How Hackers Hack, and How To Stop Them

You hear about this all the time: A big bank was hacked. Tumblr was hacked. The infidelity website Ashley Madison was
hacked and now everybody knows who was cheating on each other. But there’s a lot more to it, and it’s
a lot less flashy than what you see in the movies. Hacking isn’t about typing in a few magic
words with one hand on one keyboard and the other hand on another keyboard. Or like, two people using the same keyboard
at once. Hacking is difficult, and it usually takes
careful planning and a fair amount of time. Stopping malicious hackers can be even more
challenging. But some people dedicate a lot of time and
energy to doing just that. Hacking is when an unauthorized person gets
into a computer system. A hacker breaks in, and then suddenly they
have access to information they aren’t supposed to have. You hear people say their Facebook or Twitter
was hacked, but that’s not exactly the same thing we’re talking about here. When someone’s personal Facebook account
is hacked, that’s usually because the hacker found out their password. It can be devastating, but it’s not on the
same level as breaking into a company’s whole infrastructure and stealing a billion
passwords. Thankfully, these large-scale attacks are
much harder to do. But they do still happen — in December,
for example, Yahoo announced that they had been hacked back in 2013 and just realized
that more than a billion accounts had been compromised with personal data like answers
to security questions and passwords. That’s why companies have to be really vigilant
to protect against hackers. Once a hacker gets in, they have a few choices: They can gather information, they can cause
some damage to the computer system, or they can do nothing at all, and just tell the company
about the security risk. And that’s the difference between the three
major types of computer hackers: There are black hats, hackers who are basically
the bad guys: they hack into systems to get information or otherwise cause damage. Which is very illegal, by the way. There are also white hats, hackers who are
either breaking into their own systems or are hired to break into other people’s systems
— not to cause damage, but to test out vulnerabilities that can then be fixed. And then there are grey hats, hackers who,
as the name would suggest, sort of walk the line between black and white hat hacking. They don’t actively seek to cause damage,
but they still do things that are illegal or considered unethical — like, they might
break into a system without being hired to do that. They wouldn’t steal any information, and
they’d tell the company afterward, but they might publish the vulnerability online in
the meantime. But whether you’re a black hat, a white
hat, or a grey hat, the techniques used in hacking are largely the same. If you’re a white hat testing a system for
vulnerabilities, you have to know how to do all the same things a black hat hacker would
do. It’s like Defense Against the Dark Arts
in Harry Potter — you have to know what the dark side is doing if you’re going to
be able to defend yourself against it. One of the main things white hats do is called
a penetration test, or pen test for short. You test a system for vulnerabilities, then
fix any that you find, instead of causing damage like a black hat would. This is a pretty standard procedure, so looking
at the steps is a great way to explore some of the basic principles of hacking. Usually, the first step in a pen test is reconnaissance,
or recon, while you gather data about the target to figure out the best way to hack
into their system. For example, if you were a black hat, it would
help to know what kinds of operating systems the target’s computers are running so that
you could launch an attack that’s tailored to those operating systems. So if you’re a white hat, you’ll want
to know what data you can access so you can figure out what vulnerabilities need to be
fixed. There are two different types of recon: passive
and active. Passive recon is where a hacker gathers information
without actually interacting with any of the target’s computer systems. There are lots of different ways to do passive
recon: you can look for information that’s already out there, like files that are publicly
available on a website. Or a black hat might even try to steal old
hard drives the target threw away. Passive recon strategies can take a while,
but when a black hat uses them, they’re also difficult for companies to detect and
fight — because there is nothing fishy to detect. The hacker isn’t touching the company’s
systems, so there’s no warning that an attack is being planned. The best a company can do is try to make sure
that they don’t leave any clues lying around by destroying as much unneeded data as possible,
even if it seems harmless. It also helps if you don’t just toss old
hard drives into the dumpster out back. Active recon, on the other hand, is when a
hacker tries to learn valuable information about a company by interacting directly with
the company’s systems. Hackers can get information more quickly this
way, but it’s also easier to detect. That’s because companies can track things
like which computers are communicating with their servers — the more central computers
that provide data to other computers. If they notice a strange machine on their
network, or suspicious commands being sent, they can take action — like by blocking
