4th Unit IS Notes
4th Unit IS Notes
4th Unit IS Notes
A commonly used hacking definition is the act of compromising digital devices and networks through
unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most
commonly associated with illegal activity and data theft by cyber criminals.
Hacking in cyber security refers to the misuse of devices like computers, smartphones, tablets, and networks to
cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-
related activity.
A traditional view of hackers is a lone rogue programmer who is highly skilled in coding and modifying
computer software and hardware systems. But this narrow view does not cover the true technical nature of
hacking. Hackers are increasingly growing in sophistication, using stealthy attack methods designed to go
completely unnoticed by cybersecurity software and IT teams. They are also highly skilled in creating attack
vectors that trick users into opening malicious attachments or links and freely giving up their sensitive personal
data.
As a result, modern-day hacking involves far more than just an angry kid in their bedroom. It is a multibillion-
dollar industry with extremely sophisticated and successful techniques.
Sure enough, later that year, a group of teenagers cracked the computer systems of major organizations like
Los Alamos National Laboratory, Security Pacific Bank, and Sloan-Kettering Cancer Center. A Newsweek
article covering the event became the first to use the word “hacker” in the negative light it now holds.
This event also led Congress to pass several bills around computer crimes, but that did not stop the number of
high-profile attacks on corporate and government systems. Of course, the concept of hacking has spiraled with
the release of the public internet, which has led to far more opportunities and more lucrative rewards for
hacking activity. This saw techniques evolve and increase in sophistication and gave birth to a wide range of
types of hacking and hackers.
Types of Hacking/Hackers
There are typically four key drivers that lead to bad actors hacking websites or systems: (1) financial gain
through the theft of credit card details or by defrauding financial services, (2) corporate espionage, (3) to gain
notoriety or respect for their hacking talents, and (4) state-sponsored hacking that aims to steal business
information and national intelligence. On top of that, there are politically motivated hackers—or hacktivists—
who aim to raise public attention by leaking sensitive information, such as Anonymous, LulzSec, and
WikiLeaks.
A few of the most common types of hackers that carry out these activities involve:
Black hat hackers
Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities
in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to
gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign.
These individuals’ actions can inflict serious damage on both computer users and the organizations they work
for. They can steal sensitive personal information, compromise computer and financial systems, and alter or
take down the functionality of websites and critical networks.
The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these
individuals are hired by organizations to test and discover potential holes in their security defenses.
Smart devices
Smart devices, such as smartphones, are lucrative targets for hackers. Android devices, in particular, have a
more open-source and inconsistent software development process than Apple devices, which puts them at risk
of data theft or corruption. However, hackers are increasingly targeting the millions of devices connected to
the Internet of Things (IoT).
Webcams
Webcams built into computers are a common hacking target, mainly because hacking them is a simple
process. Hackers typically gain access to a computer using a Remote Access Trojan
(RAT) in rootkit malware, which allows them to not only spy on users but also read their messages, see their
browsing activity, take screenshots, and hijack their webcam.
Routers
Hacking routers enables an attacker to gain access to data sent and received across them and networks that
are accessed on them. Hackers can also hijack a router to carry out wider malicious acts such as distributed
denial-of-service (DDoS) attacks, Domain Name System (DNS) spoofing, or cryptomining.
Email
Email is one of the most common targets of cyberattacks. It is used to spread malware and ransomware and
as a tactic for phishing attacks, which enable attackers to target victims with malicious attachments or links.
Jailbroken phones
Jailbreaking a phone means removing restrictions imposed on its operating system to enable the user to install
applications or other software not available through its official app store. Aside from being a violation of the
end-user’s license agreement with the phone developer, jailbreaking exposes many vulnerabilities. Hackers
can target jailbroken phones, which allows them to steal any data on the device but also extend their attack to
connected networks and systems.
Prevention from Getting Hacked
There are several key steps and best practices that organizations and users can follow to ensure they limit their
chances of getting hacked.
