Hacking explained: What it is, how it works, and how to stay safe

Jacob Fox

May 9, 202416 min read

Hacking explained: What it is, how it works, and how to stay safe: Header imae

You’ve heard of hacking, and you probably know that it involves doing something technical and possibly slightly shady to a computer or device. However, you might not know exactly what the process entails. Far from being a lone techno-genius’s peculiar hobby, hacking occurs everywhere, across all kinds of demographics, and hacking is a widespread threat for many people in 2024.

In this article, hacking is explained in a way that demystifies the process. Plus, you’ll learn what you can do to protect yourself from it.

What is hacking?

Hacking is the act of gaining unauthorized access to a computer system, account, device, or network, achieved by any number of techniques, most of which are cyberattacks. Hackers are those who find and exploit vulnerabilities in systems or networks to compromise them and gain unauthorized access.

The evolution of hacking

Originally, there wasn’t a negative connotation to “hacker” or “hacking.” A hacker was simply someone who liked to push technology to its limits, getting it to do things that exceeded what others might think possible.

Hacker culture sprung up in academic circles in the 1960s, in places such as MIT’s Tech Model Railroad Club (TMRC) and Artificial Intelligence Laboratory (AIL). This culture was, broadly, one that was passionate about technology and enjoyed being creative with it, and it was one that advocated for open and free exchange of tech knowledge and solutions.

As time went on, however, media coverage of hacking took on a negative spin, equating it with nefarious cyber activities. Movies reinforcing this negative connotation started to be released, too, such as the 1995 movie Hackers.

Eventually, the traditional understanding of hacking (pushing technology to its limits for fun) was lost, and the new one (gaining unauthorized access to a computer system, device, account, or network) became commonplace.

How does hacking actually work?

Given our earlier definition of hacking, anything a person does to compromise and gain unauthorized access to a computer system or network is considered hacking. Traditionally, this involved modifying some computer code to provide a digital path into the target system.

Today, however, technology is more complicated, and there are many more avenues a hacker can take than simply manipulating code. For example, a hacker might attempt to impersonate someone official whom you trust to get you to give them your login information, which would be considered a form of social engineering.

Whatever method a hacker chooses, they will probe for a vulnerability in their target’s real-life or digital world and attempt to exploit it.

The laws surrounding hacking vary from country to country and sometimes from state to state. Broadly, though, it’s illegal to undertake any form of hacking because it’s illegal to attempt to gain unauthorized access to a computer system.

In the United Kingdom, the Computer Misuse Act (1990) says a person is guilty of an offense if they cause “a computer to perform any function with intent to secure access to any program or data held in any computer” and the access they attend to secure “is unauthorized,” provided they know this is the case when acting.

In the United States, the Computer Fraud and Abuse Act (CFAA) of 1986 declares the same: intentionally securing unauthorized access to a computer system is illegal. Originally, this law was designed to hold only for hacking attempts against the state, but it’s since been expanded to include civilian cases. Beyond the CFAA, there are different hacking laws from state to state.

You can usually only legally hack your own devices and systems or ones that you have the owner’s explicit (usually written and contracted) permission to hack.

Even scanning for vulnerabilities without acting on them can be illegal in some countries and circumstances. For example, port scanning is illegal in some countries. This is a complex area, though, and whether such reconnaissance is illegal or not often depends on how “active” the scan is, as well as the legal system’s discretion regarding your intentions.

So, is hacking illegal? As we can see, it’s complicated. Broadly speaking, unless a person has explicit permission, with no one else involved but the target, hacking is illegal.

Examples of the biggest hacking attacks

Hacking happens at every level, from small-scale social media hacks all the way up to multinational company server breaches. Here are some of the headlines that have made the biggest hacking news over the years. 

Citibank cyber heist, 1994

The 1994 Citibank cyber heist was the first online bank robbery and was a wake-up call for the financial industry. Vladimir Levin and his small team hijacked Citibank’s system to steal customer bank account information. They used this information to transfer money to untraceable accounts, stealing about 10 million dollars.

Melissa virus, 1999

The 1999 Melissa virus was the fastest-spreading virus ever seen, affecting 20% of the world’s computers at the time and disrupting businesses. It was a mass-mailing virus that targeted Microsoft Word and Outlook-based systems. David Lee Smith was the hacker behind the virus that, when opened, disabled Microsoft Word safeguards and sent itself to people in the user’s address book.

Yahoo data breaches, 2013-14

The 2013-14 Yahoo data breaches were two of the largest on record, with the first affecting every single Yahoo account and the second affecting over 500 million of them, leaking personal information about affected users, including passwords and security questions. And because Yahoo didn’t disclose the breach to its users, they received a $35 million fine and settled a class-action lawsuit for $117.5 million.

