12 Computer Hacking Myths You Need To Stop Believing

A man in a black hoodie wearing a Guy Fawkes mask sits in a dark room, face lit up forebodingly by his laptop screen. He types furiously, laying down dozens of lines of code. After a few moments go by, he sits back and says, "I'm in." 

It's a scene we've all seen a million times in Hollywood — a hacker wunderkind who needs only a Thinkpad and some Doritos to bring any government or company's digital infrastructure to its knees. Except just about everything you think you know about hackers is wrong.

Since most of us are only tech savvy enough to convert an e-mail to PDF, hacking seems like black magic. It leads many to put stock in some laughably bad depictions of technology, reinforcing myths about hacking as a whole. Spoiler alert — hackers don't wear black hoodies with a Guy Fawkes mask, nor would you see "Matrix"-like ideograms on their screen if you took a peek over their shoulder. In that spirit, here are 12 computer hacking myths that need to be put to bed.

Countless movies depict hackers pitted against the clock. They type like their life depends on it, and in a scant 10 minutes, their target is in the bag. Barring social engineering attacks that steal your credentials, or a brute-force dictionary attack to compromise a simple password, this isn't even close to reality. 

Take the 2018 Mexican Bancomext heist, as one example. The heist took a minimum of months, if not years, of planning and prep work. Hackers meticulously found holes in the security and slowly wrapped their tendrils around the bank's systems, before finally going mask-off and stealing the money.

However, even in heists where hackers have direct access to their victim's computer, things aren't necessarily simple. The recent Ethereum crypto heist happened after hackers owned a developer's MacBook, but still required months for them to make off with their fat, digital stacks. 

For a more concrete example of how challenging pulling off a hack can be, there are hackathons. These are enthusiast events where competing teams of experts in the field are tasked with breaking into something. On the low end they can take a full 24 hours but may compete for up to three days. Long story short, a hacker can't just wake up one day and decide they'll own JP Morgan Chase by lunchtime.

Erase from your mind any depiction of hacking akin to William Gibson's "Neuromancer" where the web is a lurid, colorful 3D space, and hackers attack their targets with ICE. There is no truth to that whatsoever. Instead, hacking looks quite boring to the average person. A hacker's screen is often filled with computer terminals. Naturally, Hollywood is in the business of dramatizing boring realities, so you get movies like "Skyfall" where Q uses meaningless technobabble and a futuristic computer interface to trace the bad guys.

CNBC tasked Mikhail Sosonkin, a Russian hacker, with breaking into their reporter's personal MacBook. If you look at his screen, it's all black boxes and text. Unless you know what you're looking at, you wouldn't be able to tell his screen from that of an IT professional.

So did any movies get hacking right? One of few good examples is "Mr. Robot," praised for its realistic depiction of all sorts of exploits. In most cases, what you see the characters doing on the screen is what would be happening if the hack were to take place in real life. Anyone who's watched "Mr. Robot" knows it's a gripping show, proving that you don't need the unrealistic depictions to keep people locked in their seats.

It's totally understandable why most people fear hackers. If they're not stealing access to your bank accounts and emails, they're blackmailing or extorting you with your sensitive information. Even if they steal nothing, they're a constant, unsettling reason you might want to avoid reusing the same password. Roughly 2,200 cyber attacks happen a day, which translates to nearly 100 hacks an hour. 

However, not all instances of hacking are intended to steal and wreak havoc. That's only black hat hacking. Believe it or not, there are good hackers, known as white hat hackers. The term allegedly originates from old westerns where the good guys wore white hats and the bad guys black. Where black hat hackers do what they do for obvious reasons, white hats use their power to make things better. 

White hat hackers breach systems not with the intent to take what they find, but to uncover weaknesses and shore up defenses. Their bread and butter is penetration testing, which is where they carry out a hack as if it was the real deal and use their findings to help the victim. It's like a dress rehearsal for an actual security breach, with the hope that such a security breach either never happens or isn't as destructive.

Given everything we've said, it's easy to come away with the impression that hackers spend all their time indoors behind the screen. Not so. Hackers very frequently interact with people to achieve their aims. You might assume phishing — where a hacker sends you an email or text that appears to be from an official source that you trust and tries to get you to click on its malicious links — is the extent of it, but hackers often get even closer than that. 

The latest reset password iPhone scam had hackers calling users pretending to be Apple Support, as one example, and voice clone scams are also on the rise. You'll get a call from someone you know urging you to bail them out of jail, unaware that it's actually a AI-generated voice. Yet hackers do also go in person to hack people, and more than you'd think.

