https://kupdf.

net/download/hacking-and-cracking_5af304c1e2b6f5db1c6c3d49_pdf#

Hacking and Cracking

Hacking and Cracking

May 5, 2018 | Author: M.ZahidSadiq | Category: Malware, Security Hacker, Online Safety &
Privacy, Computer Security, Password
30p

Short Description
Download Hacking and Cracking...

Description
Table of Contents Hacking.........................................................................................................1
Cracking........................................................................................................1
History........................................
History................................................................... ...................................................... .....................
......................1 ................1 a)Early
1960s .................................................... ............................................................................................
.. ...........................................1 .1 b)Early
1970s .................................................. ............................................................................. ................
...................... ..................2 .......2 c)Early
1980s .................................................... .................................................................................... .......
.................................... ...........2 2 d)Late
1980s ......................................................................... .......................................................................
.............. ....................... ...........2 2 e)Early
1990s .................................................... ............................................................................................
... ...........................................2 2 f)Late
1990s ................................................... .............................................................................. ..............
......................... ...................3 .......3
g)1998 .................................................... ............................................................................... ..........
............................................3 ...........................3 Difference between Hacking and
Cracking.......................................................3 Cracking.......................................................3 Tools
of Hacking and Cracking.....................................................................
Cracking.........................................................................6 ....6 Tools of
hacking...................................
hacking.............................................................. .............................................. .............................. ..
.........6 6 Tools of Cracking................................
Cracking........................................................... ...........................................................6 ....................
............6 Types of Hacking and Cracking....................................................................
Cracking........................................................................7 ....7 a)Types of Computer
Hackers.......................................
Hackers....................................................................... ................................7 7 Types of
Cracking.................................
Cracking............................................................ .........................................................8 .....................
.........8 Techniques Of Hacking And Cracking..................................
Cracking...............................................................9 .............................9 a)Hacking
techniques.............................
techniques........................................................ .......................................................9 .......................
.....9 Cracking Techniques..........................
Techniques..................................................... ........................................................ ..........................
....17 .17 Top 05 Hacking Incidents of All Time.............................................................19
a)1993.........................................
a)1993.................................................................... ...................................................... ....................
.................19 ..........19 1996..........................................
1996..................................................................... ...................................................... ......................
................. ............19 19 1988..........................................
1988..................................................................... ...................................................... ......................
................. ............19 19 1999..........................................
1999..................................................................... ...................................................... ......................
................. ............20 20 2000..........................................
2000..................................................................... ...................................................... ......................
................. ............20 20 Advantages of Hacking And Cracking...................................
Cracking.............................................................20 ..........................20 a)Advantages of
Hacking........................................
Hacking.............................................................. .................................. ..............20 ..20 Advantages
of cracking...................................
cracking.............................................................. ............................................21 .................21
Disadvantages of Hacking...................................
Hacking.............................................................. .......................................... ................22 .22 Cyber
Wars between Pakistan and India................................
India........................................... ....................... .............23 .23

Conclusion............................
Conclusion....................................................... ...................................................... ...........................
....................27 ....................27
References.....................................................................................................28

Conclusion............................
Conclusion....................................................... ...................................................... ...........................
....................27 ....................27
References.....................................................................................................28
Hacking and cracking

MBA 2009-11

HACKING AND AND CRACKING 

Hacking Hacking is entering a network which is intended to be private, changing the

content of another person’s Web site, redirecting elsewhere anyone trying to access a particular
Web site or overwhelming a site with countless messages to slow down or even crash the
server. A hacker is a person who is proficient with computers and/or programming to an elite
level where they know all of the in's and out's of a system. There is NO illegality involved with
being a hacker. 

Cracking Cracking is the act of breaking into a computer system, often on a network. A

cracker can be doing this for profit, maliciously, maliciously, for some altruistic purpose or cause,
or because the challenge is there. A cracker is a hacker who uses their proficiency for personal
gains outside of the law. For example stealing data, changing bank accounts, distributing viruses
etc. Hacker is a malicious meddler who tries to discover sensitive information by poking around.
Hence "password hacker", "network hacker". The correct term for this sense is cracker.

