Chapter 4: Hackers

hackers definition

unorthodox problem solver and master programmer

What is the popular consensus on hackers?

they are bad people who do bad things

**this is not entirely true...hackers do both good and bad (depending on what they use the hacking for)

CIA triangle

Confidentiality, Integrity, Availability

confidentiality

only certain people have the privilege to access info

integrity

cannot be easily corrupted, data has not been altered/changed

avaliability

if the data is available and when

hackers

an individual with a profound interest in computers and technology that has used this knowledge to access computer systems with or without authorization from the system owners

-explore computers or network-connected devices

legitimate access- no crime

hacker does not have permission- crime

Do all hackers engage in criminal activity?

no

system intrusion

when a hacker does not have permission to use a computer or network

range of activities hackers engage in

phone phreaking- 1970s to 1980s, breaking into telephone landline

software cracking- pirate software

social engineering- human confidence scam, dumpster diving

dumpster diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

(SSN, DOB, passwords, etc)

insider threat

cybercrimes who are from inside an organization present the highest risk for cybercrime and corporate and industrial espionage

-current/former employee, contractor or business partner

insider attack methods

-social engineering

-authorized use of an organization's systems

-bypassing security and control

-comprised accounts

crackers

Malicious hackers who break into computers for malicious purposes

script kiddies

do not have enough skill to write their own programs or explore new exploits themselves

-instead, they download attacks programs

hacktivists

the common characteristic of these people is the use of hacker skills and attitudes to convey a political message

black grey white

white hat

-ethical hackers

-employed

-maybe former grey or black hats

grey hat

-typically ethical but sometime violates ethics

-public disclosure

-self satisfying

black hat

-malicious

-anonymous

general hacking methods

typical attacker works in the following manner...

1. identify the target system

2. gathering info on the target system

3. finding a possible loophole in the target system

4. exploiting this loophole using exploit code

5. removing all traces from the log files and escaping without a trace

port scanning

scanning the target system

-normally the first step that an attacker undertakes

-is used to get a list of open ports, services, and the operating system running on the target system

-all this info can collectively prove to be invaluable when the attacker is actually trying to infiltrate into the target system

-can be performed easily using different methods

tools available for port scanning

-ping

-netstat

-McAfee SuperScan

*the easy usability and detailed info reports generated by popular port scanners has led to an alarming increase in the number of script kiddies

port scanning: counter-attack strategies

-it is impossible to stop clients from Port Scanning your network

examples...

-Scanlogd

-BlackICE

-Snort

-Abacus port sentry

**it is always advisable to disable as many services as possible....try to close as many ports as possible, without compromising on the services offered by that system

different types of hacking techniques

-social engineering (ex. phishing)

-compromised accounts (ex. weak passwords)

-web-based attacks (ex. SQL/command injection)

-malware (Trojan)

-keylogging

-eavesdropping/packet sniffing

-denial of service/distributed denial of service

-man in the middle

cross-site scripting

allows an attacker to embed malicious Javascript, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data

SQL injection

an attack technique used to exploit web sites that construct SQL statements from user-supplied input

denial of service (DOS) attacks

aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system

-DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users

sniffers

capture all data packets being sent across the network in the raw form

-traffic monitoring

-network trouble shooting

-gathering info on attacker

-for stealing company secrets and sensitive data

*common example: Wireshark

countermeasures for sniffers

use encryption standards like SSL, SSH

key loggers

record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker

countermeasures for key loggers

-periodic detection practices should be made mandatory

-a typical key logger automatically loads itself into the memory, each time the computer boots

-thus, the start up script of the key logger should be removed

trojans

act as a RAT (Remote Administration Tool), which allow remote control and remote access to the hacker