What do good hackers do?

ESL
BRAINS
1. Match the words and phrases in the box to their meanings (a-h).

legitimate bug hack expel felon

toil away cross the line bug bounty
program

a) a way of using a computer to get into someone

else's computer system without their permission
b) work very hard
c) legal
d) do something unacceptable
e) a mistake or problem in a computer program
f) a deal involving being paid for
reporting errors on websites
g) a criminal
h) make someone leave a school, organization, etc.

2. Watch a video. [ https://youtu.be/icyTUMjlvMg] and write down what these

figures and words refer to.
a) Virginia -
b) General Motors -
c) $20,000-
d) $636,000 -
e) a lawyer or a doctor -
f) NASA computers -
g) 4 years-
h) just 6 people -

Copyrights by ES.L 8mins

 I What do good hackers do?

I
3. Look at the list of words with the prefix cyber- and mark (x) six words that
don't exist.
Example: v cybercriminal
X cybernight

• cyberfraud • cyberhouse • cybersecurity

• cyberstop • cybercrime • cyberbullying
• cyberattacks • cyberdoliar • cybermod
• cyberdome • cyberspace • cybernet

4. Discuss the questions.

• What comes to your mind when you hear the word hacker?
• What motivates hackers?
• How should hackers be punished when they cross the line? How was
Tommy from the video punished?
• What does legitimate hacking mean?
• What kind of companies or institutions might employ hackers?
• What skills do you think such hackers need to have to spot bugs?
• Are you worried that someone could break into your computer?

5. Match different cybercrimes to their definitions.

[ CYBERTERRORISM PHISHING
ONLINE PIRACY
RANSOMWARE ATTACK
CYBERSTALKING

In this type of attack, criminals try to trick unsuspecting users into doing
something they wouldn't ordinarily do, such as clicking on a malicious URL
or email attachment. As a result, they steal users' login credentials, details
which they can then abuse to gain unauthorised access to their victims'
emails or financial accounts.

Copyrights by ESL &1okd

 ESL What do good hackers do?
BRAINS

It's illegal copying, distribution and use of programs or any other duplicate online
content such as songs, movies or books, which is an infringement of the
copyrights. Due to this crime, companies and content authors lose income while
users may be affected by viruses or some other malware.

It is a cybercrime which involves the systematic use of the Internet or other

electronic means to harass, threaten or intimidate an individual or a group. It may
take such forms as unpleasant messages, false accusations or threatening mails.

It involves using some malicious software which blocks the use of your own
computer software, files or data until you pay money to criminals behind that act.
Then, they may unblock your computer or files.

It's the use of the Internet to conduct politically motivated attacks that result in
physical harm to individuals. It also includes attacks against computer systems or
data with the sole aim of vlolence against certain groups, religions or ethnicities.

6. Discuss the questions.

• How can we avoid becoming a victim of phishing?
• What should we do when our passwords or logins have been stolen?
• Can you give any examples of online piracy? How serious is that crime in
your opinion?
• Have you ever distributed or used books or films without a licence?
• Have you ever heard of cyberstalking cases? Who can be the target of it?
• How should cyberstalkers be punished?
• Would you ever decide to pay a ransom to unblock your computer or
would you rather go to the police and risk losing your data?
• What do you think is being done to prevent cyberterrorism? Are there
any institutions that monitor cyberterrorists' activity?

Copyrights by ESL Bral11s

•
...
MINISTERIO DE
6DUCACl6N PUBLICA
I C091Ef NO
Dia COS rA,IICA

Scenario 2: Software Security Theme 1: Ethical Hacking

Students name:--------------''------------------------------------
Read the following artlcl .

Explore The 5 Phases of Ethical Hacking

By Shivam AroraLast updated on Feb 15, 202235059
------

Security breaches are real. It is a challenge that every organization is staring at Ac

today. A recent survey by PriceWaterhouseCoopers, "The Global State of Information rd
Security Survey 2018", shows that business leaders are concerned about the security to
risks associated with emerging technologies such as automated or robotic systems. For Ki
example, 39 percent of the 9,500 interviewed executives fear loss or compromise in to
sensitive data and over 32 percent believe that the quality of the product is susceptible be
to damage. a
Cybersecurity is no longer 'just an ITissue', it is a problem that is affecting the brand ha
equity of an organization. In fact, entrepreneurs like Elon Musk, founder, and CEO of Tesla, er
are giving top priority to security. yo
As more organizations move into the digital space, safeguarding data from hacking and ne
cyber-attacks is more significant than ever before. Companies are now acknowledging to
the potential dangers of these attacks and thinking of preemptive solutions-one of them thi
being ethical hacking. lik
What is Ethical Hacking and How is it Different From Hacking? ha
er
In a webinar on five phases of ethical hacking hosted by Simplilearn, Kevin King,
director of technical innovation at EC-Council, described how hackers exploit
vulnerabilities and compromise security controls to gain unauthorized access to system
resources in an organization. He showed attendees how hacking can modify system or
application features contrary to the original purpose and can pilfer, corrupt and
redistribute data leading to billions of dollars lost.
In contrast, ethical hacking involves using the same hacking tools and techniques to
identify vulnerabilities in a system and address them before they can be exploited.
u
.t:

