EXECUTIVE SUMMARY

In the project, the nature of study is exploratory whereby the efforts have been made by studying the research made by the various researchers on the hacking. A systematic as well as well-designed approach has been adopted while conducting the project.

The project is followed by the methodology which is adopted, has been defined with the help of collected data, and the detailed interpretation about the research done by the researchers. The next step was identifying the research made by the researchers on the hacking this method was adopted for the collection of the data as a secondary data. The analysis was done with the help of the clear representation done by the researchers in their research. The next step was the most important step for looking at the actual findings of the project and recommendation regarding the further improvement in the level of security and also makes the people aware about the various ways or method use by the hackers to hack the system.

The project explains the detail about the various type of hackers, the various method use by the hacker to hack the system, network, mobile, etc. the project also explains the detail about the hacking skills which are require by the hacker to hack the system. According to the data collected, it is observed that near about 13.63% of the people whose PC/e-mail id is hacked, and it is also observed that only 52.94% of the people know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail.

INTRODUCTION OF TOPIC

The topic is about the hacking. Hacking is in some ways the online equivalent to burglary; in other words breaking into premises against the wishes of the lawful owner - in some jurisdictions a crime in itself from which other criminal acts such as theft and/or damage generally result. The term "cracker", on the other hand, describes those who apply hacking skills to gain unauthorized access to a computer facility, often with sinister motives. But "cracking" never really caught on, perhaps due to the grey area that exists between the two activities and to the media's widespread use of "hacking" as a term synonymous with computer crime.

Computer hacking refers to gaining unauthorized access to, and hence some measure of control over, a computer facility, and most countries now have specific legislation in place to deter those who might wish to practice this art and science. In some jurisdictions, unauthorized access alone constitutes a criminal offence, even if the hacker attempts nothing further.

Hackers of cell phone have innovated apparently a fault for the chips in their method of manufacturing. The better part is, although, this applies only for the cell phones which has model of first generation type that utilize Global System for Mobile communications or in short called GSM. Another precondition is cell phone must be in possession of the hacker for a minimum period of three minutes and that is why for preventing hacking of ones cell phone one should always keep ones cell phone in ones possession without letting it go out of ones sight.

OBJECTIVE OF PROJECT

To know the various types of hacking To know the process of hacking To know the purpose of hacking To know the various tools of hacking To identify how the attacks can be made on the systems To identify the various loop holes through which the hacking will take place To know the various method of hacking

SCOPE OF PROJECT

It helps to know the various types of hacking It helps to study the process of hacking Helps to understand the purpose of hacking It helps to know the various tool use by the hacker for hacking It helps to identify how the attacks can be made on the systems It helps to identify the various loop holes through which the hacking will take place It helps us to understand the various method of hacking

LITERATURE REVIEW

The hacker by N. Nagarajan CISA employed as Senior Deputy Accountant General in Mumbai published in a number of international journals.

Hacking PGPJon CallasBlack Hat Briefings Amsterdam Spring 2005 Mansukhani, Amesh. Are Smart Cards the New Way of Life? Solving the Password Problem April10, 2006 Piscitello, David M. Anatomy of a Cross-Site Scripting Attack Goodman, Paul. Growing Up Absurd. New York: Random House, 1960. Kohlberg, Lawrence. Essays on Moral Development, volume 1: The Philosophy of Moral Development. New York: Harper & Row, 1981.

Hacking
Hacking is in some ways the online equivalent to burglary; in other words breaking into premises against the wishes of the lawful owner - in some jurisdictions a crime in itself from which other criminal acts such as theft and/or damage generally result.

The term "cracker", on the other hand, describes those who apply hacking skills to gain unauthorized access to a computer facility, often with sinister motives. But "cracking" never really caught on, perhaps due to the grey area that exists between the two activities and to the media's widespread use of "hacking" as a term synonymous with computer crime.

Computer hacking refers to gaining unauthorized access to, and hence some measure of control over, a computer facility, and most countries now have specific legislation in place to deter those who might wish to practice this art and science. In some jurisdictions, unauthorized access alone constitutes a criminal offence, even if the hacker attempts nothing further. Unlike most computer crime / misuse areas which are clear cut in terms of actions and legalities (e.g. software piracy), computer hacking is more difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal. There is an aura of mystery that surrounds hacking, and a prestige that accompanies being part of a relatively "elite" group of individuals who possess technological savvy and are willing to take the risks required to become a true "hacker".

Hacker
Even attempting to define the term "hacker" is difficult. Perhaps the premiere WWW resource in introducing individuals to hacking is the resource which encompasses everything from hacker slang, jargon, hacker folklore, writing style and speech to general appearance, dress and education and personality characteristics.

In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge. The hacker can be defined as: 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it. 6. An expert or enthusiast of any kind. One might be an astronomy hacker. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

8. A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'. The correct term for this sense is cracker.

However, in practice, hackers generally have a particular target in mind, so their unauthorized access leads to further acts, which national law might also define as criminal activities. Even within hacker society, the definitions range from societal very positive (characteristic of gifted and talented individuals) to criminal. Hacking can be summarized under the headings of unauthorized. The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

In his book, "Fighting Computer Crime: A New Framework for Protecting Information" (1998), Don B. Parker lists two basic principles hacker live by: 1. The belief that information sharing is a powerful good and that it is the ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources whenever possible. 2. The belief that system cracking for fun and exploitation is ethically OK as long as the cracker commits no theft, vandalism or breach of confidentiality.

What kind of information can a hacker steal from the computer?

Personal information, names address, financial information, even the account information for your ISP and passwords, in short anything stored on your computer can be obtained by a hacker. A Trojan may record each and every keystroke you make, save the information to a hidden file, and automatically upload it to the hacker's computer.

What else can a hacker do?

There are a number of reasons why a hacker would want to break into your computer. He may use your computer and ISP account for illegal activity, like distributing child pornography. One of the most recent uses of Trojans is to cause DDoS (distributive denial of service) attacks. In a DDoS attack, the client commands all of the "servers" located on individual PCs to attack a single website. Thousands of individual PCs can be commanded to access a website like eBay or Yahoo at the same time, clogging the site's bandwidth and causing an interruption of service.

What can I do to protect my computer?

Only download or accept files from reliable sources. Use a firewall to block unauthorized access to your computer. Install a good virus scanner program and update virus information files regularly. Do not keep passwords, bank or financial account numbers, social security numbers or other personal and confidential information on your computer's hard drive.

Hacking Skills

>>1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, start with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects.

Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python. Java is an excellent second language. Unfortunately, Sun's reference implementation is still proprietary. This is not so much an issue with the Java language itself, as highquality open-source Java interpreters are readily available; the real problem is the class libraries that travel with the language. The open-source class libraries lag behind Sun's. So, if you do choose to learn Java, do it with one of the open-source implementations rather than becoming dependent on Sun's proprietary code.

But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages; you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

If you get into serious programming, you will have to learn C, the core language of UNIX. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way rather than Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot.

It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

What will do it is (a) Reading code. (b) Writing code.

Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few large programs available in source for fledgling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available.

2. Get one of the open-source Unixes and learn to use and run it.

It is assume that you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes or OpenSolaris, install it on a personal machine, and run it.

There are other operating systems in the world besides UNIX. But they're distributed in binary you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.

Under Mac OS X it's possible, but only part of the system is open source; you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the UNIX under the hood you can learn some useful things.

UNIX is the operating system of the Internet. While you can learn to use the Internet without knowing UNIX, you can't be an Internet hacker without understanding UNIX. For this reason, the hacker culture today is pretty strongly Unix-centered.

So, bring up a UNIX; learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning UNIX, see The Loginataka. You might also want to have a look at The Art of UNIX Programming.

3. Learn how to use the World Wide Web and write HTML.
Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception; the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge very snazzy-looking sludge, minds you, but sludge all the same.

To be worthwhile, your page must have content it must be interesting and/or useful to other hackers.

4. If you don't have functional English, learn it.

English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community. Back around 1991 that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory.

