computer hacking - an introduction
DESCRIPTION
TRANSCRIPT
HACKINGAn introduction
by Jayaseelan Vejayon
So…what is hacking?• Hacking is the practice of modifying the features of a
system, in order to accomplish a goal outside of the creator's original purpose.
(http://whatishacking.org/)
• Computer hacking – is the practice of modifying computer hardware and
software to accomplish a goal outside of the creator’s original purpose.
– is most common among teenagers and young adults(http://www.wisegeek.org/what-is-computer-hacking.htm)
Why hack?
• Profit– Information can be sold– Information can be used to steal
• Protest– Eg. Hactivism: a hacktivist is someone whom utilizes
technology to announce a social, ideological, religious, or political message
• Challenge– Fun, problem-solving skill, the thrill of power
Why hack? Some examples…
• Hackers want to
– use the victim’s computer to store illicit materials i.e pirated software, pornography, etc.
– steal the victim’s personal information in order to access accounts or the accounts of the website visitors. The data can be used to gain access to important databases; billing, merchant accounts, etc.
Why hack? Some examples…
• Hackers want to
– set-up fake ecommerce sites to access credit card details; gain entry to servers that contain credit card details and other forms of credit card fraud
– spy on friends, family, co-workers for personal reasons
– revenge
(http://www.website-guardian.com/why-do-hackers-hack-websites-va-5.html)
Effects of hacking
• Damage to information
• Theft of information– Credit card details, social security numbers, identity fraud,
email addresses
• Compromise/damage of systems
• Use of victim machines as “zombies”
Hacking attacks cost large businesses an average of about $2.2 million per year (Symantec 2010 State of Enterprise Security Study)
Effects of hacking• Businesses may suffer from damaged reputations
and lawsuits
• Business secrets could be stolen and sold to competitors
• Computing system/infrastructure could suffer from performance degrading as the resources used for malicious activities
In an education institution, hacking can cause damage to the institution’s credibility/reputation ie. If examination system is compromised and sensitive data tampered
A hacker…Can fall into one of these types:
• Black hatsIndividuals with good computing knowledge, abilities and
expertise but with the intentions and conducts to cause damage on the systems they attack
Also known as crackers
• White hatsIndividuals with good hacking skillsThey perform defensive activities against hackingAlso known as security analysts
A hacker…• Gray hats
Individuals that perform both offensive and defensive hacking activities
• Suicide hackersIndividuals whom want to fail a computing system for a
personal ‘reason’ or ‘cause’Not worried about the serious consequences that they may
have to face as a result of their damaging activities i.e being jailed for many years
Types of attacks …
• DoS/DDoS Attacks• Password Guessing Attacks• Man-in-the-Middle Attacks• Identity Spoofing• Interception• Eavesdropping• Backdoor Attacks… and many more!
How to hack?…Many of the hacking tools and guides are available on the Internet
BackTrack is a Linux distro with many tools; Metasploit, Aircrack-ng, Nmap, Ophcrack, Wireshark, Hydra and many many more!
The real reasons for BackTrack development are for digital forensics and penetration testing
How to hack?…some examples
System Hacking; Keyloggers, password cracking
TrojansVirusesSniffersSocial EngineeringDenial of ServiceSQL Injection
How to hack?…some examples
Password cracking - dictionary attacks, brute forcing attacks, hybrid attacks, syllable attacks and rule-based attacks
Other types of password cracking attacks – shoulder surfing, social engineering, dumpster diving, wire sniffing, Man-in-the-Middle, password guessing, keylogger
Passwords…
Enforce complexity so that passwords are difficult to break; use combination of letters, numbers, special characters
How to hack?…some examples
Password cracking - dictionary attacks, brute forcing attacks, hybrid attacks, syllable attacks and rule-based attacks
Other types of attacks – shoulder surfing, social engineering, dumpster diving, wire sniffing, Man-in-the-Middle, password guessing, keylogger
How to hack?LIVE DEMO
Keylogger SniffingWeb-cloningGoogle HackingNTFS StreamsDNS Spoofing
Thank youhttp://jayitsecurity.blogspot.com