Hacking vs unauthorised access – what’s the difference?

As cyber crime becomes more commonplace, it’s vital that the media understands the difference between hacking and unauthorised access.

In 1932, Polish cryptologists broke the Enigma machine code, enabling the western Allies in WWII to read the secret Morse-coded radio communications of the Axis powers.

That’s hacking.

In 2015, an employee of a baseball team accessed a rival team’s database by using credentials given to him back when he worked for them.

That’s unauthorised access. So why are the media releasing articles with titles such as:

Astros GM Jeff Luhnow speaks out about hacking scandal

How many times did St. Louis Cardinals employees hack the Houston Astros’ database?

The Cardinals’ hack of the Astros system “was not limited to one or two occasions”

The answer is obvious: hacking sounds ‘sexier’ than unauthorised access. You don’t want to read about someone logging in with their credentials; you want to read about someone hacking into a database in a darkened room staring at incomprehensible code on a green screen.

Spotting the difference

Hacking can be described as gaining unauthorised access to a computer system by improper means.

Unauthorised access can be describes as gaining access to a computer system using usual means of access but without consent.

An example to better differentiate the two would be:

Using your friend’s Facebook account after they neglected to log out is unauthorised access. Infecting their PC with keylogging malware that captures their login details and then logging into their account is hacking, even though it’s relatively straightforward and doesn’t require much technical knowledge.

Why does it matter?

I recently overheard a conversation where someone boldly claimed “everybody is being hacked” but they’re wrong. What they should have said was, “A lot of people are being hacked, but even more are having their data accessed by unauthorised persons because we’re incapable of implementing basic security measures”. That’s really the crux: when we blame criminal ‘hackers’, we’re just exonerating ourselves – we should really be looking at our behaviour and processes around access control, both professionally and at home.

Please take the time to dig deeper and find out whether a story is about hacking or someone gaining unauthorised access. I am guilty of confusing the two in the past, and I’m currently in the process of changing any mistakes.