History Hack Hackin ing g has has been been arou around nd for for more more than than a cent
centur ury. y. In the the 1870 1870s, s, seve severa rall teenagers were flung off the country's
brand new phone system by enraged authorities.

a)

Early 1960s Univ Univer ersi sity ty faci facililiti ties es with with huge huge main mainfr fram
ame e comp comput uter ers, s, like like MIT' MIT's s arti artifi fici cial al intelligence lab, become
staging grounds for hackers. At first, "hacker" was a positive 1

Hacking and cracking

MBA 2009-11

term for a person with a mastery of computers who could push programs beyond what they
were designed to do.

b)

Early 1970s
John Draper makes a long-distance call for free by blowing a precise tone into a telephone that
tells the phone system to open a line. Draper discovered the whistle as a give-away in a box of
children's cereal. Draper, who later earns the handle "Captain Crunch," is arrested repeatedly for
phone tampering throughout the 1970s. Two members of California's Homebrew Computer Club
begin making "blue boxes," devices used to hack into the phone system. The members, who
adopt handles "Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to
found Apple Computer.

c)

Early 1980s

Author William Gibson coins the term "cyberspace" in a science fiction novel called
Neuromancer . Comprehensive Crime Control Act gives Secret Service jurisdiction over credit
card and computer fraud. Two hacker groups form the Legion of Doom in the United States and
the Chaos Computer Club in Germany.

d)

Late 1980s

Computer Emergency Response Team is formed by U.S. defense agencies. Based at Carnegie
Mellon University in Pittsburgh, its mission is to investigate the growing volume of attacks on
computer networks. An Indiana hacker known as "Fry Guy" -- so named for hacking McDonald's
-- is raided by law enforcement. A similar sweep occurs in Atlanta for Legion of Doom hackers
known by the handles "Prophet," "Leftist" and "Urvile."

e)

Early 1990s

After AT&T long-distance service crashes on Martin Luther King Jr. Day, law enforcement starts a
national crackdown on hackers. Operation Sundevil, a special team of Secret Service agents and
members of Arizona's organized crime unit, conducts raids

Hacking and cracking

MBA 2009-11
in 12 major cities, including Miami. A Texas A&M professor receives death threats after a hacker
logs on to his computer from off-campus and sends 20,000 racist e-mail messages using his
Internet address.

f)

Late 1990s

Hackers break into and deface federal Web sites, including the U.S. Department of Justice, U.S.
Air Force, CIA, NASA and others. Report by the General Accounting Office finds Defense
Department computers sustained 250,000 attacks by hackers in 1995 alone. Hackers pierce
security in Microsoft's NT operating system to illustrate its weaknesses. Popular Internet search
engine Yahoo! is hit by hackers claiming a "logic bomb" will go off in the PCs of Yahoo!'s users on
Christmas Day 1997.

g)

1998

Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for
30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch
missiles may have come from a hacker. They decide to blow up the world anyway. In January, the
federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of fake
information requests, a hacker attack called "spamming." Hackers claim to have broken into a
Pentagon network and stolen software for a military satellite system. They threaten to sell the
software to terrorists. The U.S. Justice Department unveils National Infrastructure Protection
Center, which is given a mission to protect the nation's telecommunications, technology and
transportation systems from hackers.

Difference between Hacking and Cracking There is a difference between cracking and hacking;
unfortunately, a lot of people confuse the terms "hacker" and "cracker". There are a number of
reasons for this. The two big reasons are: 3

Hacking and cracking

MBA 2009-11

Crackers often call themselves "hackers"

•
The media refers to crackers as "hackers".

The basic difference is that Hackers build things and Crackers break them. In the world of
cyberspace, the difference between hacking and cracking is great.

Hacking and cracking HACKING

CRACKINGMBA 2009-11

1. Hacking is when something is under

1. Cracking is when users, passwords

attack by software that has been

and keys are detected with dictionary,

designed to a Bypass, Disable, and

brute force and hybrid attacks in order

Break etc in order to gain access.

to gain access to the target using existing user data.

2. "Hacking" was originally used to describe ways to create, alter or

2. "Cracking" is the illegal version of

improve software and hardware - a

hacking, where existing software is

"hacker" was an extremely proficient

reverse-engineered

programmer that could do in 5 lines of

restrictions like trial periods.

to

remove

code what would take others several modules

3. Hacking is to get the program partially (Trial) or even the entire

3. Cracking is to take the protection,

registered program. Also files. Books,

limit of trial of the program. That's

documents are subject to hacking.

putting

serial

number,

sometimes

replacing the .exe trial by the cracked .exe or just pasting stuffs to take away the trial of a
program. 4. Hacking

into

network

computer

systems is illegal, hackers believe it is 4. But not all hackers follow a code of

ethically acceptable as long as a hacker

does

not
commit

ethics. Those who break into computer

theft,

systems with malicious intent are known

vandalism or breach any confidentiality

in the hacking world as crackers.

