Phishing Vs Hacking

Phishing and hacking are two related cyber activities. Both methods can cause harm, damage, and financial loss to individuals and businesses.

Phishing uses social engineering to manipulate people into sharing sensitive information like passwords, or bank account details. While hacking uses various tools and techniques to gain unauthorised access to systems and networks for malicious purposes.

In this article, we’ll start by discussing hacking and phishing individually, then we’ll compare them to see how they differ.

What is Hacking?

A hacker uses a computer system to gain unauthorised access into another system for reasons like stealing money, fame, or making a network unavailable.

Let’s take a walk down memory lane;

Historical records state that the first semblance of hacking happened in the 1800s; though it is not what we understand hacking to be today. It happened that after the invention of the telephone and the establishment of Alexander Graham Bell's telephone company, young phone operators pranked callers by switching telephone lines.

This history lesson is a reminder of how vulnerabilities within any system could be exploited for personal gain.

The term hacking/hacker originated in 1955 from MIT. MIT students pulled elaborate pranks called hacks on their campus, like when they decorated the Great Dome, an iconic landmark, by turning it into R2D2, a fictional Star Wars character or when they placed a campus police cruiser on its roof.

The definition of hacking has now evolved and it was only in 1963 that it was connected to computing. An MIT newspaper wrote a piece on telephone hackers, stating that telephone services have been curtailed due to hackers.

These hackers often students were tying up phone lines between Harvard and MIT, as they were experimenting with how telephone switching worked. They would sometimes re-route calls, or redirect calls confusing both callers and operators, which caused MIT to shut down the phone lines.

There was one instance, where a student was reportedly expelled weeks before graduation for such activities.

In the 1980s and 1990s, with the rise of personal computers, hacking became even more popular. For example, in the 1990s, Kevin Mitnick was famous for infiltrating networks and stealing software by using social engineering techniques to gain unauthorised access to computer systems.

Hacking continues to evolve, and there have been many more cases where various techniques have been used to exploit vulnerable systems. Here are a few popular techniques:

Malware: This is a digital parasite that can take control of your device and cause harm or steal data.

XXS (Cross-site scripting): This is when a malicious script is injected into web pages allowing hackers to steal cookies sessions, tokens or other sensitive information.

Phishing: This is "the art of Deception", tricking people into handling over personal and sensitive information.

DDOS (Distributed Denial of Service): This is when a website or service gets more traffic than it can handle, and this traffic is flooded by an attacker/attackers to render the service unusable.

Drive-By Downloads: This occurs when a user visits an infected website which downloads and installs malware automatically.

Man in the Middle: This involves intercepting communication between systems. For instance, the man in the middle eavesdrops on a conversation between two unsuspecting users, this middleman can alter conversations between these individuals, redirect transactions, and steal data.

Zero-Day Exploits: This involves taking advantage of vulnerabilities unknown to a software vendor or developers.

DNS Spoofing: Also known as DNS cache poisoning, it involves altering DNS records to redirect traffic from legitimate websites to malicious websites.

Ransomware: Ransomware is a type of malware that encrypts a victim's data making it inaccessible until a ransom is paid. This is simply a hacking technique where data is held hostage.

Key Loggers: This involves capturing every keystrokes made on a computer using keylogging software. Keyloggers record keystrokes made on a computer to capture information like passwords, credit card details, etc

Password Attacks: This is one of the most common techniques, and hackers can exploit systems due to weak passwords. e.g. credential stuffing, and dictionary attacks.

Watering Hole Attack: This involves compromising websites frequently visited by groups by infecting them with malware.

Session Hijacking: This involves taking over active sessions. It is when an attacker steals a user's session token gaining unauthorised access to their accounts due to unsecure networks.

SQL Injection: A database is used to store various types of data, and SQL injection involves exploiting vulnerable databases by inserting malicious SQL code into queries to access, modify or delete data.

Brute Force Attacks: Involves guessing passwords by trying different possible combinations often using automated tools. If an individual's or entity's password is weak, it makes it easier for the attacker to gain access to sensitive information or perform unauthorised transactions.

Social Engineering: Humans are vulnerable which makes us easy targets. Social engineering involves manipulating human behaviour to give out important information.

Now that we have explored some of the kinds of hacking techniques available, let’s take a look at the;

Types of Hackers

The three common types of hackers are:

White Hat Hackers: A white hat hacker is an ethical hacker who uses hacking skills to discover security vulnerabilities in computer systems, software or networks. They aim to help organizations discover these vulnerabilities before a malicious hacker like a black hat hacker finds them.

Examples of famous white hackers are:

Tim Berners-Lee who invented the World Wide Web and Kevin Mitnick, who started as a black hat hacker but later became a consultant, using his experience.

Tsutomu Shimomura initially was a black hacker hacked by Kevin Mitnick. He then decided to revenge by assisting the FBI with tracking Mitnick.

Other notable mentions include; Steve Wozniak, Jeff Moss, John Lech Johansen, and Richard Mathew Stallman

Black Hat Hackers: Black hat hackers are criminals who use unauthorised access to access computer systems and networks to cause harm. This exploitation may be to steal data, disrupt systems, extort money, etc.

