All hackers are bad people who make a living by stealing your personal information and installing Trojan horses and keyloggers on your system to wrangle your passwords. Oh, and while they’re on vacation, they will send you phishing emails where they claim they recorded you (yes, you!) through your webcam while you did naughty things. Yes, you know all about them because you’ve watched Mr. Robot, so now you know that they’re all part of a collective called “Anonymous” who wear Guy Fawkes masks while making videos where they warn people about the imminent digital apocalypse they’re going to cause.
Guess what? Nope! Hackers are some of these things, but not that’s not all. Not even close!
Myth 1: Hacking is all bad and illegal.
Although hackers are more often than not criminals and thieves, that’s not necessarily the case. You’ve probably never heard of the so-called “white hat hackers,” or ethical hackers. They’re absolutely legit professionals who use their skills and knowledge to fight against malevolent hackers. Their work is to find new, smart ways to bypass system security and identify weak points with the express permission of the company.
In fact, some companies actively look for people who can hack their software to make it safer and more reliable. The reason? That’s pretty obvious — if you find a bug that compromises the system’s security, they can squash it and improve their products instead of dealing with countless lawsuits filed by disgruntled users. Did you know that sometime in their recent past, both Google and Facebook offered actual monetary rewards of up to $31,337 to anyone who provided credible evidence of bugs and vulnerabilities that hackers could exploit in their systems? That’s a really l33t reward for a h4xor! (To learn more about ethical hacking, see How Your Organization Can Benefit From Ethical Hacking.)
Myth 2: Hacking is a job that requires lightning-fast reflexes.
You’ve seen that in Hollywood movies, so it must be true! To hack a “mainframe” you must find an internet connection, start typing some random stuff super-quickly on your keyboard, and react to “computer defenses” and “countermeasures” as you hack your way against the clock, right? No, that’s Hollywood crap, indeed. These “hacker duels” we’re used to seeing in movies to make it look like there’s something exciting going on (note to Hollywood: They’re just two nerdy hipsters clicking on a laptop keyboard — duh), are, in fact, nothing but a movie fallacy.
Hackers make use of all kinds of software tools and bots that are set up to crack and hack their way through the system’s defenses. Most of the time, hackers can just sit back and relax while these tools do their job. To put things into perspective, it’s like thinking that if you want to defrag a hard drive, you have to manually move each file in your system by typing keyboard commands instead of just hitting the “start defrag” button and waiting for a couple of hours (God bless SDDs).
Bonus Myth: There’s nothing like “hacking a mainframe from the web” to start with. The most secure databases are anything but publicly available, and they’re often impossible to access unless you’re able to physically interact with a company’s server or cloud.
Myth 3: It’s all perpetrated by expert tech geniuses.
Actually, you don’t even need to be an IT expert to become a proficient hacker. You can go from zero knowledge to a good level of skill in probably less than 6 months, and you don’t even need particularly sophisticated or advanced software to do so. You just need time and dedication, some basic computer skills and a good tutorial. There are even some good websites that can teach you the basics in no time.
On top of that, there’s a lot of hacking which can be done without even knowing anything about programming or computer networks. Social hacking, for example, requires nothing but a cunning mind and a basic knowledge of how social media and search engines work. In fact, a lot of websites allow you to bypass their security measures by showing alleged “proof” of your identity, such as by answering some questions about your mother’s maiden name, the name of your favorite pet, or your elementary school best friend. Much of this info is readily available on the internet for people who know how to search for it or are observant enough. And no, they don’t need to be computer programmers, especially if you’re a celebrity with all sorts of information about you leaking everywhere.
Myth 4: Hackers are lone wolves who wear cool hoodies.
Although some famous hackers such as the Russian Evgeniy M. Bogachev are known to operate on their own or with a handful of accomplices, most of them are not. Instead they’re professionals hired by large criminal organizations that employ a vast array of automated processes (such as bot armies) to perform repetitive tasks on a global scale.
Some of them act according to some world-changing agenda, such as the famous hacktivist group known as Anonymous, whose alleged final goal is protecting the freedom of the internet. Their anti-child-pornography movement and attack of the Islamic State’s online recruitment systems and social media accounts were performed as global-scale operations.
Many governments also recruit hacker groups to practice acts of cyber espionage against other nations. Although they operate at a somewhat clandestine level, groups such as Fancy Bear, Unit 8200 and the Equation Group are more or less openly backed by the Russian, Israeli and U.S. governments, respectively. (To learn about how hacking is being used against bad guys, check out The Cyber War Against Terrorism.)
Myth 5: The deep web is an illegal part of the web inhabited by hackers.
The deep web is just a part of the web that can’t be accessed by a web browser by using its default configuration. Although many hackers prefer to hide themselves in this less-visible part of the web, the DW is not, by any means, an illegal place shrouded in darkness. Requiring special protocols to access something doesn’t make it evil or illegal.
The problem is that the dark web (a small subsection of the deep web) has received sensational coverage by the media for some particularly scary marketplaces hosted there, such as the infamous Silk Road or Alpha Bay, which sold illicit drugs and weapons. But that’s just negative press that simply ignores the fact that the deep web is also full of “good” websites as well as popular ones — both the New York Times and Facebook have an official equivalent of their websites in the deep web. In fact, this part of the internet is much less prone to the common zero-day vulnerabilities that many hackers exploit inside the less-deep internet.
Myth 6: The same malware can hack all kinds of systems at once.
Another one of the most unlikely and downright laughable of Hollywood’s renditions of the hacking world is the idea that a single command or malware can reach countless disparate systems at once and “hack” them all. One of the most famous examples of this level of made-up, unrealistic nonsense, is a moment in 1996’s “Independence Day” when Jeff Goldblum uploads a virus into the alien’s mothership.
That’s next-level stupidity, since this whole scene is based on the assumption that an entire race of creatures coming from another planet had MacOS installed! In our world a hacker would have a damn hard time even running a malware in different versions of the same operating system. God forbid just one of these aliens had Unix installed on his laptop!
Hollywood has taught us that hackers are fantastic and secretive creatures that possess amazing tech skills to hack into countless unrelated systems with minimum effort. However, as with many other things we’ve seen in the movies, things are rarely so simple in real life. On top of that, what we used to know about hacking only a few years ago isn’t necessarily valid today since this field is evolving at the same pace as other technology.