See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/333632435

Ethical Hacking and Knowledge about Hacking

Preprint · October 2017

DOI: 10.13140/RG.2.2.17344.79362

CITATIONS READS
0 1,430

1 author:

Ramyar A. Teimoor
University of Sulaimani
15 PUBLICATIONS   2 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Voice Recognition (STT) View project

E-voting System View project

All content following this page was uploaded by Ramyar A. Teimoor on 05 June 2019.

The user has requested enhancement of the downloaded file.

 Ethical Hacking and Knowledge about Hacking
Ramyar Abdulrahman Teimoor

Computer Department - Collage of Science – University of Sulaimani,Iraq

ramyar.taimur@univsul.edu.iq

Abstract: "Hacking" is the word that shakes everyone whenever it is said or heard by someone.
Everyone born in this world with attitude wants to be a Hacker, Nowadays Hacking has been one
of the common practices made by the computer expert in order to try and find vulnerabilities in a
network infrastructure or A Hacker needs a brilliant mind to hack anything. His skills should be
so powerful that no other hacker can hack him. A Hacker doesn't need a software to hack, In this
paper I have mentioned three different types of Hacking i.e. White Hat Hacking, Grey Hat
Hacking and Black Hat hacking. White Hat Hacking is the practice made by the hackers to
dominant the world by their criminal skills. It is used in the profit making purpose. Similarly
other type of hacking is Grey Hat Hacking in which he or she is submerged in the world of
hacking for non-profitable purpose and also want to prove themselves that they can dominant the
world by their criminal skills. For example if he or she is intended to enter into other computers
and able to extract important data without causing harm to the victim can be term as he or she is
Grey Hat Hackers. Grey Hat Hackers can also be known as ethical hackers that they can be both
helpful and harmful as it is the combination of both White & Black Hat Hacking. In addition to
that if the Grey Hat Hackers crosses their boundaries then there is no chance to become Black
Hat Hackers. Similarly last and most high demanding types of hacking known as Black Hat
Hacking is describe in this paper. It is also known as cracker or dark side hacker. In this types of
hacking he or she is fully involve in profit making activities by destroying organization network,
stealing others valuable data ,documents, hacking bank account and transferring money to their
own and so on.

Keywords: Hack, Hackers, Cybercrime, Security, Protection, Attack.

1
1. INTRODUCTION

Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to

gain access. Example of Hacking: Using password cracking algorithm to gain access to a system,
Computers have become mandatory to run a successful businesses. It is not enough to have
isolated computers systems; they need to be networked to facilitate communication with external
businesses. This exposes them to the outside world and hacking. Hacking means using
computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal
data, etc. Cybercrimes cost many organizations millions of dollars every year. Businesses need to
protect themselves against such attacks.[1]

1.1 Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems and/or networks
to gain access. Hackers are usually skilled computer programmers with knowledge of computer
security.[2]

Hackers are classified according to the intent of their actions. The following list classifies
hackers according to their intent.

 Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the
identified weaknesses. They may also perform penetration testing and vulnerability
assessments.
 Cracker (Black hat): A hacker who gains unauthorized access to computer systems for
personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer
funds from bank accounts etc.
 Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into
computer systems without authority with a view to identify weaknesses and reveal them to
the system owner.

2. CYBERCRIME

Cybercrime is the use of computers and networks to perform illegal activities such as spreading
computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most
cybercrimes are committed through the internet. Some cybercrimes can also be carried out using
Mobile phones via SMS and online chatting applications.[1]

2
2.1 TYPE OF CYBERCRIME

The following list presents the common types of cybercrimes:

 Computer Fraud: Intentional deception for personal gain via the use of computer
systems.
 Privacy violation: Exposing personal information such as email addresses, phone
number, and account details, etc. on social media, websites, etc.
 Identity Theft: Stealing personal information from somebody and impersonating that
person.
 Sharing copyrighted files/information: This involves distributing copyright protected
files such as eBooks and computer programs etc.
 Electronic funds transfer: This involves gaining an un-authorized access to bank
computer networks and making illegal fund transfers.
 Electronic money laundering: This involves the use of the computer to launder money.
 ATM Fraud: This involves intercepting ATM card details such as account number and
PIN numbers. These details are then used to withdraw funds from the intercepted
accounts.
 Denial of Service Attacks: This involves the use of computers in multiple locations to
attack servers with a view of shutting them down.
 Spam: Sending unauthorized emails. These emails usually contain advertisements.

