How to become the best ethical hacker
To become the best ethical hacker, you have to learn some basic concepts that will drive you along.Ethical hackers must be principled in their duties but above all must be knowledgeable in the field of hacking and internet security .
What to expect in this tutorial is to learn the basics of ethical hacking .This tutorial is straightforward and to the point .
Security Fundamentals
Security is about finding a balance, as all systems have limits. No one person or company has unlimited funds to secure everything, and we cannot always take the most secure approach.
One way to secure a system from network attack is to unplug it and make it a standalone system. Although this system would be relatively secure from Internet-based attackers, its usability would be substantially reduced.
The opposite approach of plugging it in directly to the Internet without any firewall, antivirus, or security patches would make it extremely vulnerable, yet highly accessible.
So, here again, you see that the job of security professionals is to find a balance somewhere between security and usability.What makes this so tough is that companies face many different challenges today than in the past. Whereas many businesses used to be bricks and mortar, they are now bricks and clicks. Modern businesses face many challenges, such as the increased sophistication of cyber criminals and the evolution of advanced persistent threats.
One way to secure a system from network attack is to unplug it and make it a standalone system. Although this system would be relatively secure from Internet-based attackers, its usability would be substantially reduced.
The opposite approach of plugging it in directly to the Internet without any firewall, antivirus, or security patches would make it extremely vulnerable, yet highly accessible.
So, here again, you see that the job of security professionals is to find a balance somewhere between security and usability.What makes this so tough is that companies face many different challenges today than in the past. Whereas many businesses used to be bricks and mortar, they are now bricks and clicks. Modern businesses face many challenges, such as the increased sophistication of cyber criminals and the evolution of advanced persistent threats.
Goals of Security
There are many ways in which security can be achieved, but it's universally agreed that the security triad of confidentiality, integrity and availability (CIA) form the basic building blocks of any good
security initiative.
security initiative.
Confidentiality addresses the secrecy and privacy of information.
Physical examples of confidentiality include locked doors, armed guards, and fences. Logical examples of confidentiality can be seen in passwords, encryption, and firewalls. in the logical world,confidentiality must protect data in storage and in transit.
For a real life example of the failure of confidentiality, look no further than the
recent news reports that have exposed how several large-scale breaches in confidentiality were the fault of corporations, such as Linkedln's loss of 65 million passwords in 2012 or Gawkers loss of L3 million usernames and passwords.
Physical examples of confidentiality include locked doors, armed guards, and fences. Logical examples of confidentiality can be seen in passwords, encryption, and firewalls. in the logical world,confidentiality must protect data in storage and in transit.
For a real life example of the failure of confidentiality, look no further than the
recent news reports that have exposed how several large-scale breaches in confidentiality were the fault of corporations, such as Linkedln's loss of 65 million passwords in 2012 or Gawkers loss of L3 million usernames and passwords.
Integrity is the second piece of the CIA security triad. Integrity provides for the correctness of information. It allows users of Information to have confidence In its correctness.
Correctness doesn‘t mean that the data is accurate, just that it hasn’t been modified in
storage or transit.
Integrity can apply to paper or electronic documents. It is much easier to verify the integrity of a paper
document than an electronic one. Integrity in electronic documents and data is much more difficult to protect than in paper ones.
Integrity must be protected in two modes: storage and transit. Information in storage can be protected if you use access and audit controls. Cryptography can also protect information in storage
through the use of hashing algorithms. Real-life examples of this technology can be seen in programs such as Tripwire. MDSSum, and Windows File Protection (WFP). Integrity in transit can be ensured
primarily by the protocols used to transport the data. These security
controls include hashing and cryptography.
Correctness doesn‘t mean that the data is accurate, just that it hasn’t been modified in
storage or transit.
Integrity can apply to paper or electronic documents. It is much easier to verify the integrity of a paper
document than an electronic one. Integrity in electronic documents and data is much more difficult to protect than in paper ones.
Integrity must be protected in two modes: storage and transit. Information in storage can be protected if you use access and audit controls. Cryptography can also protect information in storage
through the use of hashing algorithms. Real-life examples of this technology can be seen in programs such as Tripwire. MDSSum, and Windows File Protection (WFP). Integrity in transit can be ensured
primarily by the protocols used to transport the data. These security
controls include hashing and cryptography.
Availability is the third leg of the CIA triad. Availability simply means that when a legitimate user needs the information. it should be available. As an example. access to a backup facility 24x1 does not help if there are no updated backups from which to restore.
Just as cloud storage is of no use if the cloud provider is down. Backups are
one of the ways that availability is ensured. Backups provide a copy of critical Information should files and data be destroyed or equipment fail.
Failover equipment is another way to ensure availability. Systems such as redundant array of inexpensive disks (RAID) and services such as redundant sites (hot, cold, and warm] are two other examples.
Disaster recovery is tied closely to availability, as it’s all about getting critical systems up and running quickly. Denial of service (Dos) is an attack against availability. An example of this can be seen in the attacks by anonymous in December 2010 used by Operation Avenge Assange to DoS the websites of companies and
organizations that have opposed WikiLeaks.
In an older example, a hacker known as Mafiaboy launched a series of Dos attacks against Yahoo! and eBay In February 2000. Although these attacks might not give access to the attacker, they do deny legitimate users the access they require.
Just as cloud storage is of no use if the cloud provider is down. Backups are
one of the ways that availability is ensured. Backups provide a copy of critical Information should files and data be destroyed or equipment fail.
Failover equipment is another way to ensure availability. Systems such as redundant array of inexpensive disks (RAID) and services such as redundant sites (hot, cold, and warm] are two other examples.
Disaster recovery is tied closely to availability, as it’s all about getting critical systems up and running quickly. Denial of service (Dos) is an attack against availability. An example of this can be seen in the attacks by anonymous in December 2010 used by Operation Avenge Assange to DoS the websites of companies and
organizations that have opposed WikiLeaks.
In an older example, a hacker known as Mafiaboy launched a series of Dos attacks against Yahoo! and eBay In February 2000. Although these attacks might not give access to the attacker, they do deny legitimate users the access they require.
Risk, Assets, Threats, and Vulnerabilities
Risk is the probability or likelihood of the occurrence or realization of a threat. There are three basic elements of risk, assets, threats, and vulnerabilities. Let's discuss each of these.
An asset is any item of economic value owned by an individual or corporation. Assets can be real—such as routers. servers, hard drives,and laptops—or assets can be virtual. such as formulas, databases,spreadsheets, trade secrets, and processing time.
Regardless of the type of asset discussed, if the asset is lost, damaged, or compromised,there can he an economic cost to the organization.
Regardless of the type of asset discussed, if the asset is lost, damaged, or compromised,there can he an economic cost to the organization.
A threat is any agent, condition, or circumstance that could potentially cause harm, loss, or damage, or compromise an IT asset or data asset. From a security professional‘s perspective, threats can be
categorized as events that can affect the confidentiality, Integrity, or availability of the organizations assets. These threats can result in destruction. disclosure, modification, corruption of data, or denial of
service. Examples of the types of threats an organization can face include the following: Natural disasters, weather, and catastrophic damage,Hurricanes, such as Sandy (which hit New Jersey in 2012), storms, weather outages, fire, flood, earthquakes, and other natural events compose an ongoing threat.
categorized as events that can affect the confidentiality, Integrity, or availability of the organizations assets. These threats can result in destruction. disclosure, modification, corruption of data, or denial of
service. Examples of the types of threats an organization can face include the following: Natural disasters, weather, and catastrophic damage,Hurricanes, such as Sandy (which hit New Jersey in 2012), storms, weather outages, fire, flood, earthquakes, and other natural events compose an ongoing threat.
