Hacker techniques and methods

Hacker/Hacker Techniques

The hackers in the dawn of the computer era were computer specialists who during the middle part of the sixties chose the term 'hack' as another meaning to imply mainstream computer work, and especially to signify computer work accomplished with a particular level of workmanship. Next, during the seventies, various techno-hippies came to be known as the computerized splinter group of the counterculture of the era. What manner typified the second bout of hackers was that they greatly desired computers and computer systems designed to be valuable and within reach of the denizens. Lastly, the second part of the eighties the self styled cu surfaced, making a fitting change to the words 'hacker' and 'hacking' and altered their meaning to some extent. In the jargon of the computer underground, 'to hack' implied to tamper or cause damage a computer system, and the person responsible for this was the 'hacker'. (Taylor, 1999)

In the most influential writing regarding hackers until today, Levy explains the three generations of hackers who displayed different extent of qualities linked with hacking's initial meaning of lighthearted inventiveness characterized by the original hackers, the original computer enthusiast at MIT's laboratories during the 1950s and 1960s. These enthusiasts constituted the first generation of hackers designated as those who participated in the development of the original computer-programming methods. The second generation is portrayed as those concerned in making the general public aware of the computer hardware with the growth of the original PCs. The third generation indicates the programmers who were the visible forces in the launching of computer games architecture. The expression hacker presently is entirely used to portray an addition to this schema: the fourth generation of hackers who illegally log into computers belonging to other users. To the fourth generation of hackers can perhaps be appended a recent group: the microserfs branded by Douglas Coupland in his novel with the same title. This generation symbolizes the presence of expertise of hacking by business computing. Whereas essentials of business expertise is present in hacking's second and third generation, they kept the good nuances of hacker name as their actions continue to keep the groundbreaking behavior. (Taylor, 1999)

The intensity and diversity of hacking techniques undertaken by hackers to unlawfully intrude computer system are huge, for the cause I plan to put forth a brief impression of some of the usual techniques entailed, without delving into the greater elaboration of any specific technique. Hacking a computer system is an approach involving two-pronged strategy which is collecting information and unleashing an attack. In respect to the fist step of collecting information, a devoted hacker might spend quite a few months collecting information on the planned target prior to unleashing an attack equipped with this new information. Some of the additional 'Hands on' hacking techniques like "Infiltration and Trashing" are present, however there are more remote methods in the armory of the hacker like Port Scanning and Packet Sniffing. A port scanner is a computer code that finds out vulnerability of security in a remote system all by itself. In this manner, they get precious information regarding the targeted system like whether the remote system will permit an outsider to gain access, or not, or truly if the computer system is protected by a firewall. A sniffer on the contrary is a software code which nabs information 'packets' while they are in transit over a network. Intruding into the packets can disclose useful personal data like usernames, passwords, addresses or the written message of an email. In case of many serious hackers, having physical access to a system server is a feasible option to remote hacking. (Illegal Internet Feature - Part 4)

What is the manner in which the present day hackers sneak into the barrage of firewalls and intrusion-detection systems which protect enterprise websites? In the current era it is frequently accomplished by digging into Internet applications - software programs which vary from simple directory search tools to complicated inventory management systems. These programs have their independent collection of security dangers, which are not taken care of by the conventional Internet security tools. Computer applications which contains a majority of the enterprise's intellectual capital and properties, but applications are over the years been ignored in deliberations regarding website security, according to Ted DeZabala, an associate in Deloitte & Touche's Security Services Practice. There are some hackers who try to go past a website to gain a launching pad for attacks against other sites. but, in the opinion of Diane Fraiman; Vice President of marketing for security vendor Sanctum, the most vicious and indomitable attacks are generally done by hackers who mark particular site for reasons like ideology, pilferage, or vengeance. (Envani, 2002)

