Software (be it website code like WordPress or server-run code/operating systems like Windows) can be incredibly complex and often has bugs. Some of these bugs are innocuous or can’t be triggered remotely. However, some can be triggered by sending information to the website, formatted in a certain way. By doing this, depending on the bug, you can fool the server into running any code you want, change data values, save files to the server, etc.

Programmers are constantly seeking these bugs out and fixing them. Unfortunately, not everyone updates the code they use. Suppose I was running a website using WebSiteSoftware Version 5. The makers of this found some serious bugs and released version 5.1. However, I didn’t update. Hackers find out that I’m running version 5 and, since they know what bugs were in that version, will know how to abuse the bugs to gain access. Then, they take control of the site and change the home page to say whatever the hackers want.

Imagine you have a treehouse in your backyard. You and your friends won’t let anyone in without a secret code-word (a password). You write the password down on a piece of paper, and hide it in a drawer so everyone can stay up to date as you change the password.

If I want in, maybe I convince one of you that I’m your friend’s Dad, and you must let me in without a password or you are all in trouble.

Maybe I talk to your friend who is really forgetful, and try a bunch of passwords until he lets me in.

Maybe I put a camera in the drawer where you store the password so I can see it when you put it in there.

Maybe I climb a neighbors tree that doesn’t require a password, and climb across the branches to get in.

Hacking is just a general term for getting into computer systems that are trying to keep you out. The specific techniques evolve over time, but in general it’s just about tricking the computer system into giving you something you aren’t supposed to have, or getting access to something that you aren’t supposed to. That can involve using software itself, or sometimes it even involves messing with the humans that control these systems (Social Engineering).

Just as an example, an old way to hack was to put actual software code into the password box when logging in. When the computer went to read your password, it would read the code instead, and then execute the code (and the code would be something like, ‘let me in without a password’). This was solved by checking what you put in for your password, or extra layers of protection around what get’s executed. That cat and mouse game between hackers and software security people continues to this day (and a lot of ex-hackers are actually now in software security).

They find a weakness, like an unlocked window or door. They use that weakness to break in and take what they want, in this case, information.

There are actually two things Anonymous did/does. Hacking and a DDoS-attack.

Hacking is like burglary, but digital. You find the weak spot in the system and get into the system from there. Depending on where the weak spot is, the result of the hack can be different. Just like burglary. If you only manage to break into a basement, you can get the stuff in there. If you manage to break into the house and vault, you’ve got the jackpot.

A DDos-attack, or distributed denial-of-service attack, is (simplified) attack a website by trying to get to the site from a lot of places at once. Compare it to having thousands of people stand in front of a store. As a result, no one can enter the store anymore because off all the people blocking you.

Anonymous combines the two, blocking a site with a DDoS and meanwhile finding vulnerabilities to exploit. They use the distraction of all the people in front the store, to sneak in through the back door.

A lot of good posts here but I wanted to add a quick point. When it comes to weaknesses and vulnerabilities in any system, the biggest problem is the people using it. You can have the strongest security system money can buy but if “tech support” from BigSoftware Co calls and says there’s an emergency error on your computer and they need your username+PW to fix it RIGHT NOW and someone gives them that info… well there is no defense from stupid except education. Don’t click on links in emails folks, and don’t stick random flash drives into your computer, it’s literally called a “lolipop attack”

Think about how lawyers work. They know the law and know how it’s applied and what the esoteric terms mean. With this knowledge, they know how to use it to their advantage and get you the best deal considering the circumstances. Hacking is pretty similar. If you know a thing or two about computer architecture(how things are stored and accessed/manipulated)at the low level, you understand how to use that knowledge to your advantage to make the very strict rule-based system behave in a way that’s advantageous to you. Although the weakest link in any computer system is the human component. Never forget that.

**Please read this entire message**

—

Your submission has been removed for the following reason(s):

* Whole topic overviews are not allowed on ELI5. This subreddit is meant for explanations of specific concepts, not general introductions to broad topics (Rule 2).

—
If you would like this removal reviewed, please read the [detailed rules](https://www.reddit.com/r/explainlikeimfive/wiki/detailed_rules) first. **If you believe this submission was removed erroneously**, please [use this form](https://old.reddit.com/message/compose?to=%2Fr%2Fexplainlikeimfive&subject=Please%20review%20my%20thread?&message=https://www.reddit.com/r/explainlikeimfive/comments/gu94fi/-/%0A%0AThe%20concept%20I%20want%20explained:%0A%0ALink%20to%20your%20search%20for%20past%20posts%20on%20the%20ELI5%20subreddit:%0A%0AHow%20is%20this%20post%20unique:) and we will review your submission.