review on evolution of hacking
TRANSCRIPT
TERM PAPER ON
Review on Evolution of Hacking
SUBMITTED TO: SUBMITTED BY:
Mr. Puneet Mishra Jyoti Singh
Roll No.17
MBA (E-business)
3rd Semester
INDEX
S. No. Contents Page No.
1. Introduction & brief history of hacking 12. The evolution of hacking 2-33. Hacker or Cracker 44. Ethical Hacking & Type of Hackers 55. Different Kind of Hackers & Tools 66. Timeline of Computer Security Hacker 7-137. Event timeline 14-158. Evolution of the Hacker Threats 169. Different Type of Hacking Attacks 1710. The Hacker Methodology 1811. System Security 1912. Conclusion 2013. Reference 21
INTRODUCTION Although the history of hacking is relatively unknown to most of the public, it's quite interesting to read about it. It doesn't matter if you aren't a computer expert or a system administrator of a big corporation. Computers are as much part of our history as airplanes and cars, and it should be common knowledge to know how they came to be. It's the only way you can understand the effects of computer hacking in our life.It only depends on how to use it. But it wasn't until a group of these hackers decided to exert their knowledge in the computer mainframes.
A BRIEF HISTORY OF HACKING
The real meaning of hacking is to expand the capabilities of any electronic device; to use them beyond the original intentions of the manufacturer.The first hackers appeared in the 1960's at the Massachusetts Institute of Technology (MIT), and their first victims were electric trains. They wanted them to perform faster and more efficiently.During the 1970's, a different kind of hacker appeared: the phreaks or phone hackers. They learned ways to hack the telephonic system and make phone calls for free. Within these group of people, a phreaker became famous because a simple discovery. John Draper, also known as Captain Crunch, found that he could make long distance calls with a whistle. He built a blue box that could do this and the Esquire magazine published an article on how to build them. Fascinated by this discovery, two kids, Steve Wozniak and Steve Jobs, decided to sell these blue boxes, starting a business friendship which resulted in the founding of Apple.By the 1980's, phreaks started to migrate to computers, and the first Bulletin Board Systems (BBS) appeared. BBS are like the yahoo groups of today, were people posted messages of any kind of topics. The BBS used by hackers specialized in tips on how to break into computers, how to use stolen credit card numbers and share stolen computer passwords. It wasn't until 1986 that the US government realized the danger that hackers represented to the national security. As a way to counteract this menace, the Congress passed the Computer Fraud and Abuse Act, making computer breaking a crime across the nation. During the 1990's, when the use of the internet widespread around the world, hackers multiplied, but it wasn't until the end of the decade that system's security became mainstream among the public. Today, we are accustomed to hackers, crackers, viruses, Trojans, worms and all of the techniques we need to follow to combat them.
THE EVOLUTION OF HACKING
Though it wasn’t yet called “hacking,” the earliest known incidents of modern technological mischief date from 1878 and the early days of the Bell Telephone Company. Teenage boys hired by Bell as switchboard operators intentionally misdirected and disconnected telephone calls, eavesdropped on conversations, and played a variety of other pranks on unsuspecting customers.
First hacks: The first bonafide appearance of a computer hacker occurs nearly 100 years later, in the 1960s. A “hack” has always been a kind of shortcut or modification—a way to bypass or rework the standard operation of an object or system. The term originated with model train enthusiasts at MIT who hacked their train sets in order to modify how they worked. Several of these same model train hackers later applied their curiosity and resourcefulness to the then new computer systems being deployed on the campus (CNN1). These and other early computer hackers were devout programming enthusiasts, experts primarily interested in modifying programs to optimize them, customize them for specific applications, or just for the fun of learning how things worked. In many cases, the shortcuts and modifications produced by these hackers were even more elegant than the professional programs they replaced or circumvented.In fact, the most elegant and enduring hack from this period is the UNIX operating system, developed in the late 1960s by Dennis Ritchie and Keith Thompson of Bell Labs. The 1970s produced another type of hacker, one focused on telephone systems. Known as “phreakers,” these hackers discovered and exploited operational characteristics of the newly all-electronic telephone switching network that enabled them to make long distance calls free of charge. The phreaker movement is an important early example of anti-establishment subculture that spawns influential hackers and visionaries in the realm of the personal computer.
