Governments hack other governments to find out what other countries are doing. Perhaps they
can use the information in trade negotiations or for military purposes
Governments can also hack local or foreign companies because they want the company secrets:
to make their own products that are better in some way, or because they want information about some of the
company's customers (eg their location, photos, private documents)
Criminal gangs like to make money. Bank robberies in the old days used to involve going to a
bank branch with guns. Now you can steal money from a bank with computers from the comfort of your own home.
Stealing money from personal or company bank accounts, credit card information, top-up vouchers is also easy if
you have the right tools and know how. They also like to copy data and sell it to others who might be
interested: competitors, for blackmail, or sexy pictures on porn sites. Ransomware is software
that encrypts all the files on your computer. You have to pay the gang money to get all your data back.
"Religious" groups have strong opinions about who should be allowed to do what. If they
don't like you, they may try to deface or disable your systems to make your work harder. They might steal your
data to find out what you are doing so they can stop you. They might steal your money so you can't carry on. Or
they might put monitoring software on your devices so they can see what you are doing any time they want
Individuals hack for many reasons: they are bored, they like to see stuff burn, they have
something to prove or want to be famous, they don't like you for some reason. Or sometimes they are just
exploring: they are curious and like to know how stuff works by seeing how stuff breaks. You are just the
unlucky person who got in the way. A few people like to build up collections of hacked devices
(botnets) and use them for mining crypto currency or making denial of service attacks. They
make money by renting their botnet out to other people.
It is like a cloud of mosquitoes outside your tent when you are camping. There are thousands all tapping and
bumping to find the smallest gap so they can wiggle in and feed on you. No matter how good the rest of your tent
is, if there is one tiny gap, that is enough.
Hackers often use automated tools to find these holes: when a new hole is found, it will be quickly added to a
toolkit that knows about many similar holes. This is used to scan large parts of the internet to see what they can
find. It can sometimes be a race, with different groups competing to hack the same piece of software or hardware
so they can use it for their own purposes.
How do they get in?
Software is complicated. There are layers and layers of components that must all
work together. What looks simple on the outside can be made from hundreds of pieces each built by different
people, and usually relies on a complicated collection of other systems to make it go. New versions are released
all the time. It is easy to make a mistake, and it is hard to keep up with the pace of change.
A security hole in a piece of software or hardware is called Vulnerability. It may be very
obvious, or it may stay hidden for years until someone finds it. People have developed tools to help them find
vulnerabilities. There are thousands found every year.
If the Good Guys find a vulnerability they will tell the owner of the software and give them time to fix it. This
is called Responsible Disclosure. Often they will build a Proof of Concept: a small
example that
shows where the hole is and how to use it. Most companies will quickly fix the problem and release a
patch or software upgrade to protect their users. They may pay a Bounty or cash reward
to the
person who found it.
Sadly there are lots of people who want to buy vulnerabilities for their own purposes: they pay a lot of money
for a hole they can use themselves without telling anyone else. An Exploit is a tool for using a
vulnerability in a way that allows you do to
something that should not be possible. Sometimes exploits are Chained together: you use one to make a
tiny hole, the next you put in that hole to make it wider, the next to insert something that should not be there,
the next to give you full access to the system so you can do whatever you want.
A Zero Day is an exploit that is being actively used to hack people or systems. The manufacture
or supplier is not yet aware of it or has not released a fix. You may not know you were hacked for months or years
if someone quietly and carefully uses a Zero Day exploit to get access to your systems. They can stay quiet and
look around, copy your data or watch what you are doing for as long as they like.
How do I stay safe from hackers?
A few simple things will help a lot
Use a long strong unique password for every different thing you log in to. Use a Password
Wallet to store them all, and have a good (but easy to type and memorable) password for that. Never tell anyone
else your password for anything: don't email it or allow anyone else to use it.
Turn on two factor authentication for all services that support it. Avoid SMS / TXT versions
because hackers can swap your SIM or get in to the mobile network to steal your code. Use App based two factor.
Keep software up to date. All of it. Not just your phone and laptop. Your wifi router, the
modem from your internet service provider, printers, anything connected to the network.
When you get a new device, read the manual. Harden each device by changing default passwords,
turn off unneeded features. Google for security tips for your laptop, phone, smart watch.
Avoid IoT devices like internet connected fridges, door bells, cameras, baby monitors, smart TVs.... They are
often poorly designed and rarely updated. An easy entry point for hackers. If you know a bit about network
security you can make these safer to use by isolating them on their own subnet and preventing them from
accessing the internet
Avoid phishing. Don't click links or open emailed documents unless you trust the source and were expecting
them. If unsure, upload the file to Google Drive and view it there