Hacking refers to activities aimed at exploiting security flaws to obtain unauthorized access to secured networks and private information. There are different types of hackers, including black hats who hack maliciously, white hats who are ethical hackers, and script kiddies who use tools created by black hats. Common hacking methods include password guessing, software exploitation, backdoors, and trojans. Once inside a network, a hacker can steal or modify files, install backdoors, and attack other systems. Intrusion detection and prevention systems can help monitor for hacking attempts. Hacking is a felony in most countries and can carry heavy fines and prison sentences if prosecuted.
2. WHAT IS HACKING ?
• Hacking refers to an array of activities which are done to
intrude some one else’s personal, private information
space so as to use it for malicious, unwanted purposes.
• The term Hacking is used to refer to activities aimed at
exploiting security flaws to obtain critical information for
gaining access to secured networks.
3. WHAT IS HACKING ?
• Unauthorized use of computer and network resources.
• “Hacker” originally meant a very gifted programmer.
• Hacking is a felony in the US and most other countries.
• When it is done by request and under a contract between
an ethical hacker and an organization, it is OK!
• The difference is that the ethical hacker has authorization
to probe the target.
4. WHO IS A HACKER ?
There are at least two common interpretations :
•Someone who bypasses the system’s access controls by
taking advantage of security weaknesses left in the system by
developers.
•Someone who is both knowledgeable and skilled at
computer programming, and who is a member of the hacker
subculture, one with it’s own philosophy and code of ethics.
5. WHO IS A CRACKER ?
• There are 3 groups of crackers:
• Vandals: hack computer systems for destruction (deleting
files).
• Jokers: the most harmless; hacking systems and carrying
in different sounds, noises, and visual effects.
• Breakers: professional criminals commit hacking of
computer systems with the purpose of money theft,
industrial or commercial espionage, and thefts of
expensive software.
6. HACKTIVISM
• Hacktivism is defined as: Hacking for a cause – Social or
Political.
• White Hats: The “Good Guys”. The Ethical Hackers. Goal
is to strengthen the defenses.
• Black Hats: The “Bad Guys”. The Malicious Hacker, also
known as a “Cracker”.
• Grey Hats: Hackers that “go both ways”. At times they are
on the “Offensive” and at times they are on the
“Defensive”.
7. HACKTIVISM
• Fusion of hacking and activism.
• The act of hacking or breaking into a computer system, for a politically
or socially motivated purpose.
• The individual who performs an act of hacktivism is said to be a
hacktivist.
• Computer hacking always involves some degree of infringement on
the privacy of others or damage to computer-based property such as
files, web pages or software.
• The impact of computer hacking varies from being simply invasive and
annoying to destructive.
9. HACKER TERMS
• Hacking - showing computer expertise
• Cracking - breaching security on software or systems
• Phreaking - cracking telecom networks
• Spoofing - faking the originating IP address in a datagram
• Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it can’t respond anymore
• Port Scanning - searching for vulnerabilities.
10. HACKING THROUGH THE AGES
• 1969 - Unix ‘hacked’ together
• 1971 - Cap ‘n Crunch phone exploit discovered
• 1988 - Morris Internet worm crashes 6,000 servers
• 1994 - $10 million transferred from CitiBank accounts
• 1995 - Kevin Mitnick sentenced to 5 years in jail
• 2000 - Major websites succumb to DDoS
• 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while
web database was undergoing maintenance)
• 2001 Code Red
• exploited bug in MS IIS to penetrate & spread
• probes random IPs for systems running IIS
• had trigger time for denial-of-service attack
• 2nd
wave infected 360000 servers in 14 hours
• Code Red 2 - had backdoor installed to allow remote control
• Nimda -used multiple infection mechanisms email, shares, web client, IIS
• 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
11. THE THREATS
• Denial of Service (Yahoo, eBay, CNN, MS)
• Defacing, Graffiti, Slander, Reputation
• Loss of data (destruction, theft)
• Divulging private information (AirMiles, corporate
espionage, personal financial)
• Loss of financial assets (CitiBank)
12. DENIAL OF SERVICES (DOS)
ATTACKS
DOS Attacks are aimed at denying valid, legitimate
Internet and Network users access to the services offered
by the target system.
