Tuesday, 22 October 2013

Computer Hacking - An Introduction

Computer Hacking - An Introduction

What is Hacking?

  • Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creators original purpose. (http://whatishacking.org/) Computer hacking – is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. – is most common among teenagers and young adults (http://www.wisegeek.org/what-is-computer-hacking.htm)

  • Why Hack? Profit – Information can be sold – Information can be used to steal• Protest – Eg. Hactivism: a hacktivist is someone whom utilizes technology to announce a social, ideological, religious, or political message Challenge – Fun, problem-solving skill, the thrill of power

  • Why Hack? Some examples… Hackers want to – use the victim’s computer to store illicit materials i.e pirated software, pornography, etc. – steal the victim’s personal information in order to access accounts or the accounts of the website visitors. The data can be used to gain access to important databases; billing, merchant accounts, etc.

  • Why Hack? Some examples… Hackers want to – set-up fake ecommerce sites to access credit card details; gain entry to servers that contain credit card details and other forms of credit card fraud – spy on friends, family, co-workers for personal reasons – revenge (http://www.website-guardian.com/why-do-hackers-hack-websites-va-5.html)

  • Effects of hacking• Damage to information• Theft of information – Credit card details, social security numbers, identity fraud, email addresses• Compromise/damage of systems• Use of victim machines as “zombies” Hacking attacks cost large businesses an average of about $2.2 million per year (Symantec 2010 State of Enterprise Security Study)

  • Effects of hacking• Businesses may suffer from damaged reputations and lawsuits• Business secrets could be stolen and sold to competitors• Computing system/infrastructure could suffer from performance degrading as the resources used for malicious activitiesIn an education institution, hacking can cause damage to the institution’scredibility/reputation ie. If examination system is compromised andsensitive data tampered

  • A hacker…Can fall into one of these types: Black hats Individuals with good computing knowledge, abilities and expertise but with the intentions and conducts to cause damage on the systems they attack  Also known as crackers• White hats  Individuals with good hacking skills  They perform defensive activities against hacking  Also known as security analysts

  • A hacker… Gray hats  Individuals that perform both offensive and defensive hacking activities• Suicide hackers Individuals whom want to fail a computing system for a personal ‘reason’ or ‘cause’ Not worried about the serious consequences that they may have to face as a result of their damaging activities i.e being jailed for many years

  • Types of attacks …• DoS/DDoS Attacks• Password Guessing Attacks• Man-in-the-Middle Attacks• Identity Spoofing• Interception• Eavesdropping• Backdoor Attacks… and many more!

  • How to hack?…Many of the hacking toolsand guides are available onthe Internet  BackTrack is a Linux distro with many tools; Metasploit, Aircrack-ng, Nmap, Ophcrack, Wireshark, Hydra and many many more!  The real reasons for BackTrack development are for digital forensics and penetration testing

  • How to hack?…some examples System Hacking; Keyloggers, password cracking Trojans Viruses Sniffers Social Engineering Denial of Service SQL Injection.

  • How to hack?…some examples Password cracking - dictionary attacks, brute forcing attacks, hybrid attacks, syllable attacks and rule-based attacks Other types of password cracking attacks – shoulder surfing, social engineering, dumpster diving, wire sniffing, Man-in-the- Middle, password guessing, keylogger.

  • Passwords…Enforce complexity so that passwordsare difficult to break; use combinationof letters, numbers, special characters.

  • How to hack?…some examples Password cracking - dictionary attacks, brute forcing attacks, hybrid attacks, syllable attacks and rule-based attack, Other types of attacks – shoulder surfing, social engineering, dumpster diving, wire sniffing, Man-in-the-Middle, password guessing, keylogger.

  • How to hack? LIVE DEMO Keylogger Sniffing Web-cloning  Google Hacking NTFS Streams DNS Spoofing.

No comments:

Post a Comment