3. TYPE OF ATTACKS

We can say that we have three types of attacks against computer systems: Physical, Syntactic and
Semantic. A physical attack uses conventional weapons, such as bombs or fire. A syntactic
attack uses virus-type software to disrupt or damage a computer system or network. A semantic
attack is a more subtle approach. Its goal is to attack users' confidence by causing a computer
system to produce errors and unpredictable results. Syntactic attacks are sometimes grouped
under the term "malicious software" or "malware". These attacks may include viruses, worms,
and Trojan horses. One common vehicle of delivery formal ware is email. Semantic attacks
involve the modification of information or dissemination of incorrect information. Modification
of information has been perpetrated even without the aid of computers, but computers and
networks have provided new opportunities to achieve this. Also, the dissemination of incorrect
information to large numbers of people quickly is facilitated by such mechanisms as email,
message boards.[3]

3
4. WEBSITES HACKING TRICKS

Websites Hacking tricks can be divided into different categories elaborated below:

 Trojan programs that share files via instant messenger.

 Phishing
 Fake Websites.
 Spoofing
 Spyware
 Electronic Bulletin Boards
 Information Brokers
 Internet Public Records
 Trojan Horses

4.1 Trojan programs that share files via instant messenger

Instant messaging allows file-sharing on a computer. All present popular instant messengers
have file sharing abilities, or allow users to have the above functionality by installing patches or
plug-ins; this is also a major threat to present information security. These communication
software also make it difficult for existing hack prevention method to prevent and control
information security. Hackers use instant communication capability to plant Trojan program into
an unsuspected program; the planted program is a kind of remotely controlled hacking tool that
can conceal itself and is unauthorized. The Trojan program is unknowingly executed, controlling
the infected computer; it can read, delete, move and execute any file on the computer. The
advantages of a hacker replacing remotely installed backdoor Trojan programs with instant
messengers to access files are: When the victim gets online, the hacker will be informed. Thus, a
hacker can track and access the infected computer, and incessantly steal user information.

A hacker need not open a new port to perform transmissions; he can perform his operations
through the already opened instant messenger port. Even if a computer uses dynamic IP
addresses, its screen name doesn't change.

4.1.1 Hijacking and Impersonation

There are various ways through which a hacker can impersonate other users. The most
commonly used method is eavesdropping on unsuspecting users to retrieve user accounts,
passwords and other user related information.

The theft of user account number and related information is a very serious problem in any instant
messenger. For instance, a hacker after stealing a user's information impersonate the user; the
user's contacts not knowing that the user's account has been hacked believe that the person
they're talking to is the user, and are persuaded to execute certain programs or reveal confidential
information. Hence, theft of user identity not only endangers a user but also surrounding users.

4
Guarding against Internet security problems is presently the focus of future research; because
without good protection, a computer can be easily attacked, causing major losses.

Hackers wishing to obtain user accounts may do so with the help of Trojans designed to steal
passwords. If an instant messenger client stores his/her password on his/her computer, then a
hacker can send a Trojan program to the unsuspecting user. When the user executes the program,
the program shall search for the user's password and send it to the hacker. There are several ways
through which a Trojan program can send messages back to the hacker. The methods include
instant messenger, IRC, emails, etc. Current four most popular instant messengers are AIM,
Yahoo! Messenger, ICQ, and MSN Messenger, none of which encrypts its flow. Therefore, a
hacker can use a man-in-the-middle attack to hijack a connection, then impersonate the hijacked
user and participate in a chat-session.