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semi-literate, ungrammatical, and riddled with misspellings, many hackers will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong; and we have no use for sloppy thinkers. If you can't yet write competently, learn to.

Types of Hacker
There are good and bad hackers. Here is a window into what they do and why:

White Hat Hackers

These are the good guys, computer security experts who specialize in penetration testing and other methodologies to ensure that a companys information systems are secure. These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers.

Black Hat Hackers

These are the bad guys, who are typically referred to as just plain hackers. The term is often used specifically for hackers who break into networks or computers, or create computer viruses. Black hat hackers continue to technologically outpace white hats. They often manage to find the path of least resistance, whether due to human error or laziness, or with a new type of attack. Hacking purists often use the term crackers to refer to black hat hackers. Black hats motivation is generally to get paid.

Grey hat
A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked. Then they may offer to repair their system for a small fee.

Blue hat
A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

Script Kiddies
This is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves.

Elite hacker
A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits will circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members

Hacktivists
Some hacker activists are motivated by politics or religion, while others may wish to expose wrongdoing, or exact revenge, or simply harass their target for their own entertainment.

State Sponsored Hackers

Governments around the globe realize that it serves their military objectives to be well positioned online. The saying used to be, He who controls the seas controls the world, and then it was, He who controls the air controls the world. Now its all about controlling cyberspace. State sponsored hackers have limitless time and funding to target civilians, corporations, and governments.

Spy Hackers
Corporations hire hackers to infiltrate the competition and steal trade secrets. They may hack in from the outside or gain employment in order to act as a mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to serve their clients goals and get paid.

Cyber Terrorists
These hackers, generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting critical infrastructures. Cyber terrorists are by far the most dangerous, with a wide range of skills and goals. Cyber Terrorists ultimate motivation is to spread fear, terror and commit murder.

Neophyte
A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking

Purposes of Hacking

Obtaining confidential information

Perhaps the major growth area in computer crime is "identity theft", in other words the obtaining of personal information that can then be used to commit other serious offences, usually in the area of fraud. However, other motives include espionage (both governmental and commercial secrets) and the obtaining of personally sensitive information that might be used for tracing people, deception and blackmail.

Alteration or deletion of data and code

Most organizations now depend to some extent on computerized information systems, and any act resulting in significant corruption or deletion of corporate data could have serious implications on their ability to transact business.

Degradation or cessation of service

Acts that result in systems being unable to carry their workload or that fail altogether, could also have serious business implications.

Use of computer resources

This impact is really inherent in the previous three, but it's worth mentioning separately because an emerging problem is the use by hackers of other people's systems (extending to home PCs) to store illegally obtained data or to mount attacks on other systems. There are documented cases of systems hacked in this way sometimes referred to as "zombies" because they are no longer in the full control of their unsuspecting owners -being used to store child pornography and material that breaches copyright law (e.g. copyrighted music files), to mount distributed denial of service attack son other systems, and to distribute spam email. Finally, it's worth emphasizing that the term "hacker" applies both to outsiders and to otherwise authorized personnel who misuse their system privileges, or who impersonate higher privileged users. This sad fact needs to be recognized when formulating corporate security policy.

A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.

Approaches to Hacking Techniques

There are several basic strategies for hacking a computer facility: physical intrusion, password attacks, network access, web server attacks, e-mail attacks, etc. but there are a multitude of tactics that can be used to implement them. For example, security flaws (order sign weaknesses) in infrastructure software and communications protocols offer seemingly endless tactical possibilities, as is evidenced in the never-ending stream of security updates.

Intrusion Techniques
These are the primary ways an attacker can get into a system: Physical intrusion An attacker's work is made easier by gaining physical access to a machine's keyboard or to network junction boxes. Physical access opens up such possibilities as installing a keystroke logger1; installing unauthorized hardware devices (e.g. linking a modem that bypasses the corporate firewalls to the network); tapping junction boxes through which network traffic might be analyzed; gaining access to system documentation, printouts and to written notes of their passwords left by reckless users. Even access to confidential waste can prove fruitful. Perhaps the quickest and easiest way to gain physical access to an organizations computer facilities is to join the contract cleaning force, which often works unsupervised and outside normal office hours. If an attacker has physical access to a machine (i.e. they can use the keyboard or take apart the system), they will be able to get in. Techniques range from special privileges granted at the console, to the ability to physically take apart the system and remove the disk drive (and read/write it on another machine).

System Intrusion Also known as Privilege Escalation, this type of hacking assumes the attacker already has a low-privilege user account on the system. If the system doesn't have the latest security patches, there is a good chance the attacker will be able to use a known exploit in order to gain additional administrative privileges.

Remote Intrusion This type of hacking involves an attacker who attempts to penetrate a system remotely across the network. The attacker begins with no special privileges. There are several forms of this type of hacking. Note that Network Intrusion Detection Systems are primarily concerned with Remote Intrusion.

Password Attacks
Obtain a valid password to the system and you become just another legitimate user. This is particularly dangerous where the hacked account has special privileges assigned to it that permit wide-ranging system access and use. A successful password attack is both difficult to detect and difficult to prevent because password security depends largely on the user. Keystroke loggers and social engineering are methods of capturing passwords, while people often share their personal passwords with others, write them on notes that they attach to their terminals, and fail to change them periodically. Password cracking programs perform an elaborate process of guessing 'weak passwords by trial and error, using combinations of words from different languages, names (places, people, characters in books), jargon, slang, and acronyms. These are tried backwards, in two-word combinations, in combinations with numbers substituted for letters, etc.

Vendors often ship infrastructure software with the administrator account passwords set to default values; because these are widely known in the hacking community, they provide an easy route into a computer facility if left unchanged.

Methods of attack Password cracking doesn't always involve sophisticated tools. It can be as simple as finding a sticky note with the password written on it stuck right to the monitor or hidden under a keyboard. Another crude technique is known as "dumpster diving," which basically involves an attacker going through your garbage to find discarded documentation that may contain passwords. Of course attacks can involve far greater levels of sophistication. Passwords are possibly the single weakest link in the security chain. Any system worth protecting should be protected by some form of multi-factor authentication scheme, such as smart cards, tokens, biometrics, or digital certificates. Passwords are simply too easily compromised to be relied upon as a single factor for authentication. However, implementing multi-factor authentication can be difficult, expensive, and some systems may not fully support it. For that reason, it is still important to understand the different methods of cracking or guessing passwords: Easy-to-guess passwords These are passwords where people use the names of themselves, their children, spouse, pet, or car model as their password. Then there are the users who choose "password", administrator, or simply blank passwords. An attacker will almost always try these combinations first, before proceeding with any other password attacks.

Dictionary attack A simple dictionary attack is by far the fastest way to break into a machine. A dictionary file (a text file full of dictionary words) is loaded into a cracking application (such as L0phtCrack), which is run against user accounts located by the application. Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to the job. Dictionary attacks - With this attack, the attacker will use a program that will try every possible word in the dictionary. Dictionary attacks can be done either by repeatedly logging into systems, or by collecting encrypted passwords and attempting to find a match by similarly encrypting all the passwords in the dictionary. Attackers usually have a copy of the English dictionary as well as foreign language dictionaries for this purpose. They all use additional dictionary-like databases, such as names and list of common passwords.

Hybrid attack

Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the filename to successfully crack a password. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month password is "cat"; second month password is "cat1"; third month password is "cat2"; and so on.

Brute force attack A brute force attack is the most comprehensive form of attack, though it may often take a long time to work depending on the complexity of the password. Some brute force attacks can take a week depending on the complexity of the password. L0phtcrack can also be used in a brute force attack. Just as in a Dictionary attack, an attacker may try all possible combinations of characters. Using a single modern CPU, a short 4-letter password consisting of lower-case letters can be cracked in just a few minutes. A longer 8-character password consisting of upper and lower case letters, as well as numbers and punctuation can take several hours or more to crack. However, this time can be greatly reduced using distributed methods, where many computers work on the problem simultaneously.