Hacker attacks: An insider or outsider who is unauthorized and purposely attacks an organization's components, systems, or data,
Cyberattack: Attackers who target critical national infrastructures such as water plants, electric plants, gas plants, oil refineries, gasoline refineries, nuclear power plants, waste management plants, and so on. Stuxnet Is an example of one such tool designed for just such a purpose.
Cyberattack: Attackers who target critical national infrastructures such as water plants, electric plants, gas plants, oil refineries, gasoline refineries, nuclear power plants, waste management plants, and so on. Stuxnet Is an example of one such tool designed for just such a purpose.
Viruses and malware: An entire category of software tools that are malicious and are designed to damage or destroy a system or data. Conficker and Poison Ivy are two example of malware.
Disclosure of confidential information: Anytime a disclosure of confidential Information occurs, it can he a critical threat to an organization if that disclosure causes loss of revenue, causes potential liabilities, or provides a competitive advantage to an adversary‘
Denial of service (DOS) or distributed nos (DDoS) attacks: An attack against availability that is designed to bring the network or access to a particular TCP/IP host/server to its knees by flooding It with useless traffic. Today, most Dos attacks are launched via botnets, whereas in the past tools such as the Ping of Death or
Denial of service (DOS) or distributed nos (DDoS) attacks: An attack against availability that is designed to bring the network or access to a particular TCP/IP host/server to its knees by flooding It with useless traffic. Today, most Dos attacks are launched via botnets, whereas in the past tools such as the Ping of Death or
Teardrop may have been used. Like malware, hackers constantly develop new tools so that Storm and Mariposa are replaced with other more current threats.
A vulnerability is a weakness In the system design, implementation, software or code, or the lack of a mechanism. A specific vulnerability might manifest as anything from a weakness in system design to the
implementation of an operational procedure. Vulnerabilities might be eliminated or reduced by the correct implementation of safeguards and security countermeasures.
implementation of an operational procedure. Vulnerabilities might be eliminated or reduced by the correct implementation of safeguards and security countermeasures.
Vulnerabilities and weaknesses are common mainly because there isn’t any perfect software or code in existence. Vulnerabilities can be found in each of the following:
Applications: Software and applications come with tons of functionality. Applications may be configured for usability rather than for security. Applications may be In need of a patch or update that
may or may not be available. Attackers targeting applications have a target rich environment to examine. Just think of all the applications running on your home or work computer.
may or may not be available. Attackers targeting applications have a target rich environment to examine. Just think of all the applications running on your home or work computer.
Operating systems: This operating system software is loaded in
workstations and servers. Attacks can search for vulnerabilities in operating systems that have not been patched or updated.
Misconfiguration: The configuration file and configuration setup for the device or software may be misconfigured or may be deployed in an insecure state. This might be open ports, vulnerable services, or
misconfigured network devices. just consider wireless networking. Can you detect any wireless devices in your neighborhood that have encryption turned off?
workstations and servers. Attacks can search for vulnerabilities in operating systems that have not been patched or updated.
Misconfiguration: The configuration file and configuration setup for the device or software may be misconfigured or may be deployed in an insecure state. This might be open ports, vulnerable services, or
misconfigured network devices. just consider wireless networking. Can you detect any wireless devices in your neighborhood that have encryption turned off?
Shrink-wrap Software: The application or executable file that is run on a workstation or severs. when installed on a device, it can have tons of functionality or sample scripts or code available.
Vulnerabilities are not the only concern the ethical hacker will have.
Exploits are a big concern because they are a common mechanism
used to gain access, as discussed next.
Exploits are a big concern because they are a common mechanism
used to gain access, as discussed next.
Defining an Exploit
An exploit refers to a piece of software, a tool. or a technique that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.
Exploits are dangerous because all software has vulnerabilities; hackers and perpetrators know that there are
vulnerabilities and seek to take advantage of them. Although most
organizations attempt to (find and fix vulnerabilities, some organizations lack sufficient funds for securing their networks.
Sometimes you may not even know the vulnerability exists and that is known as zero day exploit. Even when you do know there is a problem, those who do are burdened with the fact that a window exists between when a vulnerability is discovered and when a patch is available to prevent the exploit. The more critical the server, the slower It Is usually patched.
Management might be afraid of interrupting the server or afraid that the patch might affect stability or performance. Finally, the time required to deploy and install the software patch on production severs and workstations exposes an organizations IT infrastructure to an additional period of risk. The
goal of the security test (regardless of type) is for the ethical hacker to test the security controls and evaluate and measure of its potential vulnerabilities.
No Knowledge Tests (Black Box)
No-knowledge testing is also known as black box testing. Simply stated, the security team has no knowledge at the target network or its systems Black box testing simulates an outsider attack, as
outsiders usually don't know anything about the network or systems they are probing. The attacker must gather all types of information about the target to begin to profile its strengths and weaknesses. The
advantages of black box testing Include the following:
Exploits are dangerous because all software has vulnerabilities; hackers and perpetrators know that there are
vulnerabilities and seek to take advantage of them. Although most
organizations attempt to (find and fix vulnerabilities, some organizations lack sufficient funds for securing their networks.
Sometimes you may not even know the vulnerability exists and that is known as zero day exploit. Even when you do know there is a problem, those who do are burdened with the fact that a window exists between when a vulnerability is discovered and when a patch is available to prevent the exploit. The more critical the server, the slower It Is usually patched.
Management might be afraid of interrupting the server or afraid that the patch might affect stability or performance. Finally, the time required to deploy and install the software patch on production severs and workstations exposes an organizations IT infrastructure to an additional period of risk. The
goal of the security test (regardless of type) is for the ethical hacker to test the security controls and evaluate and measure of its potential vulnerabilities.
No Knowledge Tests (Black Box)
No-knowledge testing is also known as black box testing. Simply stated, the security team has no knowledge at the target network or its systems Black box testing simulates an outsider attack, as
outsiders usually don't know anything about the network or systems they are probing. The attacker must gather all types of information about the target to begin to profile its strengths and weaknesses. The
advantages of black box testing Include the following:
- The test is unbiased as the designer and the tester are independent of each other.
- The tester has no prior knowledge of the network or target being examined. Therefore, there are no preset thoughts or Ideas about the function or the network.
- A wide range of resonances work and are usually done to footprint the organization, which can help Identify Information leakage.
- The test examines the target in much the same way as an external attacker.
The disadvantages of black box testing include the following:
- It can take more time to perform the security tests.
- It is usually more expensive as it takes more time to perform
- It focuses only on what external attackers see, whereas in reality many attacks are launched by insiders.
Full-Knowledge Testing (White Box)
White box testing takes the opposite approach of black box testing. This form of security test takes the premise that the security tester has full knowledge of the network, systems. and infrastructure. This
information allows the security tester to follow a more structured approach and not only review the information that has been provided but also verify its accuracy. So, although black box testing
will usually spend more time gathering Information. white box testing will spend that time probing for vulnerabilities.
information allows the security tester to follow a more structured approach and not only review the information that has been provided but also verify its accuracy. So, although black box testing
will usually spend more time gathering Information. white box testing will spend that time probing for vulnerabilities.
