HACKING

1. Introduction to Hacking
The Internet, like any other new media historically, provides new methods of
engaging in illegal activities. That is not to say that the Internet is intrinsically 'bad',
as many tabloid journalists would have us to believe, it is simply a means for human
beings to express themselves and share common interests. Unfortunately, many of
these common interests include pornography, trading Warez (pirated software),
trading illegal MP3 files, and engaging in all kinds of fraud such as credit card fraud.

Hacking on the other hand is a greatly misrepresented activity as portrayed by the

wider media and Hollywood movies. Although many hackers go on from being
computer enthusiasts to Warez pirates, many also become system administrators,
security consultants or website managers.

1.1 A Definition of Hacking

·Hacking generally refers to the act of a person abusing computer access, breaking into
computers, or using computers without authorization.
·An Attack is the attempt of an individual or group to violate a system through some
series of events. The attack can originate from someone inside or outside the network.
·An Intruder or Attacker is a person who carries out an attack. ·
This is a simply definition, one which we will have to go beyond to understand. Firstly,

Types of hackers:-

There are in essence three types of hackers.

1) white-hat' hackers
2) grey-hat hacker
3) black-hat hackers.
White -Hat Hackers
This type of hacker enjoys learning and working with computer systems, and
consequently gains a deeper understanding of the subject. Such people normally go
on to use their hacking skills in legitimate ways, such as becoming security
consultants. If a white hat hacker finds a fault in a security system i.e. a website then
they will inform the owner immediately. The word 'hacker' was originally used to
describe people such as these.

Grey-hat Hacker:
If a grey hat hacker finds a fault he will do what he feels like at the time i.e.
exploiting the site OR informing the owner.

Black-Hat Hackers

This is the more conventional understanding of the term 'hacker', one that is
portrayed in newspapers and films as being essentially 'chaotic', an obsessive social
misfit hell-bent on the destruction of everything good about the Internet.

A black hat hacker if they find a fault will immediately exploit the site for there own
beneficial gain i.e. Advertising and infecting other computers with "viruses" to gain
access to more sites. So White-hat hackers often call this kind of hacker a 'cracker',
as they spend most of their time finding and exploiting system insecurities.

2. Hacker Motivation & Hackers Attacking

The factors that affect the motivation of someone who is drawn to illegal hacker
activities are not always clear. It is well known, for example, that few hackers are
motivated by financial gain. Most hacker activity is of a nature were money is rarely
involved.

2.1 Factors of Motivation

Few studies have been carried out into hacker motivation, although much has been
gained by interviewing former hackers who have now gone 'white-hat' (i.e. hacking
for security companies etc.). Here are some of the factors that may motivate a
person into becoming a hacker:

Curiosity:

Money:

Spying:

Prestige Intellectual Challenge:

Anarchy:

2.2 Why Do Hackers Attack?

There are many reasons why a hacker might attack a system. Some
possibilities may include:

·Obtain a company’s secrets or insider information

· Use the system’s hard drive for storage, often for pornography or
stolen software
·Steal credit card numbers
·Steal passwords to other systems
·Use the computer in an attack on another computer or system
·To steal programs or files
·Read others’ email
·Stalking
·A challenge, or "to see if I can"
·To impress other hackers

Just something to do (boredom)

·

How Can I Determine If My Computer Has

Been Hacked
Clues and Signs
Some signs that your computer or user account may have been
hacked include:

• Files disappear or are modified unexpectedly

• Strange files appear or grow in size unexpectedly

• Hard disk space shrinks without reason

• The computer slows considerably, or problems appear suddenly

• Strange messages or dialog boxes appear on the screen

• The computer starts crashing frequently

• Programs stop working as expected

• Your internet connection slows dramatically for an extended

period

• You notice your internet connection is in use, but you are not
using it

• You get a phone call, letter, or email from your Internet service
provider or administrator noting strange activity.

3. Hacking Techniques
3.1 Overview of Hacking Techniques
The depth and variety of techniques employed by hackers to illegally enter a
computer system are vast, for this reason I intend to provide a brief overview of
some of the more common techniques involved, without going into to much detail on
any particular technique.
Hacking a system is a two-step process, Gathering Information and Launching an
Attack.

3.2 Gathering Information

A dedicated hacker may spend several months gathering information on the intended
target before launching an attack armed with this new information ", but there are
also more remote methods available to the hacker.

