Computer Hacking - An Introduction

HACKINGAn introduction

by Jayaseelan Vejayon

So…what is hacking?• Hacking is the practice of modifying the features of a

system, in order to accomplish a goal outside of the creator's original purpose.

(http://whatishacking.org/)

• Computer hacking – is the practice of modifying computer hardware and

software to accomplish a goal outside of the creator’s original purpose.

– is most common among teenagers and young adults(http://www.wisegeek.org/what-is-computer-hacking.htm)

Why hack?

• Profit– Information can be sold– Information can be used to steal

• Protest– Eg. Hactivism: a hacktivist is someone whom utilizes

technology to announce a social, ideological, religious, or political message

• Challenge– Fun, problem-solving skill, the thrill of power

Why hack? Some examples…

• Hackers want to

– use the victim’s computer to store illicit materials i.e pirated software, pornography, etc.

– steal the victim’s personal information in order to access accounts or the accounts of the website visitors. The data can be used to gain access to important databases; billing, merchant accounts, etc.

Why hack? Some examples…

• Hackers want to

– set-up fake ecommerce sites to access credit card details; gain entry to servers that contain credit card details and other forms of credit card fraud

– spy on friends, family, co-workers for personal reasons

– revenge

(http://www.website-guardian.com/why-do-hackers-hack-websites-va-5.html)

Effects of hacking

• Damage to information

• Theft of information– Credit card details, social security numbers, identity fraud,

email addresses

• Compromise/damage of systems

• Use of victim machines as “zombies”

Hacking attacks cost large businesses an average of about $2.2 million per year (Symantec 2010 State of Enterprise Security Study)

Effects of hacking• Businesses may suffer from damaged reputations

and lawsuits

• Business secrets could be stolen and sold to competitors

• Computing system/infrastructure could suffer from performance degrading as the resources used for malicious activities

In an education institution, hacking can cause damage to the institution’s credibility/reputation ie. If examination system is compromised and sensitive data tampered

A hacker…Can fall into one of these types:

• Black hatsIndividuals with good computing knowledge, abilities and

expertise but with the intentions and conducts to cause damage on the systems they attack

Also known as crackers

• White hatsIndividuals with good hacking skillsThey perform defensive activities against hackingAlso known as security analysts

A hacker…• Gray hats

Individuals that perform both offensive and defensive hacking activities

• Suicide hackersIndividuals whom want to fail a computing system for a

personal ‘reason’ or ‘cause’Not worried about the serious consequences that they may

have to face as a result of their damaging activities i.e being jailed for many years

Types of attacks …

• DoS/DDoS Attacks• Password Guessing Attacks• Man-in-the-Middle Attacks• Identity Spoofing• Interception• Eavesdropping• Backdoor Attacks… and many more!

How to hack?…Many of the hacking tools and guides are available on the Internet

BackTrack is a Linux distro with many tools; Metasploit, Aircrack-ng, Nmap, Ophcrack, Wireshark, Hydra and many many more!

The real reasons for BackTrack development are for digital forensics and penetration testing

How to hack?…some examples

System Hacking; Keyloggers, password cracking

TrojansVirusesSniffersSocial EngineeringDenial of ServiceSQL Injection

How to hack?…some examples

Password cracking - dictionary attacks, brute forcing attacks, hybrid attacks, syllable attacks and rule-based attacks

Other types of password cracking attacks – shoulder surfing, social engineering, dumpster diving, wire sniffing, Man-in-the-Middle, password guessing, keylogger

Passwords…

Enforce complexity so that passwords are difficult to break; use combination of letters, numbers, special characters

How to hack?…some examples

Password cracking - dictionary attacks, brute forcing attacks, hybrid attacks, syllable attacks and rule-based attacks

Other types of attacks – shoulder surfing, social engineering, dumpster diving, wire sniffing, Man-in-the-Middle, password guessing, keylogger

How to hack?LIVE DEMO

Keylogger SniffingWeb-cloningGoogle HackingNTFS StreamsDNS Spoofing

Thank youhttp://jayitsecurity.blogspot.com