Why do hackers hack?

As with any digital activity, hackers might hack for a number of reasons. Here are some of the most common:

  • Money: Someone might hack to gain money. For example, this might be done by gaining access to your bank account and transferring your money to the attacker.
  • Control: Someone might hack to gain control of your computer system, for example, by using your computer to mine cryptocurrency.
  • Insider knowledge: Someone might hack to gain corporate or political knowledge. For example, one organization might hack another to discover insider knowledge and gain a leg-up on the competition.
  • Excitement: Someone might hack purely for the excitement of doing so and the feeling of accomplishment at succeeding.
  • Harm: Someone might hack out of a desire to do harm. A hacker might, for example, seek to enact revenge on someone by gaining access to their system and blackmailing them.
  • Improve security: Someone might hack out of a desire to find and demonstrate vulnerabilities in a computer system so they, or whoever they hack, can patch these vulnerabilities and prevent hacks from more malicious actors.
  • Political or social change: Someone might hack to enact political or social change, for example, by taking down the website of a company or institution they think is immoral.

Why is hacking dangerous?

Hacking is dangerous not only because it can prevent your devices from working as they should but because it can pose a serious risk to many aspects of your life, including your livelihood.

What’s more, hacking seems to be on the rise. For example, a 2023 Apple report (PDF) shows that “the number of data breaches more than tripled between 2013 and 2022,” with 1.5 billion personal records being breached in 2022 alone.

Here are some key reasons hacking can be dangerous:

  • Theft: Hackers might gain access to your financial accounts, leaving you vulnerable to theft.
  • Ransom: Hackers might lock you out of important systems and files and demand payment to have it returned.
  • Identity fraud: Hackers might compile your information, data, and documents to attempt to steal your identity, opening credit accounts in your name.
  • Impersonation: Hackers might use your accounts to pretend to be you and get you in trouble with your family, your friends, your job, or even the law.
  • Linked accounts: Hackers who gain access to one of your accounts might be able to use this to gain access to more of them.
  • Compromising others: Hackers could use their access to your devices to compromise other people you know, for example, by combing through your personal communications with others.
  • Disrupting services: Hackers might cause disruption to or completely disable some of your services, such as your network connection.

Can hacking be ethical?

Hacking can be ethical, provided it’s only done on your own devices or with explicit permission from the owner of the system you’re hacking. This might be done with the intention of revealing system vulnerabilities and fixing them. Someone who does this is called a white hat hacker.

Hacking ethics is a complicated area, however, because you must consider everyone who might be involved, even indirectly. For example, you might get permission to hack someone’s computer without realizing you’ll be accessing a device that stores sensitive information about someone else who hasn’t given you permission to view it.

Understanding hacking

If you’re thinking of getting into (ethical) hacking, here are some things you should know.

Can you have a job as a hacker?

You can have a job as an ethical hacker. Organizations hire ethical hackers to identify vulnerabilities and help shore up their defenses.

Why is hacking a crime?

Digital property is treated like physical property, so gaining unauthorized entry into someone’s system is considered a breach of their rights. Hacking is, therefore, a crime for the same reason that breaking and entering or theft are crimes.

What is a hackathon?

A hackathon uses the word “hack” in the original, more morally neutral sense. It’s an event in which teams of developers, project managers, designers, and so on (or sometimes just individuals) attend to race to create a hardware or software solution. The aim is to solve a specific problem or complete a certain project. Teams are judged by a panel, and the winning team usually wins a prize.

Can a hacker be traced?

Hackers can usually be traced, but how difficult it is to trace them depends on the techniques they employ and how well they cover their tracks, as well as the resources the tracing party has on hand. The state, for example, can usually trace a hacker much easier than an individual.

Can you go to the police if you get hacked?

You can go to the police if you’re hacked. However, local police forces might not be able to do much in the case of smaller breaches (such as a hacked Facebook account), in which case you should contact the organization for the account you own and follow their advice.

Types of hacking attacks

Real hacking usually doesn’t look the way it’s portrayed in the movies. Hacking techniques are many and varied, and these days, there are so many hacking tools available that many techniques can be attempted with little effort. Here are some of the most common types of hacking attacks.


Phishing is when a cybercriminal attempts to trick you into giving away your personal information or downloading and installing malware by impersonating someone else, such as a trusted company you have an account with. Usually, phishing scams take place via fake emails that try to get you to click on a dodgy link.

Malware infection

Malware is malicious software that might attempt to do any number of nefarious things on your system once it’s installed. For instance, it might try to leak your information, gain unauthorized access to your personal accounts, or lock your computer down to get you to pay a ransom. If this kind of hacking software is on your system, you have a malware infection.