-- the so-called hacker code of ethics. 5

5. Hackers possess a great deal of

Hacking and cracking

MBA 2009-11

Tools of Hacking and Cracking Tools of Hacking The different tools of hacking used are 

Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool

Turbodiff v1.01 BETA Released – Detect Differences Between Binaries

Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)

Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

Nikto 2.1.0 Released – Web Server Security Scanning Tool


Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite

KrbGuess – Guess/Enumerate Kerberos User Accounts

Naptha – TCP State Exhaustion Vulnerability & Tool

Origami – Parse, Analyze & Forge PDF Documents

Deep Packet Inspection Engine Goes Open Source

Tools of Cracking The different tools of cracking used are Packet sniffer Spoofing attack Root kit
Social engineering Trojan horse Virus Worm Key loggers 6

Hacking and cracking

MBA 2009-11

Types of Hacking and Cracking a) Types of Computer Hackers 

White Hat

White Hat hackers are individuals who hack into computer systems solely to see how the
computer's security systems work. 

Black Hat

Black Hat hackers are the complete opposite of "White Hats." Black Hats break into security
systems in order to steal credit card numbers, vandalize websites or otherwise do harm. 

Grey Hats

Grey Hat hackers are morally ambiguous. They act in their own self-interests and do not think
about the legal repercussions of their actions. They do not actively seek to break the law, but are
not concerned if such is the outcome. 

Hacktivist

Hacktivists are individuals who hack websites to further some form of political or social agenda.


Script Kiddie

Script Kiddies are faux-hackers. They use pre-packaged, pre-written software to slip past Internet
security protocols and are generally looked down upon in the various hacking communities. 

Cyberterrorists

Hacking and cracking

MBA 2009-11

As the name implies, cyberterrorists use computers to engage in acts of terrorism, often times
using DoS (Denial of Service) attacks to crash government websites.

Types of Cracking 

Password cracking

Password cracking is the process of discovering the plain text of an encrypted computer
password. Attempting to crack passwords by trying as many possibilities as time and money
permit is a brute force attack. A related method, rather more efficient in most cases, is a
dictionary attack. In a dictionary attack, all words in one or more dictionaries are tested. Lists of
common passwords are also typically tested. 

Software cracking

Software cracking is the modification of software to remove protection methods: copy

protection, trial/demo version, serial number, hardware key, date checks, CD check or software
annoyances like nag screens and adware. It is the defeating of software copy protection. 

Wireless cracking

In security branches wireless cracking is the unauthorized use or penetration of a wireless

network. A wireless can be penetrated in a number of ways. There are methods ranging from
those that demand high level of technological skill and commitment to methods that are less
sophisticated and require minimal technological skills

Hacking and cracking

MBA 2009-11

Techniques Of Hacking And Cracking a) Hacking Techniques

Different hacking techniques used by hackers are 

Trojan horses

A Trojan horse is a continuing threat to all forms of IT communication. Basically, a Trojan horse is
a malicious payload surreptitiously delivered inside a benign host. You are sure to have heard of
some of the famous Trojan horse malicious payloads such as Back Orifice, NetBus, and Sub
Seven. But the real threat of Trojan horses is not the malicious payloads you know about, its
ones you don't. A Trojan horse can be built or crafted by anyone with basic computer skills. Any
malicious payload can be combined with any benign software to create a Trojan horse. There are
countless ways of crafting and authoring tools designed to do just that. Thus, the real threat of
Trojan horse attack is the unknown. The malicious payload of a Trojan horse can be anything.
This includes programs that destroy hard drives, corrupt files, record keystrokes, monitor
network traffic, track Web usage, duplicate e-mails, allow remote control and remote access,
transmit data files to others, launch attacks against other targets, plant proxy servers, host file
sharing services, and more. Payloads can be grabbed off the Internet or can be just written code
authored by the hacker. Then, this payload can be embedded into any benign software to create
the Trojan horse. Common hosts include

games,

screensavers,

greeting 9

card

Hacking and cracking

MBA 2009-11
systems, admin utilities, archive formats, and even documents. All a Trojan horse attack needs to
be successful a single user to execute the host program. Once that is accomplished, the
malicious payload is automatically launched as well, usually without any symptoms of unwanted
activity. A Trojan horse could be delivered via e-mail as an attachment, it could be presented on
a Web site as a download, or it could be placed on a removable media (memory card, CD/DVD,
USB stick, floppy, etc.). In any case, your protections are automated malicious code detection
tools, such as modern anti-virus protections and other specific forms of Malware scanners, and
user education. 

