Beruflich Dokumente
Kultur Dokumente
Today in this modern world, where measures have been taken to improve the
security level in the distributed systems hackers have found a way to crack into
systems and take away information. In this paper, I will explain you few aspects
of hacking that has caused of its existence and few techniques through which we
can minimise this.
What are the different issues and motivations that arise in a person that he opts
for hacking? Is money, thrill or something to break the rules inspires the hacker
to indulge into such acts are discussed in this paper. This paper also gives you
an insight to consider how important the network security plays to avoid hackers
to steal away information that is very confidential. Measures are to be taken in
order to remove these possibilities.
In recent years we have seen a drastic change in the field of IT, where
electronic commerce, email, online shopping, online banking, information bank
of numerous data, software development has improved leaps and bounds. As
the technology has increased to new heights the hackers have found a way to
get easy money. They find ways to get into government confidential files,
personal banking details, steal away their money from the banks, implant a
Trojan or virus into different computers to make them vulnerable to work. In
this paper I have thrown some light on hackers skills, their perspective, their
targets.
On the other hand the word hacker is the agent of hack or hacking and it
was defined as a person who enjoys accessing files whether for fun,
imposing power or the interest related to the accessed files or data
according to Taylor [8]. While Marotta has a negative view of the hacker as
a data lord, a barbarian who takes what he wants [9]. Himanen defines
hacker as any person who performs illegal actions whether they were related
to computer or not which means the usage of a device apart from its
functionality. Seems hacking according to Himanen is related to any illegal
or unauthorized action [7].
The motives and goals of hackers in cyberattacks vary widely. Some want to
steal data, some are seeking ransoms and some want to deny service or
steal infrastructure.
We tend to treat hackers more or less as a single group. Yet in reality, there
are many different types of hackers. Their strategies and methodologies
vary. So do their motivations, which fall into the following main categories:
Exploiting Data
Some cyberattacks are designed to gain unauthorized access to data so that
the data can be exploited in some way.
For example, exploiting consumer data was probably the goal of the hackers
behind the Equifax attack in 2017.
In attacks like this, stolen data can be used to steal more information or
assets from the parties who are affected.
This was the motive behind the recent Wannacry ransomware attack.
However, they differ in that the goal of the attacks is not to exploit the
information within the data itself, but rather to make money by holding data
for ransom.
Stealing Infrastructure
If you’re a hacker, you want access to computing resources and you don’t
want to pay for them. In these instances, you might launch an attack
designed to steal infrastructure.
Denying Service
Among the most common types of attacks that are executed with a botnet
(although this is not the only way to launch these attacks) is a denial-of-
service (DoS) attack.
Legally, what is computer hacking? A number of state and federal laws apply.
At the federal level, most individuals accused of hacking are charged under
the Computer Fraud and Abuse Act. The law covers a range of computer-
related offenses, and the government uses it frequently.
The CFAA protects certain information related to interstate commerce and
the U.S. government, such as that required for national defense or foreign
relations, and it restricts access to data. The law forbids unauthorized
access, use or distribution of any information:
Related to national security.
Within financial records belonging to financial institutions, including credit
card issuers.
With an intent to defraud.
Belonging to any U.S. government department or agency.
Related to foreign or interstate communications and commerce.
Developing or possessing potentially harmful computer codes are not crimes.
However, the CFAA prohibits disseminating codes, commands, programs or
information that intentionally cause damage to protected computers. Anyone
conspiring to engage in any of the prohibited activities also may be charged
under the act.
In addition, the Electronic Communications Privacy Act served to amend the
Federal Wiretap Act, covering data stored on and transferred from computer
systems. The law prohibits illegal interceptions of wire communications,
including data sent over the internet. In addition, the act protects stored
messages, such as email in server archives. Under the ECPA, accessing
computer messages — either in storage or in transit — without authorization
constitutes a federal crime.
Other federal laws also apply to computer hacking. For instance, prosecutors
can use the CAN-SPAM Act to go after individuals who gain unauthorized
access to computers to distribute significant amounts of commercial
information by email.
If you are charged under the Computer Fraud and Abuse Act, you may be
subject to either misdemeanor or felony counts. In most cases, unauthorized
access of a computer that causes damage of more than $5,000, and using
the information for profit, results in felony charges.
