Hacking
For years, "hacker" was a positive term that described computer enthusiasts who had a zeal for computer programming. Those who hacked took pride in their ability to write computer programs that stretched the capabilities of computer systems and find clever solutions to seemingly impossible problems. Although many computer enthusiasts still ascribe to this definition, the everyday usage of the word has changed significantly. Today, "hacking" generally refers to individuals who break into computer systems or use their programming skills or expert knowledge to act maliciously. (Traditional hackers—the good kind—prefer to use the term "cracker" to refer to these individuals.)
Some of the most common types of hacking include:
- Breaking into computer networks;
- Bypassing passwords or copy protection in computer software;
- Defacing and/or damaging Internet web sites;
- Causing a denial of service attack on a web site or network (preventing legitimate users from accessing a web site);
- Stealing valuable information such as passwords and credit card data.
A Systematic Process
Although portrayed otherwise in Hollywood films and in television shows, hacking is a systematic, tiresome process in which the attacker attempts methodically to locate computer systems, identify their vulnerabilities, and then compromise those vulnerabilities to obtain access. Experts have identified six steps that are generally followed in the hacking process. These include (1) footprinting (reconnaissance); (2) scanning; (3) enumeration; (4) penetration; (5) advance; and (6) covering tracks.
Footprinting.
The first technique often used by hackers is called footprinting. The objective is to gather information essential to an attack and enable an attacker to obtain a complete profile of an organization's security posture. During this phase, the hacker might gain information about the location of the company, phone numbers, employee names, security policies, and the overall layout of the target network. Often, hackers can perform this work with a simple web browser, a telephone, and a search engine. Unfortunately, humans are often the weakest security link in a corporation. A clever phone call to the technical support department can often compromise critical information: "Hi—this is Bill and I forgot my password. Can you remind me what it is?"
Scanning.
Next, hackers perform scanning to gain a more detailed view of a company's network and to understand what specific computer systems and services are in use. During this phase, the hacker determines which systems on the target network are live and reachable from the Internet. Commonly used scanning techniques include network ping sweeps and port scans . A ping sweep lets the attacker determine which individual computers on the network are alive and potential targets for attack. Port scanning can be used to determine what ports (a port is like a door or window on a house) are open on a given computer, and whether or not the software managing those ports has any obvious vulnerabilities.
Enumeration.
The third phase is the process of identifying user accounts and poorly protected computing resources. During the enumeration stage, the hacker connects to computers in the target network and pokes around these systems to gain more information. While the scanning phase might be compared to a knock on the door or a turn of the doorknob to see if it is locked, enumeration could be compared to entering an office and rifling through a file cabinet or desk drawer for information. It is definitely more intrusive.
Penetration.
During the fourth phase, penetration, the attacker attempts to gain control of one or more systems in the target network. For example, once an attacker has acquired a list of usernames during enumeration, he can usually guess one of the users' passwords and gain more extensive access to that user's account. Alternatively, once the attacker has determined that a target computer is running an old or buggy piece of software or one that is configured improperly, the hacker may attempt to exploit known vulnerabilities with this software to gain control of the system.
Advance.
In the advance phase of hacking, the attacker leverages computers or accounts that have been compromised during penetration to launch additional attacks on the target network. For instance, the attacker can break into more sensitive administrator root accounts, install backdoors or Trojan horse programs, and install network sniffers to gather additional information (for example, passwords) from data flowing over the network.
Covering Tracks.
In the final phase of hacking, the hacker eliminates any records or logs showing his malicious behavior. By deleting log files, disabling system auditing (which would otherwise alert the administrator to malicious activities), and hiding hacking files that the hacker has introduced, he can cover his tracks and avoid detection. Finally, the hacker can install a root kit—a series of programs that replace the existing system software to both cover his tracks and gather new information.
Recent Attacks, Countermeasures, and Motivations
Since the late 1990s, the number of hacking attacks has grown dramatically. Both private companies such as Microsoft, Yahoo, Amazon.com, Buy.com, and U.S. government entities like the Federal Bureau of Investigation (FBI) and the White House have been targeted by hackers. In the vast majority of incidents, hackers have attempted to either launch denial of service attacks or deface Internet web pages with inappropriate content. However, some of the attacks are far more insidious. In January of 2000, a nineteen-year-old Russian hacker, using the pseudonym Maxim, threatened to publish more than 300,000 customer credit card numbers (obtained by hacking into a popular e-commerce site) if he was not given $100,000 cash. Beyond these highly publicized cases, it is unclear how many corporations have been hacked successfully; however, from all accounts, the number is definitely large and growing.
A number of technologies are available to companies to prevent hacking attacks. The most popular tools are Internet firewalls, anti-virus software, intrusion detection systems, and vulnerability assessment tools. Firewalls are used to set up a virtual wall between the Internet and the company's internal network to repel attackers. Anti-virus software detects and removes computer viruses, worms, and Trojan horses. Intrusion detection systems watch over critical networks and computers looking for suspicious activities, and can alert administrators in the event of an attack. Finally, corporations use vulnerability assessment tools to inventory their computing infrastructure and better understand the existing vulnerabilities.
Contrary to popular belief, most hackers are not international or industrial spies with evil motives and a desire to rule the world; most hackers have a simpler agenda. Among hackers, one of the most frequently cited motivations is that hacking is fun and is like solving a game or a puzzle. Many hackers perceive their activities to be harmless and they do not believe that they are victimizing anyone. In addition, the thrill of doing something illegal or the ability to access data unavailable to the public can be a tempting motivator. The chance to earn recognition from within a hacker group also offers strong incentive for up-and-coming hackers who have yet to gain a reputation. Finally, many hackers justify their actions by explaining that they are doing a service for other computer users by identifying new security holes.
Judicial, Criminal, and Civil Implications of Hacking
The following federal statutes offer computer crime and hacking protection:
- 18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices;
- 18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers;
- 18 U.S.C. § 1362. Communication Lines, Stations, or Systems;
- 18 U.S.C. § 2511. Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited;
- 18 U.S.C. § 2701. Unlawful Access to Stored Communications;
- 18 U.S.C. § 2702. Disclosure of Contents;
- 18 U.S.C. § 2703. Requirements for Governmental Access.
As this list suggests, there is a substantial body of statutory law that applies directly to computer crime and hackers. Hacking of government computers, computers that are used by or for the government, and private computers used "in interstate commerce or communications" can be prosecuted under existing statutes. The existing statutory framework also provides for civil liability for unauthorized interception of communications. Finally, federal statutes exist to protect federal records, property, or public money. Consequently, bank, credit records, and electronic fund transfers are all protected by federal laws.
In recent cases, prosecuted hackers have been incarcerated, sentenced to home detention, and/or ordered to pay restitution. Offenders have been incarcerated for up to two years and some have been ordered to pay thousands of dollars in fines.
Carey Nachenberg
Bibliography
McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed. Berkeley, CA: Osborne/McGraw-Hill, 1998.
Internet Resources
Cybercrime. Web site for the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice. <http://www.cybercrime.gov>
Manzano, Yanet. "Anatomy of a Hacking Attack." Policies to Enhance the Forensic of Computer Security.Computer Science at Florida State University web site.<http://www.cs.fsu.edu/~manzano/research/honorthesis/part2.html>
1 comments:
This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
Email: cybergoldenhacker at gmail dot com
Post a Comment