Exploiting defaults

Nothing makes attacking a target network easier than when that target is using the defaults set
by the vendor or manufacturer. Many attack tools and exploit scripts assume that the target is
configured using the default settings. Thus, one of the most effective and often overlooked
security precautions is simply t o change the defaults. To see the scope of this problem, all you
need to do is search the Internet for sites using the keywords "default passwords". There are
numerous sites that catalog all of the default user names, passwords, access codes, settings, and
naming conventions of every software and hardware IT product ever sold. It is your responsibility
to know about the defaults of the products you deploy and make every effort to change those
defaults to no obvious alternatives. But it is not just account and password defaults you need to
be concerned with, there are also the installation defaults such as path names, folder names,
components, services, configurations, and settings. Each and every possible customizable option
should be considered for customization. Try to avoid installing operating systems into the default
drives and folders set by the vendor. Don't install applications and other software into their
"standard" locations.

10

Hacking and cracking

MBA 2009-11

Don't accept the folder names offered by the installation scripts or wizards. The more you can
customize your installations, configurations, and settings, the more your system will be
incompatible with attack tools and exploitation scripts. 

Man-in-the-middle

Attacks every single person reading this white paper has been a target of numerous man-in-the-
middle attacks. A MITM attack occurs when an attacker is able to fool a user into establishing a
communication link with a server or service through a rogue entity. The rogue entity is the
system controlled by the hacker. It has been set upto intercept the communication between user
and server without letting the user become aware that the misdirection attack has taken place.
A MITM attack works by somehow fooling the user, their computer, or some part of the user's
network into redirecting legitimate traffic to the illegitimate rogue system. A MITM attack can be
as simple as a phishing e -mail attack where a legitimate looking e-mail is sent to a user with a
URL link pointed towards the rogue system instead of the real site. The rogue system has a look
-alike interface that tricks the user into providing their logon credentials. The logon credentials
are then duplicated and sent on to the real server. This action opens a link with the real server,
allowing the user to interact with their resources without the knowledge that their
communications have taken a detour through a malicious system that is eavesdropping on and
possibly altering the traffic. MITM attacks can also be waged using more complicated methods,
including MAC (Media Access Control) duplication, ARP (Address Resolution Protocol) poisoning,
router table poisoning, fake routing tables, DNS (Domain Name Server) query poisoning, DNS
hijacking, rogue DNS servers, HOSTS file alteration, local DNS cache poisoning, and proxy re-
routing. And that doesn't mention URL1 obfuscation, encoding, or manipulation that is often
used to hide the link misdirection. To protect yourself against MITM attacks, you need to avoid
clicking on links found in e mails. Furthermore, always 1

Uniform Resource Locator

11

Hacking and cracking

MBA 2009-11

verify that links from Web sites stay within trusted domains or still maintain SSL encryption. Also,
deploy IDS2 systems to monitor network traffic as well as DNS and local system alterations. 

Wireless attacks

Wireless networks have the appeal of freedom from wires - the ability to be mobile within your
office while maintaining network connectivity. Wireless networks are inexpensive to deploy and
easy to install. Unfortunately, the true cost of wireless networking is not apparent until security
is considered. It often the case that the time, effort, and expense required to secure wireless
networks is significantly more than deploying a traditional wired network. Interference, DOS,
hijacking, man -in-the-middle, eavesdropping, sniffing, and many more attacks are made simple
for attackers when wireless networks are present. That doesn't even mention the issue that a
secured wireless network will typically support under 14 Mbps of throughput, and then only
under the most ideal transmission distances and conditions. Compare that with the standard of
a minimum of 100 Mbps for a wired network, and the economy just doesn't make sense.
However, even if your organization does not officially sanction and deploy a wireless network,
you may still have wireless network vulnerabilities. Many organizations have discovered that
workers have taken it upon themselves to secretly deploy their own wireless network. They can
do this by bringing in their own wireless access point (WAP), plugging in their desktop's network
cable into the WAP, then re -connecting their desktop to one of the router/switch ports of the
WAP. This retains their desktop's connection to the network, plus it adds wireless connectivity.
All too often when an unapproved WAP is deployed, it is done with little or no security enabled
on the WAP. Thus, a $50 WAP can easily open up a giant security hole in a multi -million dollar
secured-wired network. To combat unapproved wireless access

Intrusion Detection System

12

Hacking and cracking

MBA 2009-11

points, a regular site survey needs to be performed. This can be done with a notebook using a
wireless detector such as NetStumbler or with a dedicated hand -held device. 

