How Hackers Hack, and How To Stop Them

You hear about this all the time: A big bank was hacked. Tumblr was hacked. The infidelity website Ashley Madison was
hacked and now everybody knows who was cheating on each other. But there’s a lot more to it, and it’s
a lot less flashy than what you see in the movies. Hacking isn’t about typing in a few magic
words with one hand on one keyboard and the other hand on another keyboard. Or like, two people using the same keyboard
at once. Hacking is difficult, and it usually takes
careful planning and a fair amount of time. Stopping malicious hackers can be even more
challenging. But some people dedicate a lot of time and
energy to doing just that. Hacking is when an unauthorized person gets
into a computer system. A hacker breaks in, and then suddenly they
have access to information they aren’t supposed to have. You hear people say their Facebook or Twitter
was hacked, but that’s not exactly the same thing we’re talking about here. When someone’s personal Facebook account
is hacked, that’s usually because the hacker found out their password. It can be devastating, but it’s not on the
same level as breaking into a company’s whole infrastructure and stealing a billion
passwords. Thankfully, these large-scale attacks are
much harder to do. But they do still happen — in December,
for example, Yahoo announced that they had been hacked back in 2013 and just realized
that more than a billion accounts had been compromised with personal data like answers
to security questions and passwords. That’s why companies have to be really vigilant
to protect against hackers. Once a hacker gets in, they have a few choices: They can gather information, they can cause
some damage to the computer system, or they can do nothing at all, and just tell the company
about the security risk. And that’s the difference between the three
major types of computer hackers: There are black hats, hackers who are basically
the bad guys: they hack into systems to get information or otherwise cause damage. Which is very illegal, by the way. There are also white hats, hackers who are
either breaking into their own systems or are hired to break into other people’s systems
— not to cause damage, but to test out vulnerabilities that can then be fixed. And then there are grey hats, hackers who,
as the name would suggest, sort of walk the line between black and white hat hacking. They don’t actively seek to cause damage,
but they still do things that are illegal or considered unethical — like, they might
break into a system without being hired to do that. They wouldn’t steal any information, and
they’d tell the company afterward, but they might publish the vulnerability online in
the meantime. But whether you’re a black hat, a white
hat, or a grey hat, the techniques used in hacking are largely the same. If you’re a white hat testing a system for
vulnerabilities, you have to know how to do all the same things a black hat hacker would
do. It’s like Defense Against the Dark Arts
in Harry Potter — you have to know what the dark side is doing if you’re going to
be able to defend yourself against it. One of the main things white hats do is called
a penetration test, or pen test for short. You test a system for vulnerabilities, then
fix any that you find, instead of causing damage like a black hat would. This is a pretty standard procedure, so looking
at the steps is a great way to explore some of the basic principles of hacking. Usually, the first step in a pen test is reconnaissance,
or recon, while you gather data about the target to figure out the best way to hack
into their system. For example, if you were a black hat, it would
help to know what kinds of operating systems the target’s computers are running so that
you could launch an attack that’s tailored to those operating systems. So if you’re a white hat, you’ll want
to know what data you can access so you can figure out what vulnerabilities need to be
fixed. There are two different types of recon: passive
and active. Passive recon is where a hacker gathers information
without actually interacting with any of the target’s computer systems. There are lots of different ways to do passive
recon: you can look for information that’s already out there, like files that are publicly
available on a website. Or a black hat might even try to steal old
hard drives the target threw away. Passive recon strategies can take a while,
but when a black hat uses them, they’re also difficult for companies to detect and
fight — because there is nothing fishy to detect. The hacker isn’t touching the company’s
systems, so there’s no warning that an attack is being planned. The best a company can do is try to make sure
that they don’t leave any clues lying around by destroying as much unneeded data as possible,
even if it seems harmless. It also helps if you don’t just toss old
hard drives into the dumpster out back. Active recon, on the other hand, is when a
hacker tries to learn valuable information about a company by interacting directly with
the company’s systems. Hackers can get information more quickly this
way, but it’s also easier to detect. That’s because companies can track things
like which computers are communicating with their servers — the more central computers
that provide data to other computers. If they notice a strange machine on their
network, or suspicious commands being sent, they can take action — like by blocking