the address sending those commands. So as a white hat, part of pen testing usually
involves doing some sort of active recon yourself, to see if the protections you’ve set up
can stop a black hat from learning too much. Usually, you start by looking for open connections,
or ports. Each open port serves as a kind of link between
a device and the internet, where data can be exchanged. And that can be dangerous, because a hacker
can use an open port to send code that attacks a machine. As a white hat, once you’ve found an open
port, the next step might be to see if you can tell what kind of hardware is running
the port, and what operating system it uses. Because that is exactly what a black hat would
do. If you find that a black hat could collect
enough information to launch an attack, you might have to rethink the ports you have open,
or find ways to stop machines from disclosing information about themselves. And for the most part, you’re going to want
to keep as many ports closed as you can. One of the ways to do that is by using a firewall,
which is either a program or a whole device that’s designed to block unwanted access
to a computer. Among other things, firewalls keep track of
a computer’s ports and make sure that the only ports that are open are ones that need
to be open. They’re like a computer’s security guard,
making sure that all the right doors are locked. Now, once you’ve done some recon, you may
want to move on to protecting against attacks that take advantage of your specific setup. Basically, you take a list of the hardware
and operating system versions you’re running and see if they have any known hacks. When people find ways to exploit an operating
system or a piece of software, the exploit will usually be published online. Then, the company that makes the OS or software
will try to patch the vulnerability. But patches and updates won’t always be
installed on your systems right away, so it’s important to see if you’re running older,
vulnerable versions. Of course, a black hat could also come up
with new exploits and use those. But that takes much more effort and skill,
so protecting against known hacks can make it much less likely that you’ll be hacked. Another part of the penetration test has to
do with websites. For every website on the internet, there’s
the part you’re supposed to be able to see. Like on YouTube, you can see different channel
pages and video pages. And you can watch me do this with my hands. But there’s also a whole administrative
side to websites, with pages and files that you aren’t supposed to see. Those pages might store information the developer
needs to run the site, or files that the public isn’t supposed to be able to access — like,
databases of user names and addresses. Ideally, you want those pages and files secured
so that some random dude named Steve can’t access all of them just by just typing a certain
URL. And the way to figure out if someone could
get access to them is to do what a black hat would do: try different URLs and see if you
end up finding pages or files that shouldn’t be publicly accessible. To do this, you can use crawlers — programs
that automatically map out the site by visiting different links and directories. You can also use programs that try the typical
URLs where this kind of information might be stored. So pages like,, or /files,
or whatever. If the crawler lands on an error page, that
can be important too. Companies need to make sure that the errors
that come up don’t contain information that a hacker can use against them. If an error says that a certain page is private,
for example, that tells a black hat that this page would be a great target if they do get
into your system. So you’ll want to be careful about how much
info shows up on your error pages. Another part of the website test involves
pages that use forms, like where you type in your shipping address, or fill out hundreds
of questions for your OkCupid profile. If these forms aren’t set up properly, black
hats can use them as a way to send malicious code into a system. Often, they can use this kind of code to collect
information from any databases a company might be using, like to nab all the credit card
numbers anyone’s ever submitted. So it’s important to make sure that a website
checks its form inputs for anything that looks suspicious, and to test those protections
by trying to break through them yourself. There are often more steps to a penetration
test, but those are the basics. Once the test is done, it’s time to go through
the results and fix any vulnerabilities. Even then, a company’s systems might not
be totally safe from all hacking attempts. Black hats are always thinking up more creative
ways to break into systems, and when they have a specific target, like a government
or other high-profile organization, white hats have to be constantly on the lookout
for attacks. But as long as they keep track of possible
security threats and stay one step ahead of the black hats, which apparently Yahoo is
completely incapable of doing, they can put up a pretty strong defense. Thank you for watching this episode of SciShow,
which was brought to you by our patrons on Patreon. If you want to help support this show, you
can give us your money and we will use it to make scishow happen at And if you just want to keep getting smarter
with us you can go to and subscribe!