Doing their homework

I don't mean that hackers break into your network by getting their school work done, but you
might be surprised how much they learn from school about how to compromise security.
Hackers, especially external hackers, learn how to overcome your security barriers by
researching your organization. This process can be called reconnaissance, discovery, or foot
printing. Ultimately, it is intensive, focused research into all information available about your
organization from public and non so public resources. If you've done any research or reading
into warfare tactics, you are aware that the most important weapon you can have at your
disposal is information. Hackers know this and spend considerable time and effort acquiring a
complete arsenal. What is often disconcerting is how much your organization freely contributes
to the hacker's weapon stockpile. Most organizations are hemorrhaging data; companies freely
give away too much information that can be used against them in various types of logical and
physical attacks. Here are just a few common examples of what a hacker can learn about your
organization, often in minutes: 

The names of your top executives and any flashy employees you have by perusing your archive
of press releases.


The company addresses, phone number, and fax number from domain name registration.

The service provider for Internet access through DNS lookup and trace route.

13

Hacking and cracking

MBA 2009-11

Monitoring Vulnerability

Research Hackers have access to the same vulnerability research that you do. They are able to
read Web sites, discussion lists, blogs, and other public information services about known
problems, issues, and vulnerabilities with hardware and software. The more the hacker can
discover about possible attack points, the more likely it is that he can discover a weakness you've
yet to patch, protect, or even become aware of. To combat vulnerability research on the part of
the hacker, you have to be just as vigilant as the hacker. You have to be looking for the problems
in order to protect against them just as intently as the hacker is looking for problems to exploit.
This means keeping watch on discussion groups and web sites from each and every vendor
whose products your organization utilizes. Plus, you need to watch the third -party security
oversight discussion groups and web sites to learn n about issues that vendors are failing to
make public or that don't yet have easy solutions. These include places like securityfocus.com,
hackerstorm.com, and hackerwatch.org. 

Being patient and persistent

Hacking into a company network is not typically an activity someone undertakes and completes
in a short period of time. Hackers often research their targets for weeks or months, before
starting their first tentative logical interactions against their target with scanners, banner-
grabbing tools, and crawling utilities. And even then, their initial activities are mostly subtle
probing to verify the data they gathered through their intensive "offline" research. Once hackers
have crafted a profile of your organization, they must then select a specific attack point, design
the attack, test and drill the attack, improve the attack, schedule the attack, and, finally, launch
the attack. In most cases, a 14

Hacking and cracking

MBA 2009-11

hacker's goal is not to bang on your network so that you become aware of their attacks. Instead,
a hacker's goal is to gain entry subtly so that you are unaware that a breach has actually taken
place. The most devastating attacks are those that go undetected for extended periods of time,
while the hacker has extensive control over the environment. An invasion can remain
undetected nearly indefinitely if it is executed by a hacker who is patient and persistent. Hacking
is often most successful when performed one small step at a time and with significant periods of
time between each step attempt at least up to the point of a successful breach. Once hackers
have gained entry, they quickly deposit tools to hide their presence and grant them greater
degrees of control over your environment. Once these hacker tools are planted, hidden, and
made active, the h ackers are free to come and go as they please. Likewise, protecting against a
hacker intrusion is also about patients and persistence. You must be able to watch even the
most minor activities on your network with standard auditing processes as well as an automated
IDS/IPS system. Never allow any anomaly to go uninvestigated. Use common sense, follow the
best business practices recommended by security professionals, and keep current on patches,
updates, and system improvements. However, realize that securi ty is not a goal that can be fully
obtained. There is no perfectly secure environment. Every security mechanism can be fooled,
overcome, disabled, bypassed, exploited, or made worthless. Hacking successfully often means
the hacker is more persistent than t he security professional protecting an environment. 

Confidence games

The good news about hacking today is that many security mechanisms are very effective against
most hacking attempts. Firewalls, IDSes, IPSec, and anti -Malware scanners have made intrusions
and hacking a difficult task. However, the bad news is many hackers have expanded their idea of
what hacking means to include social engineering: hackers

are

going

after

the

weakest link in any organization's security —the people. People are 15

Hacking and cracking

MBA 2009-11
always the biggest problem with security because they are the only element within the secured
environment that has the ability to choose to violate the rules. People can be coerced, tricked,
duped, or forced into violating some aspect of the security system in order to grant a hacker
access. The age -old problem of people exploiting other people by taking advantage of human
nature has returned as a means to bypass modern security technology. Protection against social
engineering is primarily education. Training personnel about what to look for and to report all
abnormal or awkward interactions can be effective countermeasures. But this is only true if
everyone in the organization realizes that they are a social engineering target. In fact, the more a
person believes that their position in the company is so minor that they would not be a
worthwhile target, the more they are actually the preferred targets of the hacker.

