Unit – 2

Hackers and Cyber Crimes

What are Hackers? A hacker is a person who breaks into a computer system. The reasons for
hacking can be many: installing malware, stealing or destroying data, disrupting service, and more.
Hackers are individuals with advanced computer skills who possess in-depth knowledge of computer
systems and networks.
What are Crackers? Crackers are kind of bad people who break or violate the system or a
computer remotely with bad intentions to harm the data and steal it. Crackers destroy data by gaining
unauthorized access to the network. Crackers, on the other hand, are individuals who break into
computer systems and networks with malicious intent, often for personal gain or to cause harm.
Write the Difference between Hackers and Crackers?
1. Hackers are people who use their knowledge for a good purpose and do not damage the data,
whereas a cracker is someone who breaks into the system with a malicious purpose and damages data
intentionally.
2. Hackers possess advanced knowledge of computer systems and programming languages, while
crackers might not necessarily be so skilled and well-versed with computing knowledge.
3. The hackers work for an organization to improvise their network and solve any issues. Crackers
are someone from whom the hacker protects the organization. Crackers work just because a system
might be challenging or to get illegal gains.
4. Hacking is ethical, while cracking is illegal and unethical.
5. Hackers have ethical certificates, while the Crackers do not possess any certificates.
6. Hackers continuously work towards making new tools rather than using the existing ones. The
crackers, on the other hand, have inadequate computing knowledge to make new tools and use tools
already used by other crackers.
Types of Hackers:
White Hat Hackers (Ethical Hacker): Also known as ethical hackers, they
use their skills to identify vulnerabilities in computer systems and networks
and help organizations strengthen their security defenses. A security hacker
who gains access to systems with a view to fix the identified weaknesses.
They may also perform penetration Testing and vulnerability assessments.
Black Hat Hackers: These are malicious hackers who exploit
vulnerabilities for personal gain, engage in cybercrime, steal data, and cause
harm. A hacker who gains unauthorized access to computer systems for
personal gain. The intent is usually to steal corporate data, violate privacy
rights, transfer funds from bank accounts etc.
Grey Hat Hackers: They fall somewhere between white hat and black hat
hackers. They may exploit vulnerabilities without authorization but with the
intention of notifying the affected parties to fix the issues. A hacker who is
in between ethical and black hat hackers. He/she breaks into computer
systems without authority with a view to identify weaknesses and reveal
them to the system owner.
 Script kiddies: A non-skilled person who gains access to computer systems
using already made tools.

Hacktivist: A hacker who use hacking to send social, religious, and

political, etc. messages. This is usually done by hijacking websites and
leaving the message on the hijacked website.

Phreaker: A hacker who identifies and exploits weaknesses in telephones

instead of computers.

Cyber-Attacks and Vulnerabilities:

Cyber-attacks are deliberate actions aimed at exploiting vulnerabilities in computer systems,
networks, or software to gain unauthorized access, disrupt operations, or steal sensitive information.
Vulnerabilities are weaknesses or flaws in software, hardware, or network configurations that can be
exploited by attackers to compromise systems.
Malware Threats:
Malware, short for malicious software, refers to any software designed to perform malicious activities
on a computer system.
Types of malwares include viruses, worms, Trojans, ransomware, spyware, adware, and botnets.
Malware can be delivered through email attachments, malicious websites, infected software
downloads, or removable media.
Sniffing:
Sniffing involves capturing and analyzing network traffic to intercept sensitive information such as
passwords, usernames, credit card numbers, or other confidential data. A sniffing attack is an act of
intercepting or capturing data while in transit through a network. Sniffing is a process of monitoring
and capturing all data packets passing through given network. Sniffers are used by network/system
administrator to monitor and troubleshoot network traffic. Attackers use sniffers to capture data
packets containing sensitive information such as password, account information etc. Sniffers can be
hardware or software installed in the system.
Active Sniffing: Sniffing in the switch is active sniffing. A switch is a point to point network device.
The switch regulates the flow of data between its ports by actively monitoring the MAC address on
each port, which helps it pass data only to its intended target. In order to capture the traffic between
target sniffers has to actively inject traffic into the LAN to enable sniffing of the traffic. This can be
done in various ways.
Passive Sniffing: This is the process of sniffing through the hub. Any traffic that is passing through
the non-switched or unbridged network segment can be seen by all machines on that segment. Sniffers
operate at the data link layer of the network. Any data sent across the LAN is actually sent to each
and every machine connected to the LAN. This is called passive since sniffers placed by the attackers
passively wait for the data to be sent and capture them.
Sniffing attacks can be carried out using specialized tools or by compromising network devices.
Gaining Access:
Gaining access refers to the process of unauthorized entry into a computer system, network, or
application. Gaining access attack is the second part of the network penetration testing. In this section,
we will connect to the network. This will allow us to launch more powerful attacks and get more
accurate information. If a network doesn't use encryption, we can just connect to it and sniff out
unencrypted data. If a network is wired, we can use a cable and connect to it, perhaps through
changing our MAC address.
Attackers may use various methods such as exploiting software vulnerabilities, using default or weak
credentials, or conducting brute-force attacks to gain access.
Escalating Privileges:
Once attackers gain initial access, they may attempt to escalate their privileges to gain higher levels
of control within the system. A privilege escalation attack is a cyberattack designed to gain
unauthorized privileged access into a system. Privilege escalation is the act of exploiting a bug, a
design flaw, or a configuration oversight in an operating system or software application to gain
elevated access to resources that are normally protected from an application or user.
Privilege escalation involves exploiting vulnerabilities or misconfigurations to gain administrative or
root-level access, which allows the attacker to perform more extensive actions.
Executing Applications:
Attackers may execute malicious applications or scripts on compromised systems to carry out specific
actions, such as stealing data, launching further attacks, or creating backdoors for future access.
Hiding Files:
Attackers may hide their malicious files, scripts, or malware within legitimate-looking files, folders,
or system areas to evade detection by security tools and administrators.
Covering Tracks:
After carrying out an attack, attackers may attempt to cover their tracks by deleting logs, modifying
timestamps, or tampering with audit trails to avoid detection and hinder forensic investigations. If
someone covers their tracks, they hide or destroy evidence of their identity or their actions, because
they want to keep them secret.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter
computer code, logic or data and lead to cybercrimes, such as information and identity theft.

