The word hacker has been time and again abused by many a man. This article is an attempt to spread awareness about hacking and that all hackers are not EVIL.
What is hacking?
Hacking has always invoked curosity among programmers and other computer users all over the world . Although it has always had certain connotations, there is also a positive side to the concept of hacking.
The greatest risk that the information technology business faces today is the security of information in terms of integrity, availability, and confidentiality. Incidents of website defacements, credit card frauds, non-availability of web and application servers, and new virus attacks are common. Statistics from various researchh organisations clearly show a rise in the number of reported information security breaches over the years.
These statistics highlight the need for understanding various security breaches. Besides, it has also become necessary for system administrators, Web masters, corporate management, and individual users to implement strong security measures.
Who Exactly Is a Hacker?
Hackers are intelligent computer professionals who have learned and acquired knowledge of advanced techniques about operating systems, programming languages, and application software. Hackers try to gain indepth knowledge of a system/network, and then use that information to find possible security gaps in it.
Hackers do not always intend to damage data or other system resources.They also share their knowledge with other users, thereby highlighting security concerns. For example, a system engineer who detects the vulnerabilities of a network/system with the intention of suggesting better security measures will be a hacker with positive intentions.
Depending on the mindset and intentions of a hacker, he or she can be divided into different communities .
In additdion to the people with good knowledge and intentions, hackers may be categorized as:
- Phreaks: Phreaks use computer devices and software to break into telecommunication networks. They use the security gaps in a telecommunication network to make free phone calls and may also try to charge them to legitimate telephone users. Such act is known as Phreaking.
- Script Kiddies: Script Kiddies are individuals who have inadequate technical skills to hack into systems. They utilize already available information about known vulnerabilities to break into remote systems. Script Kiddies break into remote systems by using internet, usually for fun or just out of curosity. However, it is interesting to know that script kiddies usually do not have any specific targets for their attacks nor do they use methodologies. Script Kiddies generally use free hacking tools available on the internet to search for any computer that may be connected to a network, but which is not secure enough to counter such an attack.
Classes of Hackers
Today it is difficult to distinguish between hackers, phreaks, and script kiddies. Therefore, depending on the nature of their activities , hackers are categorized into following groups:
- White Hats
- Black Hats
- Grey Hats
White Hats: White hackers use their skills and knowledge for good purposes, helping to find new security vulnerabilities and making the vendors of the applications or network administrators aware of the detected vulnerabilities. White hackers do not hack systems with any bad intent.
White hat hackers always inform concerned security professionals about the vulnerabilities they have discovered before the security of the system is compromised by intruders with ill intentions. For example, a hacker who tries to break into a system to find all possible security weaknesses helps a system administrator implement better security measures and is known as White Hat Hackers.
Black Hats: Black hat hackers engage in their in their activities with bad intentions. They perform illegal activities, such as destroying data, denying services to legitimate users, and defacing websites. For example, a hacker who breaks into the network of a bank and steals thousands of dollars by transferring it to other banks is a Black hat hacker.
Black hat hackers may share the results of their experiments with other hackers but not with the concerned security professionals.
Grey Hats: Grey hat hacker do not believe in categorizing hacking activities as either good or bad. They believe that some of the activities that are condemned by White Hats are harmless.
Ethics of Hackers:
Ethics are principles that distinguish between right and wrong. The American Heritage Dictionary defines ethics as, "The rules or standards governing the conduct of a person or the members of a profession."
Intelligent individuals have adopted hacking as a profession, but they have also exploited hacking for various unethical reasons. Ethics have a crucial role in the hacking community.
Need for Ethics:
In a social enviornment, human beings are interdependent and need to support each other in times of crises. They also have moral and social responsibilities to provide social justice to others. At the same time, freedom is the basic right of humans . However, in this interdependency it is important that an individual should not deny another individual's right of freedom.Hence it is necessary to have some guidelines that distinguish between good conduct and bad conduct.
Ethical Issues of Hacking:
Hackers who are conscious of other people's rights are assets to information technology. Rather than harass or cause damage to others, their activities should help build and improve existing technology. It is the hacker's responsibility to ensure that their activities do not cause any damage to the confidentiality and integrity of information.
Hacking Techniques :
To hack a system, hackers have to first find the possible security gaps and vulnerabilities within that system by using various tools and techniques.
Some of the common techniques used by hackers around the world are:
- Eavesdropping/Sniffing attack
- Reconnaissance
- Scanning
- Internet Footprinting
- Pharming
Eavesdropping/Sniffing attack:
An eavesdropping attack uses special software, known as a sniffer, to gain access to communications being carried out over a network. Sniffers are used to steal the content of the communication or to obtain confidentiality data such as user credentials.
Attackers can eavesdrop on both wired and wireless network communications. On a wired network, the attacker must have physical access to the network or tap in to the network cable. On a wireless network, an attacker neds a device capable of receic=ving signals from the wireless network.
Reconnaissance:
The information about target users that interests hackers includes physical locations, assets , user details, phone numbers, network structures, operating systems, application programs, hardware configurations, available system services and bussiness strategies.
Reconnaissance is the method of collecting infromation about a potential target by using bohphysical and electronic methods. Hackers can physically enter an office or a home and search papers, computer documents , or even garbage for relevent information. However, collecting information phiysically isnot always possible because of numerous restrictions or defficulties that prevent entering a target's office or home.
Alternatively, hackers can use the internet and networking technologies to collect valuabele information about users and organisations. The internet allows hackers to access a lot of information about organizations and individuals.
Scaninng
Any technique that allows hackers to clearly understand the vulnerabilities of a target system from a remote locations simplifies hacking efforst. it is possible for hackers to find out the vulnerabilities of a remote host by performing scanning of the ports.
Scanning is the method of using programs to examine the weakness of some ports on an IP address. The tools used for scanning are knowing are known as port scanners and are used to reveal open ports in a nework , which be vulnerable to attacks.
Scanners were not developed as hacking tools. They were developed by security professionals to help system administrators examine networks for various network-specific operations. The developers of scanners made them publicly available over the internet, to help people improve the systems across the world.
However, the public availability of scanners has also helped hacker sto scan the network and its vulnerabilities. In this way, scanners have become a powerful hacking tool.
Internet Footprinting
Internet Footprinting is a type of reconnaissance technique and involves gathering information about the network of a target system . Internet footprinting helps a hacker to gain in -depth knowledge about a system, its remote access capabilities , its ports and services, and the various security aspects of the system.
Pharming
Pharming, pronounced as farming, is a hacking technique that allows a hacker to transmit the traffic of a website to a diiferent and mostly fake website. This can be performed by either modifying the contents of a file known as Hosts file on a victim's computer or by taking advantage of vulnerabilities in the Domain Name System(DNS) server software, which is which is responsibility for resolving internet names into their real addresses (IP addresses).
The fake websites receiving some other websites's traffic can be used to obtain a user's confidential information, such as passwords, PIN number, or account IDs. However, the pharming technique tchnique is only possible when the original website is not secure, or when the user ignores warnings about invalid server certificates.