Patial-knowledge Testing (Gray Box)
In the world of software testing. gray box testing is described as a partial-knowledge test. EC-Council literature describes gray box testing as a form of internal test. Therefore. the goal is to determine
what insiders can access. This form of test might also prove useful to the organization because so many attacks are launched lay insiders.
Types of Security Tests
what insiders can access. This form of test might also prove useful to the organization because so many attacks are launched lay insiders.
Types of Security Tests
Several different types of security tests can be performed. These can range from those that merely examine policy to those that attempt to hack in from the Internet and mimic the activities of true hackers.
These security tests are also known by many names, including the
following:
measures, identify security deficiencies, provide data from which to predict the effectiveness of potential security measures, and confirm the adequacy of such measures after implementation. Security tests
can be defined as one of three types, which Include high-level
assessments, network evaluations, and penetration tests. Each is
described as follows:
High level assessments Also called a level I assessment, it is a top- down look at the organization’s policies, procedures, and guidelines.
This type of vulnerability assessment or audit, does not include any hands-on testing. The purpose of a top-down assessment is to answer three questions:
Do the applicable policies exist?
Are they being followed?
Is there content sufficient to guard against potential risk?
Network evaluations: Also called a level II assessment, It has all the elements specified in a level I assessment and it includes hands-on activities. These hands-on activities include information gathering,scanning. vulnerability-assessment scanning, and other hands~0n activities. Throughout this article tools and techniques used to perform this type of assessment are discussed.
These security tests are also known by many names, including the
following:
- Vulnerability testing
- Network evaluations
- Red-team exercises
- Penetration testing
- Host vulnerability assessment
- Vulnerability assessment
- Ethical hacking
measures, identify security deficiencies, provide data from which to predict the effectiveness of potential security measures, and confirm the adequacy of such measures after implementation. Security tests
can be defined as one of three types, which Include high-level
assessments, network evaluations, and penetration tests. Each is
described as follows:
High level assessments Also called a level I assessment, it is a top- down look at the organization’s policies, procedures, and guidelines.
This type of vulnerability assessment or audit, does not include any hands-on testing. The purpose of a top-down assessment is to answer three questions:
Do the applicable policies exist?
Are they being followed?
Is there content sufficient to guard against potential risk?
Network evaluations: Also called a level II assessment, It has all the elements specified in a level I assessment and it includes hands-on activities. These hands-on activities include information gathering,scanning. vulnerability-assessment scanning, and other hands~0n activities. Throughout this article tools and techniques used to perform this type of assessment are discussed.
Penetration tests: Unlike assessments and evaluations, penetration tests are adversarial in nature. Penetration tests are also referred to as level III assessments. These events usually take on an adversarial role and look to see what the outsider can access and control.
Penetration tests are less concerned with policies and procedures and are more focused on finding low-hanging fruit and seeing what a hacker can accomplish on this network. This article offers many
examples of the tools and techniques used in penetration testings. Just remember that penetration tests are not fully effective if an organization does not have the policies and procedures in place to
Penetration tests are less concerned with policies and procedures and are more focused on finding low-hanging fruit and seeing what a hacker can accomplish on this network. This article offers many
examples of the tools and techniques used in penetration testings. Just remember that penetration tests are not fully effective if an organization does not have the policies and procedures in place to
control security. without adequate policies and procedures. it's almost impossible to implement real security. Documented controls are required.
Hacker and Cracker Descriptions
To understand your role as an ethical hacker, it Is important to know the players. Originally, the term hacker was used for a computer enthusiast. A hacker was a person who enjoyed understanding the
internal workings of a system, computer, and computer network.
Over time, the popular press began to describe hackers as individuals who broke into computers with malicious intent. The industry responded by developing the word cracker, which is short for criminal
hacker. The term cracker was developed to describe Individuals who seek to compromise the security at a system without permission from an authorized party.
with all this confusion over how to distinguish the good guys from the bad guys, the term ethical hacker was coined.
An ethical hacker is an individual who performs security tests and other vulnerability-assessment activities to help organizations secure their infrastructures. Sometimes ethical hackers are referred to as
white hat hackers.
internal workings of a system, computer, and computer network.
Over time, the popular press began to describe hackers as individuals who broke into computers with malicious intent. The industry responded by developing the word cracker, which is short for criminal
hacker. The term cracker was developed to describe Individuals who seek to compromise the security at a system without permission from an authorized party.
with all this confusion over how to distinguish the good guys from the bad guys, the term ethical hacker was coined.
An ethical hacker is an individual who performs security tests and other vulnerability-assessment activities to help organizations secure their infrastructures. Sometimes ethical hackers are referred to as
white hat hackers.
Hacker motives and intentions vary. Some hackers are strictly legitimate, whereas others routinely break the law. Let’s look at some common categories:
White hat hackers: These individuals perform ethical hacking to help secure companies and organizations. Their belief is that you must examine your network in the same manner as a criminal hacker to better understand its vulnerabilities
Black hat hackers: These Individuals perform Illegal activities.
Gray hat hackers: These individuals usually follow the law but sometimes venture over to the darker side of black hat hacking. it would be unethical to employ these individuals to perform security duties for your organization as you are never quite clear where they stand. Think of them as the character of Luke in Star Wars. While wanting to use the tone of good, he is also drawn to the dark side.
Suicide hackers: These are individuals that may carry out an attack even if they know there Is a high chance of them getting caught and serving a long prison term.
Suicide hackers: These are individuals that may carry out an attack even if they know there Is a high chance of them getting caught and serving a long prison term.
Hackers usually follow a fixed methodology that includes the following steps:
Reconnaissance and foot-printing: Can be both passive and active.
Scanning and enumeration: Can include the use of port scanning tools and network mappers.
Scanning and enumeration: Can include the use of port scanning tools and network mappers.
Gaining access: The entry point Into the network, application, or system.
Maintaining access: Techniques used to maintain control such as escalation of privilege.
Covering tracks: Planting rootkits, back-doors, and clearing logs are activities normally performed at this step.
-
Who Attackers Are
Ethical hackers are up against several individuals in the battle to secure the network. The following list presents some of the more commonly used terms for these attackers:
Phreakers: The original hackers. These individuals hacked telecommunication and PBX systems to explore the capabilities and make free phone calls. Their activities include physical theft, stolen calling cards, access to telecommunication services, reprogramming of telecommunications equipment, and compromising user IDs and passwords to gain unauthorized use of facilities. such as phone systems and voicemail.
Script kiddies: A term used to describe often younger attackers who use widely available freeware vulnerability—assessment tools and hacking tools that are designed for attacking purposes only. These
attackers usually do not have any programming or hacking skills and, given the techniques used by most of these tools, can be defended against with the proper security controls and risk-mitigation strategies.
Disgruntled employees: Employees who have lost respect and integrity for the employer. These individuals might or might not have more skills than the script kiddie. Many times, their rage and anger blind them. They rank as a potentially high risk because they have insider status, especially if access rights and privileges were provided or managed by the individual.
Software crackers/hackers: Individuals who have skills in reverse engineering software programs and, in particular. licensing registration keys used by software vendors when installing software onto workstations or servers. Although many individuals are eager to partake of their services, anyone who downloads programs with cracked registration keys is breaking the law and can be a greater potential risk and subject to malicious code and malicious software threats that might have been infected into the code.
Cyber-terrorists/cyber-criminals: An increasing category of threat that can be used to describe individuals or groups of individuals who are usually funded to conduct clandestine or espionage activities on governments, corporations, and individuals in an unlawful manner.