The golden era: Hacking enjoyed a golden era of sorts in the 1980s. The introduction of turnkey “personal” computers by Radio Shack, IBM, Apple, and others is a turning point in hacker history. Now computers were no longer limited to the realms of hardcore hobbyists and business users; anyone, including existing and yet to be realized hackers, could acquire a computer for their own purposes. Modem devices that enabled computers to communicate with each other over telephone lines, were also more widely available
and significantly extended the hacker’s reach. It was just this sort of capability that was explored and popularized in a number of popular books and films at this time, beginning with 1983’s movie, War Games. The central character, a young, suburban hacker, taps into a remote military computer by dialing into it from home using a personal computer and an acoustic coupler, an early type of modem. War Games was followed in 1984 by Steven Levy’s publication of Hackers: Heroes of the Computer Revolution, in which he details early hacking history and summarizes the hacker credo of this and earlier eras: “Access to computers, and anything that might teach you something about the way the world works, should be unlimited and total.”
A split forms: Although hacking expanded and enjoyed glorification during its golden years, a divide was forming within the hacking community by the late 1980s. An increasing number of hackers were no longer satisfied with benign exploration of systems merely to learn how they worked. The hacker principle of “freedom of technology” as described by Levy was changing, and a younger generation interested in individual gain emerged.This new breed of “hacker” directed its knowledge and tenacity toward distinctly criminal pursuits, including the distribution of pirated commercial software, games, and viruses and worms that could virtually shut down systems. The dark side fragmented even further as several groups formed “electronic gangs,” driven to tap into the sensitive information housed within large institutions, like government and educational research centers. As happens with conventional street gangs, it didn’t take long for these groups to begin fighting each other, and the early 1990s saw an escalation of infighting that jammed phone lines and networks, and ultimately led to the demise and criminal prosecution of several groups.
Criminalization: Legislators and law enforcement began to get serious about criminalizing and prosecuting these activities in the mid-1980s. Congress passed its first hacking related legislation, the Federal Computer Fraud and Abuse Act, in 1986. The act made computer tampering a felony crime punishable by significant jail time & monetary fines. By the mid-1990s several high profile arrests had taken place & signaled the seriousness with which government and businesses were dealing with these activities. Kevin Mitnick, perhaps the best known hacker of this era, was arrested twice, served significant jail time & was barred from touching a computer for several years after completing his sentence.
The newest frontier: One of the newest forms of hacking involves finding & connecting to unsecured Wireless Access Points (WAPs). Also called “whacking,” the practice has grown with the increasingly widespread use of wireless networks. Whacking capitalizes on the relative ease with which many wireless networks can be accessed. The wireless nature of these networks makes them easy to find and hack, and because they so often extend Internet access, wireless networks are especially enticing targets for unauthorized use.
HACKER OR CRACKERIn order to study the comparison the between the hackers and crackers, it is important to understand the respective definitions.
Aims of Hackers and Crackers:The computer hackers actually trespass or circumvent artistically, yet scientifically into the other computer system with a hunger to know the programmable systems, how they perform and their internal structures. While cracking is slight different in sense.
Cracking means to break off the computer's security system. This is a subject matter of artistic skill that has attracted a few millions of teenagers & young adults all over the world. Cracker generally does not have intention destroy data maliciously or to steel things.
Who Is a Hacker and What is His Aim:Hacker is an individual who intends to gain unauthorized access to a computer system. He is a person who commits the fraudulent act or the penal offense of exploring into the other computers in order to know the details of the programmable system and how they work. He generally does not have intention destroy data maliciously or to steel things. He is a person who commits the fraudulent act or the penal offense of exploring into the other computers in order to know the details of the programmable system and how they work. A hacker who cracks and hacks systems is not only interested in breaking the security of the system but also in knowing about the system's details, by which he gains much more than by simply cracking systems. While it is often believed that the hacking is simply exploring into the other computer system with an intention to know how the programmable system works, which is not a fraudulent task unless any sort of vandalism and theft is done by this, another huge section stands strictly against the view and look at the act from the view point of a crime.
Who is a Cracker and What Is His Aim?Craker is a technical person who has mastered in the art of breaking systems, often not for acquiring knowledge, by the dint of few programs and software used as tools. Craker is a person just more secretive as compared to the hacker. He breaks through the system's security and proves to be far more dangerous than the hackers who just quench his or her thirst by simply discovering the workings of a system.A cracker is a technical person who has mastered the art of breaking systems, often not for acquiring knowledge by the dint of few programs and software used as tools. A cracker is a person just more secretive as compared to the hacker. The cracker breaks through the system's security and proves to be far more dangerous than the hackers who just quench his or her thirst by simply discovering the workings of a system. Hence the crackers can potentially be much more perilous as compared to the hackers.
ETHICAL HACKING
A hacker is a person who finds enjoyment in increasing the capacity of any device. When the personal computers appeared, hackers turned their attention to them and a new underground was created. Unfortunately, bad elements within the community and criminal organizations have given a bad reputation to this group. Among the public opinion the media is widely responsible for reporting crackers as hackers. Their lack of knowledge on means adopted by hackers and crackers has brought a bad name to hackers as well.