Already being on the inside

All too often when hacking is discussed, it is assumed that the hacker is some unknown outsider.
However, studies have shown that a majority of security violations actually are caused by
internal employees. So, one of the most effective ways for a hacker to breach security is to be an
employee. This can be read in two different ways. First, the hacker can get a job at the target
company and then exploit that access once they gain the trust of the organization. Second, an
existing employee can become disgruntled and choose to cause harm to the company as a form
of revenge or retribution. In either case, when someone on the inside decides to attack the
company network, many of the security defenses erected against outside hacking and intrusion
are often ineffective. Instead, internal defenses specific to managing internal threats need to be
deployed. This could include keystroke monitoring, tighter enforcement of the principle of least
privilege, preventing users from installing software, not allowing any 16

Hacking and cracking

MBA 2009-11

external removable media source, disabling all USB ports, extensive auditing, hostbased IDS/IPS,
and Internet filtering and monitoring. There are many possible ways that a hacker can gain
access to a seemingly secured environment. It is the responsibility of everyone within an
organization to support security efforts and to watch for abnormal events. We need to secure IT
environments to the best of our abilities and budgets while watching for the inevitable breach
attempt. In this continuing arms race, vigilance is required, persistence is necessary and
knowledge is invaluable.

Cracking Techniques Followings are the different ways and techniques used for cracking. 
Password cracking

Password cracking doesn't always involve sophisticated tools. It can be as simple as finding a
sticky note with the password written on it stuck right to the monitor or hidden under a
keyboard. Another crude technique is known as "dumpster diving," which basically involves an
attacker going through your garbage to find discarded documentation that may contain
passwords. Of course attacks can involve far greater levels of sophistication. 

Dictionary attack

A simple dictionary attack is by far the fastest way to break into a machine. A dictionary file (a
text file full of dictionary words) is loaded into a cracking application (such as L0phtCrack), which
is run against user accounts located by the application. Because the majority of passwords are
often simplistic, running a dictionary attack is often sufficient to the job.

17

Hacking and cracking

MBA 2009-11

Hybrid attack

Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or
symbols to the filename to successfully crack a password. Many people change their passwords
by simply adding a number to the end of their current password. The pattern usually takes this
form: first month password is "cat"; second month password is "cat1"; third month password is
"cat2"; and so on. 

Brute force attack

A brute force attack is the most comprehensive form of attack, though it may often take a long
time to work depending on the complexity of the password. Some brute force attacks can take a
week depending on the complexity of the password. L0phtcrack can also be used in a brute force
attack. 

Internal attacks

Internal attackers are the most common sources of cracking attacks because attackers have
direct access to an organization's systems. The first scenario looks at a situation in which a
disgruntled employee is the attacker. The attacker, a veteran systems administrator, has a
problem with her job and takes it out on the systems she is trusted to administer, manage, and
protect. 

External attacks

External attackers are those who must traverse your "defense in depth" to try and break into
your systems. They don't have it as 18

Hacking and cracking

MBA 2009-11

easy as internal attackers. The first scenario involves a fairly common form of external attack
known as Web site defacing. This attack uses password cracking to penetrate the systems that
the attacker wants to deface. Another possible password cracking attack is when an attacker tries
to obtain passwords via Social Engineering. Social Engineering is the tricking of an unsuspecting
administrator into giving the account ID and passwords over to an attacker.

Top 05 Hacking Incidents of All Time Instances where some of the most seemingly secure
computer networks were compromised.

a) 1993 They called themselves Masters of Deception, targeting US phone systems. The group
hacked into the National Security Agency, AT&T, and Bank of America. It created a system that let
them bypass long-distance phone call systems, and gain access to private lines.

1996 US hacker Timothy Lloyd planted six lines of malicious software code in the computer
network of Omega Engineering which was a prime supplier of components for NASA and the US
Navy. The code allowed a "logic bomb" to explode that deleted software running Omega's
manufacturing operations. Omega lost $10 million due to the attack.

1988 Twenty-three-year-old Cornell University graduate Robert Morris unleashed the first
Internet worm on to the world. Morris released 99 lines of code to the internet as an
experiment, but realized that his program infected machines as it went along. Computers
crashed across the US and elsewhere. He was arrested and sentenced in 1990. 19

Hacking and cracking

MBA 2009-11

1999 The Melissa virus was the first of its kind to wreak damage on a global scale. Written by
David Smith (then 30), Melissa spread to more than 300 companies across the world completely
destroying their computer networks. Damages reported amounted to nearly $400 million. Smith
was arrested and sentenced to five years in prison.

2000 Mafia Boy, whose real identity has been kept under wraps because he is a minor, hacked
into some of the largest sites in the world, including eBay, Amazon and Yahoo between February
6 and Valentine's Day in 2000. He gained access to 75 computers in 52 networks, and ordered a
Denial of Service attack on them. He was arrested in 2000.