Port Scanning: A port scanner is a program that automatically detects security

weaknesses in a remote system. Scanners are TCP port scanners, that attack TCP/IP
ports and services (Telnet or FTP, for example), and record the response from the
target. In this way, they learn valuable information about the targeted system such
as if whether or not the remote system will allow an anonymous user to log in, or
indeed if the system is protected by a firewall.

Many hackers simply type large amounts of IP addresses into a port-scanning

program and launch random attacks on many users simultaneously, hoping to strike
it lucky with that one system that shows a serious weakness.

Packet Sniffing: A sniffer is a piece of software that grabs information 'packets' that
travel along a network. That network could be running a protocol, such as Ethernet,
TCP/IP, IPX or others. The purpose of the sniffer is to place the network interface into
'promiscuous' mode and by doing so, capture all network traffic. Looking into packets
can reveal valuable information like usernames, passwords, addresses or the
contents of e-mails.

3.3 Launching Attacks

There are many attacks employed by hackers. Here is an overview of just some of
the more common:
Denial of Service (DOS): A denial of service attack is basically an act of sabotage
against a service running on a port on a targeted system. The aim is to disable the
service, for example a web server, in order to prevent people from being able to
access that service remotely.
A typical denial of service attack would involve sending hundreds or even thousands
of connection requests to a single machine at any one time, causing the machine to
crash under the strain. A more advanced approach is to send corrupt connection
requests that exploit a flaw in the service software which fails to recognize the
malformed data when it attempts to process it, resulting in a system crash.

Password Cracking: A password cracker is a program that attempts to decrypt or

otherwise disable password protection. Often simulation tools are used to simulate
the same algorithm as the original password program. Through a comparative
analysis, these tools try to match encrypted versions of the password to the original.
Many password crackers are simply brute-force engines that try word after word from
a dictionary, often at very high speeds.

Packet Sequence Attacks: In packet sequence attacks, the hacker tries to guess the
random sequence number of TCP packets so that he/she can insert their own packets
into a connection stream. In this way the hacker can supply new corrupt content
between two hosts, while remaining largely anonymous.

Operating System Exploits: All operating systems (Windows NT, Unix, Red hat Linux
etc.) have their own specific vulnerabilities and bugs that need to be resolved by
'patching' the OS in order to keep it up to date. Unfortunately, many system
administrators neglect to do so frequently enough, leaving their systems open to
attack. Hackers, however, are very thorough in keeping abreast of all the possible
vulnerabilities in all operating systems.

FTP (File Transfer Protocol) Bounce Attacks: The main problem with FTP bounce
attacks is that the hacker can use the PORT command in active FTP mode in order to
establish connections with machines other the original FTP server, effectively
allowing the hacker's connection to 'bounce' off the FTP server to another clients
machine.

FTP Core Dumping: FTP core dumping enables the hacker to bring down the FTP
service. A core dump may be stored on an FTP readable area, where it can then be
retrieved in a following FTP session. The first few lines contain the password file that
can be cracked offline. Once the hacker has the password, they can impersonate a
legitimate user and remove, update or delete files at will.

4. Security
4.1 Server-side Security
Internet security can basically be broken into two separate areas: client-side security
(i.e. you and me), and server-side security (web servers, LAN servers etc.). For the
purpose of this discussion I will focus on client-side security, as this is the area that
affects the majority of Internet users.

Server-side security is a large and very complex area, and generally falls within the
domain of the system administrator. Server-side security only becomes a major issue
for the average Internet user when their privacy is violated by sloppy server security,
for example, if their e-mail server is hacked, or the server hosting their web site is
hacked. It is the system administrator's responsibility to ensure that all measures
that can be taken have been put in place to ensure that such eventualities do not
take place.

4.2 Client-side Security

Personal security on the Internet is a real issue, one that is unfortunately overlooked
or not taken seriously enough by the majority of Internet users.
This tutorial will be broken into four main areas:

1. Anti-virus security.

2. Personal firewall.

3. Encryption.

4.2-1 Anti-virus Security

In part 5 of this article, I discussed in detail what a computer virus is, but I neglected
to discuss how you could protect your machine from computer viruses, which is
exactly what I will cover here.
Anti-virus Software:
Anti-virus software resides in the active memory of your computer, and takes control
of your machine to alert you if an active virus is present on your machine. If the
software cannot repair the infected file, it will quarantine the file or give you the
option of safely deleting the file from your system.

