HACKING

WHAT IS HACKING?

It is an attempt to exploit
a computer system or a
private network inside a
computer. Simply put, it is
the unauthorized access
to or control over
computer network
security systems for some
illicit purpose.
WHAT IS A HACKER?
Someone who uses a
computer system to gain
unauthorized access to
another system for data or
who makes another system
unavailable. These hackers
will use their skills for a
specific goal, such as stealing
money, gaining fame by
bringing down a computer
system, or making a network
unavailable -- even sometimes
destroying them.
WHY DO HACKERS ATTACT?

1. Steal/Leak Information
2. Disrupt Services
3. Money
4. Driven by Purpose (Hacktivism, Idealism,
Political Motives)
1. STEAL/LEAK INFORMATION

A lot of times, hackers also

steal information in order to
assume your personal identity and
then use it for something else like
transferring money, taking a loan,
etc. Such incidents have increased
after Internet banking and mobile
banking have started to become
more popular.
II. DISRUPT SERVICES
Hackers just love to take
something down. And then also
leave a statement on the website
- more on that later. But hackers
have successfully taken down
many services by creating bots
that overwhelm a server with
traffic, thus, leading to a crash. It
is known as a DoS (Denial of
Service) attack and can put a
company’s website out of
service for a while.
III. MONEY
This is what everyone usually
fears about. We've seen many
businesses reach out to us at the
stage when they have already
been hacked and a hacker is
demanding money. Hackers not
only hack businesses and ask for
ransom but they also try hacking
into regular user accounts and
try to take advantage of things
like online banking, online retail,
etc. where financial transactions
are involved.
IV. DRIVEN BY PURPOSE
Many hackers are also drive by a specific purpose.
Sometimes, this comes out only when they get caught.
Some of them aim to be idealists and take it upon
themselves to expose injustice, some have political
motives, some simple target the government, and so
on. A major example is a hacktivist group called
Anonymous who have been popular around the world
for challenging and taking down many governments.
These hackers can target religious groups,
governments, movements, to promote a particular
agenda.
WHO IS KEVIN MITNIK?
Kevin Mitnick is the world's
most famous hacker,
bestselling author, and the top
cyber security speaker. Once
one of the FBI's Most Wanted
because he hacked into 40
major corporations just for the
challenge, Kevin is now a
trusted security consultant to
the Fortune 500 and
governments worldwide. He is
also called “The Condor” and
“The Darkside Hacker”
WHAT IS ETHICAL HACKING?

Sometimes called as Penetration

Testing , an act of intruding/penetrating
into system or networks to find out
threats, vulnerabilities in those systems
which a malicious attacker may find and
exploit causing loss of data, financial loss
or other major damages.
 The purpose of ethical hacking is to improve the
security of the network or systems by fixing the
vulnerabilities found during testing. Ethical hackers
may use the same methods and tools used by the
malicious hackers but with the permission of the
authorized person for the purpose of improving the
security and defending the systems from attacks by
malicious users.
 BENEFITS OF ETHICAL HACKING
The primary benefit of ethical hacking is to prevent data
from being stolen and misused by malicious attackers, as
well as:
 Discovering vulnerabilities from an attacker’s POV so that
weak points can be fixed.
 Implementing a secure network that prevents security
breaches.
 Defending national security by protecting data from
terrorists.
 Gaining the trust of customers and investors by ensuring
the security of their products and data.
 Helping protect networks with real-world assessments.
PHASES OF ETHICAL HACKING

1. Planning and Reconnaissance

2. Scanning
3. Gaining Access
4. Maintaining Access
5. Analysis
1. ANALYSIS
The first step in ethical hacking
is to define the scope and goals of
a test as well as the testing
methods to be followed. It also
addresses intelligence to
understand the potential
vulnerabilities and how a target
works. The prospective
footprinting is made through
search engines, web services,
social network sites, DNS, email,
network, etc. by using footprinting
tools.
2. SCANNING

