What is Hacking and What are Hackers?

Hacker behind a laptop with code flying around

The words hacker and hacking get thrown around quite frequently. Whether it appears in the news regarding some large-scale data theft, or is yelled when someone cheats in a computer game, the term hacker is becoming more and more prevalent. But what exactly is hacking? What are the different types of hackers? Are hackers always criminals or “bad guys”? If you’ve been hacked, what can you do? This article answers all of these questions.

What is Hacking?

We speak of “hacking” when someone who’s not authorized tries to access or take control of someone else’s system or computer. This doesn’t always have to be technically complex: even guessing someone’s password is considered hacking by some authorities. After all, you gain access to someone else’s computer, files, or account without permission. Yet the typical idea that people tend to have of hacking is that it involves a computer nerd using advanced software to crack someone’s online bank account, for example. While this is certainly considered hacking, it isn’t the only way in which hacking takes place.

Well-known kinds of cybercrime such as phishing and the distribution of malware are often referred to as hacking as well. This is because the aim is usually to gain access to other people’s data.

What is a Hacker?

A hacker is someone who accesses data without authorization by circumventing the safety measures in place. Originally, a “hacker” is someone with a lot of technical knowledge of computers and computer networks who solves a computer-related problem in a non-conventional way. The “hacker culture” started around 1960 with programmers “messing around” with hardware and software.

Is Hacking Illegal?

If the act of hacking happens without the consent of the person or company owning the data, hacking is illegal. It doesn’t matter whether or not a hacker does something with the data gained from the hack, the act itself is not allowed.

If a hacker does get permission from the owner of the data, then hacking isn’t necessarily illegal. This is more commonly referred to as “ethical hacking“. The goal of ethical hacking is to discover and fix vulnerabilities in a system before a malicious hacker finds and exploits those same vulnerabilities for criminal purposes.

Which Types of Hackers Are There?

We’ve already discussed the difference between ethical hackers and non-ethical hackers (also called black hat hackers). However, these aren’t the only kinds of hackers out there. Usually, a distinction is made between black hat, white hat, and grey hat hackers.

What Are Black Hat Hackers?

Black Hat HackerBlack hat hackers are hackers who break into someone else’s systems without permission. These are the stereotypical hackers that people tend to think of when they hear the word “hacking”. These hackers crack the security of computers, servers, and networks for personal (usually financial) gain. These hackers are sometimes referred to as so-called “crackers” because they “crack” someone else’s system.

Once a black hat hacker has found a weakness, they usually try to make money off of it in a variety of ways:

  • Blackmailing: the hacker might use the data to extort the victim.
  • Selling the knowledge of vulnerabilities to other hackers: a black hat hacker might sell the knowledge they’ve gained of these vulnerabilities to other hackers so they can abuse this information.
  • Selling the actual data to others: the black hat hacker might sell the hacked data to others. For example, they could sell a database full of leaked credit card information to a willing buyer. A lot of illegally obtained personal information is offered for sale on the dark web.

There are many different kinds of malware that help hackers virtually take over someone else’s system or computer. The installation of this software is already considered “hacking” by some. Some common types of malware are:

  • Spyware: spying software to gain insight into files (and passwords) of others.
  • Ransomware: software that allows a hacker to lock down someone’s system or computer and then offer to unlock it for a fee. Universities and hospitals are often the victims of this type of malware.
  • Keyloggers: software that keeps track of the keys you press on your keyboard. This might be used to figure out your passwords and gain access to your accounts.
  • Adware: software that floods the victim’s device with advertisements and pop-ups.
  • Bots: a bot is a type of malware that allows a hacker to take over someone else’s computer. These bots are often spread using computer worms. If a system is infected with a bot, it becomes part of a botnet and can be used to make it perform certain actions. The system might be used to send spam emails, spread viruses, visit sites that the owner doesn’t want to visit, or carry out so-called DDoS attacks.

As you can see, black hat hackers have a lot of resources to crack and abuse systems. But fortunately, there are also hackers who are committed to securing systems: white hat hackers.

What Are White Hat Hackers?

White Hat HackerWhite hat hackers only attempt to break into another person’s system with explicit permission. A white hat hacker (often referred to as “ethical hacker”) is a computer security specialist. White hat hackers often use the same techniques to break into computers and networks as black hat hackers. The major difference is that white hat hackers want to improve a system’s security instead of abusing it.