TYPES OF HACKERS
It can be found: white, grey and black.
1. White hackers: These are “GOOD” hacker who help organizations locate & fix security flaws & who use their knowledge for selling their services to clients who want to protect their networks. are those who use their knowledge for selling their services to clients who want to protect their networks.
2. Black hackers: (also known as crackers) They are engaged in same activities but without pay or any buy-in from the targeted organizations with the intention of causing harm. They break into web-sites & reveal the confidential or proprietary information they find. They are the ones who attack those networks and try to make some money out of it.
3. Grey hackers: They are more ambiguous & believes they are pursuing some greater good by breaking in & discover the weaknesses in a system’ security & then publish them. They don't do it for the money. They want to show the world and their hacker friends how good they are. They don't do it for the money. They want to show the world and their hacker friends how good they are.
So, were does ethical hackers fall? Well, they are inside the white hackers group. But being a white hacker doesn't transform you into an ethical hacker. There are some things that you need to do first.
The Requirements for Ethical Hacking
The first requirement is to be trustworthy. And for that, you will need to make a name.You need to start from the beginning: down. The first step is academic. Most of ethical hackers have written papers on this matter and published through an academic institution. This is an excellent method to show the world how preoccupied you are for computer security and that you have a desire to protect people from the dangers of the internet
DIFFERENT KIND OF HACKERS
1. Professional hackers– Black Hats – They are the Bad Guys– White Hats – They are the Professional Security Experts
2. Underemployed Adult Hackers:• Can’t get employment in the field• Want recognition in hacker community• Big in Eastern European countries
3. Ideological Hackers: They hack as a mechanism to promote some political or ideological purpose. They usually coincide with political events.
4. Criminal Hackers: They are the real criminals, are in it for whatever they can get no matter who it hurts.
5. Disgruntled Employees: They are the most dangerous to an enterprise as they are “insiders”. Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise.
HACKING TOOLS
Website hacking has become the most common problem today. By the act of hacking websites, the hackers try to trespass unauthorized into the website. Almost nearly 80% of the cyber attacks are hurled on the login pages, shopping carts, dynamic content etc. Through the scanned out vulnerable points the hackers break into the site using certain strong technical tools. Hacking into the websites involves a wide range of tools that are easily available and so easy to use that in some cases even kids prove to be smart enough to operate them. One can get loads of free hacking tools in the Internet. There are hundreds of easy-to-use tools that may be used for the purpose of hacking wireless internet and IP addresses of a remote system.
DeCSS 1.2b: is used as a cracking tool. It was originated in the year 1999, October and requires storage of minimum 253 KB. It is highly engineered software that has been designed in order to modify the other software with an intention to remove the usage restriction. A worth mentioning instance is a "patch generator", which replaces bytes at specific location of a file, giving it a licensed version.
Coldlife 4.0: is another tool for website hacking that falls in the category of flooder. This is a program that has been designed to overload the connection by certain mechanisms like a fast pinging that causes a sudden DOS attack.
TIMELINE OF COMPUTER SECURITY HACKER
Hacking and system cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking
1932 Polish cryptologists: Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
1939 Alan Turing, Gordon Welchman and Harold Keen worked together to develop the Bombe(on the basis of Rejewski's works on Bomba). The Enigma machine's use of a reliably small key space makes it vulnerable to brute force and thus a violation of CWE-326.
1965 William DIxk. Mathews from MIT found vulnerability in a Multics CTSS running on a IBM 7094. This flaw discloses the contents of the password file. The issue occurred when multiple instances of the system text editor were invoked, causing the editor to create temporary files with a constant name.
1971 John T. Draper(later nicknamed Captain Crunch), his friend Joe Engressia, and blue box phone phreaking hit the news with an Esquire Magazine feature story.
1981 Chaos Computer Club forms in Germany. The Warelords forms in The United States, founded by Black Bart(cracker of Dung Beetles in
1982) in St. Louis, Missouri, and was composed of many teenage hackers, phreakers, coders, and largely black hat-style underground computer geeks. One of the more notable group members was Tennessee Tuxedo, a young man that was instrumental with developing conference calls via the use of trunk line phreaking via the use of the Novation Apple Cat II that allowed them to share their current hacks, phreaking codes, and new software releases. Other notable members were The Apple Bandit, Krakowicz, and Krac-man. Black Bart was clever at using his nationally known and very popular BBS system in order to promote the latest gaming software. He used that relationship to his advantage, often shipping the original pre-released software to his most trusted code crackers during the beta-testing phase, weeks prior to their public release. The Warelords often collaborated with other piracy groups at the time, such as The Syndicate and The Midwest Pirates Guild and developed an international ring of involved piracy groups that reached as far away as Japan. Long before the movie War Games went into pre-production, The Warelords had successfully infiltrated such corporations and institutions as The White House, Southwestern Bell "Ma Bell" Mainframe Systems, and large corporate providers of voice mail systems.