In the second step, scanning

is performed to understand how
a target reacts to various
intrusion attempts, in two ways –
when the application’s code is
static and when the application’s
code is functioning. The later is
the most practical way to
understand the application’s
performance in real-time.
3. GAINING ACCESS

This is a crucial step where

the web application is attacked
using SQL injections, cross-site
scripting, backdoors, etc. to find
the vulnerabilities and then
exploit them by stealing,
intercepting traffic, and
interfering privileges to
understand the amount of
damage that it can cause.
4. MAINTAINING ACCESS

In this step of penetration

testing, the vulnerability is
used as a persistent
presence for a long
duration in the infected
system in order to steal
sensitive information or to
spread inside the network,
quickly gaining access to
the server.
5. ANALYSIS
The final stage of a
penetration test is to
compile the result by
analyzing and
commenting about
the vulnerabilities
exploited, access to
the data, and the
amount of time that
the tester can remain
unnoticed in the
system.
TYPES OF HACKERS
 Black Hat - basically, these are the “bad guys”. They are the types of
hackers who break into computer networks with purely negative
motives such as monetary gain or reputation.

 White Hat - as opposed to the black hat, these are the “good guys”.
They are ethical hackers who create algorithms to break existing
internet networks so as to solve the loopholes in them.

 Grey Hat - basically, these are hackers who exploit the internet
systems only to make public, certain vast datasets of information
that would be of benefit to everyone. They don’t possess the bad
intentions of black hats.

 Blue Hat - in one word, this is the amateur. Usually, their

techniques are deployed out of ill motives such as revenge attacks.
 Red Hat - the objective of a red hat hacker is to find black hat hackers,
intercept and destroy their schemes.

 Script Kiddie - this refers to the newbies. They don’t cause excessive
damage; they use downloaded hacking software or purchased scripts to
bombard traffic sites or simply disrupt the regular activity of a website.

 Phreaker - A hacker who identifies and exploits weaknesses in

telephones instead of computers.

 Green Hat - this is the set of individuals who simply want to observe
and learn about the world of hacking. It comprises those who join
learning communities to watch videos and tutorials about hacking.

 Social Engineering Hackers - these are hackers who use psychological

manipulation to make people to divulge private contents or to perform
certain actions. It is a more complex crime scheme.
 Hactivists - these are the types of hackers who break into systems and
networks just to draw attention towards an alarming social cause.

 Cyber Terrorist - these are politically motivated attackers who break

into computer systems to stir up violence against non-combatant targets
by subnational groups or clandestine agents.

 State/Nation Sponsored Hackers - these are hackers who are employed

by a country to attack the cybersphere of another nation or international
agency as a result of warfare or to retrieve/steal information.

 Malicious Insider/Whistle-blower Hacker - these are the types of

computer hackers who leak sensitive information from within an
organization, especially data under the umbrella of government agencies.

 Elite Hackers - these are individuals who are considered the “cutting-
edge geniuses”. They are the real experts and the innovators in the field of
hacking.
SIGNS YOUR PHONE MAY BE HACKED

1.Noticeable decrease in battery life

2. Sluggish performance
3. High data usage
4. Outgoing calls or texts you didn’t send
5. Mystery pop-ups
6. Unusual activity on any accounts linked to the device
COMMON HACKING TOOLS

To accomplish a perfect hack, hackers implement a

wide variety of techniques such as:

 Rootkits
 Keyloggers
 Vulnerability Scanner
ROOTKITS
It is a program or set of software
tools that allow threat actors to
gain remote access to control a
computer system that interacts
or connects with the internet.
Originally, a rootkit was
developed to open a backdoor in
a system to fix specific software
issues. Unfortunately, this
program is now used by hackers
to destabilize the control of an
operating system from its
legitimate operator or user.
 KEYLOGGERS
This is a specially designed
tool that logs or records every
key pressed on a system.
Keyloggers record every
keystroke by clinging to the
API (application
programming interface) when
typed through the computer
keyboard. The recorded file
then gets saved, which
includes data like usernames,
website visit details,
screenshots, opened
applications, etc.
VULNERABILITY SCANNER
Classifies and detects various
system weaknesses in networks,
computers, communication
systems, etc. This is one of the
most common practices used by
ethical hackers to find potential
loopholes and fix them on an
immediate basis. On the other
hand, vulnerability scanners can
also be used by black-hat hackers
to check the system for potential
weak spots in order to exploit the
system.
COMMON HACKING TECHNIQUES