Pre-computed tables Popularly known as Rainbow tables, this is essentially a brute-force attack where the work has been done ahead of time. Tables of all possible password hashes are pre-computed using the power of distributed computing. Once the tables have been generated, the amount of time to find a password of any strength is negligible even complex passwords can often be found within a matter of minutes. Popular tools such as Rainbow Crack, Ophcrack and Cain & Abel use pre-computed tables, and the tables themselves can easily be found online. Some sites will offer to crack password hashes for you (for a price), or sell the precomputed tables.

The bottom line is that passwords are no longer an effective barrier against a determined attacker, and other methods of authentication should be implemented wherever possible.

Acquiring Passwords
Clear-text sniffing A number of protocols (Telnet, FTP and HTTP Basic) use clear-text passwords, meaning that they are not encrypted as they go over the wire between the client and the server. An attacker with a protocol analyzer can watch the wire looking for such passwords. No further effort is needed; the attacker can start immediately using those passwords to log in.

Encrypted sniffing Most protocols, however, use some sort of encryption on the passwords. In these cases, the attacker will need to carry out a Dictionary- or Brute Force-attack on the password in order to attempt decryption. Note that you still don't know about the attacker's presence, as he/she has been completely passive and has not transmitted anything on the wire. Password cracking does not require anything to be sent on the wire since the attacker's own machine is being used to authenticate your password.

Replay attack In some cases, attackers do not need to decrypt the password. They can use the encrypted form instead in order to log in to systems. This usually requires reprogramming their client software in order to make use of the encrypted password.

Password-file stealing The entire user database is usually stored in a single file on the disk. In UNIX, this file is /etc/passwd (or some mirror of that file), and under Windows, this is the SAM file or the Active Directory database file, ntds.dit. Either way, once an attacker gets hold of this file, he/she can run cracking programs in order to find some weak passwords within the file.

Observation One of the traditional problems in password security is that passwords must be long and difficult to guess (in order to make Dictionary- and Brute Force cracks unreasonably difficult). However, such passwords are often difficult to remember, so users write them down somewhere. Attackers can often search a persons work site in order to find passwords written on little pieces of paper (usually under the keyboard). Attackers can also train themselves to watch typed-in passwords behind a user's back.

Internal attacks
Internal attackers are the most common sources of cracking attacks because attackers have direct access to an organization's systems. The first scenario looks at a situation in which a disgruntled employee is the attacker. The attacker, a veteran systems administrator, has a problem with her job and takes it out on the systems she is trusted to administer, manage, and protect.

Example: The disgruntled employee Jane Smith, a veteran system administrator with impeccable technical credentials, has been hired by your company to run the backup tapes during the late evenings. Your company, an ISP, has a very large data center with roughly 4000+ systems all monitored by a Network Operations Center. Jane works with two other technicians to monitor the overnight backups and rotate the tapes before the morning shift comes in. They all work independently of each other: one technician works on the UNIX Servers, one technician covers the Novell Servers, and Jane has been hired to work on the Windows 2000 Servers. Jane has been working on the job for six months now and is a rising star. She comes in early, stays late and has asked to transfer to another department within the company. One problem: there are no open positions at the time. During the last month you (security analyst) have noticed a dramatic increase in the number of attempts at Cisco router and UNIX Server logins. You have Cisco Secure ACS implemented so you can audit the attempts and you see that most of them occur at 3 a.m. Your suspicions are aroused, but as a security analyst, you can't go around pointing fingers without proof. A good security analyst starts by looking deeper into the situation. You note that the attacks are from someone of high caliber and occur during Jane's shift, right after she is done with her tape rotation assignment and usually has an extra hour to study or read before the day operations team comes in. So you decide to have Jane supervised at night by the night operations manager. After three weeks of heavy supervision, you notice that the attacks have stopped. You were right. Jane was attempting to log into the Cisco routers and UNIX servers.

A good security analyst also needs to employ a good auditing tool, such as Tacacs+, to log attacks. Tacacs+ is a protocol used by applications such as CiscoSecure ACS that will force Authorization, Accountability, and

Authentication (AAA for short). If you have Authorization, then the person requesting access needs to be authorized to access the system. If you have Authentication, then the user accessing a resource needs to be authenticated with rights and permissions to have access. What happens when you are authorized and also authenticated? You must be held Accountable. Accounting logs alone solve many password cracking problems by forcing an attacker to be held accountable, authenticated and authorized. Next, I'll give an example of an old (but still widely used) attack, which involves sniffing passwords right off the network. You can see how a network supervisor had his Cisco routers and switches cracked by a help desk technician within the company. Example: The help desk technician Tommy is hired for the position of help desk technician to work with the afterhours help desk crew. The afterhours help desk staff is made up of roughly 10 technicians who provide coverage for eight remote sites that the company needs to support during off hours. Tommy always brings his laptop with him to work. When questioned about the laptop by his manager, Tommy explains that he is using his break time to prepare for a certification test. This seems harmless and is approved, even though there is a company-wide security policy in place about bringing machines from the outside into the corporate network without corporate security looking the device over.

Tommy is eventually caught by a surveillance camera leaving a small wiring closet with something under his arm. But since nothing is reported missing, there is no way to prove that Tommy has done anything wrong. And when questioned by the help desk manager about why he was in the closet, Tommy says that he mistakenly entered it thinking it was a break room. The company's security manager, Erika, sees the report filed by the guards responsible for the physical security of the building. She wonders what Tommy was doing in that closet and is not satisfied with the answer he gave to the help desk manager. Upon searching the closet, she finds an unplugged patch cable hanging from one of the patch panels and an empty hub port. When she plugs the cable back in, the link light does not come back on suggesting that this is a dead port. Cable management Velcro straps neatly hold all the other cables together. With Erika's years of experience and keen sense of security exploitation, she knows exactly what happened. Erika assumes that Tommy has brought his laptop in the wiring closet unseen. He most likely looked for a dead port on the hub and plugged his laptop in with a packet sniffer installed on it, which promiscuously picks up traffic on a network segment. He returns later to pick up the laptop, which is caught on the surveillance camera, to take home for analysis after saving the capture file. Using the company's security policy, she confronts Tommy and explains that all personal property, such as laptops and palm pilots, are subject to search if on the premises illegally. Since Tommy never should have had his laptop there in the first place, he hands it over to Erika. Upon careful examination, Erika finds the following trace decode as seen in Figure 1.

Figure1.

Captured

telnet

traffic

with

protocol

analyzer

A close examination of the Hex pane of the Sniffer Pro analyzer in Figure 2 reveals ASCII data in clear view on the right side of the pane. While attached to a switch in the closet, Tommy ran the configuration while connected via a telnet session. Since the telnet protocol is unsecure and sent via cleartext, it is easy to see the password: "cisco."

Figure2.

ASCII

decode

of

plaintext

data

This is one of the most basic principles of security: Never use a product name as a password. But in spite of how basic a principle it is, it's remarkable how often it is still done.

External attacks
External attackers are those who must traverse your "defense in depth" to try and break into your systems. They don't have it as easy as internal attackers. The first scenario involves a fairly common form of external attack known as Web site defacing. This attack uses password cracking to penetrate the systems that the attacker wants to deface. Another possible password cracking attack is when an attacker tries to obtain passwords via Social Engineering. Social Engineering is the tricking of an unsuspecting administrator into giving the account ID and passwords over to an attacker. Lets take a look at both.

Example: Web site home page defacing Figure 3 demonstrates a fairly common and simple example of external password cracking: defacing a Web site's home page. It takes little effort and is usually accomplished by simply exploiting an Internet Information Server (IIS) that has its permissions set incorrectly. The attacker simply goes to a workstation and tries to attack the IIS server with an HTML editing tool. When trying to attach over the Internet to the site, the attacker uses a password generator tool, such as L0phtCrack, which launches a brute force attack against the server.