These individuals are typically engaged in sponsored acts of defacement: DoS/DDoS attacks. identity theft, financial theft, or worse, compromising critical infrastructures in countries, such as nuclear power plants, electric plants, water plants, and so on.
Who Attackers Are
Ethical hackers are up against several individuals in the battle to secure the network. The following list presents some of the more commonly used terms for these attackers:
Phreakers: The original hackers. These individuals hacked telecommunication and PBX systems to explore the capabilities and make free phone calls. Their activities include physical theft, stolen calling cards, access to telecommunication services, reprogramming of telecommunications equipment, and compromising user IDs and passwords to gain unauthorized use of facilities. such as phone systems and voicemail.
Script kiddies: A term used to describe often younger attackers who use widely available freeware vulnerability—assessment tools and hacking tools that are designed for attacking purposes only. These
attackers usually do not have any programming or hacking skills and, given the techniques used by most of these tools, can be defended against with the proper security controls and risk-mitigation strategies.
Disgruntled employees: Employees who have lost respect and integrity for the employer. These individuals might or might not have more skills than the script kiddie. Many times, their rage and anger blind them. They rank as a potentially high risk because they have insider status, especially if access rights and privileges were provided or managed by the individual.
Software crackers/hackers: Individuals who have skills in reverse engineering software programs and, in particular. licensing registration keys used by software vendors when installing software onto workstations or servers. Although many individuals are eager to partake of their services, anyone who downloads programs with cracked registration keys is breaking the law and can be a greater potential risk and subject to malicious code and malicious software threats that might have been infected into the code.
Cyber-terrorists/cyber-criminals: An increasing category of threat that can be used to describe individuals or groups of individuals who are usually funded to conduct clandestine or espionage activities on governments, corporations, and individuals in an unlawful manner.
These individuals are typically engaged in sponsored acts of defacement: DoS/DDoS attacks. identity theft, financial theft, or worse, compromising critical infrastructures in countries, such as nuclear power plants, electric plants, water plants, and so on.
System crackers/hackers: Elite hackers who have specific expertise in attacking vulnerabilities of systems and networks by targeting operating systems. These individuals get the most attention and media coverage because of the globally affected malware, botnets, and Trojans that are created by system crackers/hackers. System crackers/hackers perform interactive probing activities to exploit security defects and security flaws in network operating systems and protocols.
Hacker and Cracker History
The well-known hackers of today grew out of the phone phreaking activities of the 19605. In 1969, Mark Bernay, also known as the Midnight Skulker, wrote a computer program that allowed him to read everyone else’s ID and password at the organization where he worked. Although he was eventually fired, no charges were ever filed. as computer crime was so new, there were no laws against it.
Computer innovators include the following: Steve Wozniak and Steve Jobs: Members of the Homebrew Computer Club of Palo Alto. John Draper was also a member of this early computer club. Wozniak and Jobs went on to become co-founders of Apple Computer
Computer innovators include the following: Steve Wozniak and Steve Jobs: Members of the Homebrew Computer Club of Palo Alto. John Draper was also a member of this early computer club. Wozniak and Jobs went on to become co-founders of Apple Computer
Dennis Ritchie and Ken Thompson: Although not criminal hackers, their desire for discovery led to the development of UNIX in 1969 while working at Bell labs.
Well-known hackers and phreakers include the following:
John Draper: Dubbed Captain Crunch for finding that a toy whistle shipped in boxes of Captain Crunch cereal had the same frequency as the trunking signal of AT&T, 1,600H1. This discovery was made with
the help of ice Engressia. Although Joe was blind, he could whistle into a phone and produce a perfect 2,600H1frequency‘ this tone was useful for placing free long-distance phone calls.
the help of ice Engressia. Although Joe was blind, he could whistle into a phone and produce a perfect 2,600H1frequency‘ this tone was useful for placing free long-distance phone calls.
Mark Abene: Known as Phiber Optik, Mark helped form the Masters of Deception in 1990‘ Before being arrested in 1992, they fought an extended battle with Legion of Doom.
Jeremy Hammond: Known to be part of Anonymous. Hammond pleaded guilty to his role in nine computer intrusions and faces a potential life sentence.
Robert Morris: The son of a chief scientist at the NSA, Morris accidentally released the Morris Worm In 1938 from a Cornell University lab.This is now widely seen as the first release of a worm onto the Internet.
Kevin Mitnick: Known as Condor, Mitnick was the first hacker to hit the FBI Most Wanted list. He broke into such organizations as Digital Equipment Corp, Motorola, Nokia Mobile Phones, Fujitsu, and
others. He was arrested in 1994, and has now been released and works as a legitimate security consultant.
others. He was arrested in 1994, and has now been released and works as a legitimate security consultant.
Albert Gonzalez: A computer hacker and computer criminal who was accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers
from 2005 through 2007 (at the time, the biggest such fraud in history).
Hector Xavier Monsegur: Known as Sabu, he was co-founder of the hacking group LULZSEC and involved in several high-profile hacks. He later turned informant for the FBI, working with the agency for more than 10 months to aid them in identifying other hackers from LuIzSec and related groups. His crimes left him facing up to 124 years in prison.
Adrian Lamo
Lamo first gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest.In 2010, Lamo reported U.S. soldier PFC Bradley Manning (now known as Chelsea Manning) to federal authorities, claiming that Manning had leaked hundreds of thousands of sensitive U.S. government documents to WikiLeaks. Manning was arrested and incarcerated in the U.S. military justice system and later sentenced to 35 years in confinement.
from 2005 through 2007 (at the time, the biggest such fraud in history).
Hector Xavier Monsegur: Known as Sabu, he was co-founder of the hacking group LULZSEC and involved in several high-profile hacks. He later turned informant for the FBI, working with the agency for more than 10 months to aid them in identifying other hackers from LuIzSec and related groups. His crimes left him facing up to 124 years in prison.
Adrian Lamo
Lamo first gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest.In 2010, Lamo reported U.S. soldier PFC Bradley Manning (now known as Chelsea Manning) to federal authorities, claiming that Manning had leaked hundreds of thousands of sensitive U.S. government documents to WikiLeaks. Manning was arrested and incarcerated in the U.S. military justice system and later sentenced to 35 years in confinement.
Although this list does not include all the hackers, crackers, and Innovators of the computer field, It should give you an Idea of some of the people who have made a name for themselves in the hacker underground.
Ethical Hackers
Ethical hackers perform penetration tests. They perform the same activities a hacker would but without malicious intent. They must work closely with the host organization to understand what the organization is trying to protect, who they are trying to protect these assets from, and how much money and resources the organization is willing to spend to protect the assets.
By following a methodology similar to that of an attacker. ethical hackers seek to see what type of public information is available about the organization. information leakage can reveal critical details about
an organization, such as its structure, assets, and defensive mechanisms. After the ethical hacker gathers this information, It is evaluated to determine whether it poses any potential risk.
The ethical hacker further probes the network at this point to test for any unseen weaknesses. Penetration tests are sometimes performed in a double-blind environment. This means that the internal security team has not been informed of the penetration test. This serves as an important purpose, allowing management to gauge the security team's responses to the ethical hackel’s probing and scanning. Do they notice the probes or have the attempted attacks gone unnoticed?
an organization, such as its structure, assets, and defensive mechanisms. After the ethical hacker gathers this information, It is evaluated to determine whether it poses any potential risk.
The ethical hacker further probes the network at this point to test for any unseen weaknesses. Penetration tests are sometimes performed in a double-blind environment. This means that the internal security team has not been informed of the penetration test. This serves as an important purpose, allowing management to gauge the security team's responses to the ethical hackel’s probing and scanning. Do they notice the probes or have the attempted attacks gone unnoticed?