Advantages of Hacking And Cracking a) Advantages of Hacking

Some of the advantages of hacking are given below: 

Hacking makes us aware about the possible loopholes of the any system.

Hacking tools are used to test the security of a network.

Its advantage is it is fun for you and can enjoy services that are paid.

You can see private and sometimes information that you aren't supposed

to see. 

You can play music and DVDs from DVD disks, flash drives, and SD cards.

You can play NES, SNES, Genesis, Sega Master System, Atari2600-7800,

Saturn, N64, PS1, Colecovision, Every Gameboy version, and Turbo Grafix titles. 20

Hacking and cracking

 You

MBA 2009-11
can select games from a wide library of freeware titles. These include Doom,

Wolfenstein 3D, Quake, and many more games.  You

can backup your NAND and install a preloader so if ever get bricked, you can

repair it without Nintendo's help. 

You can play games off a hard drive instead of wearing out the laser. Plus the games load a lot
faster.

 Used

in internationally recognized training financial crime prevention.

Hacking is good for FBI computer forensics because it can help keep us safe.

The "advantage" so to speak of computer hacking is that you get programs etc free.

 The

main advantage is to detect the cyber crimes.

To monitor the terror activities in internet.

To build a strong security system for protecting from malicious attacks.

 To

retrieve protected data.

 To

stop crime.
 Hacking

and its associated hostile code distribution are operating on a mass

production line with profit as the goal.

Advantages of Cracking Several advantages of cracking are listed below: 

If for some reason your password program is not enforcing hard-to-guess passwords, you might
want to run a password-cracking program and make sure your users' passwords are secure.

21

Hacking and cracking

MBA 2009-11

Cracking has also been a significant factor in the domination of companies such as Adobe
Systems and Microsoft, as these companies and others have benefited from piracy.

Crack is a registered code for software, so that instead of purchasing it you can use the crack to
use it.

The most obvious advantage is that your chance of actually finding the password is quite high
since the attack uses so many possible answers.

Another advantage is that it is a fairly simplistic attack that doesn't require a lot of work to setup
or initiate.

You can get windows genuine advantage in a pirated windows xp sp 2 by cracking.



Brute force attacks, such as "Crack" or "John the Ripper" can often guess passwords unless your
password is sufficiently random.

Its advantage is to consider periodically running Crack against your own password database, to
find insecure passwords. Then contact the offending user, and instruct him to change his
password.

Disadvantages of Hacking The media often presents these individuals in a glamorous light.
Adolescents may fantasize about their degree of technological skills and, lacking the social skills
required to be accepted well by others, move online in search of those who profess to have
technological skills the students’ desire. A simple search using the term "hacker" with any search
engine results in hundreds of links to illegal serial numbers, ways to download and pirate
commercial software, etc. Showing this information off to others may result in the students
being considered a "hacker" by their less technologically savvy friends, further reinforcing
antisocial behavior.

22

Hacking and cracking

MBA 2009-11

In some cases, individuals move on to programming and destruction of other individuals

programs through the writing of computer viruses and Trojan horses, programs which include
computer instructions to execute a hacker's attack. If individuals can successfully enter
computers via a network, they may be able to impersonate an individual with high level security
clearance access to files, modifying or deleting them or introducing computer viruses or Trojan
horses. As hackers become more sophisticated, they may begin using sniffers to steal large
amounts of confidential information, become involved in burglary of technical manuals, larceny
or espionage.

Cyber Wars between Pakistan and India Cyber wars between the two countries started in May
1998, when India conducted its nuclear tests. Soon after India officially announced the test, a
group of Pakistan-based hackers called milw0rm broke into the Bhabha Atomic Research Center
web site and posted anti-India and anti-nuclear messages. The cyber wars usually have been
limited to defacements of each others' sites. Defacement is a low level damage, in which only
the home page of a site is replaced with hacker's own page, usually with some message for the
victim. Such defacements started in May 1998 and continued during Kargil War in 1999 and then
during that era when the tension between India and Pakistan was at its peak from Dec 2001 to
2002. Therefore, the period between 19992002 was very crucial, when the troops were busy
across the LOC exchanging gunshots and the hackers busy in defacing sites of each others.
According to attrition.org, a web site that tracks computer security related developments on the
Internet, show that attacks on Indian websites increased from 4 in 1999 to 72 in 2000 where as
the Pakistani websites were hacked 7 times in 1999 and 18 times in 2000. During the first half of
2001, 150 Indian websites were defaced. During Kargil war, the

first Indian

site

reported to be hacked

was

http://www.armyinkashmir.com, established by the Indian government to provide factual

information about daily events in the Kashmir Valley. The hackers posted photographs showing
Indian military forces allegedly killing Kashmiri militants. The pictures sported 23