Figure3. Home page replaced by an attacker

Your company's reputation is on the line. Business vendors and associates will lose faith in you if they perceive that your data is kept on unsecured servers. Make sure you look at inside and outside threats equally. Example: Social engineering tricks Non-tool related tricks to crack passwords are called social engineering attacks. Read this a scenario to learn more. Jon is the new security analyst for a large company. His first job is to test his company's security stance. He of course lets management know what he is about to do (so he doesn't get labeled as an attacker himself). He wants to see how hard it is to crack into the network without even touching a single tool. He tries two separate but equally devastating attacks.

As a new employee in a large organization, John isn't known to many people yet, which makes it easy for him to pull off his first social engineering attack. His first target is the help desk. Jon makes a routine call to the help desk and asks for a password reset as a supposed remote user. Jon already has half the information he needs since he knows that the company's naming convention is simply first name and the first initial of the user's last name. The CIO's name is Jeff and his last name is Ronald, so JeffR is his login ID. This information is readily available from the company's phone directory. Masquerading as the CIO, Jon calls the help desk and asks for a password reset because he has forgotten his password. This is a normal ritual for the help desk technician who resets forgotten passwords 100 times a day and calls the requestor back letting them know what their knew password is. The help desk technician calls Jon back five minutes later and lets him know that his new password is "friday" because it happens to be Friday. Within another 5 minutes, Jon is in the CIO's shared files on the server and in his e-mail. Jon's next social engineering attack involves a good friend of his who works for the local telephone company. Jon borrows some of his gear and his belt and badge on his friend's day off. Jon takes his new gear and heads to another part of the organizations campus where all the disaster recovery routers and servers are located. This hardware contains a working copy of all the company's current data and is considered confidential. Jon walks into the campus security office in his Telco costume and explains that he has been called out by the Local Exchange Carrier (LEC) because a circuit appears to be looped from the Telco. He needs to be let into the data center so he can check out if there are any alarms on the Smart Jack.

The onsite administrator escorts Jon to the data center not even checking his ID. Once inside, the administrator wisely sticks around, so Jon starts his test. After a few minutes, Jon informs the administrator that he will have to call his office and let them run some more tests so he can loop off the Smart Jack and try to troubleshoot. Jon lets the administrator know that this will take about 45 minutes, so the administrator gives Jon his pager number and asks that he page him when he is done to let him out. Jon has now successfully eliminated the only obstacle between him and the 30 servers all lined up in racks along the back wall of the data center.

Jon has a few different opportunities now. He can go to every server and start looking for unlocked consoles, or he can plug his laptop into an open port and start sniffing. Since he really wants to see how far he can go, he decides to look for open consoles. After five minutes of looking through all the KVM slots, he finds a Windows NT server running as the Backup Domain Controller for the Domain. Jon pulls a CD out of his bag and enters it into the CD tray of the server. He installs L0phtCrack onto a BDC for the companies Domain and runs a dictionary attack. Within five minutes produces the following password: Yankees. It turns out the lead administrator is a New York Yankees fan. He now has access to the company's most vital information. Now look at how this was done.

Figure 4. Using L0phtCrack to break the Administrator password

A protection check list Here is a checklist of things you can do to make password cracking more difficult:

Audit your organization! Do a walk through and make sure passwords are not stuck to monitors or under keyboards.

Set up dummy accounts. Get rid of the administrator (or admin) account or set it up as a trap and audit it for attempts.

Use strong, difficult to guess passwords, and never leave a console unlocked.

Backups are necessary in case you are compromised. You need a working set of data, so make sure you have it. Keep the tapes secure too or the data there will be compromised as well.

Prevent dumpster diving. Don't throw sensitive information away; shred it or lock it up.

Check IDs and question people you don't know. When you have visitors, check them out and make sure they belong.

Educate your end users. Make sure they aren't prone to social engineering and educate and remind internal users of the company's security policies.

Network Access and Web Server Attacks

Computers forming part of a local area network that is in turn connected to the Internet are exposed to a range of potential logical access risks. A network's primary purpose is to permit users to access resources and exchange information, but hacker scan also use the network for the same purpose. There are different ways to achieve unauthorized access under this heading, many being technically sophisticated. One set of approaches exploits features of networking software that make it accessible from outside the network. Another set exploits browsers; for example, browsers maintain or have access to information about the user and computer that hacker can exploit. A hacker could also cause a browser to launch an "applet"(a program that runs in conjunction with the browser) to hack the computer or network, or to send back information that is not normally accessible from outside. Once access is gained, "island hopping" through the network is sometimes possible by exploiting trusted relationships between interconnected computers -the fact is that a network of computers that trust each other is only as secure assist weakest link.

The basic solutions to this family of security risks are to keep abreast of vendor security updates - such as the Microsoft example illustrated - and to maintain an effective "firewall".

Email Attacks
E-mail is a major route into networked computers. Typically, a Trojan horse program is buried within an innocuous-looking attachment to an e-mail message. The Trojan is launched when the attachment is opened (or sometimes viewed) and covertly passes control of the computer to the hacker.

Inside Jobs
Most security breaches originate inside the network that is under attack. Inside jobs include stealing passwords (which hackers then use or sell), performing industrial espionage, causing harm (as disgruntled employees), or committing simple misuse. Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breaches.

Rogue Access Points

Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.) Rogue APs are most often connected by well-meaning but ignorant employees.

Backdoors
Hackers can gain access to a network by exploiting backdoors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.

Viruses and Worms

Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shutdown networks by flooding them with massive amounts of bogus traffic, usually through e-mail.

Trojan Horses
Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.

Anarchists, Crackers, and Kiddies

Who are these people, and why are they attacking your network? Anarchists are people who just like to break stuff. They usually exploit any target of opportunity. Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit. Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch. Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.

Sniffing and Spoofing

Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister. Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

Phishing
This is a method of luring an unsuspecting user into giving out their username and password for a secure web resource, usually a bank or credit card account. Ebay and PayPal are particularly susceptible to this type of attack.

usually achieved by creating a website identical to the secure site user is sent email requesting them to log in, and providing a link to the bogus site

when user logs in, password is stored and used to access the account by the attacker

difficult to guard against, particularly if using HTML email

Currently no law specifically against this, though some experts think this may come under the Computer Misuse Act, and may also be testable under trademark laws (passing off as another's web site).

Key loggers

A key logger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed on the affected machine, such as a user's password or other private data. Some key loggers uses virus, Trojan, and rootkit-like methods to remain active and hidden. However, some key loggers are used in legitimate ways and sometimes to even enhance computer security.

As an example, a business might have a key logger on a computer used at a point of sale and data collected by the key logger could be used for catching employee fraud. By recording a users keystrokes, either with software installed on the workstation or with a piece of hardware that plugs in between the keyboard and the computer, an attacker can easily gather plenty of useful information, including passwords. Obviously connecting hardware can be more difficult since it requires physical access to the site, so software keystroke loggers are generally much more prevalent. One of the more interesting methods of getting the software installed is to leave a candy dish full of cheap USB pen drives near the entrance to a building, or to give them out in a public area. Once users connect these drives, a Trojan horse program is installed that records keystrokes and sends the data back to the attacker.

Rootkit
A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Rootkits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Possible Vulnerabilities and Ways to Exploit Them

Vulnerability scanner A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.)

Software bugs Software always has bugs. System administrators and programmers can never track down and eliminate all possible software vulnerabilities, and attackers have only to find one hole in order to break in. Software bugs are often exploited in the server daemons, client applications, operating systems, and the network stack. Software bugs can be classified in the following manner:

Buffer overflows Almost all the security holes you read about are due to this problem. A typical example is a programmer who sets aside 256 characters to hold a login username. However, if an attacker tries to enter in a false username longer than that, you might have a problem. All the attacker has to do is send 300 characters, including code that will be executed by the server, and voila, game over. Hackers find these bugs in several ways.

First, the source code for a lot of services is available on the net. Hackers routinely look through this code searching for programs that have buffer overflow problems. Secondly, hackers may look at the programs themselves to see if such a problem exists. Thirdly, hackers will examine every place the program has input and try to overflow it with random data. If the program crashes, there is a good chance that carefully constructed input will allow the attacker to gain access.