Subsequent to gathering information, the hacker attacks the computer. Many attacks are carried out by the hackers. A summary of some of the generally used tactics are stated here. A defiance of service attack is fundamentally an act of disruption of a service being executed on a port of a targeted system. The objective is to immobilize the service, for instance a web server, with a view to restrict users from logging on to that particular service from a remote location. On the other hand, a 'spoofing' attack entails the hacker faking their source addresses, to use their computer system to masquerade as another. A password cracker is a software code that tries to decipher or break through a password protection. Frequently simulation devices are applied to simulate the same algorithm as the original password program. Through packet fragmentation attack, current firewalls are bypassed due to the manner in which the datagrams reassemble. In the case of a packet sequence attack, what the hacker tries to do is guess the random sequence number of TCP packets to enable the hacker to insert their own packets into a connection stream. (Illegal Internet Feature - Part 4)

In this manner, the hacker will be able to infiltrate new content which are malicious between hosts and still his identity might not be revealed. Every Operating System inclusive of Windows NT, UNIX, Redhat Linux etc. have their own independent security holes and bugs which are required to be remedied by 'patching' the OS so that it is up-to-date. Regrettably, many System Administrators overlook in maintaining this on a regular basis, exposing their systems to attacks by the hackers. Yet hackers are extremely cautious in having current knowledge of all likely weaknesses in all operating systems. Through FTP bump attacks the hacker can employ the PORT command in active FTP mode so as to set up connections with computer systems other than the original FTP server, efficiently permitting the hacker's connection to 'bump' off the FTP server in another client's computer system. In DNS abuse attacks, the DNS cache is damaged by the hacker. FTP core dumping facilitates the hacker to bring the FTP service to a virtual standstill. (Illegal Internet Feature - Part 4)

The hacker menace, as it goes beyond geographical borders, is a danger to the security of the country, as also the economic health. (Halbert, 1999) the present day hackers possess the armory to considerably damage e-commerce, a sunrise industry, and upset business and government communications. Defense systems too in the present era more and more depend on the Internet. Attacks by the hackers contain national security insinuations. (Bryen, 2000) a lot of researches have been undertaken into hacker drive, even though a lot of information has been gathered by interrogating erstwhile hackers who are now under a new garb of 'white-hat' meaning hacking for security companies etc. Listed here are some of the causes which might encourage a person into assuming the role of a hacker. Curiosity: A lot of hackers have gone on record that they are just 'curious' on the functioning of computer systems and telephone networks. They want to delve deep into these networks so as to achieve a finer understanding of the manner of their working. (Hacker Motivation)

Spying: This might be unleashed on a friend, a family member, an associate at work, or a business competitor. Hacking of this type normally entails making surveillance on personal Internet activities or personal data files through a particular period without their knowledge. Prestige value: - Authority or rank within the peer group of the hackers can be enhanced through the hacking of a big-shot target, one which will preferably get mileage in the hugely circulated media like the dailies or television. Intellectual Challenge: These two terms that crop up repeatedly when accused hackers are interrogated. Several hackers just succeed on the excitement of ultimately cracking a server which they have been attempting to crack for months together. Anarchy: Even though maybe less widespread the aforesaid reasons, a lot of hackers have articulated political opinions receptiveness towards anarchy, mentioning anti-globalization opinions coupled with an intense abhorrence for the corporate characteristics of a lot of e-commerce sites. They expect to degrade these financial systems to regain the Internet for themselves.

Money: The hackers are not influenced by the economic benefits, if they are involved in credit card fraud it is prone that they usually apply it to purchase domain names or web space! It is pertinent to note that many professional criminals apply hacking techniques to gain money by setting up faulty e-commerce sites to accumulate credit card details, hacking servers that may include the credit card particulars, or involving in other kinds of credit card fraud. Such people may not generally take shelter under the canopy of hackers but as a result of the more serious attributes of their motivation. (Hacker Motivation) Most of the people are anxious about the probability of being an objective for exploitation by a hacker. It is quite normal that if a computer has been installed for home use and only connected to the Internet for two hours once a week, then it is not vulnerable to be a victim of a hacker. Application of such judgment makes it possible to indicate the vulnerability of being hacked, basing on the level of Internet exposure, as high-risk and low risk and the Internet Security firms are most common victims for the hackers.