In other words, a DOS attack is one in which you clog up so
much memory on the target system that it cannot serve
legitimate users.
There are numerous types of Denial of Services Attacks or
DOS Attacks
13. DOS ATTACKS: PING OF DEATH
ATTACK
The maximum packet size allowed to be transmitted by
TCPIP on a network is 65 536 bytes.
In the Ping of Death Attack, a packet having a size greater
than this maximum size allowed by TCPIP, is sent to the
target system.
As soon as the target system receives a packet exceeding
the allowable size, then it crashes, reboots or hangs.
This attack can easily be executed by the ‘ping’ command
as follows:
ping -l 65540 hostname
16. TYPES OF HACKERS
• Professional hackers
• Black Hats – the Bad Guys
• White Hats – Professional Security Experts
• Script kiddies
• Mostly kids/students
• User tools created by black hats,
• To get free stuff
• Impress their peers
• Not get caught
• Underemployed Adult Hackers
• Former Script Kiddies
• Can’t get employment in the field
• Want recognition in hacker community
• Big in eastern european countries
• Ideological Hackers
• hack as a mechanism to promote some political or ideological purpose
• Usually coincide with political events
17. TYPES OF HACKERS
• Criminal Hackers
• Real criminals, are in it for whatever they can get no matter who it
hurts
• Corporate Spies
• Are relatively rare
• Disgruntled Employees
• Most dangerous to an enterprise as they are “insiders”
• Since many companies subcontract their network services a
disgruntled vendor could be very dangerous to the host enterprise
18. GENERAL HACKING METHODS
A typical attacker works in the following manner:
1. Identify the target system.
2. Gathering Information on the target system.
3. Finding a possible loophole in the target system.
4. Exploiting this loophole using exploit code.
5. Removing all traces from the log files and escaping without a trace.
19. GAINING ACCESS
• Front door
• Password guessing
• Password/key stealing
• Back doors
• Often left by original developers as debug and/or diagnostic tools
• Forgot to remove before release
• Trojan Horses
• Usually hidden inside of software that we download and install from the net
(remember nothing is free)
• Many install backdoors
• Software vulnerability exploitation
• Often advertised on the OEMs web site along with security patches
• Fertile ground for script kiddies looking for something to do
20. PASSWORD GUESSING
• Default or null passwords
• Password same as user name (use finger)
• Password files, trusted servers
• Brute force
• make sure login attempts audited!
21. PASSWORD/KEY THEFT
• Dumpster diving
• Its amazing what people throw in the trash
• Personal information
• Passwords
• Good doughnuts
• Many enterprises now shred all white paper trash
• Inside jobs
• Disgruntled employees
• Terminated employees (about 50% of intrusions resulting in
significant loss)
22. BACK DOORS & TROJANS
• e.g. Whack-a-mole / NetBus
• Cable modems / DSL very vulnerable
• Protect with Virus Scanners, Port Scanners, Personal
Firewalls
23. SOFTWARE VULNERABILITY
EXPLOITATION
• Buffer overruns
• HTML / CGI scripts
• Poor design of web applications
• Javascript hacks
• PHP/ASP/ColdFusion URL hacks
• Other holes / bugs in software and services
• Tools and scripts used to scan ports for
vulnerabilities
24. ONCE INSIDE, THE HACKER
CAN...
• Modify logs
• To cover their tracks
• To mess with you
• Steal files
• Sometimes destroy after stealing
• A pro would steal and cover their tracks so to be undetected
• Modify files
• To let you know they were there
• To cause mischief
• Install back doors
• So they can get in again
• Attack other systems
25. INTRUSION DETECTION SYSTEMS
(IDS)
• Host-based IDS
• monitors logs, events, files, and packets sent to the
host
• installed on each host on network
• Honeypot
• decoy server
• collects evidence and alerts admin
26. INTRUSION PREVENTION
• Patches and upgrades (hardening)
• Disabling unnecessary software
• Firewalls and Intrusion Detection Systems
• ‘Honeypots’
• Recognizing and reacting to port scanning
27. LEGAL RECOURSE
• Average armed robber will get $2500-$7500 and risk being
shot or killed; 50-60% will get caught , convicted and spent an
average of 5 years of hard time
• Average computer criminal will net $50K-$500K with a risk of
being fired or going to jail; only 10% are caught, of those only
15% will be turned in to authorities; less than 50% of them will
do jail time
• Prosecution
• Many institutions fail to prosecute for fear of advertising
• Many banks absorb the losses fearing that they would lose more if their
customers found out and took their business elsewhere
• Fix the vulnerability and continue on with business as usual
28. LAWS, FINES, AND PENALTIES
• Hackers, virus and worm writers could get 20 years to life
in federal prison.