-
Now that the activities performed by ethical hackers have been described. let's spend some time discussing the skills that ethical hackers need, the different types of security tests that ethical hackers
perform, and the ethical hacker rules of engagement.
Now that the activities performed by ethical hackers have been described. let's spend some time discussing the skills that ethical hackers need, the different types of security tests that ethical hackers
perform, and the ethical hacker rules of engagement.
Required Skills of an Ethical Hacker
Ethical hackers need hands-on security skills. Although you do not have to be an expert in everything, you should have an area of expertise. Security tests are usually performed by teams of individuals. where each individual has a core area of expertise. These sklils Include the following:
Routers: Knowledge of routers. routing protocols. and access control lists (Acts). Certifications such a cisco Certified Network Associate (CCNA) or Cisco Certified Internetworking Expert (CCIE) can be helpful.
Microsoft: skills in the operation, configuration, and management of Microsoft-based systems. These can run the gamut from Windows XP to Windows Server 1012. These individuals might be Microsoft
Certified Administrator (MCSA) or Microsoft Certified Security Engineer IMCSE) certified.
Certified Administrator (MCSA) or Microsoft Certified Security Engineer IMCSE) certified.
Linux: A good understanding of the Linux/UNIX 05. This includes security setting, configuration, and services such as Apache. These Individuals may be Red Hat or Linux+ certified.
Firewalls: Knowledge of firewall configuration and the operation of intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be helpful when performing a security test. Individuals with these skills may be certified in Cisco Certified Security Professional (CCSP) or Checkpoint Certified Security Administrator (CCSA).
Mainframes: Although mainframes do not hold the position of dominance they once had in business, they still are widely used. If the organization being assessed has mainframes, the security teams would benefit from having someone with that skill set on the team.
Network protocols: Most modern networks are Transmission Control Protocol/Internet Protocol [TCP/IP). although you might still find the occasional network that uses Novell or Apple routing information.
Someone with good knowledge of networking protocols, as well as how these protocols function and can be manipulated, can play a key role in the team. These individuals may possess certifications in other
operating systems or hardware or may even posses a Network+.Security», or CompTIA Advanced Security Professional (CASP) certification.
Mainframes: Although mainframes do not hold the position of dominance they once had in business, they still are widely used. If the organization being assessed has mainframes, the security teams would benefit from having someone with that skill set on the team.
Network protocols: Most modern networks are Transmission Control Protocol/Internet Protocol [TCP/IP). although you might still find the occasional network that uses Novell or Apple routing information.
Someone with good knowledge of networking protocols, as well as how these protocols function and can be manipulated, can play a key role in the team. These individuals may possess certifications in other
operating systems or hardware or may even posses a Network+.Security», or CompTIA Advanced Security Professional (CASP) certification.
Project management: Someone will have to lead the security test team, and if you are chosen to be that person, you will need a variety of the skills and knowledge types listed previously. It can also be helpful to have good project management skills. After all, you will be leading, planning, organizing, and controlling the pentest team.
individuals in this role may benefit from having project Management professional (PM?) certification.
individuals in this role may benefit from having project Management professional (PM?) certification.
On top of all this. ethical hackers need to have good report writing skills and must always try to stay abreast of current exploits, vulnerabilities, and emerging threats, as their goal is to stay a step ahead of malicious hackers.
Modes of Ethical Hacking
with all this talk of the skills that an ethical hacker must have, you might be wondering how the ethical hacker can put these skills to use. An organization's IT infrastructure can be probed, analyzed. and attacked in a variety of ways Some of the most common modes of ethical hacking are shown here:
information gathering: This testing technique seeks to see what type of Information Is leaked by the company and how an attack might leverage this information.
External penetration testing: This ethical hack seeks to simulate the types of attacks that could be launched across the Internet. it could target Hypertext Transfer Protocol (HTTP), Simple Mail Transfer
Protocol (SMTP), Structured Query language (SQL). or any other available service.
See also: Perform pentesting with the android pentesting toolkit app.Download here
Protocol (SMTP), Structured Query language (SQL). or any other available service.
See also: Perform pentesting with the android pentesting toolkit app.Download here
internal penetration testing: This ethical hack simulates the types of attacks and activities that could be carried out by an authorized individual with a legitimate connection to the organization‘s network.
Network gear testing: Firewall, IDS, router, and switches.
DOS Attack:This testing technique can be used to stress test systems or to verify their ability to withstand a Dos attack.
Network gear testing: Firewall, IDS, router, and switches.
DOS Attack:This testing technique can be used to stress test systems or to verify their ability to withstand a Dos attack.
Wireless network testing: This testing technique looks at wireless systems. This might include wireless networking systems, RFID, ZigBee, or any wireless device.
Application testing: Application testing is designed to examine input controls and how data is processes. All areas of the application may be examined.
Social engineering: Social engineering attacks target the organization employees and seek to manipulate them to gain privileged information. Employee training, proper controls, policies,and procedures can go a long way in defeating this form of attack.Social engineers crack the human firewalls .
See also:The art of deception by Kevin Mitnick,click the headline to download this book
Physical security testing: This simulation seeks to test the organization’s physical controls. Systems such as doors. gates. locks. guards. closed circuit television [CCTV]. and alarms are tested to see whether they can be bypassed.
See also:The art of deception by Kevin Mitnick,click the headline to download this book
Physical security testing: This simulation seeks to test the organization’s physical controls. Systems such as doors. gates. locks. guards. closed circuit television [CCTV]. and alarms are tested to see whether they can be bypassed.
Authentication system testing: This simulated attack is tasked with assessing authentication controls. It the controls can be bypassed, the ethical hacker might probe to see what level of system control can be obtained.
Database testing: This testing technique is targeted toward SQL servers.
Communication system testing: This testing technique examines communications such as PBX, Voice over IP (VolP), modems, and voice communication systems.
Stolen equipment attack: This simulation is closely related to a physical attack as It targets the organization's equipment. It could seek to target the CEO's laptop or the organization's backup tapes.
No matter what the target, the goal is the same: extract critical Information, usernames, and passwords.
No matter what the target, the goal is the same: extract critical Information, usernames, and passwords.
Every ethical hacker must abide by the following rules when performing the tests described previously. It not, bad things can happen to you, which might include loss of job. civil penalty, or even jail time:
- Never exceed the limits of your authorization: Every assignment will have rules of engagement. These not only include what you are authorized to target but also the extent that you are authorized to control such system. If you are only authorized to obtain a prompt on the target system, downloading passwords and starting a crack on these passwords would be In excess of what you have been authoriled to do.
- The tester should protect himself by setting up limitations as far as damage is concerned: There has to be a nondisclosure agreement (NDA) between the client and the tester to protect them both. You should also consider liability insurance and an errors and omissions policy.
- Be ethical: That's right; the big difference between a hacker and an ethical hacker is the word ethics. Ethics is a set of moral principles about what is correct or the right thing to do. Ethical standards sometimes differ from legal standards in that laws define what we must do, whereas ethics define what we should do.
- Maintain confidentiality: During security evaluations, you will likely be exposed to many types of confidential information. You have both a legal and moral standard to treat this Information with the utmost privacy. This information should not be shared with third parties and should not be used by you for any unapproved purposes. There is an obligation to protect the information sent between the tester and the client. This has to be specified in an NDA agreement.