1982 The 414sbreak into 60 computer systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Center. The incident appeared as the cover story of Newsweek with the title Beware: Hackers at play, possibly the first mass-media use of the term hacker in the context of computer security. As a result, the U.S. House of Representatives held hearings on computer security and passed several laws
1983 The group KILOBAUD is formed in February, kicking off a series of other hacker groups which
form soon after. The movie War Games introduces the wider public to the phenomenon of hacking and creates a
degree of mass paranoia of hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear ICBMs.
The 414s are caught and investigated by the FBI. Although most members are not charged with a crime, they gain widespread media attention,[5][6]eventually becoming a cover story of Newsweek entitled "Beware: Hackers at play".
In his Turing Award lecture, Ken Thompson mentions "hacking" and describes a security exploit that he calls a "Trojan horse".
1984 Someone calling himself Lex Luthor founds the Legion of Doom. Named after a Saturday morning cartoon, the LOD had the reputation of attracting "the best of the best" — until one of the most talented members called Phiber Optik feuded with Legion of Doomer Erik Bloodaxe and got 'tossed out of the clubhouse'. Phiber's friends formed a rival group, the Masters of Deception.
The Comprehensive Crime Control Act gives the Secret Service jurisdiction over computer fraud. Cult of the Dead Cow forms in Lubbock, Texas and begins publishing its ezine. The hacker magazine 2600begins regular publication, right when TAPwas putting out its final
issue. The editor of 2600, "Emmanuel Goldstein" (whose real name is Eric Corley), takes his handle from the leader of the resistance in George Orwell's 1984. The publication provides tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day. Today, copies of 2600 are sold at most large retail bookstores.
The first Chaos Communication Congress, the annual European hacker conference organized by the Chaos Computer Club, is held in Hamburg
1985 KILOBAUD is re-organized into The P.H.I.R.M., and begins sysopping hundreds of BBS sthrough-out the United States, Canada, and Europe.
The online zine Phrack is established. The Hacker's Handbook is published in the UK. The FBI, Secret Service, Middlesex County NJ Prosecutor's Office and various local law
enforcement agencies execute seven search warrants concurrently across New Jersey on July 12, 1985, seizing equipment from BBS operators and users alike for "complicity in computer theft," under a newly-passed, and yet untested criminal statue. This is famously known as the Private Sector Bust, or the 2600 BBS Siezure, and implicated the Private Sector BBS sysop, Store Manager (also a BBS sysop), Beowulf, Red Barchetta, The Vampire, the NJ Hack Shack BBS sysop, and the Treasure Chest BBS sysop
1986 After more and more break-ins to government and corporate computers, Congress passes the Computer Fraud and Abuse Act, which makes it a crime to break into computer systems. The law, however, does not cover juveniles.
Arrest of a hacker who calls himself The Mentor. He published a now-famous treatise shortly after his arrest that came to be known as the Hacker's Manifesto in the e-zine Phrack. This still serves as the most famous piece of hacker literature and is frequently used to illustrate the mindset of hackers.
Astronomer Clifford Stoll plays a pivotal role in tracking down hacker Markus Hess, events later covered in Stoll's 1990 book The Cuckoo's Egg.[
1987 Decoder magazine begins in Italy. The Christmas Tree EXEC "worm" causes major disruption to the VNET, BITNET and EARN
networks
1988 The Morris Worm. Graduate student Robert T. Morris, Jr. of Cornell University launches a worm on the government's ARPAnet (precursor to the Internet). The worm spreads to 6,000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years probation, and fined $10,000.
First National Bank of Chicago is the victim of $70-million computer theft. The Computer Emergency Response Team(CERT) is created by DARPA to address network
security. The Father Christmas (computer worm)spreads over DECnet networks.
1989 Jude Milhon(aka St Jude) and R. U. Sirius launch Mondo 2000, a major '90s tech-lifestyle magazine, in Berkeley, California.
The politically motivated WANK worm spreads over DECnet. Dutch magazine Hack-Tic begins. The Cuckoo's Eggby Clifford Stoll is published
1990 Operation Sundevil introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the Legion of Doom, conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on credit-card theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of Steve Jackson Games are also raided, and the role-playing sourcebook GURPS Cyber punkis confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the Electronic Frontier Foundation, including the trial of Knight Lightning.
