Ethical Hacking

The term “Hacker” has two different meanings in the computer industry. Traditionally it is defined as “A geek who enjoys learning the computer systems in depth and how to increase their functionality” or “the one who enjoys doing programming and exploring new things in the computer system, either mechanically or electronically”. While on the other hand, in past few years, this term has been reformed to take a new meaning, “hackers are someone who intrude in any system for personal gain especially for the passwords and the confidential information”. Now-a-days, in current scenario, if you ask anyone that you are a hacker then firstly he/she will request you to hack the facebook account of any of his/her friend. In technical terms, former one are called hackers while the latter one are called crackers or criminal hackers.

Hacking is legal, but cracking not. Crackers break into the system with some malicious intent for some personal gain. These personal gain may be for fame, profit or even revenge. They can modify, delete and steal critical and confidential information from the victim system. Hackers have quite advanced knowledge of operating systems and programming languages. They know different security holes within the system and the reasons for such holes. They are keen to seek further knowledge, share their discoveries without having intentions for damaging or stealing data. On the other hand, Crackers gain unauthorized access, destroy important data, or in short cause problems for their targets. Whatever the case may be, people give hacker a negative outline. A person can be a hacker regardless of age, gender or religion. It just depends on the technical skill of the person which vary from one hacker to other. Some of the hackers barely know to surf the internet, whereas other writes such software on which other hackers depend.

Types Of Hackers

Broadly speaking, hackers can be classified on the basis of their skills and knowledge or on the basis of type of work they perform. If we speak about the former one, we can rename hackers as Coders, Admins and Script Kiddies, while the latter one can rename a hacker into three more specific terms White Hat hacker, Black Hat Hacker and Grey Hat Hacker.

Coders: They are the real hackers, the one who revise the methods and the write the codes for the tools available in the market. They can find security holes in the software to create their own exploits.

Admins: They are the guys who use the tools developed by the coders. They don’t write their own code and techniques but explores the tools at their best to find different tricks and techniques.

Script Kiddies: They are the persons who reads out something on Internet, find few scripts online and apply them exactly in the same manner as it is specified on the Internet. They are the most dangerous categories. They can cause more harm because they don’t know what those codes and script means, they are simply applying it. They take advantage of the hackers’ tools and documentations available freely on the Internet, but they don’t have knowledge of what is going behind the scene.

White Hat hackers: In simple language, you can call them as good guy or Ethical Hacker. They focus on securing and protecting IT systems. They use their knowledge to locate braches in the system and find counter measures in the resource.

Black Hat Hackers: They are the second type of hackers which I stated earlier as Crackers or criminal hackers. They use their skills for malicious purpose and illegal activities. They break into others’ system for some malicious intent and focus on data stealing and security breaching.

Grey Hat Hacker: They are intermediate of White hat and Black hat hackers. They can act sometimes legally, for the goodwill, while sometimes not. They might not have malicious intent, but sometimes can commit crime during the course of their technical exploits.

Hactivist: They are another type of hackers who generally broadcasts political or social message through their work on the web. Recent example includes “the photo of Modi on website of AAP”. We can cover such persons under grey hat hackers.

Types

Cyber Terrorists: They are the black hat hackers who generally attack govt. computers. They crash critical systems and steal confidential information from different specialized system specially govt. website.

Why Hackers Hack??

This is a quite good question for the argument, but we can’t specify the reason for the hackers to hack the system. It varies from one type of hacker to other.
Some of the reasons may include:

  • Exploring additional knowledge
  • Hacking for the hobby
  • Information stealing
  • Software cracking
  • And many more endless reasons…

Prevention from Hackers

Ethical hacking in not illegal, it’s performed by the permission of the victim to explore something to the deeper level. If you ask me the way to prevent yourself from hackers then I’ll suggest only one thing: “don’t ever fight with any hacker. If you do, then please unplug your computer system and lock them away, so that no-one can touch your system, not even you!” But this is not the right way for the Information security, but this is important for you to protect your system from known vulnerabilities. You don’t have to protect your system from everything, In fact, you can’t even do so. However, we may adopt some techniques to prevent ourselves to a much better extent:

  • Never share password with anyone, no matter how much he / she is close to you
  • Never click on any unknown / unwanted link that is sent to you through chats or emails
  • Avoid use of public computers
  • Avoid use of public networks, especially free wifi. Free may be dangerous.
  • Never use your personal online accounts such as emails or social accounts like facebook in any public network, NOT even in your office. Sniffers are all around.
  • Don’t hit open to any unknown software programs
  • Never let your PC be in touch with any of your friend who lies in any of the hacker categories mentioned earlier.
  • Use any good antivirus and spyware program

Different Phases in Hacking

Here are the different steps that are performed by the hackers sequentially in order to attack the target.

  • Information Gathering: Hackers seek to find out as much information about the victim as possible. They locate, identify and record information about their targets.
  • Scanning: In this phase, attackers scan the networks and ports to find out the vulnerable port.
  • Gaining access: This is the phase of real hacking. Once the hacker identifies about the vulnerable port, then they tries different methodologies to gain the access of that system.
  • Maintaining access: After gaining the access, it is very mandatory to maintain the access for at least the time being in which hacking is being performed. Interrupt in access will cause loss of data or even loss in the connection.
  • Performing required tasks: Once hacker gains access on the target system, they perform the required task on the target.
  • Clearing the logs and footprints: Last but not the least, hackers need to clear the footprints and all the logs from the victim system, so that it’s not easy for anyone to trace the hacker. This is the reason for which hackers are called as Anonymous.

Methods of Hacking

Although there are countless methods for the hackers to hack into a system, and increasing day by day, major one includes the following, we are not going into the details as of now:

  • Footprinting
  • Social Engineering
  • Denial of Service attack
  • Keyloggers
  • SQL Injection
  • XSS (Cross Site Scripting)
  • Spoofing
  • DNS Attack
  • Steganography
  • Reverse Engineering
  • Cryptography
  • Trojans and bombs

Laws in India for Hacking

According to Pavan Duggal, Supreme Court advocate, First cyber law of India makes all cybercrimes punishable. These cybercrimes may include hacking, cracking, and publishing of information in the electronic form, damage to the computer source code, violation of confidentiality and privacy, and publication of false digital signature certificate. Different cases that gets covered in the laws include:

  • Social media fake profile case
  • Email account hacking
  • Credit card fraud
  • Online share trading fraud
  • Tax evasion and money laundering
  • Source code theft
  • Theft of confidential information
  • Software piracy
  • Music piracy
  • Email scam
  • Phishing
  • Cyber Pornography
  • Online Sale of Illegal Articles
  • Virus attacks
  • And many others…

Kamal Nayan
Blogger at http://tipstricksandhacking.blogspot.in