Anti-virus software may also be used to scan your hard disk, floppy disks, zip disks or
CD ROMS. It may also be used to scan attachment files in e-mails, which is one of the
main sources of viruses. The important thing to remember is that new viruses are
being discovered daily, so if you have anti-virus software installed then you need to
make sure that you keep it's library of known viruses up-to-date, otherwise you will
have no protection against the latest batch of viruses.

General Virus Prevention Methods:

There are many other methods to prevent your computer files from becoming
infected, most of which are common sense. Here are some of the more important
ones:

• ALWAYS be wary of unsolicited e-mails, especially ones of an

'unsavory' nature such as pornography related e-mails.

• Any .exe (executable) files should not be opened unless you trust the
source 100%.

• Always be wary of any software that you install on your system,

especially free downloaded software. Check the software company's
credentials.

• Steer clear of 'Warez' (pirate software).

Finally, and most importantly, backup all of your important data onto floppies, zip
disks or ideally CD ROMs. That way if the worse does happen, and you need to wipe
you computer's hard disk (or the virus does it for you!), then at least all of your hard
work is stored in a safe location.

4.2-2 Personal Firewall

Firewall technology is nothing new; it has been present on most Internet and LAN
servers for many years. What is new is that firewall technology is now available on a
smaller scale for the single user with one computer connected to the Internet. While
not as immediately important as anti-virus software, if you are serious about your
security and protecting your privacy online, you might consider buying a firewall.

Firewall software acts as a secure barrier between your computer and the outside
world. It monitors all traffic to and from your computer, and decides whether or not
this is normal Internet activity or an unauthorized security risk. To the hacker, firewall
gives the impression of your computer not being there, or at very least being difficult
to locate.

Furthermore firewall provides additional protection against Trojan horses, as it will

block the Trojan horse's attempt to do so. The unauthorized e-mailing of the key-log
file to it's intended recipient, and alert you of

From the above diagram, it is possible to see how a firewall protects your system by
monitoring incoming traffic from the Internet, while at the same time watching for
un-authorized software connections from your computer to the Internet.

Like anti-virus software, there are many brands of firewall software on the market.
Many companies now offer anti-virus and firewall technologies bundled together at a
reduced price, which generally prove to be excellent value for piece of mind.

4.2-3 Encryption
Let us assume that you are infected with a Trojan horse that e-mails off the contents
of your 'My Documents' directory, or your e-mail server is hacked and some of your
e-mail attachments are stolen, your privacy has now been utterly violated, right? But
what if the files that fell into the hacker’s hands were encrypted using a powerful
algorithm combined with long, complex password that the hacker could never crack?
In theory, the integrity of your data should still be secure in this 'worse-case
scenario', provided you have taken these precautions.

Encryption programs basically 'scramble' the original file so that it is unreadable to

anyone without the correct password to de-scramble the file. Apart from the many
commercial products available, there are many reputable encryption engines
available online for free. These allow the user to encrypt all types of data files at will
(Word documents, JPEGs, databases etc.), some even allow the user to create self-
extracting zipped archives that are also encrypted, which provide an excellent means
of transferring important data files via e-mail in a safe and secure way.

The key to data encryption is to choose your passwords carefully, and change your
passwords frequently.

5. Conclusion
The main appeal of the Internet to me is the ability to communicate complex ideas in
a fast, cheap and creative way. This may include e-mail, web design or even chat
rooms and message boards. No other media in the history of the industrialized world
provides such a level playing field, where the individual like you or I may compete
with the giant corporations to have our voices heard online.

I am certainly not saying that the threat does not exist, which would be
irresponsible, but what I am saying is that a level-headed approach should be taken
by all Internet users to protect their privacy and security online, and to ensure that
they educate and inform themselves of the more serious risks involved in
maintaining any kind of Internet presence.

The history of Internet hacking is an on going affair, one that will eventually show the
true meaning of hacking to be to explore and understand, not to destroy and corrupt.
When this ideal is realized, perhaps one-day people will again be able to publicly
declare themselves to be hackers, without the fear of losing their jobs or facing
prosecution.

6. References
Web resources:

Denial of Service: http://www.net-security.org/text/articles/index-security.php

Hacker Motives: http://www.net-security.org/text/articles/index-security.php
Hacking Techniques: http://www.securitywatch.com/