Australian federal police tracking Realm members Phoenix, Electron and Nom are the first in the world to use a remote data intercept to gain evidence for a computer crime prosecution
1992 Release of the movie Sneakers, in which security experts are blackmailed into stealing a universal decoder for encryption systems.
MindVox opens to the public. Bulgarian virus writer Dark Avenger wrote 1260, the first known use of polymorphic code, used to
circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
1993 The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering was so popular it became an annual event.
AOL gives its users access to USENET, precipitating Eternal September
1994 Summer: Russian crackers siphon $10 million from Citibank and transfer the money to bank accounts around the world. Vladimir Levin, the 30-year-old ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel.
Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.
Hackers adapt to emergence of the World Wide Web quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker Web sites.
AOHellis released, a freeware application that allows a burgeoning community of unskilled script kiddies to wreak havoc on America Online. For days, hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte email bombs and their chat rooms disrupted with spam messages.
1995 The movies The Net and Hackers are released. February 22: The FBI raids the "Phone Masters".
1996 Hackers alter Web sites of the United States Department of Justice (August), the CIA(October), and the U.S. Air Force (December).
Canadian hacker group, Brotherhood, breaks into the Canadian Broadcasting Corporation. The U.S. General Accounting Office reports that hackers attempted to break into Defense
Department computer files some 250,000 times in 1995 alone. About 65 percent of the attempts were successful, according to the report.
The MP3 format gains popularity in the hacker world. Many hackers begin setting up sharing sites via FTP, Hotline, IRC and Usenet.
1997 A 15-year-old Croatian youth penetrates computers at a U.S. Air Force base in Guam. June: Eligible Receiver 97tests the American government's readiness against cyber attacks. December: Information Security publishes first issue. First high-profile attacks on Microsoft's Windows NT operating system [1] In response to the MP3 popularity, the Recording Industry Association of America begins cracking
down on FTPs [2]. The RIAA begins a campaign of lawsuits shutting down many of the owners of these sites including the more popular ripper/distributors The Maxx (Germany, Age 14), Chapel976 (USA, Age 15), Bullet boy (UK, Age 16), Sn4rf (Canada, Age 14) and others in their young teens via their ISPs. Their houses are raided and their computers and modems are taken. The RIAA fails to cut off the head of the MP3 beast and within a year and a half, Napster is released.
1998 January: Yahoo! notifies Internet users that anyone visiting its site in recent weeks might have downloaded a logic bomb and worm planted by hackers claiming a "logic bomb" will go off if Kevin Mitnick is not released from prison.
January: Anti-hacker runs during Super Bowl XXXII February: The Internet Software Consortium proposes the use of DNSSEC (domain-name system
security extensions) to secure DNS servers. June: Information Security publishes its first annual Industry Survey, finding that nearly three-
quarters of organizations suffered a security incident in the previous year. October: "U.S. Attorney General Janet Reno announces National Infrastructure Protection Center."
1999 Software security goes mainstream In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugsin Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers.
The Electronic Civil Disobedience project, an online political performance-art group, attacks the Pentagon calling it conceptual art and claiming it to be a protest against the U.S. support of the suppression of rebels in southern Mexico by the Mexican government. ECD uses the FloodNetsoftware to bombard its opponents with access requests.
U.S. President Bill Clinton announces a $1.46 billion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same.
January 7: an international coalition of hackers (including CULT OF THE DEAD COW, 2600's staff, Phrack's staff, L0pht, and the Chaos Computer Club) issued a joint statement condemning the LoU's declaration of war. The LoU responded by withdrawing its declaration.
A hacker interviewed by Hilly Rose during the Art BellCoast-to-Coast Radio Show exposes a plot by Al-Qaida to derail Amtrak trains. This results in ALL trains being forcibly stopped over Y2K as a safety measure.
March: The Melissa wormis released and quickly becomes the most costly malware outbreak to date.
July: CULT OF THE DEAD COW releases Back Orifice 2000 at DEF CON August: Kevin Mitnick, "the most wanted man in cyberspace", September: Level Seven hacks The US Embassy in China's Website and places racist, anti-
government slogans on embassy site in regards to 1998 U.S. embassy bombings. September 16: The United States Department of Justice sentences the "Phone Masters". October: American Express introduces the "Blue" smart card, the industry's first chip-based credit
card in the US
2000 May: The ILOVEYOU worm, also known as VBS/Love letter and Love Bug worm, is a computer worm written in VBScript. It infected millions of computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines; made by an AMA Computer College student for his thesis.
September: teenage hacker Jonathan James becomes first juvenile to serve jail time for hacking.
