Most people in the media — and, as a result, most people in general — use the terms “hacking” and “hacker” to refer to this sort of unsavory computer nastiness. But within the hacking community, the term “cracking” is preferred to describe malicious hacking.
Cracking is when someone performs a security hack for criminal or malicious reasons.
Cracking methods are often less sophisticated than many typical hacking techniques, which is another reason why people who identify as hackers distance themselves from what’s perceived as a more mundane and selfish pursuit. A cracker who exclusively uses tools built by others is known as a “script kiddie.”
Common types of cracking
“Hackers build, crackers break,” so they say. Cracking is about reaching places you shouldn’t be or accessing things you shouldn’t have. And it’s always with the aim of doing something naughty when you’re there: stealing data, impersonating someone, or even just using paid software for free. Let’s take a look at some common types of cracking.
Password cracking is the act of obtaining a password from stored data. Any website or service that cares even the slightest bit about security will encode passwords with hashing. It’s a one-way process that takes a password, runs it through a specific hashing algorithm, then stores the encrypted password. The one-way part is important: hashing cannot be reversed. When a user attempts to log in, the password they enter is hashed as well — if the two hashes match, the user is granted access to their account.
To crack a password, the cracker first needs to obtain the website’s stored hashes. This happens more often than you think, because websites are hacked all the time. Next, they need to know the exact combination of hashing algorithms and any additional techniques that a website uses to hash passwords.
With these two elements in hand, the cracker can get to work. Because hashing can’t be undone, crackers have no choice but to try and mimic the hash instead. They’ll generate a password, hash it, and see if they get a match. Doing this manually would take ages, so crackers use special programs and powerful custom-built computers that can output a staggering amount of guesses every second. Brute-forcing and dictionary cracking, along with rainbow table cracking, are the most common password cracking methods.
Brute force cracking: The cracking algorithm outputs random strings of characters until it gets a match.
Dictionary cracking: It’s similar to brute-force cracking, but rather than using random characters, dictionary cracking limits itself to actual words.
Rainbow table cracking: A rainbow table uses precomputed hash values to figure out the encryption used to hash a password.
You can check to see if any of your accounts have been cracked with our free and handy Avast Hack Check tool. It’ll let you know if any of your passwords have leaked onto the dark web black market, so you can change them right away.
Software cracking is when someone alters a piece of software to disable or entirely remove one or more of its features. Copy protections in paid software are frequent targets of software cracking, as are the pop-up purchase reminders (or “nag screens”) you often see in free shareware.
If you’ve ever heard of (or used) “cracked” software, it usually refers to a paid product that’s had its copy protections removed or defanged. Developers incorporate copy protections, such as serial number authentication, to prevent people from copying and pirating software. Once cracked, the software can be distributed and used for free. Most software cracking uses at least one of the following tools or techniques:
Keygen: Short for “key generator,” a keygen is a program a cracker builds to generate valid serial numbers for a software product. If you want to use the software for free, you can download the keygen and generate your own serial number, allowing you to fool the developer’s copy protection into thinking you’ve paid for the software.
Patch: Patches are small bits of code that modify existing programs. Developers release patches for software all the time. Crackers can make them too, and when they do, the patch’s job is to alter the way the program works by removing the unwanted features.
Loader: A loader’s job is to block the software’s protection measures as the software starts up. Some loaders bypass copy protections, while others are popular with gamers who enjoy cheating in online multiplayer games.
Network cracking is when someone breaks through the security of a LAN, or “local area network.” Cracking a wired network requires a direct connection, but cracking a wireless network is much more convenient, because the cracker just needs to be close to the wireless signal.
A common example of a wireless LAN is the Wi-Fi system in your home. You’ve got your router, which emits a Wi-Fi signal, and all your devices connected to it. Together, they form a local network. Someone could theoretically stand outside your home and attempt to crack your Wi-Fi network. If your network is password-protected, they’ll need to use some password cracking techniques as part of their network crack.
Unsecured Wi-Fi networks are the easiest targets, because there’s nothing in the way of the cracker. They don’t need to do any actual cracking — all they need is a sniffer, or a way to intercept the data flowing openly across the network. Any wireless network is potentially at risk of network cracking, so be extra-careful when using public Wi-Fi and protect your data with a VPN.
Why do people crack?
There’s a colorful spectrum of nefarious activities that crackers can get up to once they’re inside a system or program. While some are more harmful than others, one thing connects them all: cracking is always malicious. So why do crackers crack?
Data theft: Inside a company’s or a website’s servers, a cracker can access all sorts of data. One common data heist involves stealing user information and login credentials. Then, the cracker will sell this information on the black market to other criminals who can use it for phishing attacks or to commit identity theft.