One popular hacker activity is wardriving, where hackers drive around in a car scanning for unsecured Wi-Fi networks to compromise. As another example, some hackers will set up card skimmers at ATMs or use RFID scanners to capture the credit card information of nearby people. We've only scratched the surface of the many, many things hackers do when AFK.

The above are what is known as social engineering. Hackers aren't just tech wizards, they're experts at manipulating human psychology. They know that it's a lot easier to trick someone into clicking a bad link than it is to break through their defenses the hard way. In some ways, it's a far more social discipline than anything else.

Depictions of hackers often show them with a half dozen screens and an expensive PC rig. You might think of a character like Gavin Orsay, the hacker from "House of Cards" who spends his days sitting behind such a setup. While this can be true — hacking does need processing power — it's not necessary. As proof, you need only read the story of Arion Kurtaj.

Kurtaj was, at the time, an 18-year-old boy who'd been arrested for hacking Nvidia, among other things. According to The Guardian, Kurtaj was on bail and under police protection in a hotel with only an Amazon Firestick, a TV, and his mobile phone. Using these limited resources, Kurtaj succeeded in hacking Rockstar Games and cost the company $5 million to recover from said hack.

Admittedly, this is an edge case, and most hackers likely want the best hardware they can get their hands on. However, there are other ways for hackers to obtain a surprising amount of power with limited means. Hackers often use what are called botnets, effectively a group of infected devices controlled by one hacker that can be spread out all over the world. These devices combine resources to do what the hacker wills. We could go on, but the point is that hackers have incredibly clever ways of doing a lot with very little.

Antivirus software would have you believe it's a shield against hackers' viruses. That's not necessarily the case. For one, antivirus can only protect you from viruses that it knows about and it relies on a continually updated database of virus definitions. This means it's always vulnerable to a zero-day exploit — a vulnerability that hasn't yet been discovered or addressed. Vulnerabilities like these effectively fly under the radar, making your antivirus useless.

Plus, you're better off just using the default antivirus software built into your PC. Windows Defender is perfectly fine for 99% of people, and the same goes for macOS XProtect. Paying for extra third-party antivirus gives you little benefit in exchange for much worse performance. In fact, experts recommend that you don't use third-party antivirus at all these days, since most threats are of a very different sort, according to NBC News. Keeping your device updated will be more effective, and free.

In the end, you're much better off exercising better digital hygiene. Avoid all the worst cybersecurity mistakes you're probably making, like using weak passwords and being too trusting of free Wi-Fi.

Most people these days have at least heard of the threat public Wi-Fi may pose. While a VPN can't keep you anonymous, it is an excellent tool for protecting yourself on these open, unprotected networks. This creates the false assumption that any Wi-Fi network protected with a password is safe. However, there's one increasingly common attack that hackers use which makes any public Wi-Fi fraught, known as an evil twin.

In short, an evil twin attack occurs when black hat hackers set up a seemingly legit Wi-Fi network in a public place, like an airports, cafe, or hotel. It's irresistible whether you're a traveler in a foreign country where you don't have a data plan, or the data plan in your home country is limited regardless. The network looks like the real deal and does actually seem to connect you to the internet. When you do, though, the hacker tricks you into clicking on links or giving away your credentials.

The CNBC video we referenced above is actually an example of this type of evil twin attack. Once the link has been clicked, there's no going back. The hacker now has a truly devastating amount of control over your device, including access to your personal files and your camera. If it wasn't obvious already, you should avoid free public Wi-Fi like the plague. Going over on your data plan will be much cheaper than having your bank accounts drained or your data held for ransom. 

Remember, hackers manipulate human psychology just as much as they manipulate code. They know people will click on certain things without thinking twice, and one of those things is whatever pops up in Google search results. People assume — with good reason — that Google has already vetted the links. That's not the case anymore. 

As you may know, the first Google search results you see with the Sponsored tag are ads, not organic results gathered by Google. Hackers now sometimes push malicious links as ads at the top of search results, a technique known as malvertising. 

How does this hack work? Say, for example, you type Amazon into Google search. You click on the first Sponsored link — which looks very much like Amazon — and log in with your credentials. Except in this fictional scenario, the link you just clicked on was a sponsored ad made by a hacker, and the site you logged into was a convincing simulacrum of the real Amazon. Now the hacker has your credentials to log into the real Amazon and do some damage. 

