CRIMINOLOGY

CYBER CRIMINOLOGY & CYBER FORENSICS

Hacking

1
 MODULE 7 : HACKING

Component - I - Personal Details

Role Name Affiliation

Principal Investigator
Paper Coordinator
Content Writer/Author
Content Reviewer
Prof(Dr) G S Bajpai
Prof(Dr) K. Jaishankar
Amit Gopal Thakre
Prof(Dr) K. Jaishankar
Registrar
National Law University
Delhi
Professor and Head,
Department of Criminology,
Raksha Shakti University,
Ahmedabad, Gujarat
Trained Criminologist,
Department of Criminology,
Raksha Shakti University,
Ahmedabad, Gujarat
Professor and Head,
Department of Criminology,
Raksha Shakti University,
Ahmedabad, Gujarat

Component - I (B) Description of Module

Description of Module
Subject Name Criminology
Paper Name Cyber Criminology and Cyber Forensics
Module No. 7
Module Name/Title Hacking
Pre-requisites Hacker, Email, User ID, Password, Website, Antivirus
Objectives  To understand hacking
 To study various types of hacking
 To learn about preventive measures against
hacking
 To understand the need for International
cooperation in dealing with hacking
Keywords Hacking, Hacker, Internet, Password, Security, Anti-
Virus.

2
Table of Contents
1. Introduction
2. Computer Hacking
3. Email Hacking
4. Ethical Hacking
5. Network Hacking
6. Password Hacking
7. Website Hacking
8. Preventive Measures
9. Summary and Conclusion

Learning Outcomes
After completing this module, you will be able to understand:
 Hacking and its various types
 the vulnerability areas when user is using Internet
 the fundamental preventive measures against hacking attack
 the scope for effectively dealing with hacking from International perspective

3
 Hacking
1. Introduction
Hacking is a part of programmer subculture. According to Cambridge dictionary,
hacking means ‘the activity of illegally using a computer to access information stored on
another computer or to spread a virus’. Bloombecker (1984) defined hacker as ‘a person who
enjoys learning the details of computer systems and how to stretch their capabilities’ and ‘one
who program enthusiastically’. This could become a problem for the person at the receiving
end. This illegal act of using computer involves unauthorized breach of computer security
mechanisms. The cyber criminal has technical knowledge of computer and networking
system, the kind of people who trespass in secured system or network are called as hackers.
Any computer connected to internet is vulnerable to hacking, no matter what country they are
in.
There are majorly four types of hackers based on their motives which are illustrated
as under:
1. White Hats: Hack into a system with consent and full knowledge of system
administrator. This is done to locate loopholes in system/network to patch up the
vulnerable areas.
2. Black Hats: Hack the system for personal gains, for fun or with mal-intentions
towards the target. They are also called as crackers.
3. Grey Hats: Hack the system without the consent and full knowledge of system
administrator but later reveals the areas to the administrator that needs fixing. Their
main aim is not to achieve any personal gain.
4. Hactivists: Hacks websites and posts political, religious or social messages over
website’s homepage screen. Their main aim is to voice ideas and opinions about an
issue, event or an ideology.

Hacking can be of various types depending on target acquired by the hacker.

Generally, hacking is done on two levels, closed and remote. Closed system is exclusive in
nature with accessibility to only select few operating in a specified terminal. Remote systems
are interlinked and have more permeability in terms of connectivity. Remote is more popular
as it is used to perform day to day essential activities such as online payments, long distance
interactions, business related work and sharing of soft copies of documents and more.

4
 The types of hacking are:

Types of
Hacking

Computer Email Ethical Network Password Website

Hacking Hacking Hacking Hacking Hacking Hacking

2. Computer Hacking
Computer hacking involves cracking user password and gaining access to information
stored in hard disk. Usually, a computer hacker boots the system in safe mode to run a
program that controls user password. Once the password is reset, after the restart, the hacker
gets access to the computer.

3. Email Hacking
Email hacking is about obtaining login password. To do this, the hacker may use
keylogging software. Keylogger software is a spy program that records keystrokes without
the knowledge of computer user. Once installed, keylogger cannot be detected by user as it
works in stealth mode as well. Other way used by email hacker is phishing. The hacker
creates fake email login pages (copy of genuine website) in which victim enters her/his email
ID and password which is accessible to the email hacker.

