Social engineering
Social engineering is more of a con game than a hack, but the interconnected aspect of modern life means people who do it well can get a far larger haul.

As demonstrated in the report above from Fusion , social engineering involves hacking people rather than software. It starts with a hacker gathering just enough publicly available information about a target so they can convincingly pretend to be that person when they contact a customer service representative. By combining accurate information with a sense of urgency — and who among us hasn’t placed a call to customer service after failing to gain access to our own accounts? — they can convince those customer service reps to not only fill in the information gaps, but also send a password reset to the hacker’s email account, rather than the target’s email account. At that point, the target’s account becomes the hacker’s account.  

Last year, a software engineer named Eric wrote about a social engineering play in which a hacker convinced Amazon Web Services (AWS) to share all of Eric’s AWS account information just by using the public information associated with Eric’s public website. Soon thereafter, Eric’s bank was issuing credit cards in Eric’s name.

Social engineering involves hacking people rather than software.

Oftentimes a social engineering hack is just the first step in a more complicated scam. By gaining access to one of our accounts, they can use that information to fool customer service reps at other companies, methodically accumulating personal information and account access to our entire digital lives. As with most hacks, social engineering has a cumulative effect. By getting one customer service rep to share a user’s info, the hacker can reach out to other customer service reps with a more convincing impersonation.

Brute force attacks
Think back to using a friend’s or parent’s computer. They gave you permission, but forgot to give you the password. So you tried their birthday and their dog’s name and their address. Maybe it worked, but probably not.

Brute force attempts work the same way but on a much larger scale. Automated programs attempt to guess passwords thousands (sometimes millions) of times, using password lists with thousands of common combinations.

Nearly 1.7 million of the 10 million passwords they looked at were horrifyingly simple: “123456.”

Maybe you feel your password is simply unguessable, but millions of people can’t say that. The password security company Keeper Security recently released a list of the most common passwords of the last year. Nearly 1.7 million of the 10 million passwords they looked at were horrifyingly simple: “123456.” And where did Keeper Security get this data? From public password leaks that occurred in 2015.

Brute force attacks can be applied to social media accounts, banking accounts, and any type of online account that doesn’t limit password attempts or require two-factor authentication. But it’s also a prime tool for cracking local accounts like wifi and laptops (admit it: your wifi and laptop passwords aren’t nearly as strong as your banking account).

We’ll be discussing more cyber security stories — along with tips on how to secure your online self — as we make our way through Coded , so stay tuned. Your privacy depends on it.


Related video:

Up Next

Seachange
Researchers Found a Species of Stony Coral Ready to Withstand Climate Change
Researchers Found a Species of Stony Coral Ready to Withstand Climate Change
Seachange
Researchers Found a Species of Stony Coral Ready to Withstand Climate Change
At current trends, more than 90% of the world’s coral reefs will be massively degraded by 2050. Researchers have found a species of stoney coral that has sparked new efforts for coral reef restoration.
By Teresa Carey

At current trends, more than 90% of the world’s coral reefs will be massively degraded by 2050. Researchers have found a species of stoney coral that has sparked new efforts for coral reef restoration.

Future of Food
GMO Salmon Could Forever Change the Way We Produce Food
It’s Time to Embrace the Frankenfish
Watch Now
Future of Food
GMO Salmon Could Forever Change the Way We Produce Food
Would you eat fish that was genetically designed in a lab? What if it was your only option? Like it or not, GMO salmon and other futuristic foods are revolutionizing the global food system right in front of our eyes.
Watch Now

Bioengineered fish have been known to cause mixed feelings. Unnatural, right? Well, after 30 years of debate on whether we should be eating “Frankenfish,” this funky food source is finally coming to a store near you. Like it or not, GMO salmon and possibly other genetically engineered animal meats will soon be on the shelves of your local supermarket. And, these new futuristic foods may be revolutionizing the global food...

Dispatches
Babies Sometimes Trigger Preterm Labor to Escape Infections
Babies Sometimes Trigger Preterm Labor to Escape Infections
Dispatches
Babies Sometimes Trigger Preterm Labor to Escape Infections
A new discovery upends what we thought we knew about premature births and could point the way to entirely new...

A new discovery upends what we thought we knew about premature births and could point the way to entirely new solutions to prevent them.

On The Fringe
These Bacteria-Eating Sewer Viruses are Saving Lives
These Bacteria-Eating Sewer Viruses are Saving Lives
On The Fringe
These Bacteria-Eating Sewer Viruses are Saving Lives
The world discovered phages before antibiotics, but these lowly sewer viruses are getting renewed attention in the...
By Blake Snow

The world discovered phages before antibiotics, but these lowly sewer viruses are getting renewed attention in the age of antibiotic resistance.

On The Fringe
Searching for Cures in a Sewer
Searching for Cures in a Sewer
Watch Now
On The Fringe
Searching for Cures in a Sewer
Yale researcher Ben Chan spends a lot of time doing what most people would avoid at all costs. He travels the world...
Watch Now

Yale researcher Ben Chan spends a lot of time doing what most people would avoid at all costs. He travels the world collecting sewage samples. And he’s found that there are things hiding in our sewers. And not just clown or mutant turtles: potentially life-saving cures for antibiotic-resistant infections.

The New Space Race
Preparing the First Space Colonizers for Life Off of Planet Earth
Preparing the First Space Colonizers for Life Off of Planet Earth
The New Space Race
Preparing the First Space Colonizers for Life Off of Planet Earth
It’s only a matter of time until the average person can explore space. But, will the average person be ready?
By Mike Riggs

It’s only a matter of time until the average person can explore space. But, will the average person be ready?

The New Space Race
Where Did the Commercial Space Sector Come From?
Where Did the Commercial Space Sector Come From?
The New Space Race
Where Did the Commercial Space Sector Come From?
Private companies have worked with NASA for decades. Can the next generation of space companies get by without the...
By Mike Riggs

Private companies have worked with NASA for decades. Can the next generation of space companies get by without the government as their biggest customer?

Superhuman
A Life Changed by Robotic Legs
A Life Changed by Robotic Legs
Watch Now
Superhuman
A Life Changed by Robotic Legs
Robert is paralyzed. But thanks to a robotic exoskeleton, he can walk again.
Watch Now

After an accident, Robert Woo was paralyzed from the chest down. Woo spent the next four years in a wheelchair and in therapy. But even as he learned how to live his new life, he couldn’t stop asking one very simple question: How could humans build skyscrapers, but not something better than a wheelchair? Then Woo heard about bionic exoskeletons. And it changed his life.