2001 Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's Web sites are corrupted.
February: A Dutch cracker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star.
April: FBI agents trick two into coming to the U.S. and revealing how they were Hacking U.S. banks.
May: Spurred by elevated tensions in Sino-American diplomatic relations, U.S. and Chinese hackers engage in skirmishes of Web defacements that many dub "The Sixth Cyberwar".
July: Russian programmer Dmitry Sklyarovis arrested at the annual Def Con hacker convention. He is the first person criminally charged with violating the Digital Millennium Copyright Act (DMCA).
August: Code Red worm, infects tens of thousands of machines.
2002 January: Bill Gates decrees that Microsoft will secureits products and services, and kicks off a massive internal training and quality control campaign.
May: Klez.H, a variant of the worm discovered in November 2001, becomes the biggest malware
outbreak in terms of machines infected, but causes little monetary damage. June: The Bush administration files a bill to create the Department of Homeland Security, which,
among other things, will be responsible for protecting the nation's critical IT infrastructure. August: Researcher Chris Paget publishes a paper describing "shatter attacks", detailing how
Windows' unauthenticated messaging system can be used to take over a machine. The paper raises questions about how securable Windows could ever be.
October: The International Information Systems Security Certification Consortium- (ISC)2 - confers its 10,000th CISSP certification
2003 March: CULT OF THE DEAD COW and Hack tivismo are given permission by the United States Department of Commerce to export software utilizing strong encryption.
December 18: Milford Manpleas guilty to hacking
2004 March: Myron Tereshchukis arrested for attempting to extort $17 million from Micropatent. July: North Korea claims to have trained 500 hackers who successfully crack South Korean,
Japanese, and their allies' computer systems
2005 April 2: Rafael Núñez aka RaFa a notorious member of the hacking group World of Hell is arrested following his arrival at Miami International Airport for breaking into the Defense Information Systems Agency computer system on June 2001.
September 13: Cameron Lacroixis sentenced to 11 months for gaining access to T-Mobile USA's network and exploiting Paris Hilton's Sidekick.
November 3: Jeanson James Ancheta, whom prosecutors say was a member of the "Botmaster Underground", a group of script kiddies mostly noted for their excessive use of bot attacks and propagating vast amounts of spam, was taken into custody after being lured to FBI offices in Los Angeles.
2006 January: One of the few worms to take after the old form of malware, destruction of data rather than the accumulation of zombie networks to launch attacks from, is discovered. It had various names, including Kama Sutra(used by most media reports), Black Worm, Mywife, Blackmal, Nyxem version D, Kapser, KillAV, Grew and CME-24. The worm would spread through e-mail client address books, and would search for documents and fill them with garbage, instead of deleting them to confuse the user. It would also hit a web page counter when it took control, allowing the programmer who created it as well as the world to track the progress of the worm
February: Direct-to-video film The Net 2.0is released, as a sequel to The Net, following the same plotline, but with updated technology used in the film, using different characters, and different complications.
May: Jeanson James Ancheta receives a 57-month prison sentence, and is ordered to pay damages amounting to $15,000.00 to the Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, for damage done due to DDoS attacks and hacking. Ancheta also had to forfeit his gains to the government, which include $60,000 in cash, a BMW, and computer equipment.
May: Largest Defacement in Web History is performed by the Turkish hacker iSKORPiTX who successfully hacked 21,549 websites in one shot.
July: Robert Moore and Edwin Pena featured on Americas Most Wanted with Kevin Mitnick presenting their case commit the first VOIP crime ever seen in the USA. Robert Moore served 2
years in federal prison with a $152,000.00 restitution while Edwin Pena was sentenced to 10 years and a $1 million restitution.
September: Viodentia releases FairUse4WM tool which would remove DRM information off WMA music downloaded from music services such as Yahoo Unlimited, Napster, Rhapsody Music and Urge.
2007 May 17: Estoniare covers from massive denial-of-service attack. June 13: FBI Operation Bot Roast finds over 1 million botnet victims.
June 21: A spear phishing incident at the Office of the Secretary of Defense steals sensitive U.S. defense information, leading to significant changes in identity and message-source verification at OSD.
August 11: United Nations website hacked by Turkish Hacker Kerem125.
October 7: Trend Micro website successfully hacked by Turkish hacker Janizary (aka Utku).
November 29: FBI Operation Bot Roast II: 1 million infected PCs, $20 million in losses and 8 indictments.
2008 January 17: Project Chanology Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.
March 7: Around 20 Chinese hackers claim to have gained access to the world's most sensitive sites, including The Pentagon. They operate from a bare apartment on a Chinese island.
2009 April 4: Conficker worm infiltrated millions of PCs worldwide including many government-level top-security computer networks.