Software update
Hackers are constantly on the lookout for vulnerabilities or holes in security that have not been seen or
patched. Therefore, updating software and operating systems are both crucial to preventing users and
organizations from getting hacked. They must enable automatic updates and ensure the latest software version
is always installed on all of their devices and programs.
HTTPS encryption
Spoofed websites are another common vehicle for data theft, when hackers create a scam website that looks
legitimate but will actually steal the credentials that users enter. It is important to look for the Hypertext Transfer
Protocol Secure (HTTPS) prefix at the start of a web address. For example: https://www.fortinet.com.
Change the default username and password on your router and smart
devices
Routers and smart devices come with default usernames and passwords. However, as providers ship millions
of devices, there is a risk that the credentials are not unique, which heightens the chances of hackers breaking
into them. It is best practice to set a unique username and password combination for these types of devices.
Protect Yourself Against Hacking
There are further steps that users and organizations can take to protect themselves against the threat of
hacking.
Use a VPN
Using a virtual private network (VPN) allows users to browse the internet securely. It hides their location and
prevents hackers from intercepting their data or browsing activity.
1. Volume-Based Attacks: Volume-based attacks flood a network with too much data,
overpowering its bandwidth and making the network unusable. Examples include UDP
floods and ICMP floods. In a UDP flood, attackers send many UDP packets to random ports on a
server, making the server busy trying to handle all these requests, which slows down or stops
legitimate traffic.
2. Protocol Attacks: Protocol attacks exploit weaknesses in network protocols to use up server
resources. Examples are SYN floods and the Ping of Death. In a SYN flood, attackers send many
SYN requests to a server but don’t complete the handshake, leaving the server stuck with half-open
connections. The Ping of Death involves sending oversized packets to crash or disrupt the target
server.
3. Application Layer Attacks: Application layer attacks target specific applications or services,
causing them to crash or become very slow. Examples include HTTP floods and Slowloris. In an
HTTP flood, attackers send many HTTP requests to a web server, consuming its resources. Slowloris
keeps many connections to the server open by sending incomplete HTTP requests, preventing the
server from handling new, legitimate requests.
4. Distributed Denial-of-Service (DDoS) Attacks: DDoS attacks use multiple systems, often
compromised computers (botnets), to attack a single target. Examples are amplification
attacks and botnet-based attacks. In an amplification attack, attackers use services like DNS to
send a small query that generates a large response, flooding the victim with data. Botnets coordinate
many infected computers to send attack traffic from multiple sources, making it hard to defend
against.
5. Resource Exhaustion: This is when the hacker repeatedly requests access to a resource and
eventually overloads the web application. The application slows down and finally crashes. In this
case, the user is unable to get access to the webpage.
6. Reflective Attacks: Reflective attacks involve sending requests to third-party servers with the
victim’s IP address. The servers unknowingly send responses to the victim, overwhelming it.
Examples are DNS reflection and NTP reflection. In a DNS reflection attack, attackers send
requests to a DNS server with the victim’s IP address, causing the DNS server to flood the victim
with responses. NTP reflection works similarly but uses Network Time Protocol servers to amplify
the attack.
What is Spoofing in Cyber Security?
Spoofing is a completely new beast created by merging age-old deception strategies with modern
technology. Spoofing is a sort of fraud in which someone or something forges the sender’s identity
and poses as a reputable source, business, colleague, or other trusted contact in order to obtain
personal information, acquire money, spread malware, or steal data.
Types of Spoofing:
IP Spoofing
ARP Spoofing
Email Spoofing
Website Spoofing Attack
DNS Spoofing
IP Spoofing:
IP is a network protocol that allows you to send and receive messages over the internet. The sender’s
IP address is included in the message header of every email message sent (source address). By
altering the source address, hackers and scammers alter the header details to hide their original
identity. The emails then look to have come from a reliable source. IP spoofing can be divided into
two categories.
Man in the Middle Attacks: Communication between the original sender of the message and the
intended recipient is intercepted, as the term implies. The message’s content is then changed
without the knowledge of either party. The attacker inserts his own message into the packet.