Unexpected combinations Programs are usually constructed using many layers of code, including the underlying operating system as the bottom most layer. Attackers can often send input that is meaningless to one layer, but meaningful to another layer. A very common example of this is found in a SQL injection attack, where an attacker executes unauthorized SQL commands through an input field on a website by entering extra characters such as single-quotes () or a semicolon (;) into the input field. The attacker can then append additional commands after these special characters, and they will be interpreted by the SQL server.

Unexpected input Most programs are written to handle valid input. Most programmers do not consider what happens when somebody enters input that doesn't match the specification.

System Configuration Bugs

Default configurations Most systems are shipped to customers with default, easy-to-use configurations. Unfortunately, "easy-to-use" means "easy-to-break-in". In recent years, operating system vendors have recognized this problem, and are starting to ship more secure systems out-of-the-box, but there will always be some risks associated with a default configuration.

Running unnecessary services Virtually all programs can be configured to run in an unsecure mode. Sometimes administrators will inadvertently open a hole on a machine. Most administration guides will suggest that administrators turn off everything that doesn't absolutely, positively need to run on a machine in order to avoid accidental holes. Note that security-auditing packages (such as Nessus) can usually find these holes and notify the administrator.

Trust relationships Attackers often "island hop" through the network exploiting trust relationships. A network of machines trusting each other is only as secure as its weakest link.

Design flaws Even if a software implementation is completely correct according to the design, there still may be bugs in the design itself that leads to intrusions.

TCP/IP protocol flaws The TCP/IP protocol was designed before we had much experience with the wide-scale hacking we see today. As a result, there are a number of design flaws that lead to possible security problems. Some examples include smurf attacks, ICMP Unreachable disconnects, IP spoofing, and SYN floods. The biggest problem is that the IP protocol itself is very "trusting": hackers are free to forge and change IP data with impunity. IPsec (IP security) has been designed to overcome many of these flaws, but it is not yet widely used.

Poor system administrator practices A surprising number of machines are configured with an empty or easy-to-guess root/administrator password, possibly because the administrator is too lazy to configure one right away and wants to get the machine up and running quickly with minimal fuss. Unfortunately, they never get around to fixing the password later, allowing attackers easy access. One of the first things an attacker will do on a network is to scan all machines for empty or commonly used passwords.

Social Engineering
One successful and common technique is to simply call the helpdesk and say "Hi, this is Ron Smith, the senior director for IT in San Jose. I have a presentation to give my boss, the CIO, and I cant log into server XYZ to get my notes. Would you please reset my password now? I have to be in this meeting in 2 minutes." Many unsuspecting operators would simply reset Rons password in this situation.

Most corporations have a policy that directs users/operators/helpdesk to never give out or reset passwords, even to their own IT director, but this technique is still successful. Phishing schemes also fall under this category. Phishing involves posing as a trusted source, usually through email, to trick users into revealing confidential information such as passwords or credit card numbers.

Typical Intrusion Scenarios Reconnaissance The attacker will find out as much as possible without actually giving himself away. He will do this by finding public information or appearing as a normal user. In this stage, you really can't detect an attacker. He will do a 'whose' look-up on your registered domain names to find as much information as possible about your network and people involved. The attacker might walk through your DNS tables (using 'nslookup', 'dig', or other utilities to domain zone transfers) to find the names of your machines. The attacker will browse other public information, such as your public web sites and anonymous FTP sites. The attacker might search news articles and press releases about your company.

Scanning The attacker uses more invasive techniques to scan for information, but still doesnt do anything harmful. He might walk through all your web pages and look for vulnerable CGIscripts. He might do a 'ping' sweep in order to see which machines are alive. He will run utilities like Nessus in order to see what's available and what is vulnerable. At this point, the attacker has done 'normal' activity on the network and has not done anything that can be classified as an intrusion. At this point, an NIDS may be able to tell you that "somebody is checking door handles", but nobody has actually tried to open a door yet.

Running exploits The attacker crosses the line and starts exploiting possible holes in the target machines. A sophisticated attacker may user complex techniques to remotely exploit vulnerable services, whereas a less talented Script Kiddie might use automated tools suchMetasploit, which require little more knowledge than how to use a web browser and the IPaddress of a victims system in order to exploit systems.

Establishing a foothold At this stage, the attacker has successfully gained a foothold in your network by hacking into a machine. The attacker's main goal is to hide evidence of the attacks(doctoring the audit trail and log files) and to make sure he can get back in again. He may install 'rootkits' that give him access and hide his tracks, replace existing services with his own Trojan horses that have backdoor passwords, or create his own user accounts. A good host based IDS can often detect an attacker at this point by noting the changed system files, but a good attacker can cover his tracks to avoid detection. The hacker will use the system as stepping-stone to other systems, since most networks have fewer defenses from inside attacks.

Playing for profit The attacker finally takes advantage of his status to steal confidential data, misuse system resources (i.e. stage attacks at other sites from your site), or deface web pages.

Common Intrusion Signatures

There are three types of attacks:

Reconnaissance These attacks include ping sweeps, DNS zone transfers, e-mail recons, TCPor UDP port scans, and possibly indexing of public web servers to find CGI holes.

Exploits Attackers will take advantage of hidden features or bugs to gain access to the system.

Denial-of-service (DoS) attacks Where the attacker attempts to crash a service (or the machine), overload network links, overload the CPU, or fill up the disk. The attacker is not trying to gain information, but to simply act as a vandal to prevent you from making use of your machine. DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol (TCP) packets).Distributed DoSs (DDoS5) is coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.

Common DoS (Denial of Service) attacks

Ping-of-Death Sends an invalid fragment, which starts before the end of packet, but extends past the end of the packet. SYN Flood Sends TCP SYN packet (which start connections) very fast, leaving the victim waiting to complete a huge number of connections, causing it to run out of resources and dropping legitimate connections. "SYN cookies" are a new defense against this. Each side of a connection has its own sequence-number. In response to a SYN, the attacked machine creates a special sequence number that is a "cookie" of the connection and then forgets everything it knows about the connection. It can then recreate the forgotten information about the connection when the next packets come in from a legitimate connection.

Common Reconnaissance Scans One of the most common tools used in reconnaissance is Nessus. This free tool, which runs on many platforms including Linux and Windows, combines many different methods to identify remote systems and vulnerabilities. Some of the most common scan types include:

Ping sweeps This simple scan simply pings a range of IP addresses to find which machines are alive. Note that more sophisticated scanners will use other protocols (such as an SNMP sweep) to do the same thing.

TCP scans Probes for open (listening) TCP ports looking for services the attacker can exploit. Scans can use normal TCP connections or stealth scans that use halfopen connections (to prevent them from being logged) or FIN scans (never opens a port, but tests if someone is listening). Scans can be sequential, randomized, or configured lists of ports.

UDP scans These scans are a little bit more difficult because UDP is a connectionless protocol. The technique is to send garbage UDP packets to the desired port. Most machines will respond with an ICMP "destination port unreachable" message, indicating that no service is listening at that port. However, many machines throttle ICMP messages, so you can't do this very fast.

OS identification By sending illegal (or strange) ICMP or TCP packets, an attacker can identify the operating system. Standards usually state how machines should respond to legal packets, so machines tend to be uniform in their response to valid input. However, standards omit (usually intentionally) the response to invalid input. Thus, each operating systems unique responses to invalid inputs form a signature that attackers can use to figure out what the target machine is. This type of activity occurs at a low level (like stealth TCP scans) that systems do not log.

Common Exploits
Once vulnerable systems have been discovered, the attacker will want to exploit the vulnerabilities. An advanced attacker may use sophisticated techniques to break into a system, while a less talented attacker might use popular

automated tools like Metasploit. Internet worms will also use common exploits to compromise a system in order to continue spreading.

Common exploits include: Server-side scripts CGI programs and ASP scripts are notoriously insecure. Typical security holes include passing tainted input directly to the command shell via the use of shell metacharacters, using hidden variables specifying any filename on the system, and otherwise revealing more about the system than is good. These attacks can be detected by examining web server logs, and by monitoring network traffic with a NIDS.