 SQL Injection Attack

 Distributed Denial-of-Service (DDoS)

 Waterhole attacks

 Fake WAP

 Eavesdropping (Passive Attacks)

 Phishing

 Virus, Trojan, Worms

 ClickJacking Attacks

 Cookie theft

 Bait and Switch

TOP HACKING AND SECURITY TOOLS
 Web Vulnerability Scanners – Burp Suite, Firebug, AppScan, OWASP Zed, Paros
Proxy, Nikto, Grendel-Scan

 Vulnerability Exploitation Tools – Netsparker, sqlmap, Core Impact, WebGoat, BeEF

 Forensic Tools – Helix3 Pro, EnCase, Autopsy

 Port Scanners – Unicornscan, NetScanTools, Angry IP Scanner

 Traffic Monitoring Tools – Nagios, Ntop, Splunk, Ngrep, Argus

 Debuggers – IDA Pro, WinDbg, Immunity Debugger, GDB

 Rootkit Detectors – DumpSec, Tripwire, HijackThis

 Encryption Tools – KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor

 Password Crackers – John the Ripper, Hydra, ophcrack

Here are the top ten general tools used by cybersecurity
pros, and the guys they go up against.

1 – Metasploit Framework
2 – Nmap
3 – OpenSSH
4 – Wireshark
5 – Nessus
6 – Aircrack-ng
7 – Snort
8 – John the Ripper
9 – Google
10 – L0phtCrack
COMPUTER CRIMES
A person commits a “computer crime” when he or she:

1. Accesses a computer system without authorization;

2. Accesses or uses a computer system to obtain unauthorized

computer services (including computer access, data processing,
and data storage);

3. Intentionally or recklessly disrupts, degrades, or causes

disruption or degradation of computer services or denies or causes
denial of computer services to an authorized user; or

4. Intentionally or recklessly tampers with, takes, transfers,

conceals, alters, or damages any equipment used in a computer
system.
It is also a computer crime to misuse computer system data.
A person commits this crime by:

1. Accessing a computer system to use, disclose, or copy data

residing in, communicated by, or produced by a computer
system;

2. Intentionally or recklessly and without authorization (a)

tampering with, damaging, or taking data intended for use by a
computer system or (b) intercepting or adding to data residing
within a computer system;

3. Knowingly receiving or retaining data obtained through

misuse of computer system information; or

4. Using or disclosing data he or she knows or believes was

obtained through misuse of computer system information
UNAUTHORIZED USE OF COMPUTER OR COMPUTER
NETWORK
It is a crime to use a computer or computer network
without authority and with the intent to:

1. Temporarily or permanently remove, halt, or disable

computer data, programs, or software;

2. Cause a computer to malfunction;

3. Alter or erase computer data, programs, or software;

4. Create or alter a financial instrument or an electronic

funds transfer;
5. Cause physical injury to another's property;

6. Make or cause to be made an unauthorized copy of

computer data, programs, or software residing in,
communicated by, or produced by a computer or
computer network; or

7. Falsify or forge email information or other routing

information in any manner in connection with the
transmission of unsolicited bulk email through or into
the computer network of an electronic mail service
provider or its subscribers.
PHILIPPINES REPUBLIC ACT NO.8792

AN ACT PROVIDING FOR THE RECOGNITION AND

USE OF ELECTRONIC COMMERCIAL AND NON-
COMMERCIAL TRANSACTIONS, PENALTIES FOR
UNLAWFUL USE THEREOF, AND OTHER PURPOSES

PART V: FINAL PROVISIONS

SEC. 33. PENALTIES.
The folowing Acts shall be penalized by fine and/or
imprisonment, as follows:

(a) Hacking or cracking which refers to unauthorized access into

or interference in a computer system/server or information and
communication system; or any access in order to corrupt, alter,
steal or destroy using a computer or other similar information
and communication devices, without the knowledge and consent
of the owner of the computer or information and communications
system, including the introduction of computer viruses and the
like, resulting in the corruption, destruction, alteration, theft or
loss of electronic data messages or electronic document shall be
punished by a minimum fine of one hundred thousand pesos
(P100,000.00) and a maximum commensurate to the damage
incurred and a mandatory imprisonment of six (6) months to
three (3) years.
PROTECT YOURSELF WHILE ONLINE
 Continually check the accuracy of personal accounts
and deal with any discrepancies right away
 Use extreme caution when entering chat rooms or
posting personal Web pages
 Limit the personal information you post on a personal
Web pages
 Carefully monitor requests by online “friends” or
acquaintances for predatory behavior
 Keep personal and financial information out of online
conversations
 Use extreme caution when agreeing to meet an online
“friend” or acquaintance in person
SECURITY TIPS TO PREVENT
HACKING

 Use a 2-way firewall

 Update your operating system regularly

 Increase your browser security settings

 Avoid questionable Web sites

 Only download software from sites you trust.

Carefully evaluate free software and file-sharing
applications before downloading them.
 Practice safe email and virus/malware protocols
 Don't open messages from unknown senders

 Immediately delete messages you suspect to be spam

 Make sure that you have the best security software

products installed on your PC
 Use antivirus protection

 Get antispyware software protection

A COMPUTER HACKER CAN BE TRACED

 When a Trojan or a virus hits a PC, we get to know about

its presence from the malfunctioning of the machine. But
knowing just that is not sufficient. We need to know how it
got there and most importantly who put it there. By finding
the attacker in the same way that a victim is discovered,
one can have a broader view of the picture and establish
the steps that are required to be taken against an attacker.

 A cracker or a hacker can be tracked down in several ways.

Very often a hacker is more able to remove his traces than
a cracker. While tracking their activities the emerging
evidences should be preserved so that they cannot be lost
or tampered with.
 A hacker hides his Internet Protocol (IP), which is
called "spoofing". He also conceals his intentions by
purposely bouncing some of his communications on
computers at different places in the world before
attacking on a target computer. So the investigator
must track all the bounce points usually to find the
exact location of the hacker.

 The network security infrastructure has evolved

various changes in its implementation from firewalls
along with their upgrade versions, router security
techniques, host system security, auditing, incident
response plan, and intrusion detection systems (IDS).
METHODS IN TRACKING A
HACKER

1. Tracerouting
2. Reverse DNS Query
3. DNS
1.TRACEROUTING
 This technique shows all the computers within the
range of a user and the target machine. Often the
hostname address listed in the last machine belongs
to the hacker's ISP Company. This way of resolving
the ISP enables to find out its location and the areas
where the hacker operates. This gives the clue of the
geographical location that eases investigations.
2. REVERSE DNS QUERY
DNS
This technique is the most effective way of tracing a
hacker. It helps to locate the country where the hacker
resides though the exact geographical location cannot
be determined without breaking into the ISP's Head
Office.
3. DNS
The 'Domain Name Server' are machines connected to
the Internet that keeps track of the IP Addresses and
Domain Names of other PCs. A DNS search takes the
'ASCII Domain Name' or simply the 'hostname' and
converts it into a numeric IP Address.
REFERENCES
 Merriam Webster
https://www.merriam-webster.com/dictionary/cyber
 Collins Dictionary, British English, American English
https://www.collinsdictionary.com/dictionary/english/securi
ty
 International Telecommunications Union
https://www.itu.int/en/ITUD/Cybersecurity/Documents/Intr
oduction%20to%20the%20Concept%20of%20IT%20Security
.pdf

 Kaspersky
https://www.kaspersky.com/resource-center/definitions/wh
at-is-cyber-security
 Cisco Umbrella