Denial of Service (DoS) Attacks: In this technique, the sender and recipient’s message packets
are intercepted, and the source address is spoofed. The connection has been seized. The recipient
is thus flooded with packets in excess of their bandwidth or resources. This overloads the victim’s
system, effectively shutting it down.
Drawback:
In a Man-in-the-middle attack, even the receiver doesn’t know where the connection got originated.
This is completely a blind attack. To successfully carry out his attack, he will require a great deal of
experience and understanding of what to expect from the target’s responses.
Preventive measures:
Disabling source-routed packets and all external incoming packets with the same source address as a
local host are two of the most frequent strategies to avoid this type of attack.
ARP Spoofing:
ARP spoofing is a hacking method that causes network traffic to be redirected to a hacker. Sniffing
out LAN addresses on both wired and wireless LAN networks is known as spoofing. The idea behind
this sort of spoofing is to transmit false ARP communications to Ethernet LANs, which can cause
traffic to be modified or blocked entirely.
The basic work of ARP is to match the IP address to the MAC address. Attackers will
transmit spoofed messages across the local network. Here the response will map the
user’s MAC address with his IP address. Thus attacker will gain all information from the
victim machine.
Preventive measures:
To avoid ARP poisoning, you can employ a variety of ways, each with its own set of
benefits and drawbacks. Static ARP entries, encryption, VPNs, and packet sniffing are just
a few examples.
Static ARP entries: It entails creating an ARP entry in each computer for each
machine on the network. Because the machines can ignore ARP replies, mapping
them with sets of static IP and MAC addresses helps to prevent spoofing attempts.
Regrettably, this approach can only defend you from some of the most basic attacks.
Encryption: Protocols like HTTPS and SSH can also help to reduce the probability of
an ARP poisoning attempt succeeding. When traffic is encrypted, the attacker must go
through the extra effort of convincing the target’s browser to accept an invalid
certificate. Any data sent outside of these standards, however, will remain vulnerable.
VPN: Individuals may find a VPN to be reasonable protection, but they are rarely
suitable for larger enterprises. A VPN will encrypt all data that flows between the client
and the exit server if it is only one person making a potentially unsafe connection, such
as accessing public wifi at an airport. Since an attacker will only be able to see the
ciphertext, this helps to keep them safe.
Packet filters: Each packet delivered across a network is inspected by these filters.
They can detect and prevent malicious transmissions as well as those with suspected
IP addresses.
Email Spoofing:
The most common type of identity theft on the Internet is email spoofing. Phishers, send
emails to many addresses and pose as representatives of banks, companies, and law
enforcement agencies by using official logos and headers. Links to dangerous or
otherwise fraudulent websites, as well as attachments loaded with malicious software, are
included in the emails they send.
Attackers may also utilize social engineering techniques to persuade the target to
voluntarily reveal information. Fake banking or digital wallet websites are frequently
created and linked to in emails. When an unknowing victim clicks on that link, they are
brought to a false site where they must log in with their information, which is then
forwarded to the fake user behind the fake email.
Manual Detection Method:
Even though the display name appears to be real, if it does not match the “From”
address, it is an indication of email spoofing.
Mail is most likely fake if the “Reply-to” address does not match the original sender’s
address or domain.
Unexpected messages (such as a request for sensitive information or an unwanted
attachment) should be opened with caution or reported immediately to your IT
department, even if the email appears to come from a trustworthy source.
Preventive measures:
Implement additional checks like Sender Policy Framework, DomainKeys Identified Mail,
Domain-based Message Authentication Reporting & Conformance, and
Secure/Multipurpose Internet Mail Extensions.
Website Spoofing Attack:
Attackers employ website/URL spoofing, also known as cybersquatting, to steal
credentials and other information from unwary end-users by creating a website that seems
almost identical to the actual trustworthy site. This is frequently done with sites that
receive a lot of traffic online. The cloning of Facebook is a good example.