Web server attacks Beyond the execution of server-side scripts, web servers have other possible holes. The most common bugs are buffer overflows in the request field or in one of the other HTTP fields. Servers have long had problems with URLs. For example, the death by a thousand slashes" problem in older Apache would cause huge CPU loads as it tried to process each directory in a thousand slash URL. New vulnerabilities in web servers are constantly being discovered. The best way to protect your web server is to keep up with the latest security patches from the vendor.

Web browser attacks New security holes are constantly being discovered in all web browsers. This includes URL, JavaScript, CSS, Java, and ActiveX attacks. URL fields can cause a buffer overflow condition, either as it is parsed in the HTTP header, as it is displayed on the screen, or processed in some form (such as

saved in the cache history). Also, an old bug with Internet Explorer allowed interaction with a bug whereby the browser would execute .LNK or .URL commands. JavaScript is a perennial favorite, and usually tries to exploit the "file upload" function by generating a filename and automatically hiding the "SUBMIT" button. Many variations of this bug have been fixed, only to have new ways found to circumvent the fixes.CSS (cross-site scripting) attacks involve directing users to a malicious site via a specially crafted hyperlink. Vulnerable web browsers dont check for these types of hyperlinks, and confidential information can be passed to an attackers own web server. This type of attacks most commonly used in a Phishing scheme, whereby users are tricked into visiting a malicious site. Java has a robust security model, but that model has proven to have the occasional bug (though compared to everything else, it has proven to be one of the most secure elements of the whole system). Moreover, its robust security may be its undoing: normal Java applets have no access to the local system, but sometimes they would be more useful if they did have local access -- thus, the implementation of "trust" models that can more easily be hacked. ActiveX is even more dangerous than Java since it works purely from a trust model and runs native code. You can even inadvertently catch a virus that was accidentally embedded income vendor's code.

TCP sequence number prediction In the startup of a TCP connection, you must choose sequence number for your end, and the server must choose a sequence number for its end. Older TCP stacks choose predictable sequence numbers, allowing attackers to create TCP connections from a forged IP address (for which they will never see the response packets) that presumably will bypass security.

DNS poisoning through sequence prediction DNS servers will "recursively" resolve DNS names. Thus, the DNS server that satisfies a client request will become itself a client to the next server in the recursive chain. The sequence numbers it uses are predictable. Thus, an attacker can send a request to the DNS server and a response to the server forged to be from the next server in the chain. It will then believe the forged response, and use that to satisfy other clients.

IP spoofing There is a range of attacks that take advantage of the ability to forge (or spoof') your IP address. While a source address is sent along with every IP packet, it isnt actually used for routing. This means an attacker can pretend to be you when talking to a server. The attacker never sees the response packets (although your machine does, but throws them away because they don't match any requests you've sent). The attacker wont get data back this way, but can still send commands to the server pretending to be you. IP spoofing is frequently used as part of Denial of Service attacks.

What to hack?

Computer
In this the hacker makes the attack on the computers (PCs). In such attack the hacker get the access to the computer and do the things they want to do.

Process
Hackers that create viruses, logic bombs, worms, and Trojan horses are involved in perhaps the most malicious hacking activities. A virus is a program that has the potential to attack and corrupt computer files by attaching itself to a file to replicate itself. It can also cause a computer to crash by utilizing all of the computer's resources. For example, e-mail systems were inundated with the "ILOVEYOU" and the "Love Bug" viruses in May of 2000, and the damage to individuals, businesses, and institutions was estimated at roughly $10 billion. Similar to viruses, logic bombs are designed to attack when triggered by a certain event like a change in date. Worms attack networks in order to replicate and spread. In July of 2001, a worm entitled "Code Red" began attacking Microsoft Internet Information Server (IIS) systems. The worm infected servers running Windows NT 4, Windows 2000, Windows XP, and IIS 4.0 and defaced Web sites, leaving the phrase "Welcome to www.worm.com Hacked by Chinese!" Finally, a Trojan horse is a program that appears to do one thing, but really does something else. While a computer system might recognize a Trojan horse as a safe program, upon execution, it can release a virus, worm, or logic bomb.

The computer hacking can be done as the hacker makes the Trojan and any how place it to the computer of the target once the Trojan is placed in the computer the hacker make some port free for him to easily get access to the computer and through the Trojan horse the hacker makes the backdoor in the victims or targets computer. Through Trojan horse the attacker gets the confidential information from the computers such as password, pin code, etc.

Purpose
For terrorist activities For fun For getting confidential information To scan the computer To makes the backdoor To hide the actual attacker To disturb the target For checking knowledge To develop skills To hack the networks

Network
In network hacking the attacker or hacker hacks the network i.e. it acts as the part of the network. In network hacking the hacker first start the interaction and once the interaction is started the hacker hack the computer form the network and make the use of that computer to attack the others, in this hacking the hacker hack the whole network. Here it is difficult to find that whether the data is send by the hacker or by the group member. In this case the hackers restrict the network to do his task and increase the impact of attack. The network hacking is done to hack the other networks. Sometime the network hacking is done to check the level of security and the ability of the firewall. The network hacking is done after the computer hacking i.e. without computer hacking the hacker unable to know the network address to hack the network.

Process
As the cost of hacking attacks continues to rise, businesses have been forced to increase spending on network security. However, hackers have also developed new skills that allow them to break into more complex systems. Hacking typically involves compromising the security of networks, breaking the security of application software, or creating malicious programs such as viruses. The most popular forms of network hacking are denial of service (DoS) attacks and mail bombs. DoS attacks are designed to swamp a computer network, causing it to crash. Mail bombs act in a similar fashion, but attack the network's mail servers. When eBay was attacked in February 2000, its Web server

was bombarded with fake requests for Web pages, which overloaded the site and caused it to crash. Network hackers also try to break into secure areas to find sensitive data. Once a network is hacked, files can be removed, stolen, or erased. A group of teens in Wichita, Kansas, for example, hacked into AOL and stole credit card numbers that they then used to buy video games. Network hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc. It also includes OS Fingerprinting, Port Scanning and Port Surfing using various tools. Ping Ping is part of ICMP(Internet Message Control Protocol) which is used to troubleshoot TCP/IP networks. So, ping is basically a command that allows you to check whether the host is alive or not. To ping a particular host the syntax is (at command prompt) c:/ >ping hostname.com Example: c:/ > ping www.google.com

Various attributes used with ping command and their usage can be viewed by just typing c:/ > ping at the command prompt.

Netstat It displays the protocol statistics and current TCP/IP network connections i.e. local address, remote address, port number, etc. Its syntax is(at command prompt) c:/ >netstat -n

Telnet Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computers on particular port. When connected it grabs the daemon running on that port. The basic syntax of Telnet is(at command prompt) c:/ >telnet hostname.com By default telnet connects to port 23 of remote computer. So the complete syntax is c:/ >telnet www.hostname.com port Example: c:/>telnet www.yahoo.com 21or c:/ > telnet192.168.0.5 21

Tracert It is used t trace out the route taken by the certain information i.e. data packets from source to destination. Its syntax is(at command prompt) c:/ >tracert www.hostname.com Example: c:/ >tracert www.insecure.in

Here * * * Request timed out. indicates that firewall installed on that system block the request and hence we cant obtain its IP address. Various attributes used with tracert command and their usage can be viewed by just typing c:/ > tracert on the command prompt. The information obtained by using tracert command can be further used to find out exact operating system running on target system.

Purpose
For terrorist activities For fun For targeting other network To easy access to the network To act as a part of the network To disturb the target For checking knowledge To develop skills To check the level of security Checking the ability of firewall

Application
In application hacking the hacker hacks the particular application. The application hacking is done to create problem to the target. In application hacking the hacker hack the application and let them perform according to their wish i.e. restrict form input, update, delete of the data or files, etc. application hacking sometime done to get the password or some important information. The application hacking is done after the computer hacking i.e. without computer hacking it is unable for the hacker to hack the application.