White hat hackers hack from an ethical perspective. By breaking into secure computers and networks with permission, white hat hackers try to detect security flaws. They then help to find a solution to patch the leak and improve security. The intention of white hat hackers is to detect weaknesses in IT infrastructure before malicious black hat hackers can exploit these vulnerabilities.

Many systems and networks that must meet the highest security standards are subjected to tests performed by ethical hackers. These tests are also known as pen tests, short for penetration tests. In a pen test, hackers try to (virtually) penetrate security systems. The findings of these tests are used to patch security leaks. Once a system is deemed safe enough to use, it gets approved.

Even the government employs hackers, usually referred to as state-sponsored hackers. Large consulting firms also employ white hat hackers to check a company’s ICT infrastructure for potential security vulnerabilities.

In short, the major difference between black hat hackers and white hat hackers is that white hat hackers are on the good side of the law. They have explicit permission to try to and crack a system, with the intention of improving its security.

There’s also a third category of hackers: grey hat hackers.

What Are Grey Hat Hackers?

Grey Hat HackerGrey hat hackers take a slightly more lenient approach to the rules than white hat hackers. Often, grey hat hackers break into systems without having been given permission beforehand, usually out of interest or curiosity. However, if they find any vulnerabilities, they do not exploit them. They either do nothing with it, tell the involved organization about it for free, or try to get a small financial compensation for discovering a vulnerability, although not all companies appreciate this. These kinds of practices have led to several damage claims against grey hat hackers in the past.

A grey hat hacker can be seen as the middle ground between the black hat hacker and the white hat hacker. The hacker tries to break into a system without permission (like a black hat hacker), but will not do anything with the acquired information or will bring this leak to the attention of the organization that was hacked (like a white hat hacker).

Nowadays, some companies have started “bug bounty programs“. These programs allow users (or ethical hackers) to report vulnerabilities or bugs in a system to the company in exchange for a small reward. This way, the company doesn’t need to specifically hire someone to crack the system, but still rewards hackers in case they find a security problem or bug. These programs could be considered supportive of grey hat hacking.

Other Types of Hackers

Most hackers fit in one of the categories mentioned above. However, sometimes people include other types of hackers such as:

  • Script kiddies: amateur (mostly juvenile) hackers that use scripts made by other hackers in order to make themselves look cool.
  • Green hat hackers: hackers that are new to the field of hacking but don’t have bad motives.
  • Blue hat hackers: hackers that use hacking as a weapon to get back at others.
  • Red hat hackers: hackers that are similar to white hat hackers in that they have the intention to stop black hat hacking. The difference being that red hat hackers go after black hat hackers, instead of just trying to patch security leaks (like vigilantes).

Tips to Protect Yourself From Hackers

Because there are many ways to get hacked, it’s important to properly protect your accounts, systems, devices, internet connection, and files from hackers. Here are some tips to make sure that the chances of you being hacked are as slim as possible:

TipExplanation
Be careful onlineAn obvious but important way to stay safe online is to be careful when browsing the web, downloading files, or partaking in any other activity that involves using the internet. Most sites and tools are legitimate, but there is also a lot of malware going around. Always pay close attention to little details such as spelling errors, strange email addresses, and user reviews. Spotting something that looks out of the ordinary can make all the difference between getting hacked and staying safe.
Update regularlyUpdates don’t always seem to change much, but security issues are often solved by these smaller updates. Outdated operating systems and apps are easier to break into, so always make sure you use the most up-to-date software available.
Install antivirus softwareAntivirus software recognizes viruses and can prevent you from accidentally installing malware. If your device is already infected by malware, antivirus software can help you remove it.
Use strong passwordsSecure passwords are long and consist of a random series of numbers, letters, and symbols. Never use an easy-to-crack password like “0000” or “1234” and never use one password for multiple accounts or sites. If you find it difficult to create or manage complex passwords, consider using a safe password manager, such as 1Password.
Use two-factor authenticationTwo-factor authentication is when, in addition to your password, you also have to enter a separate code, such as a string of numbers you receive on your phone, when you want to log in on a platform. This increases the level of protection and drastically reduces the chances of your account being hacked.
Be careful when clicking on linksA lot of malware is spread by links in instant messages and spam emails. Don’t click on a link you don’t fully trust. Hackers send messages that make it look as if they are from a legitimate organization, so pay close attention and always make sure you’re not dealing with a phishing email.
Avoid unsafe tools and websitesIt’s important to stay away from tools and websites that are flagged as unsafe. Examples are fake websites that pretend to be webshops (and steal your money that way), and software that’s full of malware. Before downloading or ordering anything, always check (for example on Google) whether a site or app can actually be trusted.
Avoid public Wi-FiWith public Wi-Fi, you never know who set up the network and who manages it. A malicious network administrator could use the connection to access your files or data. Never connect to a network you don’t know. If you want to connect to a public Wi-Fi network, always use a VPN.
Don’t overshareAlways be conscious of what you share with others. Sharing certain data may seem harmless, but hackers can do a lot of damage with relatively little information (such as using your profile picture for fake profiles). And of course, never share your login details with someone else.
Use a VPNA VPN is a tool that secures and encrypts your internet connection. This allows you to use the internet more safely, for example on public Wi-Fi networks. Make sure you use a reliable VPN provider such as ExpressVPN or NordVPN.

