Black hat hackers

  • 1,948 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,948
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
169
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. BLACK HATHACKERSRajitha.B09131A1276Information Technology14-03-20131
  • 2. OUTLINE• Introduction• History• Famous Hackers• Types of Hackers• Black Hat Hackers• Pre-Hacking stage• Domains affected by Hacking• Types of attacks• Detection and counter measures• SQL Injection• Pros and cons• Conclusion• References14-03-2013 2
  • 3. IntroductionHacking refers to an array of activities whichare done to intrude someone else‟s personalinformation space so as to use it formalicious, unwanted purposes.Hacking is a term used for activities aimed atexploiting security flaws to obtain criticalinformation for gaining access to securednetworks.14-03-2013 3
  • 4. History 1980s- Cyberspace coined-414 arrested-Two hacker groups formed-2600 published 1990s-National Crackdown on hackers-Kevin Mitnick arrested14-03-2013 4
  • 5. Cont.… 2001– In one of the biggest denial-of-serviceattack, hackers launched attacks againsteBay, Yahoo!, CNN.com., Amazon andothers. 2007– Bank hit by “biggest ever” hack. SwedishBank, Nordea recorded nearly $1 Million hasbeen stolen in three months from 250customer account.14-03-2013 5
  • 6. Famous Hackers14-03-2013 6
  • 7. Types of hackers White hat hacker(The term "white hat" inInternet slang refers to an ethical computerhacker, or a computer security expert.) Black hat hacker(illegal or bad ) Grey hat hacker(A grey hat in the hackingcommunity refers to a skilled hacker whoseactivities fall somewhere between white andblack hat hackers)14-03-2013 7
  • 8. Black Hat Hackers A "black hat hacker” is a hacker who violatescomputer security for little reason beyondmaliciousness or for personal gain. Black hat hackers break into secure networks todestroy data or make the network unusable forthose who are authorized to use the network.14-03-2013 8
  • 9. Pre-hacking stagePart 1: TargetingThe hacker determines what network to break intoduring this phase. The target may be of particularinterest to the hacker, either politically orpersonally, or it may be picked at random.Part 2: Research and Information GatheringIt is in this stage that the hacker will visit or contactthe target in some way in hopes of finding out vitalinformation that will help them to access thesystem.14-03-2013 9
  • 10. Cont.…Part 3: Finishing The AttackThis is the stage when the hacker will invade theprimary target that he/she was planning to attackor steal from.14-03-2013 10
  • 11. Domains affected by hacking Mobile hacking Email hacking Data stealing Injecting virus and Trojans Man -in-middle attacks Internet applications14-03-2013 11
  • 12. TYPES OF ATTACKS Denial of Services attacks Threat from Sniffing and KeyLogging Trojan Attacks14-03-2013 12
  • 13. Denial of Services (DOS)AttacksDOS Attacks are aimed at denyingvalid, legitimate Internet and Network usersaccess to the services offered by the targetsystem.In other words, a DOS attack is one in whichclogging up so much memory on the targetsystem that it cannot serve legitimate users.14-03-2013 13
  • 14. DOS Attacks: Ping of DeathAttackThe maximum packet size allowed to betransmitted by TCPIP on a network is 65 536 bytes.In the Ping of Death Attack, a packet having a sizegreater than this maximum size allowed byTCPIP, is sent to the target system.As soon as the target system receives a packetexceeding the allowable size, then itcrashes, reboots or hangs.14-03-2013 14
  • 15. sniffers and KeyloggersSniffers: capture all data packets being sentacross the network. Commonly Used for:Traffic MonitoringNetwork Trouble shootingGathering Information on Attacker.For stealing company Secrets andsensitive data.Commonly Available Sniffers• tcpdump• DSniff14-03-2013 15
  • 16. Threats from key loggersKey loggers: Records all keystrokes made on thatsystem and store them in a log file, which can laterautomatically be emailed to the attacker.Countermeasures Periodic Detection practices should be mademandatory.A Typical Key Logger automatically loads itselfinto the memory, each time the computer boots. Thus, the start up script of the Key Loggershould be removed.14-03-2013 16
  • 17. Trojan AttacksTrojans: act as a RAT or Remote AdministrationTool, which allow remote control and remote access tothe attacker.Working:1.The Server Part of the Trojan is installed on thetarget system through trickery or disguise.2.This server part listens on a predefined port forconnections.3.The attacker connects to this Server Part usingthe Client part of the Trojan on the predefined portnumber.4.Once this is done, the attacker has completecontrol over the target system.14-03-2013 17
  • 18. Trojan Attacks : Detection andcounter measuresDetection & CountermeasuresScan your own system regularly.If you find a irregular port open, on which youusually do not have a service running, then yoursystem might have a Trojan installed.One can remove a Trojan using any normalAnti-Virus Software14-03-2013 18
  • 19. SQL injection SQL injection is a technique often used to attackdata driven applications. This is done by including portions of SQLstatements in an entry field in an attempt to getthe website to pass a newly formed SQLcommand to the database. string literal escape characters embedded in SQLstatements like („ or * ) etc. SQL injection is mostly known as an attack vectorfor websites but can be used to attack any type ofSQL database.14-03-2013 19
  • 20. Structure of SQL Injection14-03-2013 20
  • 21. How SQL Injection is performed? when user input is not filtered for escapecharacters and is then passed into a SQLstatement.The following line of code:statement = "SELECT * FROM users WHEREname = " + userName + ";"For example:For example, setting the "userName" variableas: or 1=1 or 1=1 -- or 1=1 ({ or 1=1 /* 14-03-2013 21
  • 22. Cont.…. The above username „1=1‟ is always true andcan even delete the tables.SELECT * FROM users WHERE name = OR1=1;Example:Step 1: Figure out how the application handles badinputs• Email address is taken for the SQL injectionhacker@programmerinterview.com• The extra quote is added to the above emailaddress.14-03-2013 22
  • 23. Cont.…The SQL statement as follows: SELECT dataFROM tableWHERE Email input =hacker@programmerinterview.com”; The query is injected as:SELECT dataFROM table WHERE Email input = Y;UPDATE table SET email =hacker@ymail.com WHERE email =joe@ymail.com;14-03-2013 23
  • 24. Cont.… The hacker enters into the database anddrops the tables . Insertion of any other data in table can bedone.14-03-2013 24
  • 25. SQL Injection14-03-2013 25
  • 26. SQL Injection Prevention Encrypt sensitive data. Access the database using anaccount with the least privilegesnecessary. Install the database using anaccount with the least privilegesnecessary. Ensure that data is valid.14-03-2013 26
  • 27. Pros and consPros• Increases computer security –when ahacker is hired he can be given a specificjob or way to hack into the system. Thiscan give company insight of possible backdoors or openings into the company‟ssecurity.Cons• The hacker can break into the system andsteal information.• If the hacker is inexperience he can leaveharmful programs and delete theinformation.14-03-2013 27
  • 28. Conclusion Hacking may be defined as legalor illegal, ethical or unethical butuseful for finding out possible backdoors or openings into thecomputer security.14-03-2013 28
  • 29. Referenceshttp://www.blackhatlibrary.net/Main_Pagehttp://prezi.com/sxnobhzvsenq/hacking-and-cracking-pros-and-conshttp://www.cybercure.in/hacking/http://en.wikipedia.org/wiki/Hacker_(computer_security)http://en.wikipedia.org/wiki/The_Hacker_CrackdownCyber cure customized e-bookhttp://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdfhttp://crypto.stanford.edu/cs142/lectures/16-sql-inj.pdf 14-03-2013 29
  • 30. Thank you14-03-2013 30