DNS Spoofing:
Each machine has a unique IP address. This address is not the same as the usual “www”
internet address that you use to access websites. When you type a web address into your
browser and press enter, the Domain Name System (DNS) immediately locates and
sends you to the IP address that matches the domain name you provided. Hackers have
discovered a technique to infiltrate this system and redirect your traffic to harmful sites.
This is known as DNS Spoofing.
Preventive measures:
DNSSEC or Domain Name System Security Extension Protocol is the most widely
used DNS Spoofing prevention solution since it secures the DNS by adding layers of
authentication and verification. However, it takes time to verify that the DNS records
are not forged, this slows down the DNS response.
Make use of SSL/TLS encryption to minimize or mitigate the risk of a website being
hacked via DNS spoofing. This allows a user to determine whether the server is real
and belongs to the website’s original owner.
Only trust URLs that begin with “HTTPS,” which signifies that a website is legitimate.
Consider the risk of a DNS Spoofing Attack if the indicator of “HTTPS” looks to be in
flux.
The security strategy or proactive approach to preventing a DNS attack is active
monitoring. It’s important to keep an eye on DNS data and be proactive about noticing
unusual patterns of behavior, such as the appearance of a new external host that could
be an attacker.
Spoofing is the most popular strategy utilized by advertisers these days. It is quite simple
for them to utilize because it includes a range of ways to perform it. The above are a few
instances of spoofing and preventative steps that will make our organization safer.
Introduction to Sniffers
Introduction:
A sniffer, also known as a packet analyzer or network analyzer, is a tool used to capture and analyze
network traffic. It is a software or hardware tool that intercepts and records data packets transmitted
between computers or devices on a network.
Packet sniffers are commonly used for network troubleshooting, security analysis, and network
optimization. They can be used to identify network problems such as congestion, packet loss, or
improper configurations, and they can also be used to detect security threats such as network
intrusions or unauthorized access attempts.
Packet sniffers work by capturing packets of data as they are transmitted on the network. These
packets are then analyzed and displayed to the user in a human-readable format, allowing them to
examine the contents of the packets and extract information from them.
Packet sniffers can be used on both wired and wireless networks, and they can capture data from a
variety of network protocols, including TCP/IP, HTTP, FTP, and SMTP.
However, it is important to note that packet sniffers can also be used for malicious purposes, such as
intercepting sensitive information such as passwords, credit card numbers, or personal information.
Therefore, the use of packet sniffers should be regulated and used only for legitimate purposes with
appropriate consent and legal authority.
A Sniffer is a program or tool that captures information over a network. There are 2 types of
Sniffers: Commercial Sniffers and Underground Sniffers.
1. Commercial Sniffers –
Commercial sniffers are used to maintain and monitor information over the network. These
sniffers are used to detect network problems. Network General Corporation (NGC) is a company
that offers commercial sniffers. These can be used for:
1. Fault analysis to detect problems in a network.
2. Underground Sniffers –
Underground sniffers are malicious programs used by hackers to capture information over a
network when underground sniffers are installed on the router, it can breach security of any
network that passes through the router. It can capture:
1. Confidential messages like email.
Components of a Sniffer:
To capture the information over the network sniffer uses the following components:
1. Hardware –
Sniffers use standard network adapters to capture network traffic.
2. Capture Driver –
Capture Driver captures network traffic from Ethernet wire, filters that network traffic for
information that you want, and then stores the filtered information in a buffer.
3. Buffer –
When a sniffer captures data from a network, it stores data in a buffer. There are 2 ways to store
captured data –
1. You can store data until the buffer is filled with information
2. It is the round-robin method in which data in the buffer is always replaced by new data that is
captured.
4. Decoder –
The information that travels over the network is in binary format, which is not readable. you can
use a decoder to interpret this information and display it in a readable format. A decoder helps
you analyze how information is passed from one computer to other.
Placement of Sniffer:
The most common places where you can place sniffers are:
1. Computer
2. Cable wires
3. Routers
4. Network segments connected to the internet
Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up
virus code). So in order to avoid detection by antivirus a polymorphic virus changes
each time it is installed. The functionality of the virus remains the same but its
signature is changed.
Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form. It
carries a decryption algorithm along with it. So the virus first decrypts and then
executes.
Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence, the
detection of viruses becomes very difficult. For example, it can change the read system
call such that whenever the user asks to read a code modified by a virus, the original
form of code is shown rather than infected code.
Tunneling Virus:
This virus attempts to bypass detection by antivirus scanner by installing itself in the
interrupt handler chain. Interception programs, which remain in the background of an
operating system and catch viruses, become disabled during the course of a tunneling
virus. Similar viruses install themselves in device drivers.
Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot sector,
memory, and files. This makes it difficult to detect and contain.
Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and understand. It
uses a variety of techniques to do so like fooling antivirus to believe that it lies
somewhere else than its real location or using compression to complicate its code.
Browser Hijacker:
As the name suggests this virus is coded to target the user’s browser and can alter the
browser settings. It is also called the browser redirect virus because it redirects your
browser to other malicious sites that can harm your computer system.
Memory Resident Virus:
Resident viruses installation store for your RAM and meddle together along with your
device operations. They behave in a very secret and dishonest way that they can even
connect themselves for the anti-virus software program files.
Direct Action Virus:
The main perspective of this virus is to replicate and take action when it is executed.
When a particular condition is met the virus will get into action and infect files in the
directory that are specified in the AUTOEXEC.BAT file path.
Overwrite virus:
This type of virus deletes the information contained in the file that it infects, rendering
them partially or totally is useless once they have been infected.
Directory Virus:
This virus is also called called File System Virus or Cluster Virus. It infects the directory of
the computer by modifying the path that is indicating the location of a file.
Companion Virus:
This kind of virus usually use the similar file name and create a different extension of it.
For example, if there’s a file “Hello.exe”, the virus will create another file named
“Hello.com” and will hide in the new file
FAT Virus:
The File Allocation Table is the part of the disk used to store all information about the
location of files, available space , unusable space etc.
This virus affects the FAT section and may damage crucial information.
What is Computer Worm?
A computer worm is a type of harmful software that copy itself and spread from one computer to
another without requiring any user intervention. It’s like a sickness that can move through a network
of computers, searching for weaknesses to infect. Worms often spread through email attachments that
may seem safe, but they can actually cause a lot of trouble. Once a computer is infected, the worm
can send itself to the person’s contacts, using their email account. This way, it keeps spreading to
more and more computers.
A computer worm operates by finding vulnerabilities in computer systems and networks. Once it
infects one computer, it searches for other computers connected to the same network and spreads to
them. If once they enter into the system, worms create copies of themselves and distribute those
copies to other vulnerable machines. They cause a variety of problems, including slowing down
network performance, consuming system resources, stealing sensitive information, or even damaging
and disrupting computer systems.
Phishing is a form of online fraud in which hackers attempt to get your private information such as
passwords, credit cards, or bank account data. This is usually done by sending false emails or
messages that appear to be from trusted sources like banks or well-known websites. They aim to
convince you so that they can manage to have your information and use it as a fraudster. Always
ensure that you are certain about whom you are dealing with before you provide any information.
What is a Phishing Attack?
Phishing is another type of cyber attack. Phishing got its name from “phish” meaning fish. It’s a
common phenomenon to put bait for the fish to get trapped. Similarly, phishing works. It is an
unethical way to dupe the user or victim to click on harmful sites. The attacker crafts the harmful site
in such a way that the victim feels it to be an authentic site, thus falling prey to it. The most common
mode of phishing is by sending spam emails that appear to be authentic and thus, taking away all
credentials from the victim. The main motive of the attacker behind phishing is to gain confidential
information like:
Password
Credit card details
Social security numbers
Date of birth
The attacker uses this information to further target the user impersonate the user and cause data theft.
The most common type of phishing attack happens through email. Phishing victims are tricked into
revealing information that they think should be kept private. The original logo of the email is used to
make the user believe that it is indeed the original email. But if we carefully look into the details, we
will find that the URL or web address is not authentic.