What is hacking?

Hacking (also called cyber hacking) is the use of

unconventional or illicit means to gain unauthorized access to a
digital device, computer system or computer network.
The classic example of a hacker is a cybercriminal who exploits security vulnerabilities or
overcomes security measures to break into a computer or computer network to steal data. But
hacking does not always have malicious intent. A consumer who jiggers their personal
smartphone to run custom programs is also, technically speaking, a hacker.

Malicious hackers have built a enormous cybercrime economy, where outlaws profit by
launching cyberattacks or selling malware or stolen data to one another. By one estimate (link
resides outside [Link]), this underground market is the world's third-largest economy
behind the US and China.

On the other end of the hacking spectrum, the cybersecurity community depends increasingly
on ethical hackers—hackers with helpful rather than criminal intentions—to test security
measures, identify and address security flaws, and prevent cyberthreats. Ethical hackers make
an excellent living by helping companies shore up their security systems, or by working with
law enforcement to take their malicious counterparts down.
ReportIBM Security X-Force Threat Intelligence Index 2023

The X-Force Threat Intelligence Index offers new insights into top threats to help you prepare and respond
faster to cyberattacks, extortion and more.

Related content

Register for the Cost of a Data Breach report

Malicious hackers

Malicious hackers (sometimes called “black hat hackers”) carry out cyberattacks themselves,
or develop malware or exploits that they sell to other hackers on the dark web (see, for
example, ransomware-as-a-service arrangements). They may work alone or as part of an
organized hacker or cybercriminal group.

Financial gain is the most common motivator for malicious hackers. Typically they

 Steal information or personal data—login credentials, credit card numbers, bank

account numbers, social security numbers—they can use to break into other systems
or commit identity theft.

 Launch social engineering attacks, such as phishing or business email compromise

scams, to trick people into sending money or sensitive data to them.

 Practice extortion—e.g., use ransomware attacks or distributed denial of service

(DDoS) attacks to hold data, devices or business operations hostage until the victim
pays a ransom. According to the X-Force Threat Intelligence Index, 27 percent of
 cyberattacks extort their victims.

 Conduct corporate espionage for hire, stealing intellectual property or other sensitive
from their client company’s competitiors.
But malicious hackers can have different or additional motivations for committing or
enabling cyberattacks. For example, a disgruntled employee might hack an employer’s
system purely for spite over being denied a promotion.
Ethical hackers

Ethical hackers (sometimes called "white hat hackers") use their skills to help companies find
and fix security vulnerabilities so malicious actors can't use them.

Ethical hacking is a legitimate profession, and ethical hackers often work as security
consultants or employees of the companies they're hacking. Ethical hackers follow a strict
code of conduct: they always get permission before they hack, don't do any damage, and keep
their findings confidential.

One of the most common ethical hacking services is penetration testing, in which hackers
launch mock cyberattacks against web applications, networks, or other assets to find their
weaknesses. They then work with the owners of the assets to remediate those weaknesses.
Ethical hackers may also conduct vulnerability assessments, analyze malware to gather threat
intelligence, or participate in secure software development lifecycles.
Other types of hackers

Some hackers don't fit neatly into the ethical or malicious camps. These hackers (sometimes
called “gray hat hackers”) break into systems without permission, but they don't do it for
malicious purposes. Instead, these hackers tell the companies they hack about the flaws they
find in their systems. They may offer to fix vulnerabilities in exchange for a fee or even a job
offer. While they have good intentions, these vigilante hackers can accidentally tip off
malicious hackers about new attack vectors.

Some amateur programmers simply hack for fun, to learn new things, or to gain notoriety for
breaching difficult targets.

‘Hacktivists’ are activists who hack systems to bring attention to social and political issues.
The loose collective Anonymous is probably the most well-known hacktivist group, having
staged attacks against targets like the Russian government (link resides outside [Link]).

State-sponsored hackers have the official backing of a nation-state. They work with a
government to spy on adversaries, disrupt critical infrastructure, or spread misinformation.
Whether these hackers are ethical or malicious is in the eye of the beholder. For example, the
Stuxnet attack on Iranian nuclear facilities—believed to have been carried out by the US and
Israeli governments—is likely to be considered ethical by anyone who views Iran's nuclear
program as a threat.
Hacking tools

There's no such thing as a “typical” hack. Hackers use different tactics depending on their
goals and the systems they're targeting. A hack can be as simple as sending out mass phishing
emails to steal passwords from anyone who bites or as elaborate as an advanced persistent
threat (APT) that secretly lurks in a network for months, waiting for the chance to strike.
That said, hackers do share a standard set of tools they tend to use.

Specialized operating systems: While hackers can launch attacks from standard Mac or
Microsoft operating systems, many use customized OSs. For example, Kali Linux, an open-
source Linux distribution designed for penetration testing, is popular among ethical hackers.

Credential-cracking tools: These programs can uncover passwords by breaking encryptions

or launching brute-force attacks, which use bots or scripts to automatically generate and test
potential passwords until one works.

Port scanners: Port scanners remotely test devices for open and available ports, which
hackers can use to gain access to a network.

Vulnerability scanners: Vulnerability scanners search systems for known vulnerabilities,

allowing hackers to quickly find entryways into a target.

Packet analyzers: These tools analyze network traffic to determine where it's coming from,
where it's going, and—in some cases—what data it contains.

Malware: Malicious software, or malware, is a key weapon in malicious hackers' arsenals.

Some of the most commonly used malware types include:

 Ransomware locks up a victim's devices or data and demands a ransom payment to

unlock them.

 Botnets are networks of internet-connected, malware-infected devices under a

hacker's control. Hackers often use botnets to launch distributed denial of service
(DDoS) attacks.

 Trojan horses disguise themselves as useful programs or hide within legitimate

software to trick users into installing them. Hackers use Trojans to secretly gain
remote access to devices or download additional malware without users knowing.

 Spyware secretly gathers sensitive information—like passwords or bank account

details—and transmits it back to the attacker.