The Hacker Attitude

1. The world is full of fascinating

problems waiting to be solved
2. No problem should ever have to be
solved twice
3. Freedom is good
4. Attitude is no substitute for
competence
Hacking Techniques

1. Bait and Switch

2. Cookie theft
3. ClickJacking attacks
4. Virus, Trojan Attacks
5. Phishing
6. Eavesdropping (Passive Attacks)
7. Fake WAP
8. Waterhole attacks
9. Denial of service ( DoS/DDoS)
10. Keylogger
Bait and Switch

Using bait and switch hacking technique, an

attacker can buy advertising spaces on the
websites. Later, when a user clicks on the
ad, he might get directed to a page that’s
infected with malware. This way, they can
further install malware or adware on your
computer. The ads and download links
shown in this technique are very attractive
and users are expected to end up clicking
on the same
Cookie Theft
The cookies of a browser keep our personal data such
as browsing history, username, and passwords for
different sites that we access. Once the hacker get the
access to your cookie, he can even authenticate himself
as you on a browser. A popular method to carry out this
attack is to encourage a user’s IP packets to pass
through attacker’s machine.
Also known as SideJacking or Session Hijacking, this
attack is easy to carry out if the user is not using SSL
(https) for the complete session. On the websites where
you enter your password and banking details, its utmost
importance for them to make their connections
encrypted.
ClickJacking Attacks

ClickJacking is also known by a different name.

This behavior is very common in app download,
movie streaming, and torrent websites. While they
mostly employ this technique to earn advertising,
others can use it to steal your personal
information.
In this type of hacking, the attacker hijacks
Virus, Trojan Attacks
A Trojan Horse Virus is a type of malware that downloads
onto a computer disguised as a legitimate program. The
delivery method typically sees an attacker use 
social engineering to hide malicious code within legitimate
software to try and gain users' system access with their
software.
A simple way to answer the question "what is Trojan" is it is a
type of malware that typically gets hidden as an attachment in
an email or a free-to-download file, then transfers onto the
user’s device. Once downloaded, the malicious code will execute
the task the attacker designed it for, such as gain backdoor
access to corporate systems, spy on users’ online activity, or
steal sensitive data.
Indications of a Trojan being active on a device include unusual
activity such as computer settings being changed unexpectedly.
Phishing

It is a hacking technique using which a

hacker replicates the most-accessed sites
and traps the victim by sending spoofed
link. Combined with social engineering, it
becomes one of the most deadliest attack
vectors.
Eavesdropping (Passive Attacks)
An eavesdropping attack occurs when a hacker intercepts,
deletes, or modifies data that is transmitted between two devices.
Eavesdropping, also known as sniffing or snooping, relies on
unsecured network communications to access data in transit
between devices.

To further explain the definition of "attacked with

eavesdropping", it typically occurs when a user connects to a
network in which traffic is not secured or encrypted and sends
sensitive business data to a colleague. The data is transmitted
across an open network, which gives an attacker the opportunity
to exploit a vulnerability and intercept it via various methods.
Eavesdropping attacks can often be difficult to spot. Unlike
other forms of cyber attacks, the presence of a bug or listening
device may not adversely affect the performance of devices and
networks.
Fake WAP
Fake WAP (Wireless Access Point) is a type
of hacking attack in which the hacker sets
up a wireless router with a convincingly
legitimate name in a public spot where
people might connect to it. Once they do,
the hacker can monitor and even change
internet connections to steal sensitive data
or force the user to download malware onto
their device.
Waterhole Attacks

It is a computer attack strategy in which an

attacker guesses or observes which websites an
organization often uses and infects one or more of
them with malware. Eventually, some member of
the targeted group will become infected.
Hacks looking for specific information may only
attack users coming from a specific IP address.
This also makes the hacks harder to detect and
research. The name is derived from predators in
the natural world, who wait for an opportunity to
attack their prey near watering holes.
Denial of Service (DoS/DDoS)
is a cyber-attack in which the perpetrator seeks
to make a machine or network resource
unavailable to its intended users by temporarily
or indefinitely disrupting services of a host
 connected to a network. Denial of service is
typically accomplished by flooding the targeted
machine or resource with superfluous requests
in an attempt to overload systems and prevent
some or all legitimate requests from being
fulfilled.
Keylogger
Keystroke logging, often referred to
as keylogging or keyboard capturing, is the action
of recording (logging) the keys struck on a keyboard,
typically covertly, so that a person using the
keyboard is unaware that their actions are being
monitored. Data can then be retrieved by the person
operating the logging program. A keystroke
recorder or keylogger can be either software or 
hardware.
While the programs themselves are legal, with many
designed to allow employers to oversee the use of
their computers, keyloggers are most often used for
stealing passwords and other confidential information.
Hacker Vs. Cracker
The main difference between hackers and
crackers can be observed through the
following points:
Hackers are people who use their
knowledge for a good purpose and do not
damage the data, whereas a cracker is
someone who breaks into the system with
a malicious purpose and damages data
intentionally.
Hackers possess advanced knowledge of computer systems and
programming languages, while crackers might not necessarily be
so skilled and well-versed with computing knowledge.
The hackers work for an organization to improvise their network
and solve any issues. Crackers are someone from whom the
hacker protects the organization. Crackers work just because a
system might be challenging or to get illegal gains.
Hacking is ethical, while cracking is illegal and unethical.
Hackers have ethical certificates, while the Crackers do not
possess any certificates.
Hackers continuously work towards making new tools rather
than using the existing ones. The crackers, on the other hand,
have inadequate computing knowledge to make new tools and
use tools already used by other crackers.

