Computer Hacking
Computer Hacking
Presentation Over:
What is Hacking History of hacking Hackers What they do Types of Hackers Some Tools used for hacking Random fact How to deal with this problem Conclusion
HACKING
Authorized
or Unauthorized attempts to bypass the security mechanisms of an information systems or network In simple words Hacking means finding out weaknesses in a computer or computer network
History of Hackers
In December of 1947, the transistor was invented. Captain Crunch Steve Jobs Kevin Mitnick AT&T The Worm- Robert Tappan Morris Kevin Poulsen (a.k.a. Dark Dante) Tsumomu Shimomura David Smith Jon Johansen (a.k.a. DVD Jon)
In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. Today we have about 10,000 incidents of cyber attacks which are reported and the number grows.
A 16-year-old music student called Richard Pryce, better known by the hacker alias Datastream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, NASA and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found. Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money.
In February, Kevin Mitnick is arrested for a second time. He is charged with stealing 20,000 credit card numbers. He eventually spends four years in jail and on his release his parole conditions demand that he avoid contact with computers and mobile phones. On November 15, Christopher Pile becomes the first person to be jailed for writing and distributing a computer virus. Mr Pile, who called himself the Black Baron, was sentenced to 18 months in jail. The US General Accounting Office reveals that US Defense Department computers sustained 250,000 attacks in 1995.
In March, the Melissa virus goes on the rampage and wreaks havoc with computers worldwide. After a short investigation, the FBI tracks down and arrests the writer of the virus, a 29-year-old New Jersey computer programmer, David L Smith. More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999
In February, some of the most popular websites in the world such as Amazon and Yahoo are almost overwhelmed by being flooded with bogus requests for data. In May, the ILOVEYOU virus is unleashed and clogs computers worldwide. Over the coming months, variants of the virus are released that manage to catch out companies that didn't do enough to protect themselves. In October, Microsoft admits that its corporate network has been hacked and source code for future Windows products has been seen.
System Access confidential information Threaten someone from YOUR computer Broadcast your confidential letters or materials Store illegal or espionage material Network Eavesdrop and replay Imposer: server / client Modify data / stream Denial-of-Service
Types of Hackers
White-hat Hackers
The good guys who identify the security weakness of the system or network and inform the owner about them
Click Kiddie traffic from attack portal; not easily traced back to attacker
Target
Old School traffic direct from attacker; Maven Security Consulting, Inc. easily traced back
Downloads
Pop-ups
Active
Email Bombing
Refers to sending a large number of emails to the victim resulting in the victim's Email account (in case of an individual) or Mail servers (in case of a company or an email service provider) crashing.
Data Diddling
Altering raw data just before it is processed by a computer and then changing it back after the processing is completed.
Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems.
Salami Attacks
Used for the commission of financial crimes. Key here is to make the alteration so insignificant that in a single case it would go completely unnoticed.
E.g. a bank employee inserts a program, into the bank's servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.
Involves flooding a computer resource with more requests than it can handle. Causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource.
Virus Attacks
Programs that attach themselves to a computer or a file Circulate themselves to other files and to other computers on a network Affect the data on a computer, either by altering or deleting it
Worm Attacks
Do not need the host to attach themselves to. Make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.
Logic Bombs
Event dependent programs. Programs are created to do something only when a certain event (known as a trigger event) occurs.
E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
Web Jacking
Occurs when someone forcefully takes control of a website (by cracking the password and later changing it).
KEY LOGGERS
Threats from Key Loggers
Key loggers: Record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots. Thus, the start up script of the Key Logger should be removed.
Pretexting is the act of creating and using an invented scenario to persuade a target to release information (e.g. date of birth, Social Security Number, last bill amt.) Phishing is an e-mail fraud method in which the perpetrator sends out email in an attempt to gather personal and financial information from recipients. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details. EBay and PayPal are two of the most targeted companies, and online banks are also common
targets
Multi-Tier Anonymity
Onlin e Tool Target Web Proxy
Web Portal
networking sites like FACEBOOK, GMAIL, YAHOO comprised of 60% of direct or indirect hacking incidents.
involving private pictures of celebrities. Links showing pictures of famous personalities like videos of Osama Bin Ladens killing.
Software and Hardware defenses (e.g., Anti spam, antivirus software, firewalls) Other practical steps.
Conclusion
Do not open suspicious files/emails Verify ActiveX/Java prompts Avoid using P2P programs Avoid downloading freeware If attacked, disconnect the network. Do not turn off the computer