.. ..
+-'

...
Q)
.0 .. ..

u
...
MINISTERIO DE
KDUCACt6N PUBLICA
I OOBIERNO
DE COSTA RICA

There are different types of hackers:

• Black Hat Hackers: Individuals with extraordinary computing skills who use
these advanced skills with malicious intent.
• White Hat Hackers: Ethical hackers with advanced computing skills who use
their skills for defensive purposes.
• Gray Hat Hackers: Advanced computer users who work both offensively and
defensively and often are security consultants, or white hat hackers who
moonlight as black hat hackers.
Why Organizations Recruit Ethical Hackers?
According to King, on average, organizations take 200 days to realize that
hackers have created havoc in their system. Organizations are now hiring ethical
hackers to curb security breaches. Ethical hackers must uncover vulnerabilities in the
systems and review the compliance of existing security practices to industry standards.
Afterward, it is their responsibility to analyze and strengthen security policies, network
infrastructure, and end user practices to safeguard the organization from cyber threats.
Drawing parallels with self-defense classes, King says that ethical hacking is
legal and helps defend and not attack the systems.
The Five Phases of Ethical Hacking
While the phases discussed in the webinar are from the perspective of a hacker,
King explains that these are the same phases used by a white hat hacker to test an
organization's network. To put it simply, an attacker uses this approach to breach the
network, while the ethical hacker uses it to protect it.
1. Reconnaissance
Reconnaissance, also known as the preparatory phase, is where the hacker
gathers information about a target before launching an attack and is completed in
phases prior to exploiting system vulnerabilities. One of the first phases of
Reconnaissance is dumpster diving. It is during this phase that the hacker finds valuable
information such as old passwords, names of important employees (such as the head
of the network department), and performs an active reconnaissance to know how the
organization functions. As a next step, the hacker completes a process coiled
footprinting to collect data on the security posture, reduces the focus area such as
finding out specific IP addresses, identifies vulnerabilities within the target system, and
finally draws a network map to know exactly how the network infrastructure works to
break into it easily. Footprinting provides important information such as the domain
name, TCP and UDP services, system names, and passwords. There ore also other
ways to do footprinting, including impersonating a website by mirroring it, using search
engines to find information about the organization, and even using the information of
current employees for impersonation.
2. Scanning
In this phase, the hacker identifies a quick way to gain access to the network and ...<lJ
look for information. There are three methods of scanning: pre-attack, port ..c
u
..
MINISTERIO DE
1!£DUCACl0N PUBLICA
I GOSIE;'. NO
r.>!';' COSTA RICA

scanning/sniffing, and information extraction. Each of these phases demonstrates a

specific set of vulnerabilities that the hacker can utilize to exploit the system's weaknesses.
The pre-attack phase is where the hacker scans the network for specific information
based on the information gathered during reconnaissance. The port scanner or sniffing
phase is where scanning includes the use of dialers, port scanners, vulnerability scanners,
and other data-gathering equipment. The information extraction phase is where the
attackers collect information about ports, live machines and OS details to launch an
attack.
3. Gain Access
The hacker gains access to the system, applications, and network, and
escalates their user privileges to control the systems connected to it.
4. Maintain Access
Here, the hacker secures access to the organization's Rootkits and Trojans and
uses it to launch additional attacks on the network.
5. Cover Tracks
Once the hacker gains access, they cover their tracks to escape the security
personnel. They do this by clearing the cache and cookies, tampering the log files, and
closing all the open ports. This step is important because it clears the system information
making hacking a great deal harder to track.
What is The Future of Ethical Hacking?
According to King, the idea of ethical hacking is still foreign to many audiences.
However, with the increase in cyber-attacks and security breaches, people are slowly
realizing that ethical hackers are the real protectors of the system. Regarding the future
challenges in hacking, King, observes that Al hack attacks (Artificial Intelligence specially
built to hack a system) will be the next potential danger. Adding that, in such cases,
systems will have to defend themselves from Al hacks in the same manner as they do
advanced hacks. 1..:----.:.J..._ ..
Taskl:........................................................................................................................................ ,
Create
use a mind map summarizing the article. You can -.;, • 1 , • .:.: v 4'
:-'-.. , t
A
'
t - -: .'e : -- t A

• ..--- ----.
- - '
,:, - .:., ..l,
---)- --:-r <--- •

.c ,
rl
,._
..
u
 (l)
..0

u
...
MINISTERIO DE
I 00!31ERNO
l!DUCACION PUBLICA 01::: 0031A RICA
( l.........................to,Ji,f Jf:'f'f"6
--...C.... lottl«'hf.<.Mlwo
c-.. ,,.., .4J,.t,M\ d,fC.. ... ...

Task 2: Sltuafion. You work for MEP recently there have been several attempts to attack
the systems, therefor you must develop the plan for ethical hacking also make simple
recommendations for developing ethical hacking plans for the company. Explain
your plan include what you have studied and give 10 recommendations.

. .. ,
. r ;
T"'I
.. .i
QJ

u
.D