Understanding hacking

Now I read as much as I can, and I figured people on here can help me understand how accounts are hacked into.

So for a hacker to get into an account, it's not like breaking into a house. With a house, you just break down the door or window and you're in. With hacking into an account, don't they do it with the password in one way or another? They either get it through a data breach, phishing it somehow, or an easy guessed password (along using the same password for things). Am I missing something?

Comments

  • MrCMrC Community Moderator
    edited December 2014

    Your question is one of those that is very simple to ask, but very complicated to answer.

    As you state, the house break-in analogy is not apropos, because a large, complex collection of software, which folks generically label as the OS, is not like a simple physical structure, where you simply have to utilize or create some passage to cross the threshold from exterior to interior.

    There can be many different avenues by which a system can be breached, many which don't require a user's password, but instead prey upon existing weaknesses in the operating system and its supporting software. So a better analogy might be, for example, the Space Shuttle, with its 2.5+ million parts, all which must work together, many being mission critical where a single failure leads to well-known disastrous consequences.

    To understand how a system can be exploited, you have to understand the workings of a modern computer and software, through the various layers from the physical workings of CPU and memory, the operating system proper, the system libraries, application libraries and software. All of these work in concert. The area or level of the breach influences or limits the sphere of control (e.g. a single user account, a single service, the entire system, or perhaps a single file).

    Using your house analogy, hacking is more like rain water finding its way into your house. Water never fatigues, is omnipresent, and exploits every opportunity to find even the smallest path from exterior to interior.

  • All makes sense, I'm trying to learn about encryption also. I want to do this for fun and maybe do some looking up top. Now people who use Dropbox to sync (like me), so if Dropbox has a data breach, we all have to hope and pray our master password is great? :D

  • Actually, you house break in analogy does work surprisingly well:

    1) Pickpocket the key. Essentially you break in using the a legitimate key that you have obtained illegally. This translates directly to the digital world. Key interception through weak transports, social engineering or real world theft.

    2) Jimmy the lock. You don't have the key but you can manipulate the lock mechanism to make it open anyway. In the digital world this would be exploiting weakness in the encryption or key generation methods.

    3) Break the window and climb in. You just bypass the security systems entirely. In the digital world this would be the equivalent of exploiting OS/hardware flaws to gain control of the server and things like SQL injection attacks.

This discussion has been closed.