• Anyone who uses computers to cause death or bodily
harm, such as bringing down power grids or airport control
centers, can get the maximum sentence.
• The sentence is increased by 25% if they steal personal
information.
• The sentence is increased by 50% if they share the stolen
information.
• If posted on the Internet, sentence is doubled!
A datagram is a basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order of arrival are not guaranteed by the network service.
Each datagram has two components, a header and a data payload. The header contains all the information sufficient for routing from the originating equipment to the destination without relying on prior exchanges between the equipment and the network. Headers may include source and destination addresses as well as a type field. The payload is the data to be transported. This process of nesting data payloads in a tagged header is called encapsulation.
1971 - In early 1971, a former Air Force electronics technician named John Draper (later self-nicknamed Captain Crunch, Crunch, Crunchman, or Mr. Crunchtastic) was informed by his phone phreak friend Joe Engressia that a toy whistle that was, at the time, packaged in boxes of the cereal could be easily modified to emit a tone at precisely 2600 Hertz, the same frequency that was used by AT&T long lines to indicate that a trunk line was ready to route a new call. This would effectively disconnect one end of the trunk, allowing the still-connected side to enter an operator mode. This resulted in, among other things, the ability to place free phone calls to anywhere in the world and operator-like control over the phone system. Experimenting with this whistle inspired Draper to build blue boxes, electronic devices capable of reproducing this 2600 Hz tone and other tones required to control trunk lines. After being featured, under his pseudonym of Captain Crunch, in an article in the October 1971 issue of Esquire Magazine titled "Secrets of the Little Blue Box", he was sentenced in 1972 to five years’ probation for toll fraud.
1988 - A supposedly unintended consequence of the code, however, caused it to be more damaging: a computer could be infected multiple times and each additional process would slow the machine down, eventually to the point of being unusable.
1994 - Vladimir Leonidovitch Levin (Владимир Леонидович Левин) is a Russian-born Jewish individual famed for his involvement in the attempt to fraudulently transfer US$10.7 million via Citibank's computers.
1995 - Kevin David Mitnick (born on August 6, 1963) is an American computer security consultant, author, and hacker. In the late 20th century, he was convicted of various computer and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.
Using the Los Angeles bus transfer system to get free rides[6]
Evading the FBI[7]
Hacking into DEC system(s) to view VMS source code (DEC reportedly spent $160,000 in cleanup costs)[6][7]
Gaining full administrator privileges to an IBM minicomputer at the Computer Learning Center in Los Angeles in order to win a bet[6]
Hacking Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens systems[7]
2001 – Code Red Code Red was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.
The worm exploited a vulnerability in the indexing software distributed with IIS, described in Microsoft Security Bulletin MS01-033,[3] for which a patch had been available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated character 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.
Code Red 2 - Code Red II is a computer worm similar to the Code Red worm. Released two weeks after Code Red on August 4, 2001, although similar in behavior to the original, analysis showed it to be a new worm instead of a variant. The worm was designed to exploit a security hole in the indexing software included as part of Microsoft's Internet Information Server (IIS) web server software. Where the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.
Nimda - Nimda is a computer worm, and is also a file infector. It quickly spreads, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes.
Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:
via email
via open network shares
via browsing of compromised web sites
exploitation of various Microsoft IIS 4.0 / 5.0
via back doors left behind by the "Code Red II"
2002 - SQL Slammer is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within ten minutes.
Although titled "SQL slammer worm", the program did not use the SQL language; it exploited a buffer overflow bug in Microsoft's flagship SQL Server and Desktop Engine database products
Divulging = To Make known , to bring out to the public (Private or personal info )
Original Equipment manufacturer
NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety.
Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. Thus, they are the basis of many software vulnerabilities and can be maliciously exploited.
a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.