Skip to main content

Is This a Hack or an Attack?

Hack or attack 750x425 15sep15 en

Nearly every day, we see news stories or tweets that reveal another "cyber attack" against a well-known brand, bank or government agency are commonplace today. These are almost always characterized as sophisticated hacking schemes. Some are described as acts of hacktivism. In an effort to characterize certain attacks as the most sophisticated ever, one enthusiastic Wikipedia contributor uses the phrase advanced targeted computer hacking attack. However, the reality is that a cyber attack doesn't necessarily involve hacking, and a great many hacks have nothing to do with attacks.

What is a Hack?

The term "hack" was originally intended to describe a cleverly written or "coded" piece of software. Often, these kinds of software solved an immediate and thorny problem quickly and efficiently. For example, in the early days of computing, memory was a precious resource, so the developer of a piece of software that made remarkably efficient use of memory might have been complimented as having hacked a great bit of software, and he may have been acknowledged as a terrific hacker. The "hacker" label was a sign of respect. Unfortunately, hacking is now more often associated with cyber attacks, cyber espionage or online criminal activity.

What is hacktivism?

Hacktivism is the use of a cyber attack as a form of protest. Common cyber attacks used by hacktivists are denial of service attacks or web site defacements. The term is used very broadly to include attacks against government web sites, law enforcement agencies, online game sites and even terrorist sites. Multinational companies like Google, Apple and Microsoft are often targets of defacement attacks: these kinds of attacks exploit the Domain Name System (DNS) or domain registration services. The term hacktivism derives from activism, but many criticize this analog because unlike activists, hacktivists can often attack in the relative safety of the Internet's anonymity.

Are all cyber attacks conducted by hackers?

No. Invariably, news and social media channels characterize or glamorize attackers as talented individuals who write very sophisticated software. These characterizations are generally wrong in several respects; while there may be some talented individuals who write crime or attack software, much of what is used as attack software is often not very sophisticated but just clever enough to exploit a vulnerability. Very often, components of the attack software's "package" are not even the attacker's original work. In fact, it's increasingly common that individuals who launch attacks simply buy attack packages in underground marketplaces or download them from public repositories.

Do all cyber attacks involve hacking?

No. Let's use password attacks to illustrate. An attacker who uses social engineering to convince a helpdesk operator to disclose the user name and password for an account does not use a software hack. Such attacks, including some high profile Twitter account and DNS hijacking attacks, don't rely on hacking. Compare this to an attack where an attacker scans a network, installs exploit software on a vulnerable computer and uses that computer to gain access to a sensitive database. Here, hacking – the use of specially crafted software – is a critical component of the attack.

Does the distinction really matter?

Yes. Accurately characterizing a cyber attack may be helpful to your organization's incident response team or law enforcement. For example, if the attack was the result of an attacker applying social engineering to a helpdesk staffer, inspecting call or chat logs is more important than inspecting computers for unauthorized (exploit) software.

It never hurts to get the language right.


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."