LET’S TALK ABOUT HACKERS - PART 2

-


LET’S TALK ABOUT HACKERS - PART 2


Main Concept: A cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system"

HACKING TECHNIQUES AND OTHERS:

VULNERABILITY SCANNER: A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number.

FINDING VULNERABILITIES: Hackers may also attempt to find vulnerabilities manually. A common approach is to search for possible vulnerabilities in the code of the computer system then test them, sometimes reverse engineering the software if the code is not provided.

BRUTE-FORCE ATTACK: Password guessing. This method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used, because of the time a brute-force search takes.

PASSWORD CRACKING: Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a "dictionary", or a text file with many passwords.

PACKET ANALYZER: A packet analyser ("packet sniffer") is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.

SPOOFING ATTACK (PHISHING): A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program — usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.

ROOTKIT: A rootkit is a program that uses low-level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security. They may include replacements for system binaries, making it virtually impossible for them to be detected by checking process tables.

SOCIAL ENGINEERING: In the second stage of the targeting process, hackers often use Social engineering tactics to get enough information to access the network. They may contact the system administrator and pose as a user who cannot get access to his or her system. 

THIS ONE IS NOT RELATED WITH SOCIAL NETWORKS!

Hackers who use this technique must have cool personalities, and be familiar with their target's security practices, in order to trick the system administrator into giving them information. In some cases, a help-desk employee with limited security experience will answer the phone and be relatively easy to trick. Another approach is for the hacker to pose as an angry supervisor, and when his/her authority is questioned, threaten to fire the help-desk worker. Social engineering is very effective, because users are the most vulnerable part of an organization. No security devices or programs can keep an organization safe if an employee reveals a password to an unauthorized person.

Social engineering can be broken down into four sub-groups:
-      Intimidation As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek.
-      Helpfulness The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants.
-      Name-dropping The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate user him or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents (so-called "dumpster diving").
-      Technical Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record-keeping purposes.

TROJAN HORSES: A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later. (The name refers to the horse from the Trojan War, with the conceptually similar function of deceiving defenders into bringing an intruder into a protected area.)

COMPUTER VIRUS: A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.

COMPUTER WORM: Like a virus, a worm is also a self-replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms "virus" and "worm" interchangeably to describe any self-propagating program.

KEYSTROKE LOGGING: A keylogger is a tool designed to record ("log") every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine. Some keyloggers use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of them are used for legitimate purposes, even to enhance computer security. For example, a business may maintain a keylogger on a computer used at a point of sale to detect evidence of employee fraud.

TOOLS AND PROCEDURES: A thorough examination of hacker tools and procedures may be found in Cengage Learning's E|CSA certification workbook.


HACKER CLASSIFICATION
Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific group with whom they do not agree. Members of the computer underground should be called crackers.

  1. WHITE HAT: A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client - or while working for a security company which makes security software.
  2. BLACK HAT: A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".
  3. GREY HAT: A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect.
  4. ELITE HACKER: A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.
  5. SCRIPT KIDDIE: A script kiddie (known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written by others, usually with little understanding of the underlying concept.
  6. NEOPHYTE: A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.
  7. BLUE HAT: A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed.
  8. HACKTIVIST: A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message. Can be divided into two main groups: Cyberterrorism: Activities involving website defacement or denial-of-service attacks. Freedom of information: Making information that is not public, or is public in non-machine-readable formats, accessible to the public.
  9. NATION STATE: Intelligence agencies and cyberwarfare operatives of nation states. 
  10. ORGANIZED CRIMINAL GANGS: Groups of hackers that carry out organized criminal activities for profit.
 

Comments

Post a Comment

Popular posts from this blog

REASONS TO REPLACE YOUR COMPUTER FAN AND HEATSINK

-
Image
REASONS TO REPLACE YOUR COMPUTER FAN AND HEATSINK A computer's fan and heatsink are two of its most important components. The primary role of both is to cool down the processor and keep it from overheating. A laptop or notebook does not have to be outside in hot, humid weather to overheat. In fact, even if a computer is kept away from extreme heat altogether, it can still overheat. That is because a computer's processor is responsible for processing information and giving instructions to other components in the computer. A processor can get very busy as a result, especially when it is running multiple programs simultaneously. As a result, it heats up, and if there is nothing to cool it down, it can malfunction and break down, costing the owner hundreds or even thousands of dollars. This is why a good fan and heatsink are necessary. The more demand placed on the processor, the more effective the fan and heatsink must be. This guide identifies five issues...
Read more

LET’S TALK ABOUT PC AUDIO SPEAKERS

-
Image
LET’S TALK ABOUT PC AUDIO SPEAKERS Computer speakers are one of those PC accessories that are almost essential; and you can spend anywhere from $10.00 to $1,000.00 for quality PC speakers, depending on your budget.   There are tons of tons of speakers with features and different prices as we know. But as I always say: WHAT and HOW is what I am looking for. For sample: I have this one in my office and works properly, the only disadvantage is that has no RADIO and only can be played with micro SD and plugged to my computer. And only pay like $20-$25. USB charged and the battery longs for 6 hours. https://www.energysistem.com/en/products/music_box/music_box_series_/42198-energy_mini_music_box_z100_r_black Here there is some thoughts and share some personal ideas about this topic. I enjoy listening to music a lot, and because my computer is the main source for my digital music collection, a decent speaker system is essential. Expensive is not a...
Read more

LET’S TALK ABOUT - NETWORK FORENSICS

-
Image
LET’S TALK ABOUT - NETWORK FORENSICS BASIC CONCEPT Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation. Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywor...
Read more