The goal of this presentation is to make sure people understand what hacking is, what is does, the types of hacking you can get and how to prevent it.
What is Hacking?
Computer hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. Some would call this skill an art. Computer hacking is the most popular form of hacking nowadays, especially in the file of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking etc. and it is not limited to either of them. People who hack are called hackers.
What is a hacker?
A hacker is a persons consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice. However, hacking is often mistaken for any security related cyber crime. This damages the reputation of all hackers, and is very cruel and unfair to the law abiding ones -from where the term originated.
Hacking is not a crime. It is an art of awareness.
What are the different types of hackers you can come across?
There are many different types of hackers, so I've shortened it down to the seven main types of hackers you should know about.
First of all, let's get this straight. Hacking is not like what you see in Hollywood. There isn't a hooded figure typing furiously, while green text streams across the mysterious figures screen. Laughing demonically as the figure then proceeds to steal money from the biggest marketing brand in the world.
That would be the stereotypical view of a hacker. Yet, there is so much more to a hacker then Hollywood -or even the media!- describes.
Normally, Script Kiddie's do not care about hacking. They like to copy code and use it for a virus etc. They never do the coding themselves, they merely download overused software and watch a video on how to use it. A common Script Kiddie attack is DoSing or DDoSing (Denial of Service and Distributed Denial of Service), in which they flood an IP with so much information it collapses under the strain.
Fact: The attack is frequently used by the "hacker" group Anonymous.
Also known as ethical hackers, White Hat hackers are the 'good guys' of the hacker world. They will help remove any virus or do a Penetration Test (PenTest) on any company. This is when you give the testers a company's office address, and tell them to try and gain access to their system. Most White Hat hackers hold a college degree in IT security or computer science and must be certified to pursue a career in hacking.
Fact: The most popular certification is the Certified Ethical Hacker (CEH) from the EC-Council.
These people are also known as crackers. These are the people that you hear about on the news. They find banks or other companies with a weak security system and steal money or credit card information.
Fact: The surprising truth about their methods of attack is that they often use common hacking practices they learned early on.
Nothing in the world is just black and white; the same is true in the world of hacking. Gray Hat hackers do not steal money or information, yet they don't help people for good (but they could if they wanted to). They may violate laws or typical ethical standards, however they do not have malicious intent typical of black hat hackers.
Fact: These hackers comprise most of the hacking world, even though Black Hat hackers garner most -if not all- of the media's attention.
They are much like Script Kiddies however, Unlike Script Kiddies, they care about hacking and strive to become full-blown hackers. They are often flamed by the hacker community for asking many basic questions.
These are the vigilantes of the hacking world. They are like White Hats as they halt Black Hats, however, these hackers are scary to those who have ever tried so much as PenTest. Instead of reporting the malicious hacker, they shut him/her down by uploading viruses and accessing the hackers computer to destroy it from the inside to the outside. They leverage multiple aggressive methods that might force a hacker to need a new computer.
If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek revenge on those who have angered them. Most Blue Hats have, much like Script Kiddie, no desire to learn.
Professionalism has no place in art, and hacking is art. Software Engineering might be science; but that's not what I do. I am a hacker
Now, you might think that was all you need to know, BUT WAIT. The hacking world is a lot more complex than you think...
Phishing. NOT fishing. This is an old con tactic that is still used now-a-days. It is the art of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email will typically direct the user to visit a website where they are asked to update personal information (such as passwords, credit card details etc.) that the legitimate organisation has already has. The website, however, is fake and will capture and steal any information the user enters on the page, so be careful when sent unknown emails telling you you need to update your credit card details...
An example of when phishing was used was in 2003, when users received emails supposedly from eBay claiming that the user's account was about to be suspended unless he/she clicked on the provided email link and updated the credit card information that the genuine eBay already had and because it is relatively simple to make make a website look like a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were, subsequently, going to eBay's site to update their information.
In case you did not know, DDoS is short for Distributed Denial of Service. DDoS is when multiple compromised systems, which are often affected with a Trojan, are used to target a single system causing Denial of Service, hence the name. Victims of the attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack. In a DDoS attack, the incoming traffic flooding the victim orginates from many different sources - potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address.
There are many different types of DDoS attacks, here are the main three:
1. Traffic Attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation.
2. Bandwidth Attack: This DDoS attack overloads the target with massive amount of junk data - so if you've ever complained about getting ONE junk email, you got lucky. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service.
3. Application Attacks: Application-layer data messages can deplete resources in the application later, leaving the target's system services unavailable.
