INTRODUCTION TOHACKINGAND CYBER THREATSByAITEZAZ MOHSIN & HASSAN BIN ABDULREHMAN
What is hacking?► Hacking is a term used to refer to activities aimed at exploitingsecurity flaws to obtain critical information for gaining access to securednetworks.
HISTORY OF HACKING● 1980s- Cyberspace Coined- 414 arrested- Two hacker groups formed● 1990s- National crackdown on hackers- Kevin Mitnick arrested● 2001- In one of the biggest denial of service attack, hackers launched attacksAgainst eBay, Yahoo , CNN.com , Amazon and others.● 2007 Bank hit by biggest ever hack. Swedish Bank , nearly $1 MillionHas been stolen from 250 customer account.
Famous Hackers in History● Kevin Mitnick● Most wanted computercriminal in U.S History. Hisstory is so wild that it was thebasis for two featured films.● Breached Security of DigitalEquipment Corporation’snetwork,National defensewarning system and hasstolen several credit cards.● Ending with a 5-year prisonsentence he became aconsultant and publicspeaker for computersecurity
● Albert GonzalezCollected over 170 millioncredit card and ATM cardnumbers over a period of 2years. Yep. That’s equal to alittle over half the populationof the United States.● Gonzalez started off as theleader of a hacker groupknown as ShadowCrew● Gonzalez was sentenced toprison for 20 yearsFamous Hackers in History
● Kevin PoulsenKnown as Dark Dante. Hehacked a radio station’sphone lines and fixed himselfas the winning caller● He then earned his way ontothe FBI’s wanted list when hehacked into federal systemsand stole wiretap information.He was later captured in asupermarket and sentencedto 51 months in prison, aswell paying $56,000 inrestitution.Famous Hackers in History
The Hackers Attitude● The world is full of fascinating problems Waiting to be solvedBeing a hacker is lots of fun but it is the fun that takes lots of effortThe Effort takes motivation. To be a hacker you to get a basic thrillFrom solving problems.● Hackers (or Creative people) should never be bored. Becoming ahacker will take intelligence, practice, dedication and hardwork.
Basic Hacking skills● Study C/C++/Assembly Language● Study Operating system● Study Computer Networks● Examine hacking tools for a month● Think about the problems of computer● Learn how internet is working● Learn how websites are working● Practice your skills● Learn how to use World wide web and write HTML
Types Of Hackers● White Hat HackerIf a white hat hacker finds a fault in a security system ie. awebsite then they will inform the owner immediately● Black Hat HackerA black hat hacker if they find a fault will immediately exploit thesite for there own beneficial gain● Grey Hat HackerGrey hat hacker finds a fault he will do what he feels like at thetime ie, exploiting the site OR informing the owner
Information Needed By A Hacker● Domain Name● Ip Address● Operating system and Version Number● Open Ports● Services Running● Knowledge of Firewall and IDS● Vulnerabilities● System Admin Name/Contact● Whois database● Exploit database or extreme knowledge
Why Do Hackers Hack?● Just for fun● Show off● Hacks other systems secretly● Steal important information● Destroys Enemies computer networks during the War
Why cant Defend against hackers● There are many unknown security holes● Hackers need to know only one security hole to hack the targetsystem● Admin needs to know all security holes to defend the system
Intrusion Techniques● Physical IntrusionPhysical access to the machine● System IntrusionAlso known as Privilege Escalation● Remote IntrusionPenetrate a system remotely across the network
Possible Vulnerabilities● Software BugsSoftware always has bugs. System administrators andprogrammers can never track down and eliminate all possiblesoftware vulnerabilities, and attackers have only to find one holein order to break in.
Major Software Bugs● Buffer OverflowsHackers will examine every place the program has input and try tooverflow it with randomdata. If the program crashes, there is a goodchance that carefully constructed input will allow the attacker to gainaccess.● SQL InjectionAn attacker executes unauthorized SQL commands through an inputfield on a website by entering extra characters.
Major Software Bugs● Running unnecessary services● Poor system Administrator practices● Password Cracking● Directory Attack● Brute Force Attacks● Clear Text Sniffing● Encrypted sniffing● Password File stealing● Social Engineering● Key logging
Major Software Bugs● Danial of Service Attack● Web browser Attacks● DNS Poisoning● Cross site scripting● Local file inclusion● Remote File inclusion● Xpath Injection● CSRF● Authentication Bypassing● Remote Command Execution● Remote Code Execution
Major Software Bugs● Trojans● Payloads● ARP Poisoning● Domain name Hijacking● DNS cache Poisoning● LDAP Injection● Connection String Injection● Resource Injection
WANT TO LEARN ABOUTSECURITY ??VIST WwW.MADLEETS.CoM