Cookies are small chunks of data that websites store on your PC to help them identify you as the same user in the future. This lets them make your user experience more convenient, such as by logging you into your account automatically or showing you the same shopping cart that you filled the last time you were on the site.

Cookie theft, AKA cookie hijacking, is when a hacker gains access to your cookie data, which allows them to pretend they’re you when they visit websites you’ve visited before. In worst-case scenarios, this might let them access your sensitive personal information or possibly spend your money on the websites you visited.

One of the best ways to prevent this is to make sure you clear your cookies regularly.

UI redress

UI redress, AKA clickjacking, is when a hacker adds an invisible layer on top of the website or software you’re using to trick you into clicking the hacker’s buttons or typing in their boxes. To you, it looks like you’re typing into (or clicking on) input areas on the website or software you mean to use, but in reality, you’re typing into or clicking on something else.

Distributed denial-of-service (DDoS)  

A denial-of-service (DoS) attack attempts to deny system resources to users, such as a website’s server processing power, by flooding the targeted system with requests, making it unable to process and handle legitimate users’ requests.

A distributed denial-of-service (DDoS) attack does the same thing but distributes the flooding so that it comes from many different systems. Often, hackers will use a botnet to perform a DDoS attack.

Social engineering

Social engineering is any form of psychological manipulation done to compromise target systems or gain unauthorized access to a target’s personal information. In other words, social engineering attempts to do what traditional hacking does, but by tricking people rather than tricking or altering computer systems.

Password cracking

Password cracking is any technique that’s designed to discover or decipher the password for a target’s system or account. This is different from techniques that look to bypass logins (such as cookie hijacking) because it seeks to actually log in to a site, service, or system using the target’s password. Techniques for cracking passwords include brute forcing, phishing, and keylogging.

Zero-day exploits

A zero-day exploit is the exploitation of a vulnerability in a system, service, or piece of software that the developer hasn’t previously noticed. It’s called a “zero-day” exploit because cybercriminals can exploit or are already exploiting the vulnerability, so the vendor has zero days to patch it. A zero-day attack is especially dangerous because the vendor is racing against the clock to fix the vulnerability before attackers cause too much damage.

Types of hackers

Just as there are many different kinds of hacking, there are many different types of hackers. Here are a few of the most common.

Malicious hackers

Malicious hackers, AKA black hat hackers or crackers, are the nefarious kinds of hackers that you might picture from movies and media stereotypes. They attempt to gain unauthorized access to systems for malicious reasons, such as to blackmail victims, commit fraud, or steal money.

Ethical hackers

Ethical hackers, AKA white hat hackers, use many of the same techniques malicious hackers might use, but they use these against their own systems or the systems whose owners have given their consent. They do this to reveal vulnerabilities in devices, systems, and networks so they can be patched and secured.

Gray hat hackers

Gray hat hackers lack the nefarious intent of nefarious black hat hackers but, unlike ethical white hat hackers, lack the consent of their targets. Often, they’ll be motivated by curiosity or passion — they’ll hack simply for the pleasure of attempting to hack or succeeding in gaining unauthorized access to a system.


Hacktivism is, as the name implies, hacking for the purpose of political or social activism. For example, a hacktivist might deface the website of a company they don’t like or leak relevant confidential political information (such as funding sources) from a political candidate’s hacked device.

State-sponsored hackers

Digital warfare between states is just as real as physical warfare, and state-sponsored hacking is the means by which this is most often carried out. State-sponsored hackers do their hacking for their government or a state institution, usually for political purposes. A state-sponsored hack might, for example, crash a server that’s critical for another state to function.

What kinds of devices are most vulnerable to hacking attacks?

Unfortunately, almost any device can be hacked. However, some devices are more vulnerable to others. Devices that are designed to always be connected to the internet leave many ports open, making them particularly vulnerable. Here are some devices that are most vulnerable to being hacked:

  • IP cameras: These cameras sometimes lack proper security and are always connected to the internet, making them targets for hackers, especially because they can sometimes give indirect access to the computers that are linked to them.
  • Internet of Things (IoT) devices: These devices, such as sensors and appliances that connect to the internet, can be vulnerable to hacking because they often have weak built-in security or lack it completely.
  • Mobile devices: Devices such as phones and tablets, although generally safer than IP cameras and IoT devices, aren’t immune to being hacked. They’re especially vulnerable to physical, in-person manipulation because they’re portable. Plus, some convenient mobile features, such as on-the-go Wi-Fi scanning, can make them more vulnerable to hacking.
  • Computers: Desktop computers and laptops aren’t immune to being hacked, either. One thing that makes computer hacking more likely is a computer’s customizability, because more customizability means more potential vectors for attack.
  • Network routers: Many people forget to take into account the security of the one device that their computers and mobile devices commonly connect to: the network router. A router, like any device, can be vulnerable to attacks, especially if you haven’t set up the administration panel with a strong and unique password.