In general use, Cracker hasn’t found much traction.

Famous Hackers
While many famous technologists have
been considered hackers, including Donald
Knuth, Ken Thompson, Vinton Cerf, Steve
Jobs and Bill Gates, black hat hackers are
more likely to gain notoriety as hackers in
mainstream accounts. Gate was also caught
breaking into corporate systems as a
teenager before founding Microsoft.
Some notorious BLACK HAT HACKERS
include:

 ANONYMOUS is a group of hackers around the world who

meet on online message boards and social networking
forums. They mainly focus their efforts on encouraging civil
disobedience and/or unrest via DoS attacks publishing
victims> personal information online, as well as defacing
and defaming websites.

 Jonathan James gained notoriety for hacking into multiple

websites, including those of the U.S Dept. of Defense and
NASA, as well as for stealing software code when he was a
teenager. In 2000, James became the first juvenile, he was
just 16 years old to be incarcerated for computer hacking.
He committed suicide when he was 25 years old.
Adrian Lamo hacked into the system of several
organizations, including The New York Times, Microsoft and Yahoo
to exploit their security flaws. Lamo was arrested in 2003,
convicted in 2004 and sentenced to six months of home detention
at his parents; home, two years’ probations and ordered to pay
about 65,000 dollars in restitution.

Kevin Mitnick was convicted of a number of criminal

computer crimes after evading authorities for two and a half
years. Once one of the FBI’s most want for hacking into networks
of 40 high-profile corporations, Mitnick was arrested in 1993 and
served five years in a federal prison. After his release, Mitnick
founded a cybersecurity firm to help organizations keep their
networks safe.
Risk Management typically falls into 7 areas:

1. Avoidance- take a close look at want information you

store a what you need to store. For example: 1-2 years after a
purchase maybe you don’t need the credit card number
anymore and can blank it out with a permanent marker but still
keep the receipt in case of a tax audit.
2. Prevention- I think this is self explanatory, prevent
access to data, prevent the removal of data from the business ,
etc.
3. Reduction- Reduce a loss if it does occur. Take
measure like placing limits on the amount that can be
withdrawn from a bank account at any time.
4. Separation- separate names from credit card numbers
whenever possible. Separate user names from passwords ( store
them in separate databases). Separate customer data from the
internet it on a computer that doesn’t have a internet connection or
email account.
5. Duplication- you have actually want to reduce the
duplication of customer data as the less duplicates the less chances
of theft but you want to duplicate firewalls, etc.
6. Transfer- this is the biggest one, transfer the risk of
storing credit card data to a third party processor like PayPal or
your bank. Let them take the risk of storing credit cards. Also
insurance is a form of transfer as you are transferring your risk to
the insurer.

7. Retention- as a last resort, be aware of the risk be risk

your face but if you cannot effectively manage it you must retain it
or avoid it ( by not engaging in business)
Cyber crime tactics: How to avoid
becoming a victim

Cybercrime is on the rise, affecting millions of

consumers and organizations all over the world.
Graham Day author of December’s book of the
month, Security in the Digital World, says: “
Attackers are slowly discovering all the ways that
devices can be used to attack others. As this
knowledge develops, the number and sophistication
of attacks also increase.”

It’s important to be aware of the tactics cyber

criminals use and how you can protect yourself.
Three methods that cyber criminals use to
attack as defines Security in the Digital World

1. Social Engineering- the attacker tries to

manipulate you into giving them either your information, or access
to your computer so that they can get the information themselves.
This can take place through many types of communication,
including the telephone (vishing), email (phishing), text messages
(smishing) or chats within games or apps. The aim of social
engineering is to exploit human nature by targeting common human
traits such as the fear of being attacked.
2. Malware- Malware is malicious software that will damage
or harm your computer, network or information with the sole intent
of infecting your system. Some malware will attempt to take control
of the system, allowing the attacker to do anything that they want
with it or the information on the device, deny you the device or the
information, or benefit from taking control of the device or he
information.

Malware is constantly altered by attackers to create new strains

so, it is almost impossible to keep track. Know strains include
Trojans, jailbreaks, viruses and worms.
3. Ransomware- Petya, Wanna Cry and not Petya
are all strains of ransomware that affected the
computer systems organizations worldwide.
Ransomware is a type of malware that is delivered
by social engineering and block access to the
information stored on your device/system. Users
will be denied access to their information unless
they pay a ‘ ransom’ to the attacker--- usually in
an electronic currency such as bitcoin.

This methods may be used on their own, or you could fall

victim to an attack that uses a combination. The attacker
uses more than one type of communication to make you
more confident that you are not being duped or manipulated.