2010 March 24: UN department of safety and security hacked by turkish hacker Digit ALL(1923Turk)Mirror Link
January 12: Operation Aurora Google publicly reveals[31]that it has been on the receiving end of a "highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google"
June: Stuxnet The Stuxnet worm is found by Virus BlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of SCADA systems. It slowly became clear that it was a cyber attack on Iran's nuclear facilities - with most experts believing that Israel,]was behind it- perhaps with US help.
2011 The Hacker group Lulz security is formed. April 17: An "external intrusion" sends the PlayStation Network offline, and compromises
personally identifying information (possibly including credit card details) of its 77 million accounts, in what is claimed to be one of the five largest data breaches ever.
The hacker group Lulz Raft is formed. September: Bangladesh hacker TiGER-M@TE made world record in defacement history by
hacking 700,000 websites in one shot. October 16: The YouTube channel of Sesame Street was hacked, streaming pornographic content
for about 22 minutes. November 1: The main phone and Internet networks of the Palestinian territories sustained a hacker
attack from multiple locations worldwide
EVENT TIMELINE
1878 Teenage boys mischievously misdirect and disconnect telephone calls at Bell Telephone Company1960 The term “hacker” is used by MIT train enthusiasts who hacked their train sets to change how they
work. Later, these same enthusiasts emerge as the first computer hackers1968 Dennis Ritchie and Keith Thompson develop the UNIX operating system, possibly the most elegant
hack of all time1969 The Advanced Research Projects Agency (ARPA) launches the first four nodes of ARPANET (the
system that eventually morphs into the Internet) at UCLA, Santa Barbara, University of Utah, and Stanford
ARPANET 1969
1970 Phreakers, another type of hacker, exploits the newly all-electronic telephone network to make free long distance calls
Phreaker John Draper in 1970s
1971 Ray Tomlinson writes the first email program and uses it on ARPANET (now at 64 nodes)1975 Bill Gates and Paul Allen form Microsoft1976 Stephen Wozniak, Steve Jobs, and Ron Wayne form Apple Computer1978 Randy Seuss and Ward Christiansen create first personal computer bulletin board system, still in
operation today1980 Usenet is created by networking UNIX machines via telephone1981 Ian Murphy is the first hacker tried and convicted as a felon1983 ARPANET splits into military and civilian sectors; the civilian sector later evolves into the present-day
InternetThe film War Games popularizes hacking Richard Stallman makes the first GNU announcement via Usenet.
The film War Games released in 1983
1984 William Gibson coins the term “cyberspace” in his novel Neuromancer, the first hacking-related novel. The most famous hacker group, Legion of Doom, is formed Steven Levy publishes Hackers: Heroes of the Computer Revolution, which summarizes the hacker credo of “freedom of technology”
Gibson’s Neuromancer published 1984
1986 The US Congress passes the Computer Fraud and Abuse Act, the first hacking-related legislation. A
small accounting error alerts astronomer and computer manager Cliff Stoll to the presence of hackers using his computer system; a year-long investigation results in the arrests of five German hackers, and Stoll later recounts the events in his book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
Stoll publishes his account of tracking a hacker across multiple computer systems and countries
1988 Robert T. Morris, Jr. launches the first self-replicating worm on the government’s ARPANET to test its effect on UNIX systems; he is the first person to be convicted under the Computer Fraud Act of 1986
1989 Herbert Zinn is the first juvenile convicted under the Computer Fraud Act1990 The Electronic Frontier Foundation is formed, in part to defend the rights of those investigated for
hacking The United States Secret Service and the Arizona Organized Crime and Racketeering Bureau implement Operation Sun Devil, a twelve city multi-state crackdown and the largest hacker raid to date
Electronic Frontier Foundation founded 1990
1991 The federal ban barring business from the Internet is lifted Justin Petersen, arrested three months earlier for hacking, is released from prison to help the FBI track hacker Kevin Mitnick Linus Torvalds publicly releases Linux version 0.01
1992 Mark Abene (aka "Phiber Optik") and other members of the Masters of Deception, a gang of phreakers, are arrested from evidence obtained from wiretaps.
Mark Abene of Masters of Deception arrested 1992
1995 Kevin Mitnick, probably the world’s most prolific and best known hacker, is arrested and charged with obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers, and educational institutions; and stealing, copying, and misappropriating proprietary computer software from Motorola, Fujitsu, Nokia, Sun, Novell, and NEC. Mitnick was also in possession of 20,000 credit card numbers. Christopher Pile is the first person jailed for writing and distributing a computer virus.