Can an iPhone be hacked?

It’s a common myth that iPhones can’t be hacked. Although it’s uncommon, an iPhone can, unfortunately, be hacked, just like any other device. In fact, iPhones can be hacked by many of the techniques mentioned above, such as phishing, social engineering, or cookie theft. Malware on iPhones is rare but not unheard of.

The myth of iPhones being immune to hacking stems from the fact that iOS devices are less customizable than Android ones, which gives hackers fewer vectors for attack. Apple’s App Store, for example, is curated and generally more secure than the Google Play Store. But just because it’s less likely that your iPhone will be hacked doesn’t mean it’s impossible.

A screenshot showing how to use CleanMyMac X to remove adware.

Can a Mac be hacked?

Another common myth is that Mac computers can’t be hacked. While it’s less common for Macs to be hacked, a Mac can be hacked just like a Windows PC. Mac computers can have malware on them, which is why it’s important to use a malware scanner and malware removal tool.

CleanMyMac X is great if you want an easy-to-use option — its Smart Scan feature not only detects and removes malware but can do other things in the background to speed up your Mac during the process.

Common signs you’ve been hacked

If you’re worried that you’ve been hacked, there are some red flags to look out for. These will vary for different kinds of devices, but here are some signs you might have been hacked, regardless of what device you’re using.

1. You see login and password reset attempts

If you start receiving texts or emails telling you that someone is trying to log in to your account or reset your password, this is a sign that someone could be trying to hack your account. Just make sure the emails or texts come from an official source before clicking any links they contain, because they could be phishing emails or texts pretending to be official ones.

2. You’re unable to log in to your accounts

If you try to log in to one of your accounts that you usually access, only to be informed that your password is incorrect, this could be a sign that someone has hacked your account and changed your password. If this is the case and you’re sure you haven’t simply misremembered your password, you should try to recover your account using the process the account vendor recommends.

3. Your device starts doing things by itself

Our devices can sometimes do things we don’t ask them to, but if you notice that yours is frequently doing things you don’t tell it to, this could be a sign it’s been hacked. If you often find apps or websites opening by themselves, or if you find your cursor moving or pages scrolling when you’re not doing anything, a hacker could be in control of your device.

How to stay safe from getting hacked

While hacking is more common than it used to be, there’s plenty you can do to prevent getting hacked. Here are some of the first steps to take to keep yourself safe.

1. Avoid public Wi-Fi

Public Wi-Fi networks, such as guest networks you might connect to in cafés or hotels, can be unsafe. One problem with public Wi-Fi is that it can be vulnerable to a man-in-the-middle (MITM) attack, where a hacker eavesdrops on your interactions and communications over the network. There’s a higher chance of this if your connection to the router isn’t encrypted, which is more likely on a public network.

As such, it’s best to avoid public Wi-Fi networks whenever possible and certainly don’t access any sensitive information or services, such as online banking, if you do use one.

2. Use strong, unique passwords

If your passwords aren’t strong, you could be vulnerable to attacks. Short, simple, and easy-to-guess passwords can be vulnerable to common password-cracking techniques such as password spraying and brute forcing.

Ensure that your password is long and difficult to guess. Try using a long word or phrase that only you’d think of. Or, even better, use a password manager to generate and store your passwords for you. Using unique passwords — different ones for each account you log in to — is important, too, because it means if any single account is breached, the others should be safe.

3. Check for malware regularly

Unfortunately, there are times when it’s too late for prevention because your system’s already been compromised with malware. But even if your device is infected, you might still be able to restore it to good health and keep it secure. Simply use a malware removal tool such as the one in CleanMyMac X, which will scan for malware and quarantine or remove it for you.

Hacking, once a neutral term used to describe those who are passionate about pushing technology to its limits, now almost exclusively refers to the attempt to gain unauthorized access to computer systems, networks, accounts, or devices. However, you can use the same techniques used by malicious hackers, with consent from the device, system, or network owner, to reveal system vulnerabilities. This is called ethical hacking.

There are many ways to hack devices — from social engineering to credential stuffing, phishing, brute forcing, and infecting with malware — so there’s plenty to watch out for. Thankfully, there’s also plenty you can do to keep yourself safe, including practicing good security by using a password manager, regularly clearing your cookies, performing malware scans with antimalware software, and avoiding insecure networks.

Jacob Fox Jacob Fox
In addition to being an academic, Jacob is a lifelong technology expert and cybersecurity writer who has helped his readers understand information security for almost five years. He has written for TechRadar, PCGamer, and other online technology publications.