- Do no harm: it's of utmost importance that you do no harm to the systems you test. Again, a major difference between a hacker and an ethical hacker is that you should do no harm. Misused security tools can lock out critical accounts. cause denial of service, and crash critical sewers or applications Take care to prevent these events unless that is the goal of the test.
Test Plans—Keeping It Legal
Most of us probably make plans before we take a big trip or vacation. We think about what we want to see, how we plan to spend our time, what activities are available, and how much money we can spend and not regret it when the next credit card bill arrives. Ethical hacking is much the same minus the creditcard bill.
Many details need to be worked out before a single test is performed. If you or your boss is tasked with managing this project, some basic questions need to be answered, such as what’s the scope of the assessment, what are the driving events, what are the goals of the assessment, what will it take to get
approval, and what's needed in the final report.
Many details need to be worked out before a single test is performed. If you or your boss is tasked with managing this project, some basic questions need to be answered, such as what’s the scope of the assessment, what are the driving events, what are the goals of the assessment, what will it take to get
approval, and what's needed in the final report.
Before an ethical hack test can begin, the scope of the engagement must be determined. Defining the scope of the assessment is one of the most Important parts of the ethical hacking process. At some point, you will be meeting with management to start the discussions of the how and why of the ethical hack. Before this meeting ever begins, you will probably have some idea what management expects this security test to
accomplish‘ Companies that decide to perform ethical hacking activities don't do so in a vacuum. You need to understand the business reasons behind this event‘ Companies can decide to perform these tests for various reasons. The most common reasons include the following:
A breach in security: One or more events have occurred that highlight a lapse in security‘ It could be that an insider was able to access data that should have been unavailable to him, or it could be that an outsider was able to hack the organization’s web server.
Compliance with state, federal, regulatory, or other law or mandate: Compliance with state or federal laws is another event that might be driving the assessment, Companies can face huge lines and potential jail time if they fail to comply with state and federal laws. The Gramm-leach-Bliley Act (GLBA), Sarbanes-
Oxley (sox), and Health Insurance Portability and Accountability Act (HIPAA) are three such laws‘ HIPAA requires organizations to perform a vulnerability assessment Your organization might decide to include ethical hacking into this test regiment One such standard that the organization might be attempting to comply
with is ISO 17799. This information security standard was first published in December 2000 by the international Organization for Standardization and the International Electronic technical Commission. This code of practice for information security management is considered a security standard benchmark and
includes the following elements:
A breach in security: One or more events have occurred that highlight a lapse in security‘ It could be that an insider was able to access data that should have been unavailable to him, or it could be that an outsider was able to hack the organization’s web server.
Compliance with state, federal, regulatory, or other law or mandate: Compliance with state or federal laws is another event that might be driving the assessment, Companies can face huge lines and potential jail time if they fail to comply with state and federal laws. The Gramm-leach-Bliley Act (GLBA), Sarbanes-
Oxley (sox), and Health Insurance Portability and Accountability Act (HIPAA) are three such laws‘ HIPAA requires organizations to perform a vulnerability assessment Your organization might decide to include ethical hacking into this test regiment One such standard that the organization might be attempting to comply
with is ISO 17799. This information security standard was first published in December 2000 by the international Organization for Standardization and the International Electronic technical Commission. This code of practice for information security management is considered a security standard benchmark and
includes the following elements:
- Security policy
- Security organization
- Asset control and classification
- Environmental and physical security
- Employee security
- Computer and network management
- Access controls
- System development and maintenance
- Business continuity planning
- Compliance
Due diligence: Due diligence is another one of the reasons a company might decide to perform a pen test. The new CEO might want to know how good the organization's security systems really are, or it could he that the company Is scheduled to go through a merger or is acquiring a new firm. if so, the pentest might occur before the purchase or after the event, These assessments are usually going to be held to a strict timeline.
There is only a limited amount of time before the purchase, and if performed afterward. the organization will probably be In a hurry to integrate the two networks as soon as possible.
Test Phases
Security assessments in which ethical hacking activities will take place are composed of three phases: scoping of the assessment in which goals and guidelines are established, performing the assessment, and performing post-assessment activities. The post-assessment activities are when the report and remediation activities would occur.
Establishing Goals
The need to establish goals is also critical Although you might be ready to jump In and begin hacking, a good plan will detail the goals and objectives of the test. Common goals include system certifications
and accreditation. verification of policy compliance, and proof that the IT infrastructure has the capability to defend against technical attacks.
There is only a limited amount of time before the purchase, and if performed afterward. the organization will probably be In a hurry to integrate the two networks as soon as possible.
Test Phases
Security assessments in which ethical hacking activities will take place are composed of three phases: scoping of the assessment in which goals and guidelines are established, performing the assessment, and performing post-assessment activities. The post-assessment activities are when the report and remediation activities would occur.
Establishing Goals
The need to establish goals is also critical Although you might be ready to jump In and begin hacking, a good plan will detail the goals and objectives of the test. Common goals include system certifications
and accreditation. verification of policy compliance, and proof that the IT infrastructure has the capability to defend against technical attacks.
Are the goals to certify and accredit the systems being tested?
Certification is a technical evaluation of the system that can be carried out by independent security teams or by the existing staff. Its goal is to uncover any vulnerabilities or weaknesses in the implementation. Your goal will be to test these systems to make sure that they are configured and operating as expected, that they are
connected to and communicate with other systems in a secure and controlled manner, and that they handle data in a secure and approved manner.
If the goals of the penetration test are to determine whether current policies are being followed, the test methods and goals might be somewhat different. The security team will be looking at the controls
implemented to protect information being stored. being transmitted, or being processed. This type of security test might not have as much hands-on hacking, but might use more social engineering techniques
and testing of physical controls. You might even direct one of the team members to perform a little dumpster diving.
The goal of a technical attack might be to see what an insider or outsider can access. Your goal might be to gather information as an outsider and then use that data to launch an attack against a web server or externally accessible system.
Regardless of what type of test you are asked to perform, you can ask some basic questions to help establish the goals and objectives of the tests, including the following:
Certification is a technical evaluation of the system that can be carried out by independent security teams or by the existing staff. Its goal is to uncover any vulnerabilities or weaknesses in the implementation. Your goal will be to test these systems to make sure that they are configured and operating as expected, that they are
connected to and communicate with other systems in a secure and controlled manner, and that they handle data in a secure and approved manner.
If the goals of the penetration test are to determine whether current policies are being followed, the test methods and goals might be somewhat different. The security team will be looking at the controls
implemented to protect information being stored. being transmitted, or being processed. This type of security test might not have as much hands-on hacking, but might use more social engineering techniques
and testing of physical controls. You might even direct one of the team members to perform a little dumpster diving.
The goal of a technical attack might be to see what an insider or outsider can access. Your goal might be to gather information as an outsider and then use that data to launch an attack against a web server or externally accessible system.
Regardless of what type of test you are asked to perform, you can ask some basic questions to help establish the goals and objectives of the tests, including the following:
- What is the organization's mission?
- What specific outcomes does the organization expect?
- what is the budget?
- when will tests be performed: during work hours, after hours, on weekends?
- How much time will the organization commit to completing the security evaluation?
- Will insiders be notified?
- Will customers be notified?
- How far will the test proceed? Root the box. gain a prompt, or attempt to retrieve another prize. such as the CEO‘s password?
- who do you contact should something go wrong?
- What are the deliverables?
- What outcome is management seeking from these tests?
