Group 13 Task 2: Hacking

Group 13
Anil Kumar Bheema
Venkata Ramana Chennoju

Computer Misuse
The Computer Misuse Act 1990 was designed to deter hackers -- see Ayres (1999).
There are several types of offence covered by this act, including:
• Hacking- breaking into computer systems without authorization
• Cracking- breaking or removing copy-protection on software
• Phreaking- exploring communications (telephone) networks to gain free access, calls or information. But with all computer misuse, the general rule is that prevention is better than cure--secure computer systems, passwords and cryptography provide a better solution than after-the-event laws and punishments, which should be considered only as a last resort.

Computer Crime and Legislation
Where the Internet is concerned, legislation is often the weakest form of protection. Since international boundaries are relatively meaningless, there are difficulties in defining the jurisdiction of courts.

What is Hacking?
Hacking is unauthorized use of computer and network resources. Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target.

According to the Computer Crime Research Center, They said we work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request which ranges from Web server probes to all-out attacks, we gather as much information as they can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses.

Examples of weaknesses:
Includes poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. In nearly all the cases, the Information Systems department is not informed of these planned attacks. Then we work with the customer to address the issues we've discovered.

The number of really gifted hackers in the world is very small, but there are lots of wannabes.... When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great -- like a kid in an unattended candy store.

Types of Hacking

• Inside Jobs - Most security breaches originate inside the network that is under attack. Inside jobs include stealing passwords which hackers then use or sell, performing industrial espionage, causing harm as disgruntled employees, or committing simple misuse. Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breaches.
• Rogue Access Points - Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. Local hackers often advertise rogue APs to each other. Rogue APs are most often connected by well-meaning but ignorant employees.
• Back Doors - Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.
• Viruses and Worms - Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.
• Trojan Horses - Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.
• Denial of Service - DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets).
Distributed DoSs (DDoS5) is coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.
• Anarchists, Crackers, and Kiddies - Who are these people, and why are they attacking network?
- Anarchists are people who just like to break stuff. They usually exploit any target of opportunity.
- Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit.
- Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch.
Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.
• Sniffing and Spoofing - Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister. Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

Hacker?
The term “hacker” can also mean just someone who programs in a particular way, or who just enjoys tinkering with computers; in some circles I'd describe myself as a hacker, though I don't attempt to break into computer systems (except my own!). Many hackers have campaigned for the term “cracker” to be used universally for anyone involved in illegitimate activity involving computers. I list the terms as above since that's how the Computer Misuse Act defined them.
There are three types of hackers
- White hat
- Grey hat
- Black hat
White hat hacker:
It finds a fault in a security system i.e. a website then they will inform the owner immediately.
Grey hat hacker:
It finds a fault he will do what he feels like at the time i.e. exploiting the site OR informing the owner.
Black hat hacker:
If they find a fault will immediately exploit the site for their own beneficial gain i.e. advertising and infecting other computers with "viruses" to gain access to more sites.
So a hacker can be many things from protecting systems by informing the owners or Exploiting and stealing data. The most common name for the destructive type of "hacker" is a "cracker" I always tries to refer to a bad hacker as a cracker to avoid confusion.

Ethical Issues of the Internet Revolution:
Society currently understands hacking to be a form of unlawful behavior and a medium for creative innovation. Hacking has become an activity that holds two positions and is therefore both solemnized for its insightful inventiveness and defamed for its devious acts.

The ethics behind hacking and the actions taken by hackers constitute a philosophical manifest that transcends our understanding of this art. Hackers argue that actions promote a means for tighter security by way of detecting flaws and patches for systems and software. However, these very actions are viewed as violations of rights to privacy and security for both individuals and organizations. Consequently, this establishes a cautionary attitude toward ethical issues such as, privacy, security and the future of the World Wide Web.

In order to comprehend the ethical and the moral principles underling the meaning of hacking one has to understand has t the roof f hacking. In hackers the heroes of the computer revolution, Steven levy traces the root of hacking to MIT in the late 1950s, where students devoted much time and effort to building and programming MIT’s early mainframes. These programmers, who later became known as “Hackers” produced and debugged computer code at an astonishing rate.

They developed hardware and software for existing computer functions and invented novel applications and algorithms that were later incorporated into subsequent generations of computers. The code written by hackers came to symbolize their freedom and their love for programming, which was distributed freely across bulletin board systems(BBS) and cross the unconquered terrain of the internet. Eventually, this freedom of code gave rise to the concept that software should be free.

Another argument supported by the hacker ethic s that break-ins elucidate security problems to those who can do something about them. Hacker instructions into systems surpass the traditional systems surpass the traditional understanding of violating the laws of trespassing. Hacking involves the exploitation, or as discussed by members of the computer hacker underground, the manipulation of a bug, or a backdoor that is inherently present within the system. Emmanuel Goldstein, editor of 2600, a magazine recognized as the "Hacker's quarterly," states, "Hackers have become scapegoats. We discover the gaping holes in the system and then get blamed for the flaws". This statement suggests that cracking down on hacking activity is simply a way of putting blame on the messenger. In this view, hacking is not a threat against the integrity of the system being exploited, but instead is a means of implementing corrections and enforcing tighter security.

The ethical stand supporting hacker activities are proven by this discussion to be mainly unethical. Even though hacking undoubtedly has led to productive improvement in computers and software security, it has in effect created many disruptive problems online and offline. Hacking is an activity that introduces a method of analysis that targets and works on various components. Hacking has the potential to cause harm and to violate legitimate privacy and property rights. By ethical standards hacking does introduce crucial security fixes, but does so at the expense of violating privacy and the security of individuals. Furthermore, hacking activities lead to disruptive and dangerous problems for society, which tend to be difficult to eradicate.