4. Ethical Hacking
Ethical hacking is done by an individual or an organization to examine the ways to
strengthen the cyber security wall of a company or a network. An ethical hacker acts as a
supervisor who tries to infiltrate in computer network with the knowledge of administer and
suggest areas that needs technical repairing work to minimize the vulnerability factor. The
ethical hacker acts in a manner keeping potential attacks in mind, that way ethical hackers
keeps cyber security measures a step ahead of cyber criminals. Ethical hacker needs to stick
by certain principles that involve seeking permission from administrator, protect the right to
privacy of people involved and never use information for exploiting at later stage and assist
software developer in building more secured system. (A separate module on Ethical hacking
is provided in this paper)

5
5. Network Hacking
Networks and their connections are important for internet to run well. In order to
damage networking system, network hackers manipulate connections through malicious
program attacks. Network hacking is done through malicious scripts or software specifically
designed to manipulate networking connections. The techniques of network hacking involves
creating worms, unleashing denial of service attacks or breaching a network via unauthorized
remote access. There are certain Root Kit programs as well whose function is to detach
control of operating system from legitimate programs/software/operators/administrators. The
hole created by detachment is used by the hacker to infiltrate and perform malicious activities
with the target system.

6. Password Hacking
A password is important entity to secure sensitive information. Password is there for
online banking accounts, email accounts, computer system, ATMs, computer applications,
networks and more. In order to hack into user’s system, the hacker cracks the password. To
do this, the hacker either access the password (by having the knowledge of computer user’s
personal information) or the hacker could use advanced computing resources to crack
passwords. Some of the ways used by hackers to decrypt the password stored in hashed
symbol is by accessing root/sysadmin setting. In other way of cracking passwords, the hacker
employs dictionary attack by trying possible words and special characters combinations to run
– it is a form of hit and trial method. The most common password cracking tool used by
hackers are Ophcrack, LophtCrack, Cain and Abel, THC-Hydra, Brutus (Online tool) and
Aircrack-Ng (Wi-Fi cracking tool). Apart software, there are dedicated hardware which are
meant for cracking passwords, these includes, Botnet (a combination of high speed systems –
working simultaneously to crack password rapidly), GPU (graphical processing units to hack
passwords using computer graphics) and ASIC (high speed devices to crack passwords).
Passwords are also cracked using the technique ‘packet sniffing’ by the hacker. The packet
sniffer uses the specially designed applications that keep surveillance of the flow of data
packets in the network to catch hold of sensitive information related to computer user.

6
 Packed sniffing

Password cracking Simply guessing

Software

Password Hacking

Accessing
Dictionary attack root/sysadmin
setting

Password cracking
Hardware

7. Website Hacking
A major part of cyber attacks are carried on web applications. It is evident that
websites are visited by many people across the world over, be it for work related purpose,
online shopping, entertainment, information gathering or simply for browsing the internet.
This online presence opens up the space for vulnerability of users as well. In websites, the
credentials of users are stored in server-side scripts that may contain credit card details,
personal photographs, documents, banking details or online account information. Once the
website security wall is compromised, all the above mentioned sensitive data becomes
accessible to the hacker. Some of the common ways used by the hackers to breach website
security wall are: deepdatahiding (to reveal obscure directories), acquiring user and password
details, breaking HTTPAuth (for unauthorized access to webpage), modifying parameters (for
example, changing the price of the product in online shopping website).
The impacts of web hacking is as follows:
 Loss of confidence and trust from online customers (existing and potential).
 Revenue and profit plummeting due to damage to the online company image.
 Incurring huge loss of time and money due to downtime of websites and repairing
these damages.

7
8. Preventive Measures
To protect the system from hacker’s attack it is essential to take some preventive
measures which are enumerated as under:

1. Updating system: The operating system of the computer or the applications in the mobile
regularly sends update notifications. These updates shall be installed as and when they are
available. An updated operating system is more secured and ready to avert hacker attacks.
2. Passwords: Passwords shall not be shared with others. This involves not sharing with
friends, family or colleagues, system administrators at work. The password set for a
device (May it be a desktop computer, laptop, tablet, mobile or notebook) shall be kept
secured, preventing it from getting in to wrong hands.
3. Changing Passwords regularly: The password needs to be changed on regular basis. It is
also suggested to use combinations of alphabets-numerical-special characters to increase
the security strength of it. To avoid any sort of inconvenience, one may remember or
store latest password at safe place.
4. Safe sites: The hackers target system by duping computer users through fake websites or
luring users to install malicious codes hidden in any form of utility or entertainment file.
It is very important that users shall visit only safe websites. The sites with padlock icon at
the start of URL are safe sites and shall be used to browse the internet or download
software from it.
The image of padlock icons present on the webpage depending on the browser type is
shown in figure below.

