Security is an important area in today’s IT world and therefore it is important that we have a basic understanding about the hacking world. In this post I will introduce you to some basic concepts and give you a taste of what this whole area is about.

What is a hacker?

First of all, what is a hacker? Most people think hackers have extraordinary skill and knowledge that allow them to hack into computer systems and find valuable information. The term hacker conjures up images of a young computer whiz who types a few commands at a computer screen – and poof! the computer spits back account numbers or other confidential data. In reality, a good hacker just has to understand how a computer works and know what tools to employ in order to find a security weakness in that system.

Different hackers

Let’s take a look at the different types of hacker classes so that we can get a better feeling of what types of hackers there are and what are their motivations. Hackers can be divided into three groups: white hats, black hats, and grey hats.

White hats are the good guys, the ethical hackers who use their hacking skills for defensive purposes. White-hat hackers are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures. People who like experimentation and whose aim is to change things in order to make them better are also usually termed as white hats.

Some famous white hats which you most probably have already heard about are Steve Wozniak, Tim Berners-Lee and Linus Torvalds:

Steve Wozniak

“Woz”, as he is nicknamed, is famous for being the “other Steve” of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. Together with Jobs he built and sold blue boxes to their classmates in college. Eventually Wozniak dropped out of college and came up with the computer that made him famous.

Tim Berners-Lee

Berners-Lee is famed as the inventor of the World Wide Web. He has received numerous recognitions, most notably the Millennium Technology Prize. While still a student at Oxford University, Berners-Lee was caught hacking with a friend and subsequently banned from University computers. While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later evolved this into the World Wide Web, an idea for which he did not receive any royalties, so technically this guy made no money from one of mankind’s greatest inventions.

Linus Torvalds

Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself “an engineer,” and has said that his aspirations are simple, “I just want to have fun making the best damn operating system I can.” He has even had an asteroid named after him and received honorary doctorates from different Universities.

As you can see white hats are highly esteemed people who have made very important contributions to the IT industry.

Black hats on the other hand are the bad guys; the malicious hackers or crackers who use their skills for illegal or malicious purposes. They break into systems and gained unauthorized access, destroy vital data, deny legitimate users service, and basically cause problems for their targets.

Black-hat hackers and crackers can easily be differentiated from white-hat hackers because their actions are malicious.

Let’s take a look at some Famous black hats:

Adrian Lamo

Lamo’s claim to fame is his break-ins at major organizations like The New York Times, Yahoo! and Microsoft. Dubbed the “homeless hacker,” he used Internet connections at coffee shops and libraries to do his intrusions. He was sentenced to six months of home confinement and two years of probation. Lamo is currently working as an award-winning journalist and public speaker.

Kevin Mitnick

Kevin Mitnick was one of the most famous black hat hackers. The United States Department of Justice described him as “the most wanted computer criminal in United States history”. His exploits were eventually detailed in two movies: Freedom Downtime and Takedown. Some of these exploits include hacking into computers, stealing corporate secrets, scrambling phone networks and breaking into the national defense warning system. He served five years, about 8 months of it in solitary confinement but today Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. In fact he is now a computer security consultant, author and speaker.

Kevin Poulsen

Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio’s KIIS-FM phone lines, which earned him a brand new Porsche, among other items. His hacking specialty revolved around telephones. Since serving time, Poulsen has worked as a journalist and is also currently a senior editor for Wired News.

It is quite common that hackers who exploit systems later become highly requested speakers or even start working with companies who value their skills and capacity to defend against other black hats.

Grey hats are the dividing line between hacker and cracker, they are hackers who may work offensively or defensively, depending on the situation.

In addition to these groups, there are self-proclaimed ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint.

They may want to highlight security problems in a system or educate victims so they secure their systems properly.

These hackers are doing their victims a favour. For example, if a weakness is discovered in a service offered by a bank, the hacker is doing the bank a favour by giving the bank a chance to rectify the vulnerability.

Understanding Hacking Terminology

Let’s take a look at some hacking terms we need to be familiar with in order to fully grasp this subject.

A threat is an environment or situation that could lead to a potential breach of security. There are many threats for example terrorism.

A vulnerability is the presence of a fault, either in the design or implementation phase of a system that could possibly lead to an unanticipated compromise of security.

An exploit is a defined way (usually through a piece of software) to breach the security of an IT system through bugs, glitches, or vulnerabilities, leading to unauthorised access on a computer system.

There are two methods of classifying exploits:

A remote exploit works over a network and exploits security vulnerabilities without any prior access to the vulnerable system.

A local exploit requires prior access to the vulnerable system to increase privileges.

A target of evaluation is a system, program or network that is the subject of a security analysis or attack.

Identifying different types of hacking technologies

There are different types of attacks. The difference between them is that active attacks usually alter the system or network they’re attacking, whereas passive attacks attempt to gain information from the system without affecting the state of the system. Electronic eavesdropping is an example of a passive attack. Active attacks affect the availability, integrity, and authenticity of data; passive attacks are breaches of confidentiality.

In addition to the active and passive categories, attacks are categorized as either inside or outside attacks.