Under the CFAA, distributing computer code — or placing it into the flow of
interstate commerce — is illegal if the perpetrator intends to cause either
physical or economic damage. The CFAA provides for fines up to $250,000
and imprisonment for as long as 20 years for individuals convicted under the
act.
Penalties for violating the CFAA can vary based on the specific allegations
and the degree of harm alleged by the government. The act also authorizes
penalties for intentionally or recklessly installing viruses on computers that
are part of interstate commerce.
Violations of the CAN-SPAM Act can result in a range of criminal and civil
penalties depending on the method of delivery and volume of the spam,
along with the harm caused.
Password Hacking.
Hackers find a way to illegally hack into the passwords of users of federal
bureau, banks in order to gain benefits from them.
Network intrusions.
Malicious Trojan, worms and viruses to gain access into the information
systems.
Cheat.
Illegal use of people identities such as credit card details.
Software piracy.
Viruses.
Viruses, Trojan horses and worm cause the computers to become more
vulnerable and susceptible to hardware damage.
IP address spoofing.
Disguising the IP address and using that to gain illegal access into countries
most confidential files.
Money Laundering
Data-modification.
Smuggling of files.
Pipkin lists a number of hacking attacks that are most commonly used in
breaking system and causing disruption and damage for services. These
attacks can be summarized as following [10]:
Taylor listed the main characteristics of hacking attacks in three points [8]:
Simplicity: means that the attack should be simple in appearance but the
effects are impressive and the results will be as pleasing to the hacker as
what he planned for. It means that do your job in a smart and easy way.
Mastery: the methods used in hacking contain sophisticated knowledge which
is difficult for anyone to understand. The reason behind mastery is to make
sure that the hacker is the only one who can solve the problem being caused.
Illicitness: means that the act is against all rules and laws.
There are several types of computer crimes, but some of the most high-profile examples
involve hacking. With data breaches increasingly becoming daily occurrences, hackers have
affected everything from the economical (including numerous retail businesses) to the political by
invading every aspect of our lives. (FindLaw's team of legal writers and editors.)
For instance, if an individual acts without consent or any lawful authorization (i.e. from law
enforcement agency and/or a court order) and penetrates a business' firewall to access private
servers and cloud storage systems or uses phishing to install malware to desktop and laptop
computers with the intent to monitor communications and activities, they can be charged with a
crime.
The Computer Fraud and Abuse Act (CFAA) is the leading federal anti-hacking legislation that
prohibits unauthorized access to another's computer system. Although the law was originally
meant to protect the computer systems of U.S. government entities and financial institutions, the
scope of the Act expanded with amendments to include practically any computer in the country
(including devices such as servers, desktops, laptops, cellphones, and tablets).
The chart below provides select examples of violations of the CFAA and the penalties.
Although the CFAA's penalties are mostly for criminal violations, the 1994 amendment
expanded the Act to include causes of action for civil suits, in addition to criminal prosecution.
Civil violations include the following:
Federal anti-hacking legislation provides civil remedies for hacking victims, including the
following:
Injunctive relief;
Seizure of property; and
Impounding of the stolen information and the electronic devices used to carry out the invasion.
The Stored Communications Act mirrors the prohibitions of the CFAA and protects
stored electronic communications and data or data at rest (including email, texts, instant
messages, social media accounts, cloud computing and storage, and blogs/microblogs). There is
a lot of overlap with the CFAA and often hackers will be in violation of both statutes.
The EPCA, a counterpart law to the SCA forbids intentional interception of electronic
communications in transit or "data in motion," rather than "data at rest."
Although much of the focus is on federal laws, states have enacted hacking laws as well.
While every state has computer crime laws, some states address hacking more specifically with
laws that prohibit unauthorized access, computer trespass, and the use of viruses and malware.
For example, approximately half of the states in the country have laws that target the use of
denial of service (DoS) attacks. In this form of hacking, an intruder floods the system or servers
with traffic, denying access to legitimate users. Florida penalizes this more severely, categorizing
this crime as a felony in the first degree.
Ransomware occurs when malware is installed on someone's computer, denying access to the
computer unless a ransom is paid. Several states, including California, have laws that specifically
criminalize ransomware.