Avoiding this hack is easy: always check a URL before clicking on it.

If you regularly read SlashGear, then there's a good chance you know some or all of the above. Perhaps you use long, complex passwords with two-factor authentication. That's good, but it still may not be enough. 

The problem is that security breaches will happen anyway, giving hackers a way to steal your data even if you've been responsible with account security. Many big companies have hilariously bad security – Meta was storing passwords in plain text as recent as 2019. Data breaches seem to be on an upward trend, happening more often with more devastating consequences. It really hammers home the old saying — it's not a matter of if they will hack a company, but when they will.

So is the point of this defeatist? No, rather that you should use E2EE (end-to-end encryption) wherever you can. E2EE makes it effectively impossible for anyone, whether company employees or hackers, to compromise your data. It's one of the reasons you need to stop using Telegram, a messenger that doesn't protect messages with E2EE by default. 

Look for E2EE in things like password managers and cloud storage, wherever you have the most sensitive data. Many companies support it but don't enable it by default. Apple iCloud has E2EE, but you have to enable it under Advanced Data Protection. This might be your cue to change what services you use if they don't have end-to-end encryption.

You've probably heard at some point, somewhere, that Macs don't get viruses — or at least don't get as many. This is a myth that appears to be the result of Apple's own advertising, as noted by Gizmodo. 

Early 2000 commercials implied Macs couldn't get infected, and Apple was boasting that Macs were immune as late as 2012. There was some truth to it, since Macs have always gotten far fewer viruses than Windows. However, that's because Macs have always had a puny market share compared to Windows. Hackers, naturally, prefer to target the majority. Apple admits with its Protect your Mac from malware page that Macs are vulnerable, too.

Recent vulnerabilities have made Macs more vulnerable than ever. All the M-Series chips released since 2020 have an unfixable vulnerability as a result of their ARM processors. The iPhone isn't anywhere near immune, either. If you own one, then you no doubt have been urged at least once to swiftly install an update to avoid viruses — iOS 16.6.1 in 2023 is but one example. Infected apps in the App Store have also slipped past Apple's famously strict review process. 

Apple users that continue on with this false assumption that they're immune to viruses are liable to learn the hard way that the assumption isn't true.

In movies and TV shows, once you've been hacked, the hacker makes it known with great fanfare. Fictionally hacked PCs might suddenly start playing a video of a laughing skull coupled with a puerile soundbite. That's pretty far off from the reality. 

At the most extreme, some ransomware (like WannaCry) has hit victims with a scary red screen extorting them to send a payment or risk file deletion, but ransomware only works if it's very blatant about having taken control of your device. Most instances of hacking won't be anywhere near so obvious.

So how do you know if you've actually been hacked? It mostly comes down to your device (whether computer or phone) behaving strangely. You may notice it's a lot slower than usual, uses more battery and data, and experiences more errors. You might see installed software you don't recognize, files that aren't yours, or emails and messages sent by you — which you never sent. Your camera light might switch on for no reason and things may pop up on your screen. 

These are examples of ATPs (advanced persistent threats) that linger on your system for a long time. To be clear, many of the above things can happen after a bad update or as a result of a bug. However, if you are ever hacked, these signs would likely be the only way of knowing beyond losing account access or money.

Now that we've established what hackers don't do, how can you actually protect yourself from their exploits? Spoiler alert — it's everything people have been telling you to do for years. 

Update your devices promptly, use a password manager and strong passwords, never re-use passwords, and secure your accounts with two-factor authentication. Be cautious about the software you download, the files you open, and the links you click on. Never hand over account access to someone claiming to be IT or company support. Avoid risky online activities like torrenting. Keep up with the news so you know what security threats might be coming your way.

Essentially, have a constant attitude of skepticism and caution when on the internet. Even as tech companies pave over one vulnerability, hackers find another, and they're nothing if not clever with how they trick people. Love them or hate them, you have to give hackers a round of applause for thinking up things like evil twins and voice cloning scams, because these things are brutally effective.

Remember that at the end of the day, it's a numbers game. Hackers go for the majority, the low-hanging fruit, the people who aren't careful. By taking the precautions above, you're already doing more than the average person and are far less likely to be victimized. Some recent surveys have found, for example, that only a third of people actually use password managers. NordPass' most common password in 2022 was still — you guessed it – password. If you can do better than that, you're already miles ahead of the competition.