Process
Application hackers break security on application softwaresoftware including word processing and graphics programsin order to get it for free. One way they gain access to software that requires a serial number for installation is by setting up a serial number generator that will try millions of different combinations until a match is found. Application hackers also sometimes attack the program itself in an attempt to remove certain security features. The application hacker attack the computer and for attacking the application the attacker get access to the software that requires the serial code or key during the installation of the software. The hacker try the various combination until he get the correct one once the hacker get the serial code the hacker can easily make the changes in the application and restrict the user from doing the work or disturb the user while working.

Purpose
For fun For getting confidential information To disturb the target For checking knowledge To develop skills

Email ID & Password

The hacker hacks the email ID and password of the person. The hackers want to harm the target by using his profile or his personal information. The email id hacking and password hacking can be done after the computer hacking, network hacking, application hacking or without hacking the three of above.

Process
The hacker use the Trojan horse to hack the e-mail ID and password of the target in case of the computer hacking. The hacker directly get the e-mail ID and password from the network when it is redirecting to the server for the verification in case of the network hacking. In case of the application hacking it is easy for the hacker to get the e-mail ID and password; the hackers have to hack the application only. In case of the hacking without hacking the computer, network and application the hacker hack the line and in the line the hacker temporarily logout the user or provide a screen to the user to enter the e-mail ID and password to the user and once the user enter the password the hacker save the password with him.

Purpose
For terrorist activities For fun For getting confidential information To hide the actual attacker To disturb the target For checking knowledge To develop skills To misuse the profile

Mobile Phone

Hackers of cell phone have innovated apparently a fault for the chips in their method of manufacturing. The better part is, although, this applies only for the cell phones which has model of first generation type that utilize Global System for Mobile communications or in short called GSM. Another precondition is cell phone must be in possession of the hacker for a minimum period of three minutes and that is why for preventing hacking of ones cell phone one should always keep ones cell phone in ones possession without letting it go out of ones sight. Lately, though the shortcoming has been taken care of for the time being in respect of third and second generation cell phone, it is presumed that approximately seventy percent of present cell phones are of first generation type. The other method adopted by the hacker is coming near the persons who have cell phone and through some laptop in which mobile hack software program is kept loaded and with the help of one antenna, he actually pick up ones cell phone information is if the same is found in switched on condition. This type of hacking becomes easier in case of cell phones which has Bluetooth technology. The mobile hacking can be done in two ways i.e. by hacking the mobile number or by hacking the mobile phone.

Mobile number hacking

In case of the mobile number hacking only the mobile number of the victim is use by the hacker. In mobile number hacking the hacker have to first send the message along with the code or program to the number if the message is received and read by the victim the code or program can get installed in the system and allow user a backdoor to access to the system. But the problem for the hacker is if the user change the SIM card (number) the hacker is no longer have access to the mobile.

Mobile phone hacking

For hacking the mobile phone the hacker have to first hack the mobile number or it can be done through the Bluetooth hacking. In this case the hacker makes the use of IMEI number which is unique for each and every mobile. The IMEI number can be gathered by the hacker by dialing the code on the victim mobile i.e. *#06# Cells Identity Code (IMEI = International Mobile Equipment Identity) XXXXXX XX XXXXXX X The IMEI number is divided in to four parts i.e. TAC FAC SNR SP where TAC = Type Approval Code (first 2 digits = country code of the approval-country) FAC = Final Assembly Code: (01,02 = AEG) (10,20 Nokia) (40,41,44 Siemens)

(30 Ericsson) (50 Bosch) (51 Sony, Siemens, Ericsson) (60 Alcatel) (65 AEG) (70 Sagem) (75 Dancall) (80 Philips) (85 Panasonic) SNR = Serial Nr. SP = Spare (always "0") Once the user is able to get the code the user send the message along with the program and make the back door to the target mobile. In such case if the SIM card (number) is change even though the hacker is able to get access to the mobile. For both the hacking the hacker will make the use of the mobile networks and it will be in use for long time for the hacker. The mobile hacking is applicable for both i.e. CDMA(Code Division Multiple Access) &GSM(Global System for Mobile Communications).

Steal Your Number

Your phone number can be accessed and obtained by cell phone hacking. This allows them to make calls and have it charged to your account.

Take Your Information

Mobile hacking allows a hacker to contact your cell phone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to only get your information. Some will even change all your phone numbers! Be sure to keep a backup of your information somewhere. This particular technique is called Bluesnarfing. Mobile phone hacking isnt a new phenomenon it has been taking place for years, it normally occurs via two methods i.e. Voicemail hacking & Data hacking.

Voicemail hacking
Voicemail hacking is a hacking where somebody remotely listening to your phones voicemail messages.

Process
Voicemail hacking is an invasion of privacy but what information can really be obtained from a left message (?), well really that depends on the person leaving it. Hackers can get away with such simple access thanks to a massive flaw, namely that public voicemail systems dont record the numbers from which the service is being accessed, only the time of access. This alone would make simple voicemail hacks harder to execute by leaving a trail of evidence of access. Voicemail hacking normally takes place via the system that allows you to listen to

your messages when you dont have your mobile with you or youre away from home. This is normally via a land line number (or your own land line number if its a home based answer phone system) and then you enter a security pin to listen to your messages however most people never change their pin from the default which is normally 1234 or 0000. If you dont change this pin code then a phone hacker could potentially listen to your voicemails by entering one of the default pins. Assuming your new pin is four digits, that allow 10,000 possible combinations for a hacker to guess, not completely secure but a reasonable start.

Purpose
Access the voice message of the target

Data hacking
Data hacking is a hacking where somebody viewing or stealing information stored on your phone (or a PC based backup), such as phone numbers, bank account details and emails. Celebrities have been the main targets for the mobile phone hacks because that apparently sells newspapers but fraudsters will also target us normal people to obtain our sensitive data so as they can commit fraud or to sell the data on.

Process
The data hacking can be done by using the Bluetooth or the software. Through Bluetooth the hacker get access to the targets mobile when they are paired with each other and access the whole things of the target mobile. Through the software in such case the hackers have to install the hacking software to their PCs or Laptop once the software is installed the hacker can get the access to the Data hacking is a significant risk as most of us now walk around with the same amount of data storage in our mobiles as our PCs are capable of holding at home.

To minimize the risk of your mobile data falling into the wrong hands you could try the following: Be careful where you store sensitive information for example dont use a non secure notes type app to store your credit card, bank account or pin codes in. Use a secure (password/pin protected) app or better still dont store this type of information anywhere!

Avoid public Wi-Fi Avoid checking emails, logging into mobile banking sites and accessing private information when your phone is connected to public Wi-Fi such as those in coffee shops as these are often insecure.

Set a phone password If your phones lost or stolen then a password could stop a data hacker in their tracks. Turn off Bluetooth When youre not using Bluetooth always turn it off as hackers could use the wireless connection to gain remote access to your phone.

Turn off auto-complete Some phones save user names and passwords automatically to help you log-in faster next time, but this could also help a hacker access your personal data. Check your phones Settings menu to see if it is automatically storing information.

Delete your browsing history Not seeing a list of which websites youve recently visited and the information youve accessed might be a little inconvenient, but clearing your mobile phones Internet browser history, cookies and cache will make it harder for a hacker to get your data. Remote locate, lock or wipe sign up to a mobile me find my iphone type service that allows you via another authorized device or web page to locate, lock, wipe or send an alert to your lost (or stolen) device. There have been a few good media stories on these services.

The recent stories in the media are not good news for the people who have experienced the hacks but this is only the tip of the iceberg for sure. Accessing peoples voicemails has for a longtime been a tool that law enforcement and investigators have utilized to gain Intel but thanks to this recent media coverage fraudsters will now jump on the band wagon. You have been warned!