An attack originating from within the security perimeter of an organisation is an inside attack and usually is caused by an insider who gains access to more resources than expected. Most network security breaches in fact originate from within an organisation, usually from the company’s own employees or contractors. An outside attack originates from a source outside the security perimeter, such as the internet or a remote access connection.

What do hackers target?

Most hacking tools exploit weaknesses in one of the following four areas:

Operating systems

Many systems administrators install operating systems with the default settings, resulting in potential vulnerabilities that remain unpatched.

Applications

Applications usually aren’t tested for vulnerabilities when developers are writing the code, which can leave many programming flaws that a hacker can exploit. This is especially true in the case of open source applications where the code is in full view of potential hackers.

Shrink-wrap code

Many off-the-shelf programs come with extra features the common user isn’t aware of, which can be used to exploit the system. One example is macros in Microsoft Word, which can allow a hacker to execute programs from within the application.

Misconfigurations

Systems can also be misconfigured or left at the lowest common security settings to increase ease of use for the user, which may result in vulnerability and an attack.

Understanding the different phases involved in Hacking

The five phases are:

1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Covering Tracks

Phase 1 – Passive and Active Reconnaissance

Passive reconnaissance involves gathering information regarding a potential target without the targeted individual’s or company’s knowledge. Passive reconnaissance can be as simple as watching a building to identify what time employees enter the building and when they leave.

It’s usually done using internet searches or by Googling an individual or company to gain information. This process is generally called information gathering. Social engineering and dumpster diving are also considered passive information-gathering methods.

Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring; a hacker watches the flow of data to see what time certain transactions take place and where the traffic is going.

Active reconnaissance on the other hand involves probing the network to discover individual hosts, IP addresses, and services on the network. This usually involves more risk of detection than passive reconnaissance and is sometimes called rattling the doorknobs. Active reconnaissance can give a hacker an indication of security measures in place (is the front door locked?), but the process also increases the chance of being caught or at least raising suspicion. To check if the front door is open you have to actually go and try it.

Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it’s usually easy to find the types of web server and the operating system (OS) version number that the company is using. This information may enable a hacker to find a vulnerability in that OS version and exploit the vulnerability to gain more access.

Phase 2 – Scanning

Scanning involves taking the information discovered during reconnaissance and using it to examine the network. In this phase hackers are seeking any information that can help them perpetrate attack such as computer names and user accounts.

Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners.

Phase 3 – Gaining Access

This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be offline, over a LAN or over the internet. Gaining access is known in the hacker world as owning the system.

Examples include stack-based buffer overflows, denial of service (DoS), and session hijacking.

Phase 4 – Maintaining Access

Once a hacker has gained access, he wants to keep that access for future exploitation and attacks. If he owns the system, he can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.

Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, rootkits and Trojans.

Phase 5 – Covering tracks

Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking or to avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion detection systems (IDS) alarms.

Examples of activities during this phase of the attack include steganography, the use of tunnelling protocols, and altering log files.

Security, Functionality, and Ease of Use Triangle

As a security professional, it’s difficult to strike a balance between adding security barriers to prevent an attack and allowing the system to remain functional for users.

The security, functionality and ease of use triangle is a representation of the balance between security and functionality and the system’s ease of use for users. In general, as security increases, the system’s functionality and ease of use decrease for users.

In an ideal world, security professionals would like to have the highest level of security on all systems; however, sometimes this isn’t possible. Too many security barriers make it difficult for users to use the system and impede the system’s functionality.

Suppose that in order to gain entry to your office at work, you had to first show a badge as you entered the building, then use a passcode to gain entry to the elevator, and finally use a key to unlock your office door. You might feel the security checks were too stringent! Any one of those checks could cause you to be detained and consequently miss an important meeting.

Computer Crimes and implications

The FBI computer crimes squad estimates that between 85 and 97% of computer intrusions remain undetected.

A survey conducted recently noted that 90% of respondents acknowledged security breaches, but only 34% reported the crime to law enforcement agencies.

In the United States the law now mandates life sentences for hackers who recklessly endanger the lives of others.

Crimes facilitated by use of a computer eg. Illegal sharing of music

Crimes where the computer is the target eg. Hacking. Trickier to prosecute.

Computer crimes can be broadly separated into two categories:

Crimes facilitated by use of a computer

In a crime facilitated by use of a computer, the computer is used to store, manipulate, and distribute data related to criminal activity. This may include information related to terrorists, child pornography, and illegal distribution of copyrighted materials.

Crimes where the computer is the target

Crimes where computers are targets are distinct from traditional types of criminal activity. Sophisticated technology has made it more difficult to answer questions regarding the identity of the criminal, nature of crime, identity of the victim, location or jurisdiction of the crime and other details. Electronic/digital data may be submitted as separate evidence apart from the actual crime scene presented to a Court of Law.

Cyber laws vary from country to country and so it is very important for hackers to be aware of these differences as what is considered legal in our country may be illegal in another.

Conclusion

Hopefully this article has given you a better understanding of hacking, if you have any questions please leave a comment below.