the address sending those commands. So as a white hat, part of pen testing usually
involves doing some sort of active recon yourself, to see if the protections you’ve set up
can stop a black hat from learning too much. Usually, you start by looking for open connections,
or ports. Each open port serves as a kind of link between
a device and the internet, where data can be exchanged. And that can be dangerous, because a hacker
can use an open port to send code that attacks a machine. As a white hat, once you’ve found an open
port, the next step might be to see if you can tell what kind of hardware is running
the port, and what operating system it uses. Because that is exactly what a black hat would
do. If you find that a black hat could collect
enough information to launch an attack, you might have to rethink the ports you have open,
or find ways to stop machines from disclosing information about themselves. And for the most part, you’re going to want
to keep as many ports closed as you can. One of the ways to do that is by using a firewall,
which is either a program or a whole device that’s designed to block unwanted access
to a computer. Among other things, firewalls keep track of
a computer’s ports and make sure that the only ports that are open are ones that need
to be open. They’re like a computer’s security guard,
making sure that all the right doors are locked. Now, once you’ve done some recon, you may
want to move on to protecting against attacks that take advantage of your specific setup. Basically, you take a list of the hardware
and operating system versions you’re running and see if they have any known hacks. When people find ways to exploit an operating
system or a piece of software, the exploit will usually be published online. Then, the company that makes the OS or software
will try to patch the vulnerability. But patches and updates won’t always be
installed on your systems right away, so it’s important to see if you’re running older,
vulnerable versions. Of course, a black hat could also come up
with new exploits and use those. But that takes much more effort and skill,
so protecting against known hacks can make it much less likely that you’ll be hacked. Another part of the penetration test has to
do with websites. For every website on the internet, there’s
the part you’re supposed to be able to see. Like on YouTube, you can see different channel
pages and video pages. And you can watch me do this with my hands. But there’s also a whole administrative
side to websites, with pages and files that you aren’t supposed to see. Those pages might store information the developer
needs to run the site, or files that the public isn’t supposed to be able to access — like,
databases of user names and addresses. Ideally, you want those pages and files secured
so that some random dude named Steve can’t access all of them just by just typing a certain
URL. And the way to figure out if someone could
get access to them is to do what a black hat would do: try different URLs and see if you
end up finding pages or files that shouldn’t be publicly accessible. To do this, you can use crawlers — programs
that automatically map out the site by visiting different links and directories. You can also use programs that try the typical
URLs where this kind of information might be stored. So pages like,, or /files,
or whatever. If the crawler lands on an error page, that
can be important too. Companies need to make sure that the errors
that come up don’t contain information that a hacker can use against them. If an error says that a certain page is private,
for example, that tells a black hat that this page would be a great target if they do get
into your system. So you’ll want to be careful about how much
info shows up on your error pages. Another part of the website test involves
pages that use forms, like where you type in your shipping address, or fill out hundreds
of questions for your OkCupid profile. If these forms aren’t set up properly, black
hats can use them as a way to send malicious code into a system. Often, they can use this kind of code to collect
information from any databases a company might be using, like to nab all the credit card
numbers anyone’s ever submitted. So it’s important to make sure that a website
checks its form inputs for anything that looks suspicious, and to test those protections
by trying to break through them yourself. There are often more steps to a penetration
test, but those are the basics. Once the test is done, it’s time to go through
the results and fix any vulnerabilities. Even then, a company’s systems might not
be totally safe from all hacking attempts. Black hats are always thinking up more creative
ways to break into systems, and when they have a specific target, like a government
or other high-profile organization, white hats have to be constantly on the lookout
for attacks. But as long as they keep track of possible
security threats and stay one step ahead of the black hats, which apparently Yahoo is
completely incapable of doing, they can put up a pretty strong defense. Thank you for watching this episode of SciShow,
which was brought to you by our patrons on Patreon. If you want to help support this show, you
can give us your money and we will use it to make scishow happen at And if you just want to keep getting smarter
with us you can go to and subscribe!

Leave a Reply

Your email address will not be published. Required fields are marked *