This post is for anyone who has ever said “Hey, I’m ‘hacking’ into your (insert account name here) account!” or, “Darn, someone ‘hacked’ my Facebook and said I like (insert expletive here)”.
STOP. This is not hacking. It is “un”authorized access, and there is indeed a difference between the two terms. What defines authorized access? How about unauthorized? Hacking? I’ll explain below.
Authorized Access: You being a bit too trustworthy with your info. Let’s just say for example that you (the user) allow your browser to Auto-Fill your passwords/login info. In this case, the browser is doing it’s job by remembering your credentials for the correct site; it doesn’t give two cents about which user is accessing these given credentials. It could (and should) be you, but it could also be: your dog, your 96-year old grandma, maybe even Jill from work. Point being, you allowed others to gain access. Therefore, it’s not unauthorized. Yes, the same concept applies if you walk away from your computer and leave your twitter page on the monitor – you’ve still authorized anyone to use your credentials; the browser is just doing as the user says.
Unauthorized Access: This one is probably the most confusing of the three. To be as brief as possible, it mostly concerns ethos, or emotions behind authorized access. Here’s a real life example: Me and a (now) ex-girlfriend used to “share” login passwords. She would login to Twitter on my computer and (most likely) absent-mindedly consented to allow my Twitter client to store her info. Several months later, the credentials were still valid, and I used them to surf her account (and post a few statuses in binary, because). Now you’re probably starting to wonder, “How is this different from authorized access, as you outlined above?” The main distinction in this case can be outlined in a simple written diagram:
Authorized: You find a dollar on the ground. You pick up the dollar, and put it in your wallet. Someone dropped the dollar, but has forgotten about it.
Unauthorized: You know there is a dollar on the ground in front of Frank’s Deli at 123 Sycamore Street at 9:30 A.M. because you put it there.
TL;DR, My possession of those login credentials is unauthorized, because I shouldn’t have them.
Hacking: My favorite. Hacking should be pertinent to systems as a whole; particularly computer/infrastructure systems. This is in no way related to access, since successful hacking grants access anyways. Hacking can also be viewed as malicious, with intent to cause harm (though, there are hackers who do not follow this view, and are known as “white-hats”). Want to know what’s coming next? You guessed it, an example! Let’s say I want to login into someone’s Twitter account. I have no idea what the credentials are, so I’m going to brute-force attack Twitter’s servers in order to find them out. Hopefully, the attack can go quickly, but because this is Twitter, there are more than likely a lot of barriers to break (that is, if you’re even successful). Let’s assume Twitter hashes passwords with 256SHA encryption and are salted and peppered (If you’re thinking about a plate of hash browns at this point, it’s game over. If you’re curious about salting and peppering, go here). For those familiar with hashes, that’s three algorithms to crack.
Do you see the difference? Hopefully you do.
Now, stop saying you’ve “hacked their facebook” in tweets and statuses.