100 thoughts on “How Hackers Hack, and How To Stop Them

  1. are UK police allowed to only investigate crimes which they feel like investigating, is this what they are paid for?

  2. I’m being hacked in a game called roblox the i can see when the hacker is in my screen and when my friends are nto my friends and instead is the hacker the hacker is trying to ruin me because he/she knows I’m close to finding who they are anyone wanna help? (Hackers only)

  3. I was scared i was hacked but I realized if a guy is hacking me there’s no need to worry cuzz im 11 i dont have a gf bf to cheat on or have apple pay im not old to have girlfriend to cheat on or apple pay anything so if they’re watching right now its gonna be boring cuz im a kid that like bts and games thats it 😂

  4. Most of the hacker's usually these who's watching your comments, mindless brain damage,rude, bigot..selfish…

  5. Ser:)not everyone knows how to operate computer, those hacker's are so evil, they know which person they can victimize, hey…🤨😟to me, they are not happy people..

  6. From experience, nothing can be done to stop these bad guys from getting into your stuff as long as you've got internet or your tv or phones works . if you lucky, you meet someone or one ethical hacker who's serious about working. Get through to Michael for easy anti spy or hack related services. Email to reach him is [email protected] com I'm making this recommendations cus he has been of tremendous help getting hackers off my back.

  7. From experience, nothing can be done to stop these bad guys from getting into your stuff as long as you've got internet or your tv or phones works . if you lucky, you meet someone or one ethical hacker who's serious about working. Get through to Michael for easy anti spy or hack related services. Email to reach him is deepakanonghosthackers @ gmail. com I'm making this recommendations cus he has been of tremendous help getting hackers off my back.

  8. As with other spy telephone apps listed here, it’s all the essential attributes, for example, power monitor instant messages, track GPS location, and to spy on text messages. But additionally, it has some unique features that make it stick out from the bunch. Let’s take a look at these characteristics.if you know the type of things that happen around you , you will be scared. do you know that 96% of Americans have errors in their credit score and out of that high percentage, only 10% know there are errors in their reports. 70% of the 10% of people who notice errors have them corrected. it is a lot of work but with the right connect , i got it done in two weeks . change your credit score change your life . a word is enough for those who are tired of the broke life. they provide exquisite service with a money back guarantee , contact zeusprohackers @gmailcom

    / WHATSAPP: +1 (256) 269-2696 for all your credit insight to be repair thank you.

  9. The thing about "hackers" is being a "hacker" isn't really anything to do with technology. Being a hacker is a mind set of subverting a set of rules to get a certain outcome. Whether that's "good" or "bad" depends on your morals and the law. You may ban someone but if they find a way back in, whatever it may be, they "hacked" their way back in. Trust me, no system is flawless, although security is getting to the point where it's not actually practical to crack their way through and rely more on the easiest way to obtain information and typically that's through social engineering. Doesn't really matter what it is. That's why and how malware and anti-malware systems evolve. , contact hackersmithsnowman @gmailcom

  10. warn a hacker that he or she will be in jail and I rather to find anywhere in the whole world to destroy hes plans from continuing hacking guys if all of countries have anti hack I prefer to jail them quickly but its to hard to jail em im very mad of them I would like to unbail them and remove them from justice

  11. No one can stop Bronco R idic LAPD this guy's the granpuba of hacker s.thiz guy has probably seen you having sex snf you never found out

  12. I believe I’m being hacked
    The things I’ve copied turn to links to random websites
    Some videos are just blank dark screens.
    Please hacker stop it’s just dang annoying

  13. A guy hacked my mom's phone it was like it was moving on its own so I did I …… remove the battery then Tara its 0% I will find him/her

  14. My sister's Facebook account got hacked because her friend's account also got hacked and the hacker asked for her email and password from her friend's account. She fell for it but she got her account back. It was like a battle! She cried so hard!😕

  15. I need this because there’s a person on ROBLOX hacking me, they know my name, and every time I come in ROBLOX, it shows MY text messages as something creepy, but i didn’t send it, I come in and see my own messages in chat. But I didn’t type that. The hacker knows my name and everything.