Corporate espionage: Crack a company’s systems, and you’ve got firsthand access to all their juicy trade secrets. Companies and state-sponsored cracking groups hack other companies all the time to pilfer their most valuable and closely guarded information.
Data manipulation: It’s not always about stealing information. Sometimes, a cracker may wish to edit data stored on a server. For example, they may alter bank balance sheets, falsify legal or medical records, or transfer funds from one account to another.
Damage: You can copy data, as with data theft, or you can manipulate it. But another option is to remove it entirely, and this happens frequently as well. By deleting crucial pieces of data, a cracker can cause severe damage to a computer system, such as one responsible for critical infrastructure.
Spreading malware: Once inside a system, a cracker can seed it with malware. This can range from spyware that logs user activity, to adware that showers users in pop-ups, to ransomware that encrypts valuable data, or even to rootkits that keep all the other malware hidden away.
How can I prevent cracking?
So long as computer systems exist, there will be folks out there who want to break into them. While you can’t prevent the act of cracking entirely, you can reduce your own risk of becoming a victim. There are a few things you can start doing today to make yourself and your gear more resilient to cracking.
Don’t repeat passwords: If a cracker breaks one of your passwords, they won’t have access to any of your other accounts as long as you use different passwords for each account. Then, you just have to reset the one. And when creating new passwords, use strong password creation practices.
Stay off public Wi-Fi: Unsecured wireless networks are not safe places for your data. If you must use public Wi-Fi, see the next tip.
Use a VPN: A VPN is a virtual private network that protects your internet traffic with an encrypted tunnel. That means if your network gets cracked, your traffic will still be protected.
Change your router’s login info: Cybercriminals know the stock passwords for telecoms equipment like routers. Change your router’s login info ASAP, following strong password creation practices.
Keep your software updated: The older your software is, the more likely it is that crackers know about its vulnerabilities. Many software updates are issued to patch these holes.
Don’t click ads: Ads can be a disguise for cyberattacks in a practice known as “malvertising.” If you click an infected ad, it might download malware onto your device or redirect you to a malicious phishing website. Err on the side of caution and ignore online ads.
Check for HTTPS: Never enter any personal info on websites that aren’t using HTTPS. Always check to see if the website you’re visiting is safe — you’ll know it’s safe if you see a little padlock icon in the address bar, and the URL will begin with HTTPS.
But the surest way to prevent cracking and other security threats from upending your digital life is to use a robust antivirus tool. Avast Free Antivirus is especially designed by security and privacy professionals to protect your personal information and all your online activity. Download it today to browse without fear of cracking.
How can I protect myself against cracking?
Start using a password manager today. A password manager safely stores all your passwords so you can use unique ones for each account and not having to worry about remembering all of them yourself. It’ll even create hard-to-crack passwords for you, freeing you from the burden of creating new ones all the time.
Activate two-factor authentication (2FA). By requiring another mode of authentication — like an SMS code — in addition to a password, 2FA insulates your accounts against cracking. It’s not foolproof, but it’s better than just a password. Your email should offer 2FA, as should your bank and social media accounts. Wherever you can use it, you should do so.
Restrict your social audience. Personal information helps people crack your passwords and answer your security questions. Think twice about how much content you need to share with the global public on social media sites.
Use antivirus software. One of cracking’s main goals is to install malware. Strong antivirus software, like Avast Free Antivirus, detects and blocks malware before it can infect your device.
Never send sensitive personal info via email. Financial and banking details, PINs, credit card numbers, your social security number, and any passwords: if you absolutely must transmit those, do so securely. Emails can be intercepted, and if so, your information is exposed.
Ignore email attachments from unknown senders. Getting a victim to download and open a malware-infected email attachment is one of the oldest cracking tricks in the book. If you don’t know the sender, or if the email is from a known contact but doesn’t sound like them, ignore the attachment. The same goes for strange links that you might receive, not only via email but also in social media messages or SMS.
Defend against cracking with Avast Free Antivirus
Using a strong antivirus tool is the single best defense against cracking and other online threats. You’ll want to choose one from a reputable provider so that you know that you’re getting the best cybersecurity protection available — like you get with Avast, trusted by hundreds of millions of people around the world.
Avast Free Antivirus detects, blocks, and removes malware of all stripes, including spyware, adware, ransomware, and viruses. And you’ll get protection against phishing attacks as well. Crackers rely on malware and phishing to handle a lot of their dirty work. With a reliable antivirus at your side, you’ll be well insulated against their intrusions.