We are living in a digital era. Now a day, most of the people use computer and internet. Due to the
dependency on digital things, the illegal computer activity is growing and changing like any type of
crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-
based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS
resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the
attacker’s computer or any other computer. The DNS spoofing attacks can go on for a long period
of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies to
store the state and user sessions. By stealing the cookies, an attacker can have access to all of the
user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials
and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in
electronic communication.

5. Brute force

It is a type of attack which uses a trial-and-error method. This attack generates a large number of
guesses and validates them to obtain actual data like user password and personal identification
number. This attack may be used by criminals to crack encrypted data, or by security, analysts to
test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It
accomplishes this by flooding the target with traffic or sending it information that triggers a crash.
It uses the single system and single internet connection to attack a server. It can be classified into
the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in
bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request per
second.
7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original
password.
8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web
server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server
and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify
the data in the intercepted connection.

System-based attacks

These are the attacks which are intended to compromise a computer or a computer network. Some
of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without the
knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting
copies of itself into other computer programs when executed. It can also execute instructions that
cause harm to the system. Viruses are programs that replicate and spread by attaching themselves to
other files or programs, often causing damage or disrupting system operations.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email attachments that
appear to be from trusted senders. Worms are self-replicating programs that spread across networks,
exploiting vulnerabilities and consuming system resources. A worm virus refers to a malicious
program that replicates itself, automatically spreading through a network. A computer worm is a
type of malware that spreads copies of itself from computer to computer. A worm can replicate
itself without any human interaction, and it does not need to attach itself to a software program in
order to cause damage.

3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity,
even when the computer should be idle. It misleads the user of its true intent. It appears to be a
normal application but when opened/executed some malicious code will run in the background.
Trojans are malicious programs disguised as legitimate software, which trick users into executing
them and provide unauthorized access to attackers. A Trojan is sometimes called a Trojan virus or a
Trojan horse virus. A Trojan horse, or Trojan, is a type of malicious code or software that looks
legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in
general inflict some other harmful action on your data or network. A Trojan Horse Virus is a type of
malware that downloads onto a computer disguised as a legitimate program.

4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor
so that an application or operating system can be accessed for troubleshooting or other purposes.
Backdoors are hidden entry points created by attackers to bypass normal authentication mechanisms
and gain unauthorized access to systems or networks. A backdoor is a means to access a computer
system or encrypted data that bypasses the system's customary security. A backdoor is any method
that allows somebody — hackers, governments, IT people, etc. — to remotely access your device
without your permission or knowledge. Hackers can install a backdoor onto your device by using
malware, by exploiting your software vulnerabilities, or even by directly installing a backdoor in your
device’s hardware/firmware.

5. Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some
bots program run automatically, while others only execute commands when they receive specific
input. Common examples of bot’s program are the crawler, chatroom bots, and malicious bots.