What is Hacking?

Introduction &
Types
Unit 1
 Introduction
• Hacking has been a part of computing for almost five decades and it is a
very broad discipline, which covers a wide range of topics.

• The first known event of hacking had taken place in 1960 at MIT and at the
same time, the term "Hacker" was originated.

• Hacking is the act of finding the possible entry points that exist in a
computer system or a computer network and finally entering into them.
Hacking is usually done to gain unauthorized access to a computer system
or a computer network, either to harm the systems or to steal sensitive
information available on the computer.

• Hacking is usually legal as long as it is being done to find weaknesses in a

computer or network system for testing purpose. This sort of hacking is
what we call Ethical Hacking. A computer expert who does the act of
hacking is called a "Hacker". Hackers are those who seek knowledge, to
understand how systems operate, how they are designed, and then
attempt to play with these systems.
 Types of Hacking
• We can segregate hacking into different categories, based
on what is being hacked.
• Website Hacking: Hacking a website means taking
unauthorized control over a web server and its associated
software such as databases and other interfaces.

• Network Hacking: Hacking a network means gathering

information about a network by using tools like Telnet, NS
lookup, Ping, Tracert, Netstat, etc. with the intent to harm
the network system and hamper its operation.

• Email Hacking: It includes getting unauthorized access on

an Email account and using it without taking the consent of
its owner.
• Ethical Hacking: Ethical hacking involves finding
weaknesses in a computer or network system for
testing purpose and finally getting them fixed.

• Password Hacking: This is the process of

recovering secret passwords from data that has
been stored in or transmitted by a computer
system.

• Computer Hacking: This is the process of stealing

computer ID and password by applying hacking
methods and getting unauthorized access to a
computer system.
 Hacker Types
• Hackers can be classified into different
categories such as white hat, black hat, and
grey hat, based on their intent of hacking a
system. These different terms come from old
Spaghetti Westerns, where the bad guy wears
a black cowboy hat and the good guy wears a
white hat.
• White Hat Hackers are also known as Ethical Hackers. They
never intent to harm a system, rather they try to find out
weaknesses in a computer or a network system as a part of
penetration testing and vulnerability assessments. Ethical
hacking is not illegal and it is one of the demanding jobs
available in the IT industry. There are numerous companies
that hire ethical hackers for penetration testing and
vulnerability assessments. Black Hat Hackers

• Black Hat hackers, also known as crackers, are those who

hack in order to gain unauthorized access to a system and
harm its operations or steal sensitive information. Black Hat
hacking is always illegal because of its bad intent which
includes stealing corporate data, violating privacy,
damaging the system, blocking network communication,
etc.
• Grey hat hackers are a blend of both black hat
and white hat hackers. They act without
malicious intent but for their fun, they exploit
a security weakness in a computer system or
network without the owner’s permission or
knowledge. Their intent is to bring the
weakness to the attention of the owners and
getting appreciation or a little bounty from
the owners.
• Miscellaneous Hackers Apart from the above
well-known classes of hackers, we have the
following categories of hackers based on what
they hack and how they do it:

• Red Hat Hackers are again a blend of both

black hat and white hat hackers. They are
usually on the level of hacking government
agencies, top-secret information hubs, and
generally anything that falls under the
category of sensitive information.
• A blue hat hacker is someone outside computer security consulting firms
who is used to bug-test a system prior to its launch. They look for
loopholes that can be exploited and try to close these gaps. Microsoft also
uses the term BlueHat to represent a series of security briefing events.

• Elite Hackers This is a social status among hackers, which is used to

describe the most skilled. Newly discovered exploits will circulate among
these hackers.

• Script Kiddie A script kiddie is a non-expert who breaks into computer

systems by using pre-packaged automated tools written by others, usually
with little understanding of the underlying concept, hence the term
Kiddie.

• Neophyte A neophyte, "n00b", or "newbie" or "Green Hat Hacker" is

someone who is new to hacking or phreaking and has almost no
knowledge or experience of the workings of technology and hacking.

• Hacktivist A hacktivist is a hacker who utilizes technology to announce a

social, ideological, religious, or political message. In general, most
hacktivism involves website defacement or denialof-service attacks.
Famous Hackers
• Kevin Mitnick
• Kevin Mitnick is a computer security consultant and author,
who infiltrates his clients’ companies to expose their
security strengths, weaknesses, and potential loopholes.