4.1.2 Denial of Service

There are many ways through which a hacker can launch a denial of service (DoS) attack on an
instant messenger user. A Partial DoS attack will cause a user end to hang, or use up a large
portion of CPU resources causing the system to become unstable. There are many ways in which
a hacker can cause a denial of service on an instant messenger client. One common type of attack
is flooding a particular user with a large number of messages. The popular instant messaging
clients contain protection against flood-attacks by allowing the victim to ignore certain users.
However, there are many tools that allow the hacker to use many accounts simultaneously, or
automatically create a large number of accounts to accomplish the flood-attack. Adding to this is
the fact that once, the flood-attack has started and the victim realizes what has happened, the
computer may become unresponsive. Therefore, adding the attacking user accounts to the ignore
list of the instant messenger client may be very difficult DoS attacks are very easy to generate
and very difficult to detect, and hence are attractive weapons for hackers. In a typical DoS attack,
the attacker node spoofs its IP address and uses multiple intermediate nodes to overwhelm other
nodes with traffic. DoS attacks are typically used to take important servers out of action for a few
hours, resulting in DoS for all users served by the server. It can also be used to disrupt the
services of intermediate routers.

4.2 Phishing

The word phishing comes from the analogy that Internet scammers are using email lures to fish
for passwords and financial data from the sea of Internet users. The term was coined in 1996 by
hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting
AOL users. Since hackers have a tendency to replacing “f'” with “ph” the term phishing was
derived.

5
4.3 Fake Web sites

Fake bank websites stealing account numbers and passwords have become increasingly common
with the growth of online financial transactions. Hence, when using online banking, we should
take precautions like using a secure encrypted customer's certificate, surf the net following the
correct procedure, etc.

4.3.1 Pharming

Similar in nature to phishing, Pharming (pronounced farming) is a Hacker's attack aiming to

redirect a website's traffic to another, bogus website. Pharming can be conducted either by
changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server
software. DNS servers are computers responsible for resolving Internet names into their real
addresses - they are the "signposts" of the Internet. Compromised DNS servers are sometimes
referred to as "poisoned". The term pharming is a word play on farming and phishing. The term
phishing refers to social engineering attacks to obtain access credentials such as user names and
passwords. In recent years pharming has been used to steal identity information. Pharming has
become of major concern to businesses hosting ecommerce and online banking websites.

4.4 Spoofing

A technique used to gain unauthorized access to computers, whereby the intruder sends messages
to a computer with an IP address indicating that the message is coming from a trusted host. To
engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a
trusted host and then modify the packet headers so that it appears that the packets are coming
from that host.

4.5 Spyware

Spyware is computer software that can be used to gather and remove confidential information
from any computer without the knowledge of the owner. Everything the surfer does online,
including his passwords, may be vulnerable to spyware. Spyware can put anyone in great danger
of becoming a victim of identity theft. Moreover, some forms of spyware can be installed on the
computer from a remote location without the identity thief ever having physical access to the
victim's computer.

4.6 Electronic Bulletin Boards

Chat rooms and electronic bulletin boards have become breeding grounds for identity theft.
When criminals have obtained personal identifying information such as credit card numbers or
social security numbers, they visit hacker chat rooms and post messages that they have personal
information for sale.

6
4.7 Information Brokers

Information brokers have been around for decades, however, a new breed of information broker
has emerged in recent years; the kind that sells personal information to anyone requesting it
electronically via the Internet Driven by greed, some information brokers are careless when they
receive an order. They fail to verify the identity of the requesting party and do little, if any,
probing into the intended use of the information.

4.8 Internet Public Records

There are two ways public records are accessible electronically. Some jurisdictions post them on
their government web sites, thereby providing free or low-cost access to records. Government
agencies and courts also sell their public files to commercial data compilers and information
brokers. They in turn make them available on a fee basis, either via web sites or by special
network hookups.