Mitnick’s Wanted Poster
1997 AOHell, a freeware application that allows script kiddies to wreak havoc on AOL, is released1998 Two hackers, Hao Jinglong and Hao Jingwen (twin brothers) are sentenced to death by a court in China
for stealing ~$87,000 from a bank in China; Hau Jingwen’s sentence was upheld, while Hao Jinglong was acquitted in return for further testimony
EVOLUTION OF THE HACKER THREATS
Those behind Internet attacks have also changed. The cyber-criminal of today is much less likely to be the neighborhood geek recklessly unleashing malware. Instead modern cyber criminals are often motivated by politics or greed.
Since 2003 there has been a rapid increase in spyware and corporate data theft. Spyware is frequently used in identity theft and may allow access to an individual's financial accounts. Corporate data theft attempts have focused on stored credit card information. Since the enactment of California's SB1386, successful thefts frequently result in public disclosure. This has a double effect; consumers are warned their information has been stolen and may attempt to limit the damage to their credit, while companies suffer public embarrassment. Companies may receive a drop in stock valuation following such incidents or go out of business.
DIFFERENT KIND OF HACKING ATTACK
There are many ways to divide the different hacking attacks.
1) Inside Jobs- Most security breaches originate inside the network that is under attack. Inside jobs include stealing passwords (which hackers then use or sell), performing industrial espionage, causing harm (as disgruntled employees), or committing simple misuse. Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breaches.
2) Rogue Access Points- Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.) Rogue APs are most often connected by well-meaning but ignorant employees.
3) Back Doors- Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.
4) Viruses and Worms- Viruses are self-replicating computer programs that have the ability to replicate or make copies of itself & spread to other files. Worms is designed to spread computer to computer. It does not need to be activated by a user or programme in order to replicate itself.
5) Trojan Horses- Trojan horses Are attached to other programs. It is not itself a virus because it does not replicate. It is a way for viruses or other malicious code to be introduced into a computer system. are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.
6) Denial of Service- DOS attacks give hackers a way to bring down a network without gaining internal access. DOS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets). Distributed DOSs (DDoS5) is coordinated DOS attacks from multiple sources. A DDOS is more difficult to block because it uses multiple, changing, source IP addresses.
7) Crackers and Kiddies- Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other software. They either use the SW themselves (for bragging rights) or sell it for profit. Script kiddies are hacker. They have no real hacker skills, so they buy or download, which they launch. Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.
8) Sniffing and Spoofing- It is a type of eavesdropping program that monitors information travelling over a network. It enables hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files or personal information will be made public.
Spoofing is the act of misrepresent oneself by using fake e-mail addresses or masquerading as someone else. Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.
THE HACKER METHODOLOGY
The hacker methodology is a step-by-step approach taken by many hackers. It has been made famous by George Kurtz and Stuart McClure in their book ‘Hacking Exposed'. Each step requires investigation and planning, and frequently a large repertoire of tools and skills.
SYSTEM SECURITY
One point has become obvious; Antivirus is no longer enough. Email links can send users to phishing sites where they may be exploited. Pharming can manipulate DNS to similar effect. Spyware will slow down machines and steal user data. Keyloggers can surreptitiously send logs of every keystroke via email to a hacker. Unpatched machines may become DDOS zombies.
For better protection from zero-day attacks, Host Intrusion Prevention (HIPS) offers the best defense. Reliance on just a network firewall is negligent. Wireless Access points must be secured and endpoints need layered protection.
However, no one layer of security protection will solve all problems. A multi-layered security approach must be followed. While corporate machines should investigate all of the layers below, consumer machines should have as a minimum:
1. Antivirus 2. Anti-Spyware 3. Desktop Firewall4. Host Intrusion Prevention5. Scan and Block (NAC)
CONCLUSION
Thus, I can conclude that the threats on the applications are on a continuous rise, and developers need to be aware of these and educate themselves so as to involve a secure methodology in the lifecycle of the development.
Real hackers don’t use mice. The threats on the applications are on a continuous rise, and developers need to be aware of these and educate themselves so as to involve a secure methodology in the lifecycle of the development.
Hacker only hacks anything just for their pleasure or just for greed. Hacker phenomenon has diversified over time.
Hacker activities have broadened beyond mere system intrusion to include thefts of goods & information.
Hacker Evolution is a very difficult and fast with a digital twist, and if that concept makes tick, it does a very good job of providing that experience.
REFERENCE
http://www.hackingalert.com/hacking-articles/history-of-hacking.php
http://www.hackingalert.com/hacking-articles/hacking-and-cracking.php
http://www.hackingalert.com/hacking-articles/ethical-hacking.php
http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history
http://www.hackingalert.com/hacking-articles/free-hacking-tools.php