8
5. Interact with official websites only: There is a high probability that the website visited by
internet user may not be a genuine website. If not being careful about it, the user may end
up entering his/her personal details, User ID-password or online bank details which will
go in hands of a cyber criminal, leading to huge losses to the victim. It is important to
identify the fake websites or websites with malicious codes embedded in them. First sign
is already discussed in point above, the padlock before URL. Second sign is URL address
which might appear same but may not be exactly the same. For example, instead of
www.sbionline.com it could be www.sbiownline.com. The second one is a fake site.
Third sign is the start of URL which should initiate with ‘https://’ before www (‘s’ stands
for secure). Below is an example of safe URL.

6. Logging out properly: It is a common habit of many computer users to cancel the browser
without logging out which could be dangerous if accessed by other person who readily
access user’s account without even cracking the password. This practice is more
vulnerable when done in cyber café or in a system of an office. The computer user shall
always log out properly from all websites and manually remove the user ID and password
credentials from the setting menu of the browser.
7. Installing Antivirus program: The computer user shall install an updated antivirus
program. The antivirus program shall be used to scan the system on regular basis and also
be updated as and when updates are available. Antivirus program also ensures that the
system gets connected only to trusted and safe systems. Below are few examples of
popular and free antivirus programs that could be installed to secure the system.

9
8. Miscellaneous: Deleting unknown emails is important because it might contain malicious
code that may cause inconvenience to computer user or have serious consequences.
Numerous times emails from unknown persons containing attachment is sent to inbox – a
common trick of hackers. It is recommended to visit only authenticate website and if
needed, download audio/video/software from legitimate web source only. Hackers also
use luring tactics to trap innocent users via attractive advertisements, link to easy money
making websites or adult sites. These allurements shall be ignored or avoided. Another
important security measure is using protected Wi-Fi. The Wi-Fi router shall have in-built
firewall, protected with strong password and is configured properly. Considering high and
common usage of Wi-Fi in routine lives of people in 21st century, it is important to opt for
secured ways for accessing Wi-Fi in public or private spaces.

9. Summary and Conclusion

The term hacking was initially defined as something good that makes technology
better which was synonymous to free access to online knowledge resource, providing
solutions to traditional problems through non-conventional ways and questioning the
authority (Thomas, 2002). Since technology is advancing and so is our increased dependence
over it, the concept of hacking shall not be limitedly dealt with preventive measures. There
shall be intensive research in understanding various prospects associated with hacking and
criminology. Theories of Criminology may be used as a base to understand how far hacking
could be explained similar to other forms of terrestrial crimes. For example, Routine activity
theory could be applied to explain malware victimization (Bossler & Holt, 2009) and social
learning theory can be used to understand the causes behind piracy (Higgins et al., 2006).
Hacking is evolving and slowly taking over traditional forms of crime. In age of high speed
internet, computer hackers use their technical skills to commit organized crime, cross-border

10
terrorism and assist human and drug trafficking at international level. The severity of hacking
is becoming a growing problem for law enforcement across the world.
The widespread distribution of hacking incidents across the globe demands the need
for international cooperation and legislation for prosecuting and preventing hacking. The
legal measures need to match up with the pace of technological advancements. Security
measures alone would not be sufficient as there needs to be a strong presence of legislative
actions as well to make organization (dealing with information security) accountable to
prevent security breach by hackers. For this to happen, there has to be a uniform security
related guidelines for the gate keepers of information resource. These guidelines shall take
care of putting multi-level passwords, disabling remote systems in free time, and restricted
access to security files only to password protected accounts of administrator and auto report
generating mechanism about system crashes to initiate prompt investigation about the issue.
It is necessary to amend domestic laws and then to sync them with international
conventions and with other countries as well. There is need to general universal uniformity in
cyber laws to deal with hackers effectively. This may include cross-border investigation,
extradition and mutual assistance as per the demand of the case in hand. Presently, the only
United Nations convention dealing with international aspect of hacking is ‘Protection of
Individuals with regard to Automatic Processing of Personal Data’. It is time for all the
stakeholders to align their respective domestic laws with UN convention and build solidarity
towards maintaining more secured form of networking, leaving little or no scope for hackers
to cause damage of any sorts to system users.

References
Bloombecker, J. (1984). Computer crime update: The view as we exit 1984. W. New Eng. L.
Rev., 7, 627.
Bossler, A. M., & Holt, T. J. (2009). On-line activities, guardianship, and malware infection:
An examination of routine activities theory. International Journal of Cyber
Criminology, 3(1), 400.
Higgins, G. E., Fell, B. D., & Wilson, A. L. (2006). Digital piracy: Assessing the
contributions of an integrated self‐control theory and social learning theory using
structural equation modeling. Criminal Justice Studies, 19(1), 3-22.
Thomas, D. (2002). Hacker culture. University of Minnesota Press.

11