The High profile media-friendly victims are inclusive of the large corporation's sites, political party sites; celebrity sites, etc. which are vulnerable to the assaults. Any body having their own website, whether used for e-commerce causes or not, has more chances to be prone to become the victim of hacking in comparison to those who don't. Moreover, as a result of the broadband ensuring always online, the vulnerability of being hacked is more. Irrespective of the factor of inclination, intrusions have grave expenses. At the minimum an illegitimate site must square up the security hole. It is apparent that even a non-harmful trespass upsets the victim's online services while the breach is fixed. The impact on e-commerce of the frauds exerted by hackers is very apparent with the adverse publicity made declining consumer confidence in specific company securities. Sometimes such attacks may be initiated out as pranks, but unluckily they can result in the actual harm through companies in terms of loosing loyal customers, that endangers their future prospects and that of their employee retention. Without actually knowing whether the violation is harmful or not the companies generally utilize resources for investigation of the matter quite often engaging private investigators so that they do not suffer from loss of reputation. (Wible, 2003)

As a reaction to the emerging flavor against the struggle on hackers, the most common safeguards of hacking can be represented on a variety that spreads from appeasement or adjustment of corporate interests to sketch blueprints for cultural revolution: a) Hacking entails a benevolent industrial service of unwrapping security deficits and designing lapses; b) Hacking, as an tentative, free from research activity, has been liable for most of the emerging improvements in software generation; c) Hacking, when is seen not to be purely amusement, is considered to be an elite educational experience that represents the modes in that the development of high technology has outpaced conventional forms of institutional education, d) Hacking is a significant type of watchdog counter-response to the application of the surveillance technology and data-accumulation by the state, and to the enhanced monolithic communications power of giant corporations, e) Hacking, as guerilla know-how, is vital to the job of preserving fronts of cultural confrontation and reservoir of counter awareness as a circumvent against a techno fascist future.

Irrespective of the possible prevalence of reasons for us to become aware of their eccentric spirit, hackers also continue to hammer us of our technological susceptibility and ignorance. This has been fostered by way of the difficulties felt by the law implementing officials and legislators in the confrontation with the computer at the background and is probably only small scale examples of some of the extensive difficulties that the society confronts while it tries to integrate new information technologies into the existing social organizations. 1. The initial cases of the cyber crime were originated as an extraordinary fact that law was not so equipped to manage. The scholars and policy makers have since proposed a number of preventive strategies, from criminal sanctions to integrate the law and the architecture of the Web itself; however, no such modes were seen to be effective at elimination of the criminal hacking. Congress banned unwanted interferences in the Computer fraud and Abuse Act of 1984 - CFAA. (Wible, 2003)

Among other difficulties, prosecutorial difficulties have minimal prohibitive impact of CFAA. Soon after being booked as criminals, the small number of prosecutions prompted some to recommend that anti-hacking laws were mostly symbolic. The implementation of the laws continues to be problematic especially taking into account the near impossibility of prosecuting attempts under 18 U.S.C. [section] 1030(b), and the necessity for a large investment of time, resources and skill - even assuming that local law enforcement agents have the prescribed training. The digital anonymity, encryption technologies, and the roundabout procedure of electronic tracing entails the cyber-criminals a benefit over the law implementation. Along with the uncertainties of jurisdiction looming large in cases those are costly to investigate and that necessitate sophisticated tracking capabilities, state prosecution is almost not possible. The founders of tort responsibility for cyber crime advocate that in comparison to the criminal law, civil actions provide target regulation over the litigation. The probability of attaining damages provides targets, otherwise not desirous of voluntarily disclosing the electronic susceptibility to consumers, an incentive to report.