An example of a DDoS attack happened against the BBC in 2016. A group calling itself 'New World Hacking' said that the attack read
Malware is short for malicious software. Malware is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device. However, keep in mind that this can also happen on your computer as well,
Pharming is similar in nature to email phishing. Pharming seeks to obtain personal or private information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof websites which seem real. Pharming effectively poisons a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however, will show the user that they are at the correct the website, thus making pharming more difficult to detect.
Vishing is the phone equivalent of phishing. It is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be legitimate business, and fools the victim into thinking he or she will profit.
An email hoax is a scam that is distributed in email form. It is designed to deceive and defraud recipients, often for monetary gain. An email hoax is a commonly used Internet scam tactic targeted to specified demographics, markets or causes, including:
- Dating Scams
- Lottery Scams
- Chain Letters
- Fake Security Warnings
For example, an email hoax may be a bogus warning about a non-existent security threat or virus. This type of email hoax creates a sense of urgency that goads recipients into downloading purportedly safe repair software.
Identity theft is becoming an increasingly common problem in the UK, as fraudsters discover more and more ways to get hold of the information which is required to steal someone's identity.
Once someone else gets hold of your personal information, they are actually able to do a large amount of different things with the information. The most common types of crime are ones which are considered to be financial fraud, such as credit card fraud, bank fraud, tax rebate fraud, benefit fraud and telecommunications fraud.
I'm a really good hacker, but I'm not a sensible person.
High Profile Hacks
Still don't believe that hackers are that bad, here are two examples of high profile hacks.
The First Major Cyber Conflict
It was launched against Estonia in 2007 - a 21-day assault on its networks and websites that many believe was Russian-led. It was dubbed 'Web War One'.
At around 10pm on April 27th, 2007, the Estonian government noticed that many of its websites were kicked offline. Then, hackers defaced the websites of its president, ministries and parliament. Other shared tips for coordinating distributed denial-of-service attacks on the country's financial sector and media sites. For 21 days, Estonia fought a war carried out entirely in cyberspace, which began after it decided to remove a Soviet-era statue from its capital.
The Estonia attack didn't have much lasting damage, but it did highlight how an extremely-connected country could be brought down, albeit briefly, by hackers.
The attacks stopped entirely on May 18, 2007 at 11pm, according to Adam Segal's book 'The Hacked World Order'.
'Estonia was briefly cut off from the rest of the world, but the internet remained accessible within the country. The damage of the attack was instead highly psychological, putting Estonia's digital vulnerability in stark relief.'
'Guccifer' and the cost election
The infamous hacker 'Guccifer' inadvertently exposed the secret email address Hillary Clinton was using as Secretary of State in 2013 - and it could cost he an election.
The FBI director said earlier this month that former Secretary of State Hillary Clinton was 'extremely careless' for setting up a private email server instead of using a government system. But it's interesting to remember that the investigation, political fallout, and continuing consequences for the Democratic presidential candidate came because of a hack, by the infamous 'Guccifer'.
After the Romanian hacker gained access to the email account of Clinton confidant Sydney Blumenthal, screenshots of those emails revealed contact with an address of firstname.lastname@example.org. That email turned out to be Clinton's secret email - a revelation that continues to damage her presidential campaign.
Don't Hate The Hacker, Hate The Code...
How hacks can be prevented
Now-a-days anyone can get hacked. It's easy with the amount of social media. So here are ways that you can prevent being hacked:
- Perform required software updates for your operating system and web browser. Hackers attack where they see weakness. A system that hasn't been updated recently has flaws in it that can be taken advantage of by hackers. Go to the Microsoft Update website to download patches and secure the most recent version of your operating system. If you have a Mac, click on the apple in the top left of your screen and choose "Software Update."
- Change your passwords often. Use a different password for each website you regularly log into, and make sure your passwords are long and intricate so that they're harder to guess. It's especially important to keep your banking and other financial accounts secure.
- Purchase or download anti-virus software. Many computers come pre-installed with certain anti-virus software, but if not, or if you want more powerful software, research online to find what product suits you. Anti-virus software is crucial to keep your computer healthy. A "sick" computer, or one racked with viruses, is more susceptible to hacking. Set your preferences so your anti-virus software updates automatically.
- Install anti-spyware/adware programs onto your system. This type of intrusion is not as dangerous as a virus, but adware places advertisements onto your browser and incorporates pop-ups into your programs. This can slow down your computer, making you vulnerable to a hacker. Spyware can survey your Internet behavior and copy your passwords to use for illegitimate purposes.
- Delete emails from unknown sources. Never click on an emailed link that looks questionable. It may be a virus.
Be safe online, you don't know who's out there...
So now you know how to be safe online. Now use your new found knowledge and enjoy the wonders of online.
By Isabelle Silver
Enjoy the wonders of the internet...