How Do You Know Whether You’ve Been Hacked?

It can be tricky to figure out whether you’ve been hacked or not. Certain kinds of hacks are more visible than others. For example, if you can’t log into your Facebook account anymore, even though you’re sure you entered your password correctly, it’s pretty likely that you’ve been hacked. If your personal data has been leaked, it’s often less obvious. These are some of the signs that you might’ve been hacked:

  • You can’t log in anymore, even though you’re sure you entered the right password.
  • Your computer or smartphone is suddenly very slow.
  • Your smartphone’s battery is draining fast.
  • You get an email notification that someone has tried to log into your account from a location you’ve never been to.
  • Your device suddenly gets flooded with pop-ups (this is probably caused by adware).
  • Your friends or family get emails or messages from your account, even though you didn’t send anything yourself.
  • Files on your computer (or your entire computer) are suddenly encrypted and inaccessible (this is probably ransomware).
  • Certain apps or processes on your computer are using an absurd amount of processing power. You can check this in “task manager”.

If you are suffering from one or more of these aforementioned signs, it’s probably a good idea to do some more research and determine whether you’ve been hacked or not. You can use the site “Have I Been Pwned to check whether your email address has been leaked in reported data leaks, for example.

Keep in mind that these signs only suggest you might be hacked. There’s still a possibility that something else is amiss, for example when Caps Lock is turned on (in case of wrongfully entered passwords) or when you’re working with older hardware (in case of a slow device or quickly draining battery). If you aren’t sure whether you’ve actually become victim of a hack, you can ask the site where you have your possibly hacked account for help, consult a computer expert, or research your problem using a search engine such as Google.

What To Do When Hacked?

Laptop With Exclamation PointIf you’ve been hacked, it’s important to stay calm. There are many ways to get hacked and each requires a different response. It’s always a good idea to determine what kind of hack you’re dealing with and respond appropriately. A great resource is the FBI’s site on cybercrime, they also have a site where you can file a complaint regarding cybercrime here.

Some general tips for when you’ve been hacked are:

  • Scan for viruses with your antivirus software.
  • Change your passwords. Both on the site where you were hacked, and on other sites. Start with your email, as a lot of accounts are linked to that.
  • Update your device and software.
  • Contact the site where you were hacked. This way they’re informed and can also help you.
  • Block your credit card or bank card in case of a financial breach.
  • Contact friends and family. This way, if they are contacted by the hacker, they know it’s not you and won’t fall for any tricks.
What is a Hacker? - FAQ

Do you have a question regarding hackers or hacking? You’ll find some of the more common questions listed below. Just click on the question to see the answer.

Hacking is the act of breaking into someone else’s system or account. It can also be used to describe the exploitation of security leaks in software.

Read more about hacking here.

A hacker is someone who breaks into someone else’s system or account without permission.

Even guessing someone else’s password can be considered hacking.

Read more about hackers here.

Hacking is illegal when it’s not done with consent. If the owner of the system, data, or account gives you permission to try and hack it, it’s not illegal. This is something that’s considered “ethical hacking”

In general, there are about 7 types of hackers:

  • Black hat hackers
  • White hat hackers
  • Grey hat hackers
  • Script kiddies
  • Green hat hackers
  • Blue hat hackers
  • Red hat hackers

The most common types are black hat, white hat, and grey hat hackers. All the other hackers can usually be categorized within those three categories and are less frequently used.

Some common methods of protecting yourself against hackers are:

  • Stay aware of online dangers
  • Update your devices and software regularly
  • Use good antivirus software
  • Use strong passwords
  • Enable two-factor authentication
  • Be careful when clicking on links in chat messages or emails
  • Avoid public Wi-Fi
  • Don’t visit unsafe sites or download unsafe software
  • Use a VPN
Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of VPNoverview.com. Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.