Examples of black hat hackers include:

Kevin Mitnick, who was once the most wanted cybercriminal in the world. He hacked over 40 major corporations including IBM, Motorola and the US National Defence warning system.

Richard and Mathew Bevan were known as the best black hackers in the world at only 21 and 17 years old they hacked into multiple US military computers and also launched a cyber attack on North Korea.

Vladimir Levin a Russian hacker was known as a tech genius and one of the best black hackers. He broke into Citibank's largest corporate accounts and stole 10.7 million dollars using a cheap dial-up connection.

Other notable mentions include; Michael Calce, Gary McKinnon, Adrian Lamo, Jonathan James, Kevin Poulsen, Astra, and Jeanson James Ancheta.

Grey Hat Hackers: Grey hat hackers break into systems to find vulnerabilities without intending to cause harm. These hackers operate between white hat and black hat hacking which makes them "grey". They often use unconventional means which are considered illegal to access systems with the intent of improving the system's security.

An example of a grey hat hacker is Khalil Shreatah, a security researcher who discovered a vulnerability that allowed users to post links on any other user's Facebook page. Facebook failed to take Shreatah's report seriously, he then used the vulnerability to post on the Facebook page of Mark Zuckerberg the CEO of Facebook to highlight the security flaw.

Other types of hackers include:

Green Hat: These are new hackers with limited skills who are still learning.

Blue Hat: These hackers are employed by companies to find vulnerabilities in unreleased products. They can also be individuals hacking for revenge.

Red Hat: They are known as vigilantes, they launch attacks against black hat hackers

Purple Hat: They are hackers who hack their systems to improve their hacking skills.

Script kiddies: Unskilled hackers who use software created by others to hack systems.

Hacktivists: Hackers who conduct politically or socially motivated attacks.

State-Sponsored Hackers: Hackers employed by governments to hack other governments for intel.

What is Phishing?

Phishing is impersonating or pretending to be a legitimate source to steal sensitive information such as passwords, credit or debit card credentials or social security numbers.

An example of a common phishing scam might be an email from your bank asking you to update account details using a link.

The reason phishing is carried out is mainly to steal the identity of individuals to perform fraudulent activities. The attacker aims to use stolen information for financial gain. It could also be for corporate espionage where the attacker targets employees in other to gain business information like trade secrets, intellectual property or client details. Other reasons may be political like leaking sensitive information to expose the government or disrupting a system by spreading ransomware holding the system to ransom for many reasons not necessarily financial.

Different ways phishing works may include;

Fake Emails: An attacker sends a fake email that looks like it's coming from a legitimate source.

Malicious Links: An attacker sends a fake email that includes links to a malicious website, upon clicking user is directed to a fake one that looks legitimate however interacting with these sites is used to capture users' sensitive data

Malicious Attachments: An attacker sends an email with a malware-infected attachment that installs malicious software on the user's device when opened.

There are various ways to recognize a phishing scam, and some of the signs to look out for include the following;

• Unusual sender email address.

• Spelling and grammatical errors in email.

• Messages requesting personal and confidential information like passwords.

• Email messages that use urgent language or threats to urge individuals to take action.

• Email messages contain links that are different from the sender's domain.

• The email message urges you to click a link to update payment details.

Examples of how to protect yourself against phishing include;

• Do not click on links or download attachments from unknown sources.

• Always check the senders' email especially if the email looks suspicious.

Use an extra layer of security like 2FA to secure credentials.

• Update device software regularly.

• Use anti-phishing tools like email filters and anti-virus to block malicious links and emails.

MOVEME

Summary

Both Phishing and Hacking are related because they are cyber-crimes, however the way they are accomplished differs. Hacking is a broader concept that requires the use of technical knowledge and skills to gain unauthorised access into systems or networks, while phishing is a technique used by hackers to manipulate individuals into sharing sensitive information.

Awareness and vigilance are key in cybersecurity. Not only are systems vulnerable, but humans are as well. This is why cybersecurity education is important. Access to this knowledge exposes individuals and companies to the risk associated with being connected to a system or network and also, the importance of protecting their devices and systems.

Frequently Asked Questions

What are the ethical hacking opportunities in government or defense sectors?

Government and defense sectors often have opportunities for ethical hackers to secure critical infrastructure, protect national interests, and contribute to cybersecurity initiatives.

Are there specialized fields within ethical hacking, and how can one specialize?

Yes, ethical hackers can specialize in areas like web application security, mobile security, or IoT security. Specialization involves gaining in-depth knowledge and experience in a specific niche through focused learning and practical application.

What are some ethical hacking achievements or milestones that can enhance a professional resume?

Achievements such as uncovering critical vulnerabilities, successful penetration tests, or contributions to open-source security projects can enhance a professional resume. Certifications like OSCP and demonstrating real-world impact are also valuable.

Can ethical hacking skills be applied to non-technical fields, and if so, how?

Ethical hacking skills, such as critical thinking and risk assessment, can be applied in non-technical fields like risk management, compliance, and policy development to enhance overall security measures.