• He is the first hacker to have his face immortalized on an

FBI "Most Wanted" poster. He was formerly the most
wanted computer criminal in the history of United States.

• From the 1970s up until his last arrest in 1995, he skilfully

bypassed corporate security safeguards, and found his way
into some of the most well-guarded systems such as Sun
Microsystems, Digital Equipment Corporation, Motorola,
Netcom, and Nokia.
• Linus Torvalds
• Linus Torvalds is known as one of the best hackers of
all time. He rose to fame by creating Linux, the very
popular Unix-based operating system. Linux is open
source and thousands of developers have contributed
to its Kernel. However, Torvalds remains the ultimate
authority on what new code is incorporated into the
standard Linux kernel. As of 2006, approximately two
percent of the Linux kernel was written by Torvalds
himself.

• He just aspires to be simple and have fun by making

the world’s best operating system. Torvalds has
received honorary doctorates from Stockholm
University and University of Helsinki.
• Robert Morris
• Robert Morris, known as the creator of the Morris
Worm, the first computer worm to be unleashed
on the Internet. The worm had the capability to
slow down computers and make them no longer
usable. As a result of this, he was sentenced to
three years’ probation, 400 hours of community
service and also had to pay a penalty amount of
$10,500.

• Morris is currently working as a tenured professor

at the MIT Computer Science and Artificial
Intelligence Laboratory.
• Ankit Fadia
• Ankit Fadia is an Indian author, speaker, television
host, a security charlatan, and self-proclaimed white
hat computer hacker. His work mostly involves OS and
networking tips and tricks and proxy websites.

• He has hosted a popular show on MTV India called

What the Hack!, where he gave tips, tricks and tweaks
to get more out of technology and the Internet and
now has his own YouTube channel called Geek On The
Loose.
Widely recognized as a computer security expert, he
has published 16 books, delivered more than 1000
talks in 25 countries, received several awards and
trained more than 20,000 people in India and China.
 What is Cybercrime?
• Crime committed on computer is known by different names
such as e-crime, cyber crime or electronic crime.

• Cybercrime is the activity of using computers and networks

to perform illegal activities like spreading computer viruses,
online bullying, performing unauthorized electronic fund
transfers, etc.

• Most cybercrime hacks are committed through the internet,

and some cybercrimes are performed using Mobile phones
via SMS and online chatting applications.
 Type of Cybercrime
• The following list presents the common types of cybercrimes:
• Computer Fraud: Intentional deception for personal gain via the use of computer
systems.

• Privacy violation: Exposing personal information such as email addresses, phone

number, account details, etc. on social media, hacking a websites, etc.

• Identity Theft: Stealing personal information from somebody and impersonating that
person.

• Sharing copyrighted files/information: This involves distributing copyright protected

files such as eBooks and computer programs etc.

• Electronic funds transfer: This involves gaining an un-authorized access to

bank computer networks and making illegal fund transfers.

• Electronic money laundering: This involves the use of the computer to launder money.

• ATM Fraud: This involves intercepting ATM card details such as account number and
PIN numbers. These details are then used to withdraw funds from the intercepted
accounts.
• Denial of Service Attacks: This involves the use of computers in multiple locations
to attack servers with a view of shutting them down.

• Spam: Sending unauthorized emails. These emails usually contain advertisements.

• SPYING: Unauthorized access to offline computer and network computers which

may be accessed using internal sources.

• OBSCENE/ OFENSIVE CONTENT:

– Some of the website and other electronic communication over the internet
may contain information and images which may be offensive for variety of
reasons
– It is one of the criminal activity where the creating, distributing, accessing and
spreading obscene material which exploits human being in any manner

• Harassment:
– This cyber crime comprises all obscene and comments which have been
directed towards a specific individual or a community focusing for religion,
gender, nationality etc.
 What is Ethical Hacking?
• Ethical Hacking is identifying weakness in computer
systems and/or computer networks and coming with
countermeasures that protect the weaknesses. Ethical
hackers must abide by the following rules.
– Get written permission from the owner of the computer
system and/or computer network before hacking.