4.9 Trojan Horses

In this context, a Trojan horse could be defined as an application that appears to be benign, but
instead performs some type of malicious activity. A Trojan can be disguised as a game, an e-mail
attachment, or even a Web page. As soon as the victim runs or opens the camouflaged
application, the Trojan installs itself on the hard drive and then runs each time Windows is
started.

5. PROTECTING OUR SELF FROM HACKING

5.1 Install a Firewall

A firewall is a software program or piece of hardware that blocks hackers from entering and
using your computer. Hackers search the Internet the way some telemarketers automatically dial
random phone numbers. They send out pings (calls) to thousands of computers and wait for
responses. Firewalls prevent your computer from responding to these random calls. A firewall
blocks communications to and from sources you don’t permit. This is especially important if you
have a high-speed Internet connection, like DSL or cable.[4]

5.2 Use Anti-virus Software

Anti-virus software protects your computer from viruses that can destroy your data, slow down
or crash your computer, or allow spammers to send email through your account. Anti-virus
protection scans your computer and your incoming email for viruses, and then deletes them. You
must keep your anti-virus software updated to cope with the latest “bugs” circulating the
Internet. Most anti-virus software includes a feature to download updates automatically when
you are online. In addition, make sure that the software is continually running and checking your
system for viruses, especially if you are downloading files from the Web or checking your email.

7
Set your anti-virus software to check for viruses when you first turn on your computer. You
should also give your system a thorough scan at least twice a month.

5.3 Use a Strong Password – and Keep it to yourself

Protect your computer from intruders by choosing passwords that are hard to guess. Use strong
passwords with at least eight characters, a combination of letters, numbers and special characters.
Don’t use a word that can easily be found in a dictionary. Some hackers use programs that can
try every word in the dictionary. Try using a phrase to help you remember your password, using
the first letter of each word in the phrase. For example, HmWc@wC2 – How much wood could a
woodchuck chuck. Protect your password the same way you would the key to your home. After
all, it is a “key” to your personal information. [5]

5.4 Use Secure Your Wireless Network

If you use a wireless network in your home, be sure to take precautions to secure it against
hackers. Encrypting wireless communications is the first step. Choose a wireless router with an
encryption feature and turn it on. WPA encryption is considered stronger than WEP.

5.5 Do not download information from an authorized source

Downloading information and files from the internet is a common practice. Downloading free
programs is unwise unless downloaded from reputable sites. Many free downloads can include
viruses that can monitor your activity on the net, result in spam or other serious breach of your
system. [6]

6. CONCLUSION

Computer programmers as a subculture of the general engineering and scientific community

have their own set of heroes with aspects based on the values that programmers respect. These
heroic figures, called hackers, are not at all like the popular press version of the computer hacker.
Legendary hackers are both real and fictional, but tend to share certain common features:
extraordinary programming skill, cleverness in the face of difficulty, an ability to suspend all
other activities while producing a solution to a problem, an appreciation for a clever solution to a
seemingly insignificant problem, weakness in some other aspect to balance their skill as a
hacker, and adherence to some form of the Hacker Ethic. Legends of the exploits of the heroic
hacker are passed through the virtual community of the programmer, the Internet, using email,
newsgroups, and recently web pages. These communication media allow the community of
programmers to be in close contact even though they may be physically separated.

8
 REFERENCE

[1] https://www.guru99.com/what-is-hacking-an-introduction.html

[2] https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_hacker_types.htm

[3] Types of Hacking Attack and their Counter Measure Minakshi Bhardwaj and G.P. Singh,
Volume 1, Number 1 (2011), pp. 43-53 © Research India Publications
http://www.ripublication.com/ijepa.htm

[4] https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/CIS_12_Computer_protection_DOJ.pdf

[5] Protecting your passwords, the sans institute 2011 http://www.securingthehuman.org

[6] Computer Safety Operating Safety & Security, https://www.peelpolice.ca

/en/crimeprevention/resources/ComputerSafety-OperatingSafetyAndSecurity.pdf

View publication stats