Science & Technology

What’s in a Hack

Note: This article is hosted here for archival purposes only. It does not necessarily represent the values of the Iron Warrior or Waterloo Engineering Society in the present day.

In the modern world of computing we constantly hear that X company was hacked by Y method. To the average non-super-tech-savvy individual many of these terms are confusing and it is worrying not to know why these companies or individual are being hacked. Furthermore, a bit of knowledge on what potential attacks are possible on computer systems can make it easier for those of you who may eventually want to program some software on your own to build secure systems.

So, to start, what exactly is hacking? Well, in a computer security sense hacking can summed up as gaining unauthorized access to a computer system and/or altering the program. This can either be obvious to users in the case of a defamed website or hacked twitter account or be almost undetectable.

The best example of the more visible methods of hacking is with a direct denial-of-service (DDOS) attack. The goal of this attack is to make a network, service or website unavailable to users. This can be accomplished in many different ways, but the most common is to overload the server with external requests so it can not serve up legitimate requests in a timely manner.

As a brief tangent, most web related services operate on a request model. When a user wants to do something (i.e. search something on Google), their computer sends a request to the server for some form of content. Ideally, a server can handle an extremely large number of requests at a time, but in most cases a DDOS attack sends millions of requests to a server at once. In the news, any time you hear about Anonymous attacking someone, it generally is accomplished by this method.

Another common hack thrown around these days is called a zero-day attack, or 0-day exploit. Essentially this describes any attack that exploits an unknown vulnerability in a piece of software, hence it occurs on day zero of the attack being discovered. There have been a number of these on Java lately and it is one of the most difficult attacks to defend against because of the short time frame between it’s discovery and use.

These first two hacks are more oriented towards a technically hands on approach to taking down a computer system or gaining access to someone’s information. There are also a number of hacks that rely on fooling a user into willingly giving over password credentials without having to attempt to break in manually.

The most common and, frankly, most scary of these is social engineering. Social engineering works by the hacker either posing as another person or pretending that they work at a specific company to try to gain access to their system. This is more of a psychological attack that can be approached in many different ways. In some cases, the goal is to obtain a user’s credentials, while in others it may be to get a user to download a virus to infect an entire network. Recently in the news, bank systems in the U.K. were infected by a virus because of a social engineering attack on a number of employees.

The three attack methods that we just covered are just the tip of the iceberg when it comes to the wild-west of computer security. There are a slew of viruses, malware, and other goodies that can take over a computer, but the definition of a virus is a lot more common than many of these hacks. Hopefully, you learned a little bit about computer security and what a couple of these exploits actually do.

 

Leave a Reply