  16. This girl blocked me from a famous person live with out being in her account she told she was gone do it but I ant believe her how the hell she do that?? 🙃🧐🥴

  17. I met hackers through xbox chat and Minecraft, they were being rude so I roasted them… now they hate me… O.o

  18. Guys do you know how to get rid of hacks because I will show you how to get hacks please I will show you I promise 😀

  19. my hacker copys things, i copy paste today and it paste a word i havent copyed since a very long time nor i have visited it

  20. My friend I `m in one of the biggest complicated problem my E-mail is controlled by unknown persons during using internet & In non-use time therefore I`m in need to get me ride of those bad people thank you very much

  21. My friend I want to get me out of my seriously & dangerously big duck in my E-mail it`s controlled by militia of unknown persons I`m in need for help

  22. just do a password like this 1356485731613*=3164646464664548794649101646464664646464695949499494554==4323=*323568__95840466765834616156_32_%*=*=*2551334364646464654555_6645524657659499223/*3_3_34521724424621_31346,53jgchd&j65d6irsturd57i~tt:579^rjysr6u24255555,765200005828272728282524249724146553535396898979877998545468563524341221353217714741417144474822885566693993836823691831769713971393416143476376139713794361412688123d7jifej7e 38bfc4ubuvrub4vuvrrbucu4uv4ibc3&urur^yrur&t&1554456+4643431242455%1%-%%-113132225563458371389318913818138380077897 7 764..,4,4.4.+4.643135%%*%*%1=1343464urcu3cbucbu4vc4ubcrucruceubceuucbeub387b/bubu)yv2829494646135558578707849798984964655556311522=-%%-%*%=1==-##+##-5335391868161888810128201810288183818318 816918 49861968 86106181385-%2=+2558381319618981624126724:[email protected]@[email protected]:[email protected]:[email protected]:/%/11/=%%%#1*#*1563871170579 9bjgd idvr6o6il1wgd2ki7fekuof4 f3
    t8t48548y8ory l80ehhr2clo1dcuolu1defexe1ipyr2ll7dwfluugdl98afh8odpbwddfufhdbdbdbdjfhdjsjdjsjgsj7r7r6r6r7t6id5isr7s75aifztl58,f317646837585454342,gdhdydududupgdegiegiege8ye8ey8e833tt2ue7r77 udussisusuudn e sejur dus d bd e ebwbjf8ro19rifidifheirufodk……w.e.
    f.f.f.r.g j.y.rieiegigiGRuhj2hwcj wjie,b eorjofejp4vut9fp1xjqoxjxqov2hof2i9r8474847r7roforhp djcokdtulkr7qk46matoru7wurskrus7ktwgdjgxmouydi6w4 djcokdtulkr7qk46matoru7wurskrus7ktwgdjgxmouydi6ar r7aol8e6yorluro74qd7pl5iw7eru3545946274549545455249555442134555857**=%/=25,84857754424212122222446.322454575457546762!uog uog lo2ax2utg4ualoua2yoclilwrafwydilvf5f5fp9tpofr1ifyr2ilyyc2r82rgrqur2g8piy3tqv de t86969669yy9yiyiyjuyyuyutiittitttu0vssb

  23. someone on discord hacked me by giving me a application and said for me to click on it and ran a process that made my computer vunerable to the hack so then he tried moving my mouse and i found out it was a java script that made my computer vunerable to the hack so i ended the process both of them and now im safe i think i might not be

  24. I wish hacking never exesitst i lost my ps4 account. I called sony but they said something was locked all because the security

  25. Even though this is useful
    But hackers might go on youtube and see this and then they will find other ways to hack

  26. My internet keeps going out because a hacker got bit hurt on ps4 because he said Mr. boss is not clickbait and then toke my internet out 16 times

Leave a Reply

Your email address will not be published. Required fields are marked *