What is Hacking?
Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. An example of computer hacking can be: using a password cracking algorithm to gain access to a computer system.
Computers have become mandatory to run a successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. System hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.
In this hacking tutorial, we will learn-
- Common Hacking Terminologies
- What is Cyber Crime?
- Types of Cyber Crime
- What is Ethical Hacking?
- Why Ethical Hacking?
- Legality of Ethical Hacking
- Common Hacking Techniques
- Common Hacking Tools
Before we learn hacking, let’s look at the introduction of hacking and some of the most commonly used terminologies in the world of hacking.
Who is a Hacker?
A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
Types of Hackers
Hackers are classified according to the intent of their actions. The following list classifies types of hackers according to their intent:
Introduction of Cybercrime
Cybercrime is the activity of using computers and networks to perform illegal activities like spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cybercrime hacks are committed through the internet, and some cybercrimes are performed using Mobile phones via SMS and online chatting
Type of Cybercrime
- The following list presents the common types of cybercrimes:
- Computer Fraud: Intentional deception for personal gain via the use of computer systems.
- Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, hacking a websites, etc.
- Identity Theft: Stealing personal information from somebody and impersonating that person.
- Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc.
- Electronic funds transfer: This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.
- Electronic money laundering: This involves the use of the computer to launder money.
- ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
- Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
- Spam: Sending unauthorized emails. These emails usually contain advertisements.
What is Ethical Hacking?
Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.
- Get written permission from the owner of the computer system and/or computer network before hacking.
- Protect the privacy of the organization been hacked.
- Transparently report all the identified weaknesses in the computer system to the organization.
- Inform hardware and software vendors of the identified weaknesses.
Why Ethical Hacking?
- Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
- Fake hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.
Legality of Ethical Hacking
Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.
Common Hacking Tools
Most Hacking tools are used by both security researchers and criminals. If the tool finds a vulnerability it can be patched, or exploited, depending on your ethical alignment.
Special software that allows a hacker to gain remote access to a victim’s computer. Originally, rootkits were developed to fix software problems remotely but have since then been weaponized by hackers.
Software designed to eavesdrop on the victim’s computer, recording every keystroke the user does. Everything is intercepted and stored on a log file, credit card numbers, personal communication, phone numbers, passwords.
- Vulnerability scanners
A software that scans large networks of computers to find weaknesses that can be exploited or patched. For example, a White Hat scans to find holes to patch while a Black Hat scans to find holes to exploit.
- Worm, Virus & Trojan
Worms and Viruses are malicious programs designed to steal your data and spread to other computers within the network. Trojans are impostors, files that look like desirable programs but contain malicious code. The main difference is that Trojans do not infect other computers; they do not self-replicate.
A Botnet is a series of hijacked computers all around the world that the Hacker controls. They can be used to perform DDoS-attacks, bringing down specific servers with massive amount of traffic. Botnets are created and managed by Hackers that either use them for their own purposes or sell them as a service.Most notorious.
Common Hacking Techniques
Usually a Hacker deploys multiple techniques to reach their goal, sometimes the simplest ways are the most efficient. Using social engineering techniques exploiting human kindness, greed and curiosity to gain access is not uncommon.
The Hacker makes a perfect copy of a popular website and uses a URL that is close enough to the original to go unnoticed. He then sends a legitimate-looking email to the target containing a link to the phishing site. The target will unknowingly sign in to the fake website giving the hacker his login credentials.
- SQL Injections
Most websites use an SQL database to store information about their customers. An application communicating with that database can be exploited with SQL-injections if it’s poorly coded. The attack is executed on the website’s user-input fields (search box, login box, etc) that accept illegal input, giving the hacker access to the database.
In a Denial of Service attack, the hacker uses a Botnet (network of hijacked computers) to flood a specific server with massive amounts of traffic. The server is quickly overloaded, and all websites hosted on it will be offline.
- Brute Force
Essentially it’s guessing passwords until the hacker get’s it right. If a user has a weak password, i.e. “1234” or “password”, the hacker can try to guess it either by hand or using specialized tools.
- Fake WAP
Free WiFi is common in public spaces like airports & coffee shops making it an ideal target for a hacker to exploit. The hacker creates a fake Wireless Access Point (WAP) mimicking the name of the real WiFi, so users connect to it. While the users is connected to the fake WiFi the hacker can read all information going through it, login credentials, credit card, and personal messages.
The hacker monitors traffic on unsecured networks to find relevant information that can be used in a future attack.
- Bait & Switch
In this attack, the Hacker buys advertising space on popular websites, and the ads will redirect the target to a page full of malware. The hacker’s ads will look legitimate and very appealing to the target, but as soon as the target clicks them they will be infected. It’s called Bait & Switch since the hacker’s baiting with good ads and then switching the link to a bad page.
- Cookie Theft
- Waterhole Attacks
The Hacker studies the target’s daily routines to find out his favorite physical locations (café f.ex); these are the waterholes. Once the Hacker knows the waterholes and the timing of the target he sets his trap using a combination of techniques. He might create a Fake WAP free WiFi access point at that location, and knowing the target’s favorite websites, he uses Phishing to steal the login credentials.More info: Wiki
- UI Redress/ClickJacking
In essence, the Hacker tricks the target to click on a specific link by making it look like something else. It’s very common on movie streaming or torrent download pages; when the user clicks on “Download” or “Play”, it’s an advertising link they are clicking. In other cases it can be used to trick the target to transfer money to the Hacker from their online bank.
- Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.
- Cybercrime is committing a crime with the aid of computers and information technology infrastructure.
- Ethical Hacking is about improving the security of computer systems and/or computer networks.
- Ethical Hacking is legal.