Getting Approval
Getting approval is a critical event in the testing process. Before any testing actually begins. you need to make sure that you have a plan that has been approved in writing. If this is not done, you and your
team might face unpleasant consequences, which might include being fired or even criminal charges.
If you are an independent consultant, you might also get insurance before starting any type of test. Umbrella policies and those that cover errors and omissions are commonly used. These types of liability policies can help protect you should anything go wrong.
To help make sure that the approval process goes smoothly. ensure that someone is the champion of this project. This champion or project sponsor Is the lead contact to upper management and your
contact person. Project sponsors can be instrumental in helping you gain permission to begin testing and also to provide you with the funding and materials needed to make this a success.
Getting approval is a critical event in the testing process. Before any testing actually begins. you need to make sure that you have a plan that has been approved in writing. If this is not done, you and your
team might face unpleasant consequences, which might include being fired or even criminal charges.
If you are an independent consultant, you might also get insurance before starting any type of test. Umbrella policies and those that cover errors and omissions are commonly used. These types of liability policies can help protect you should anything go wrong.
To help make sure that the approval process goes smoothly. ensure that someone is the champion of this project. This champion or project sponsor Is the lead contact to upper management and your
contact person. Project sponsors can be instrumental in helping you gain permission to begin testing and also to provide you with the funding and materials needed to make this a success.
Ethical Hacking Report
Although we have not actually begun testing, you do need to start thinking about the final report. Throughout the entire process, you should be in close contact with management to keep them abreast of
your findings. There shouldn’t be any big surprises when you submit the report. While you might have found some serious problems, they should be discussed with management before the report is written and submitted. The goal Is to keep them in the loop and advised of the status of the assessments If you find items that present a critical vulnerability, stop all tests and Immediately Inform managements
Your priority should always be the health and welfare of the organization.
The report itself should detail the results of what was found.
Vulnerabilities should be discussed, as should the potential risk they pose. Although people aren‘t fired for being poor report writers, don’t expect to be promoted or praised for your technical findings if
the report doesn't communicate your findings clearly. The report should present the results of the assessment in an easily understandable and fully traceable way. The report should be comprehensive and self-contained.
Most reports contain the following sections:
Although we have not actually begun testing, you do need to start thinking about the final report. Throughout the entire process, you should be in close contact with management to keep them abreast of
your findings. There shouldn’t be any big surprises when you submit the report. While you might have found some serious problems, they should be discussed with management before the report is written and submitted. The goal Is to keep them in the loop and advised of the status of the assessments If you find items that present a critical vulnerability, stop all tests and Immediately Inform managements
Your priority should always be the health and welfare of the organization.
The report itself should detail the results of what was found.
Vulnerabilities should be discussed, as should the potential risk they pose. Although people aren‘t fired for being poor report writers, don’t expect to be promoted or praised for your technical findings if
the report doesn't communicate your findings clearly. The report should present the results of the assessment in an easily understandable and fully traceable way. The report should be comprehensive and self-contained.
Most reports contain the following sections:
- Introduction
- Statement of work performed
- Results and conclusions
- Recommendations
Because most companies are not made of money and cannot secure everything, rank your recommendations so that the ones with the highest risk/highest probability appear at the top of the list.
The report needs to be adequately secured while in electronic storage. Use encryption. The primed copy of the report should be marked Confidential, and while It is in its primed form, take care to protect the report from unauthorized individuals. You have an ongoing responsibility to ensure the safety of the report and all
information gathered .Most consultants destroy reports and all test information after a contractually obligated period of time.
Vulnerability Research keeping Up with Changes
if you are moving into the IT security lield or are already working in IT security. you probably already know how quickly things change in this industry. That pace of change requires the security professional to
keep abreast of new/developing tools, techniques, and emerging vulnerabilities. Although someone involved in security in the 1990s might know about Code Red or Nimda, that will do little good to combat ransomware or a Java watering hole attack Because tools become obsolete and exploits become outdated, you want to build up a list of websites that you can use to keep up with current vulnerabilities. The sites listed here are but a few you should review:
The report needs to be adequately secured while in electronic storage. Use encryption. The primed copy of the report should be marked Confidential, and while It is in its primed form, take care to protect the report from unauthorized individuals. You have an ongoing responsibility to ensure the safety of the report and all
information gathered .Most consultants destroy reports and all test information after a contractually obligated period of time.
Vulnerability Research keeping Up with Changes
if you are moving into the IT security lield or are already working in IT security. you probably already know how quickly things change in this industry. That pace of change requires the security professional to
keep abreast of new/developing tools, techniques, and emerging vulnerabilities. Although someone involved in security in the 1990s might know about Code Red or Nimda, that will do little good to combat ransomware or a Java watering hole attack Because tools become obsolete and exploits become outdated, you want to build up a list of websites that you can use to keep up with current vulnerabilities. The sites listed here are but a few you should review:
- National vulnerability database: http://nvd.nist.gov/
- Security Tracker: http://securitytracker.com/
- Secunia: http://secunia.com/
- Hacker watch: www.hackerwatch.org/
- Dark reading: www.darkreadingt.com/
- Exploit data base: www.exploit-db.com/
- Dshieid: www.dshield.org/
- SANS Reading Room: www.sans.org/reading_room/
- Security Focus: www.securityfocus.com/
Ethics and Legality
Recent FBI reports on computer crime indicate that unauthorized computer use has continued to climb. A simple review of the news on any single day usually indicates reports of a Variety of cyber-crime and
network attacks. Hackers use computers as a tool to commit a crime or to plan, track, and control a crime against other computers or networks. Your job as an ethical hacker is to find vulnerabilities before the attackers do and help prevent them from carrying out malicious activities. Tracking and prosecuting hackers can be a difficult job because international law is often ill-suited to deal with the problem. Unlike conventional crimes that occur In one location, hacking crimes might originate in India, use a system based in
Singapore, and target a computer network located in Canada. Each country has conflicting views on what constitutes cyber-crime. Even if hackers can be punished, attempting to do so can be a legal
nightmare. It is hard to apply national borders to a medium such as the Internet that is essentially border-less.
Recent FBI reports on computer crime indicate that unauthorized computer use has continued to climb. A simple review of the news on any single day usually indicates reports of a Variety of cyber-crime and
network attacks. Hackers use computers as a tool to commit a crime or to plan, track, and control a crime against other computers or networks. Your job as an ethical hacker is to find vulnerabilities before the attackers do and help prevent them from carrying out malicious activities. Tracking and prosecuting hackers can be a difficult job because international law is often ill-suited to deal with the problem. Unlike conventional crimes that occur In one location, hacking crimes might originate in India, use a system based in
Singapore, and target a computer network located in Canada. Each country has conflicting views on what constitutes cyber-crime. Even if hackers can be punished, attempting to do so can be a legal
nightmare. It is hard to apply national borders to a medium such as the Internet that is essentially border-less.
Overview of US. Federal Laws
Although some hackers might have the benefit of bouncing around the globe from system to system, your work will likely occur within the confines of the host nation. The United States and some other countries have instigated strict laws to deal with hackers and hacking.