Hacking and cracking

MBA 2009-11

captions like 'Massacre,' Torture,' 'Extrajudicial execution' and 'The agony of crackdown' and
blamed the Indian government for its alleged atrocities in Kashmir. That was followed by
defacement of numerous Indian governmental sites and reciprocal attacks on Pakistani sites.
Two prominent Pakistani hacker groups are PHC (Pakistan Hackers Club) and GForce. The
founder of PHC is Dr. Nuker. The US Department of Justice has identified "Doctor Nuker" as
Misbah Khan of Karachi. Misbah Khan was involved in defacement of the official site of AIPAC
(American Israel Public Affairs Committee). Doctor Nuker struck back with an interview to a
magazine Newsbytes where he claimed that the 'federal grand jury made a mistake in indicting
Misbah Khan of Karachi' and that 'he merely uses insecure servers in Pakistan to get online
anonymously'. Doctor Nuker has been featured in international publications including Time and
Newsweek. G-Force is based in Lahore and it consists of eight members. Both Pakistan Hackers
Club and G-Force are professional hackers with a specific aim: to work for the cause of Kashmir
and Palestine. It is still to be seen how their hackings are helping the cause of Palestine or
Kashmir! Pakistan Hackers Club has been around since quite long and apart from Indian site,
they have defaced many USA and Israeli sites including US Department of Energy's site. G-Force
was founded in May 1999 after the nuclear tests and their initial target was Indian sites but after
9/11, their concentration has been shifted to US-based sites. According to zone-h.org, G-Force
has successfully defaced 212 sites. G-Force's "achievements" includes National Oceanic and
Atmospheric Agency and three military sites associated with the US Defense Test and Evaluation
Professional Institute. During this cyber war, in December 2000, a wired.com news story created
waves that claimed that an Indian hacker's group "Patriotic Indians" has defaced the official site
of Pakistani government pakgov.org. Later, it was revealed that the actual site of Pakistani
government is pak.gov.pk, not pakgov.org and pakgov.org was in fact registered by the alleged
hacker himself with fake information.

24

Hacking and cracking

MBA 2009-11

On the Indian side, there are various hackers groups that have defaced Pakistani sites. Among
them, the most famous one is H2O or the Hindustan Hackers Organization. However, the
independent as well as Indian analysts admit that at this cyber-front, Pakistan has always been
winning this war. There are two main reasons for this. Firstly, Pakistani hackers are organized in
groups where as most of the Indian hackers are working as solo. Secondly and the most
important reason is the religious motivation of the hackers based in Pakistan, to do something
for the cause of Muslim brothers & sisters in Palestine and Kashmir. At the government level,
both the countries are doing their best to curb hacktivism. NIC3 of India and Cybercrime division
of FIA4 in Pakistan are taking necessary steps to eliminate all forms of cybercrime, including
hacking.

A few of the Indian sites defaced by Pakistani hackers are:

Indian Science Congress

National Informatics Centre

Videsh Sanchar Nigam Limited (State-run international voice carrier)

External Affairs Ministry



. UP government site

Ministry of Information Technology

Mahindra & Mahindr

National Informatics Centre Federal Investigation Authority

25

Hacking and cracking

. Rediff Chat

. Asian Age newspaper

MBA 2009-11

Aptech India

University of Mumbai


Official site of Gujarat Government



. GlaxoWellcome India The Parliament home page

A few of the Pakistani sites defaced by Indian hackers are 

The Nation (newspaper)

Pakistan Television

Pakistan Tourism Development Corporation

Official site of Punjab Government

Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology

Prime bank

Hamdard University

26

Hacking and cracking

MBA 2009-11

Conclusion
While computer hackers constitutes a major security concern for individuals, businesses and
public institutions across the globe, hacking and hackers’ underground culture remains much of
a black box for both lawmakers and those vulnerable to hacker attacks. The mystery that
surrounds much of hacking prevents us from arriving at definitive solutions to the security
problem it poses; but our analysis provides at least tentative insights for dealing with this
problem. Analyzing computer hacking through the lens of economics gives rise to several
suggestions in this vein. It is critical to recognize that are different kinds of hacker characterized
by disparate motivations. Because of this, the most effective method of reducing the risk posed
by hackers in general will tailor legislation in such a way as to target different classes of hackers
differentially. As there are different tools for hacking and cracking, there are several ethical
issues involved in dealing with crimes related to this. Different policies are adopted to locate
hackers and eliminate the harms of hacking by improving security systems.

27

Comments
About | Terms | Privacy | Copyright | Contact

Copyright © 2017 KUPDF Inc.