Hacking. A word which whenever we see, creates the image of stealing data from others’ computers and which attracts us a lot but do we know what actually hacking is? Read it in our article and know about ethical hacking.

WHAT IS HACKING & WHO ARE KNOWN AS HACKERS?

The word “hack” gets used a lot these days and appears to have a few meanings. Every day in the news another organization announces they were hacked. A friend’s twitter account is hacked. Government systems are breached. What does it mean to be hacked?

When used in terms of computer security, “Hack” means to gain unauthorized access to secure systems. There are a variety of methods used. Emails full of malicious links are sent. Bogus web pages are pushed to the top of search results for you to find and click on. Social engineering is used to gather sensitive data from you or your team, which is then used to break into your systems. Anything facing the Internet is actively probed for a way in, much like a burglar tries your doors and windows to see if they can jimmy something open. Passwords are guessed, or maybe the latest application exploit is used to get inside. These are just a few examples. Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. An example of Hacking: Using password cracking algorithm to gain access to a system.

Computers have become mandatory to run a successful business. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.

Image Source – Internet

TYPES OF HACKERS

Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration testing and vulnerability assessments.

Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.

Gray hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.

Script kiddies: A non-skilled person who gains access to computer systems using already made tools.

Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.

Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

WHAT IS CYBERCRIME?

Cyber crime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cybercrimes are committed through the internet. Some cyber crimes can also be carried out using mobile phones via SMS and online chatting applications.

TYPES OF CYBERCRIME

The following list presents the common types of cyber crimes:

• Computer Fraud: Intentional deception for personal gain via the use of computer systems.
• Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, websites, etc.
• Identity Theft: Stealing personal information from somebody and impersonating that person.
• Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc.
• Electronic funds transfer: This involves gaining an unauthorized access to bank computer networks and making illegal fund transfers.
• Electronic money laundering: This involves the use of the computer to launder money.
• ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
• Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
• Spam: Sending unauthorized emails. These emails usually contain advertisements.

 WHAT IS ETHICAL HACKING?

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.
• Protect the privacy of the organization been hacked.
• Transparently report all the identified weaknesses in the computer system to the organization.
• Inform hardware and software vendors of the identified weaknesses.

WHY ETHICAL?

• Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
• Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Generally, a software or hardware vendor achieves greater profitability by hiring ethical hackers, versus being subjected to other types of vulnerabilities and exploitations.An ethical hacker is an individual hired to hack into a system to identify and repair potential vulnerabilities, effectively preventing exploitation by malicious hackers. They are security experts that specialize in the penetration testing (pen-testing) of computer and software systems for the purpose of evaluating, strengthening and improving security. An ethical hacker is also known as a white hat hacker, red team, tiger team or sneaker

THE ETHICAL HACKING PROCESS

Image Source – Internet

Ethical hackers must follow a strict scientific process in order to obtain useable and legal results.

Planning

The planning phase will describe many of the details of a controlled attack. It will attempt to answer questions regarding how the attack is going to be supported and controlled, what the underlying actions that must be performed and who does what, when, where, and for how long.

Reconnaissance

Reconnaissance is the search for freely available information to assist in an attack. Reconnaissance can include social engineering, tapping phones, and networks, or even theft. The search for information is limited only by the extremes at which the organization and ethical hacker are willing to go in order to recover the information they are searching for.

Enumeration

Enumeration is the act of obtaining information that is readily available from the target’s system, applications, and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan.

Vulnerability Analysis

In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process. Information is useful no matter what the source. Any little bit can help in discovering options for exploitation and may possibly lead to discoveries that may not have been found otherwise. Known vulnerabilities, incidents, service packs, updates, and even available hacker tools help in identifying a point of attack.

Exploitation

A significant amount of time is spent planning and evaluated an ethical hack. Of course, all this planning must eventually lead to some form of attack. The exploitation process is broken down into a set of subtasks which can be many steps or a single step in performing the attack.

Expectations: Are the expectations of the exploitation being met or are the results conflicting with the organization’s assumptions?

Technical: Is the system reacting in an unexpected manner, which is having an impact on the exploitation and the engagement as a whole?

Final Analysis

Although the exploitation phase has a number of checks and validations to ensure success, a final analysis is required to categorize the vulnerabilities of the system in terms of their level of exposure and to assist in the derivation of a mitigation plan. The final analysis phase provides a link between the exploitation phase and the creation of a deliverable.

Deliverables

Deliverables communicate the results of tests in numerous ways. Some deliverables are short and concise, only providing a list of vulnerabilities and how to fix them, while others are long and detailed, providing a list of vulnerabilities with detailed descriptions regarding how they were found, how to exploit them, the implications of having such a vulnerability and how to remedy the situation.

Integration

Finally, it essential that there are some means of using the test results for something productive. Often, the deliverable is combined with existing materials, such as a risk analysis, security policy, previous test results, and information associated with a security program to enhance mitigation and develop remedies and patches for vulnerabilities.

DISCLAIMER: HACKING IS A CRIME. THIS ARTICLE IS FOR LEARNING PURPOSES ONLY TO KEEP OUR READERS AWARE. KAILASHA FOUNDATION (INCLUDING AUTHOR) DO NOT PROMOTE/ SPONSOR HACKING IN ANY FORM. KAILASHA FOUNDATION WILL NOT BE RESPONSIBLE FOR THE WAY YOU USE THIS ARTICLE.

Kailasha Foundation - Bringing Solutions To You