– Protect the privacy of the organization been hacked.

– Transparently report all the identified weaknesses in the

computer system to the organization.

– Inform hardware and software vendors of the identified

weaknesses.
 Why Ethical Hacking?
• Information is one of the most valuable assets of
an organization. Keeping information secure can
protect an organization’s image and save an
organization a lot of money.

• Ethical hacking puts them a step ahead of the

cyber criminals who would otherwise lead to loss
of business.

• Hacking can lead to loss of business for

organizations that deal in finance such as PayPal.
• PayPal has confirmed that a researcher found
a high-severity security vulnerability that could
expose user passwords to an attacker. The
researcher, Alex Birsan, earned a bug bounty
of $15,300 (£11,700) for reporting the
problem, which was disclosed January 8
having been patched by PayPal on December
11, 2019
 Legality of Ethical Hacking
• Ethical Hacking is legal if the hacker abides by
the rules stipulated in the above section on the
definition of ethical hacking.

• The International Council of E-Commerce

Consultants (EC-Council) provides a certification
program that tests individual’s skills.

• Those who pass the examination are awarded

with certificates. The certificates are supposed to
be renewed after some time.
 Potential Security Threats To Your
Computer Systems
• A computer system threat is anything that leads
to loss or corruption of data or physical damage
to the hardware and/or infrastructure.

• Knowing how to identify computer security

threats is the first step in protecting computer
systems.

• The threats could be intentional, accidental or

caused by natural disasters.
 What is a Security Threat?

• Security Threat is defined as a risk that which

can potentially harm computer systems and
organization.

• The cause could be physical such as someone

stealing a computer that contains vital data.

• The cause could also be non-physical such as a

virus attack.
 What are Physical Threats?
• A physical threat is a potential cause of an incident that
may result in loss or physical damage to the computer
systems.

• The following list classifies the physical threats into three

(3) main categories;
– Internal: The threats include fire, unstable power supply,
humidity in the rooms housing the hardware, etc.

– External: These threats include Lightning, floods, earthquakes,

etc.

– Human: These threats include theft, vandalism of the

infrastructure and/or hardware, disruption, accidental or
intentional errors.
• To protect computer systems from the above mentioned physical
threats, an organization must have physical security control
measures.

• The following list shows some of the possible measures that can
be taken:
– Internal: Fire threats could be prevented by the use of automatic fire
detectors and extinguishers that do not use water to put out a fire. The
unstable power supply can be prevented by the use of voltage
controllers. An air conditioner can be used to control the humidity in
the computer room.

– External: Lightning protection systems can be used to protect computer

systems against such attacks. Lightning protection systems are not
100% perfect, but to a certain extent, they reduce the chances of
Lightning causing damage. Housing computer systems in high lands are
one of the possible ways of protecting systems against floods.

– Humans: Threats such as theft can be prevented by use of locked doors

and restricted access to computer rooms.
 What are Non-physical threats?
• A non-physical threat is a potential cause of an incident
that may result in;
• Loss or corruption of system data

• Disrupt business operations that rely on computer systems

• Loss of sensitive information

• Illegal monitoring of activities on computer systems

• Cyber Security Breaches

• Others
• The non-physical threats are also known as logical threats.
The following list is the common types of non-physical
threats;
• Virus
• Trojans
• Worms
• Spyware
• Key loggers
• Adware
• Denial of Service Attacks
• Distributed Denial of Service Attacks
• Unauthorized access to computer systems resources such
as data
• Phishing
• Other Computer Security Risks
• To protect computer systems from the
above-mentioned threats, an organization must
have logical security measures in place. The
following list shows some of the possible
measures that can be taken to protect cyber
security threats

• To protect against viruses, Trojans, worms, etc.

an organization can use anti-virus software. In
additional to the anti-virus software, an
organization can also have control measures on
the usage of external storage devices and visiting
the website that is most likely to download
unauthorized programs onto the user’s computer.
• Unauthorized access to computer system
resources can be prevented by the use of
authentication methods. The authentication
methods can be, in the form of user ids and strong
passwords, smart cards or biometric, etc.

• Intrusion-detection/prevention systems can be

used to protect against denial of service attacks.
There are other measures too that can be put in
place to avoid denial of service attacks.