en

Is This a Hack or an Attack?

15 September 2015

Dave Piscitello

In addition to the U.N. six languages, this content is also available in

null

Nearly every day, we see news stories or tweets that reveal another "cyber attack" against a well-known brand, bank or government agency are commonplace today. These are almost always characterized as sophisticated hacking schemes. Some are described as acts of hacktivism. In an effort to characterize certain attacks as the most sophisticated ever, one enthusiastic Wikipedia contributor uses the phrase advanced targeted computer hacking attack. However, the reality is that a cyber attack doesn't necessarily involve hacking, and a great many hacks have nothing to do with attacks.

What is a Hack?

The term "hack" was originally intended to describe a cleverly written or "coded" piece of software. Often, these kinds of software solved an immediate and thorny problem quickly and efficiently. For example, in the early days of computing, memory was a precious resource, so the developer of a piece of software that made remarkably efficient use of memory might have been complimented as having hacked a great bit of software, and he may have been acknowledged as a terrific hacker. The "hacker" label was a sign of respect. Unfortunately, hacking is now more often associated with cyber attacks, cyber espionage or online criminal activity.

What is hacktivism?

Hacktivism is the use of a cyber attack as a form of protest. Common cyber attacks used by hacktivists are denial of service attacks or web site defacements. The term is used very broadly to include attacks against government web sites, law enforcement agencies, online game sites and even terrorist sites. Multinational companies like Google, Apple and Microsoft are often targets of defacement attacks: these kinds of attacks exploit the Domain Name System (DNS) or domain registration services. The term hacktivism derives from activism, but many criticize this analog because unlike activists, hacktivists can often attack in the relative safety of the Internet's anonymity.

Are all cyber attacks conducted by hackers?

No. Invariably, news and social media channels characterize or glamorize attackers as talented individuals who write very sophisticated software. These characterizations are generally wrong in several respects; while there may be some talented individuals who write crime or attack software, much of what is used as attack software is often not very sophisticated but just clever enough to exploit a vulnerability. Very often, components of the attack software's "package" are not even the attacker's original work. In fact, it's increasingly common that individuals who launch attacks simply buy attack packages in underground marketplaces or download them from public repositories.

Do all cyber attacks involve hacking?

No. Let's use password attacks to illustrate. An attacker who uses social engineering to convince a helpdesk operator to disclose the user name and password for an account does not use a software hack. Such attacks, including some high profile Twitter account and DNS hijacking attacks, don't rely on hacking. Compare this to an attack where an attacker scans a network, installs exploit software on a vulnerable computer and uses that computer to gain access to a sensitive database. Here, hacking – the use of specially crafted software – is a critical component of the attack.

Does the distinction really matter?

Yes. Accurately characterizing a cyber attack may be helpful to your organization's incident response team or law enforcement. For example, if the attack was the result of an attacker applying social engineering to a helpdesk staffer, inspecting call or chat logs is more important than inspecting computers for unauthorized (exploit) software.

It never hurts to get the language right.

Dave Piscitello