Purpose
Read his messages Read his contacts Change profile Play his ringtone even if phone is on silent Play his songs (in his phone) Restart the phone Switch off the phone Restore factory settings Change ringing volume

Bluetooth hacking Process

Mobile Bluetooth Hack

The appearance of the sites for social networking has done a big job for the human society as it enables one to make friends and socialize with the utilization of internet. Side by side another glitch of new type has also crept up for which it is very difficult to know whether one is a sufferer or not. This is regarding the confidentiality of ones privacy which has come under threat. Security is one of the foremost criterions in every matter of life and it should be realized by the Bluetooth users. Cell phones are the most common gadget in which Bluetooth technology is being used and utilizing the same mobile Bluetooth hack is done very easily Bluetooth gadgets having weaker security are prone to hacking very comfortably. Specialists about Bluetooth are of the opinion that mobile Bluetooth hack can be performed in the following way.

One should cut off the link in between two pair of Bluetooth gadgets and unearth the packets for resending the pin and then breaking of pin code should be done. Mobile Bluetooth hack will not be possible if one is out of signal range of Bluetooth. For escaping mobile hacking, specialists recommend that one should utilize lengthy pins and type of pins which are difficult to keep in mind. Pins which are not of common pattern are the desired ones. An instance of common type of pin pattern is 12345. The most usual type of characteristics for Bluetooth gadget is pairing process where in two gadgets sharing files are made paired with the help of inserting the same type of pin. Mobile Bluetooth hack will not be able to get the information being delivered if they insert the wrong kind of pin. However, if two gadgets are not kept paired, the gadgets will not be able to transfer information regarding data communications and files.

PCs/Laptop Bluetooth Hacking

In the PCs/Laptop Bluetooth hacking the hacking is done by the help of the hacking software. This software is installed on the PCs/Laptop of the hacker and by the help of Bluetooth the hacker will get connected to the mobile device and once the connection is made the hacker can easily hack the mobile when the mobile is in the range. The hacker can able to perform both i.e. voicemail hacking as well as data hacking.

Purpose

Once connected to another phone via Bluetooth you can do the following: Call from his phone. It includes all call functions like hold etc. Read his messages Read his contacts Change profile Play his ringtone even if phone is on silent Play his songs(in his phone) Restart the phone Switch off the phone Restore factory settings Change ringing volume

Research Methodology

Sources of Data
Primary data

The data is collected by the help of questionnaire, where the questionnaire is give over the internet to the people and collect their feedback. The answer or feedback given by the people are taken into the consideration for the project and used as a data in the project. It is the first hand data collected from the people over internet.

Secondary data

Some of the data is also collected through the internet to complete the project. The data which are collected through the internet is the theoretical part of the project.

Tools used for Research

Pie Charts are use to represent the collected data, which helps to better understanding collected data in the project.

Target Population

The target population will be the people who were working over the internet and in the friend list of the researcher.

Sampling Techniques

For selecting the people over internet the Random selection technique is use. The people were selected to collect data for the project. In this sampling technique the selection of the people is done by researcher according to his convenience.

Questionnaire Hacking Survey

1. Name:

2. Are you the regular user of the internet? Yes No 3. Is your PC/e-mail id is get hacked? Yes No 4. Are you aware about the various types of hacking? Yes No 5. Will you know that Virus & Trojan horse is also a kind of hacking? Yes No

6. Are you formatted your PC due to virus or Trojan horse? Yes No 7. How many times you have format your PC due to viruses? 0-1 2-5 More than 5

8. Do you know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail? Yes No

***

Thank You ***

Data Analysis

For the data analysis the question were asked over the internet and the selection of the persons were done randomly for answering the questions. The major question which were considered for the project are

Is your PC/e-mail id is get hacked? Are you formatted your PC due to virus or Trojan horse? How many times you have format your PC due to viruses? Do you know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail?

Is your PC/e-mail id is get hacked?

Options Yes No

Data (%) 13.63 86.37

Observation:From the above diagram it is observed that near about 13.63% of the people whose PC/e-mail id is hacked while there is about 86.37% of the people whose PC/e-mail id is not hacked.

Are you formatted your PC due to virus or Trojan horse?

Options Yes No

Data (%) 80.76 19.24

Observation:From the above diagram it is observed that near about 80.76% of the people who have formatted their PC due to the virus or Trojan horse while there is near about 19.24% of the people who have not formatted their PC due to the virus or Trojan horse.

How many times you have format your PC due to viruses?

Options 0-1 2-5 More than 5

Data (%) 15.78 47.38 36.84

Observation:From the above diagram it is observed that near about 15.78% of the people who have formatted their PC (0-1 times) due to the virus, near about 47.38% of the people who have formatted their PC (2-5 times) due to the virus, while there is about 36.84% of the people who have formatted their PC (more than 5 times) due to the virus.

Do you know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail?

Options Yes No

Data (%) 52.94 47.06

Observation:From the above diagram it is observed that near about 52.94% of the people who know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail, while there is about 47.06% of the people who dont know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail.

Finding
"Hacking" as a term synonymous with computer crime computer hacking refers to gaining unauthorized access to, and hence some measure of control over, a computer facility, and most countries now have specific legislation in place to deter those who might wish to practice this art and science. There is various method used by the hacker to attack the system some of the methods are internal attacks, external attacks, Rogue Access Points, Backdoors, Viruses and Worms, email attack, etc.

The project also specifies the skills which are to be needed by the person to become a hacker. This project specify that how the person can easily become the hacker only by learning the things in 4 steps. This project also tells about the various types of hackers i.e. White Hat Hackers, Black Hat Hackers, Grey hat, Blue hat, Script Kiddies, Elite hacker, Hacktivists, State Sponsored Hackers, etc. Now a day it is also important to protect our mobile phone to get hacked by the hacker so there are various method use by the hacker to hack the data or to irritate the user. The mobile hacking takes place by the Bluetooth or it may be done by using the number i.e. by SIM number or IMEI number.

According to the data collected, it is observed that near about 13.63% of the people whose PC/e-mail id is hacked, and it is also observed that only 52.94% of the people know the various measures to get prevented from hacking while visiting or opening the unknown sites/message/mail.

Recommendation

The recommendation for the various users of the system, the network and the mobile phone users are:

Visit only the sites which are trusted. Dont read the mails or messages from the unknown persons. Regularly keep on updating the anti-virus. Never leave your system and mobile ideal either keep it with yourself or switch it off. Use better security system for the network like firewall and others. Always add to the trusted person in the network or to your Bluetooth pair devices. Never let unknown person to use your system.

Conclusion

It is here to be concluded that "hacking" as a term synonymous with computer crime computer hacking refers to gaining unauthorized access to, and hence some measure of control over, a computer facility, and most countries now have specific legislation in place to deter those who might wish to practice this art and science.

There are various types of hacker who works for the different purpose the some of the hackers are White Hat Hackers, Black Hat Hackers, Grey hat, Blue hat, Script Kiddies, etc. there are various ways which are use by the hacker to hack or to attack the system some of them are internal attacks, external attacks, Rogue Access Points, Backdoors, Viruses and Worms, email attack, etc. it is also to be taken care that the hacker can also hack or attack the mobile phones through the Bluetooth or the number i.e. by SIM number or IMEI number.

References
The hacker by N. Nagarajan CISA employed as Senior Deputy Accountant General in Mumbai published in a number of international journals.

Hacking PGP Jon Callas Black Hat Briefings Amsterdam Spring 2005 Mansukhani, Amesh. Are Smart Cards the New Way of Life? Solving the Password Problem April10, 2006 www.microsoft.com/technet/community/columns/secmgmt/sm0406.mspx Piscitello, David M. Anatomy of a Cross-Site Scripting Attack www.watchguard.com/infocenter/editorial/135142.asp Goodman, Paul. Growing Up Absurd. New York: Random House, 1960. Kohlberg, Lawrence. Essays on Moral Development, volume 1: The Philosophy of Moral Development. New York: Harper & Row, 1981. beepdf.com/doc/151621/computer_hacking_and_ethics.html http://freeonlinesurveys.com/app/rendersurvey.asp?sid=prgp7ecviai3uk420508 http://freeonlinesurveys.com/app/item-liveresults.asp