During the past 5 years, the us. federal government has taken an active role in dealing with computer crime, Internet activity, privacy, corporate threats, vulnerabilities, and exploits, These are laws you should be aware at and not become entangled in. Hacking is covered under the U.5. Code Title 18: Crimes and Criminal Procedure: Part 1:
Crimes: Chapter 47: Fraud and False Statements: Section 1029 and 1030. Each is described here:
During the past 5 years, the us. federal government has taken an active role in dealing with computer crime, Internet activity, privacy, corporate threats, vulnerabilities, and exploits, These are laws you should be aware at and not become entangled in. Hacking is covered under the U.5. Code Title 18: Crimes and Criminal Procedure: Part 1:
Crimes: Chapter 47: Fraud and False Statements: Section 1029 and 1030. Each is described here:
Section 1029, Fraud and related activity with access devices: This law gives the U5. federal government the power to prosecute hackers who knowingly and with intent to defraud produce, use, or traffic in
one or more counterfeit access devices. Access devices can be an application or hardware that is created specifically to generate any type at access credentials, including passwords, credit card numbers, long-distance telephone service access codes and so on for the purpose of unauthorized access.
one or more counterfeit access devices. Access devices can be an application or hardware that is created specifically to generate any type at access credentials, including passwords, credit card numbers, long-distance telephone service access codes and so on for the purpose of unauthorized access.
Section 1030, Fraud and related activity in connection with computers: The law covers just about any computer or device connected to a network or Internet. It mandates penalties for anyone who accesses a computer in an unauthorized manner or exceeds one's access rights. This a powerful law because companies can use It to prosecute employees when they use the capability and access that companies have given them to carry out fraudulent activities
The Evolution of Hacking Laws
In 1935, hacking was still in its infancy in England. Because of the lack of hacking laws, some British hackers believed that there was no way they could be prosecuted. Triludan the Warrior was one of these Individuals. aesldes breaking into the British Telecom system, he also broke an admin password for Frestel. Prestel was a dialup service that provided online services, shopping, email, sports, and weather.
One user of Prestel was His Royal Highness, Prince Phillip. Trlludan broke into the prince’s mailbox, along with various other activities, such as leaving the Prestel system admin messages and taunts.
Triludan the Warrior was caught on April 10, 1985, and was charged with five counts of forgery, as no hacking laws existed. After several years and a $3.5 million legal battle, Triludan was eventually
acquitted. Others were not so lucky because in 1990. parliament passed the Computer Misuse Act, which made hacking attempts punishable by up to 5 years in jail. Today, the United Kingdom, along with most of the Western world, has extensive laws against hacking.The punishment described in Sections 1029 and 1030 for hacking into computers ranges from a fine or imprisonment for no more than 1 year. It might also Include a fine and imprisonment for no more than 20 years. This wide range at punishment depends on the seriousness of the criminal activity and what damage the hacker has done, Other federal laws that address hacking Include the following:
Electronic Communication Privacy Act: Mandates provisions for access, use, disclosure, interception, and privacy protections of electronic communications. The law encompasses U5. Code Sections 2510 and 1701. According to the U.S. Code, electronic communications "means any transfer of signs, signals, writing,
images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire. radio electromagnetic, photo electronic, photo optical system that affects interstate or foreign commerce."
This law makes it Illegal for individuals to capture communication in transit or in storage. Although these laws were originally developed to secure voice communications, they new cover email and electronic
communication.
Computer Fraud and Abuse Act of 1984: The Computer Fraud and Abuse Act (CFAA) oi 1984 protects certain types of information that the government maintains as sensitive. The Act defines the term
classified computer, and imposes punishment for unauthorized or misused access into one oi these protected computers or systems.
The Act also mandates lines and jail time for those who commit specific computer-related actions, such as trafficking In passwords or extortion by threatening a computer. In 1991, Congress amended the
CFM to include malicious code. which was not included in the original Act.
The Cyber Security Enhancement Act or 2002: This Act mandates that hackers who carry out certain computer crimes might now get life sentences in prison if the crime could result in another‘s bodily harm or possible death. This means that it hackers disrupt a 911 system, they could spend the rest of their days In prison.
The Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and obstruct Terrorism (USA
PATRIOT) Act of 2001: Originally passed because of the World Trade Center attack on September 11, 2001, it strengthens computer crime laws and has been the subject of some controversy. This Act gives the
us government extreme latitude in pursuing criminals. The Act permits the U.S. government to monitor hackers without a warrant and perform sneak-and-peek searches.
The Federal Information Security Management Act (FISMA): This was signed Into law In 2001 as part of the E-Government Act of 2002, replacing the Government Information Security Reform Act (GISRA). FISMA was enacted to address the information security requirements for non-national security government agencies. FISMA provides a statutory framework for securing government—owned and -operated IT infrastructures and assets.
Federal Sentencing Guidelines of 1991: Provides guidelines to judges so that sentences are handed down in a more uniform manner.
Economic Espionage Act of 1996: Defines strict penalties for those accused of espionage.
U.S Child pornography Prevention Act of 1996: Enacted to combat and reduce the use of computer technology to produce and distribute pornography.
Compliance Regulations
Although it's good to know what laws your company must abide by ethical hackers should have some understanding of compliance regulations too. In the United States, laws are passed by congress.
Regulations can be can be created by executive department and administrative agencies. The first step is to understand what regulations your company or client needs to comply with. Common ones include the following: S0X, HIPAA, PCl-DSS, DSS, GLBA, and FISMA. One is described here:
One user of Prestel was His Royal Highness, Prince Phillip. Trlludan broke into the prince’s mailbox, along with various other activities, such as leaving the Prestel system admin messages and taunts.
Triludan the Warrior was caught on April 10, 1985, and was charged with five counts of forgery, as no hacking laws existed. After several years and a $3.5 million legal battle, Triludan was eventually
acquitted. Others were not so lucky because in 1990. parliament passed the Computer Misuse Act, which made hacking attempts punishable by up to 5 years in jail. Today, the United Kingdom, along with most of the Western world, has extensive laws against hacking.The punishment described in Sections 1029 and 1030 for hacking into computers ranges from a fine or imprisonment for no more than 1 year. It might also Include a fine and imprisonment for no more than 20 years. This wide range at punishment depends on the seriousness of the criminal activity and what damage the hacker has done, Other federal laws that address hacking Include the following:
Electronic Communication Privacy Act: Mandates provisions for access, use, disclosure, interception, and privacy protections of electronic communications. The law encompasses U5. Code Sections 2510 and 1701. According to the U.S. Code, electronic communications "means any transfer of signs, signals, writing,
images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire. radio electromagnetic, photo electronic, photo optical system that affects interstate or foreign commerce."
This law makes it Illegal for individuals to capture communication in transit or in storage. Although these laws were originally developed to secure voice communications, they new cover email and electronic
communication.
Computer Fraud and Abuse Act of 1984: The Computer Fraud and Abuse Act (CFAA) oi 1984 protects certain types of information that the government maintains as sensitive. The Act defines the term
classified computer, and imposes punishment for unauthorized or misused access into one oi these protected computers or systems.
The Act also mandates lines and jail time for those who commit specific computer-related actions, such as trafficking In passwords or extortion by threatening a computer. In 1991, Congress amended the
CFM to include malicious code. which was not included in the original Act.
The Cyber Security Enhancement Act or 2002: This Act mandates that hackers who carry out certain computer crimes might now get life sentences in prison if the crime could result in another‘s bodily harm or possible death. This means that it hackers disrupt a 911 system, they could spend the rest of their days In prison.
The Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and obstruct Terrorism (USA
PATRIOT) Act of 2001: Originally passed because of the World Trade Center attack on September 11, 2001, it strengthens computer crime laws and has been the subject of some controversy. This Act gives the
us government extreme latitude in pursuing criminals. The Act permits the U.S. government to monitor hackers without a warrant and perform sneak-and-peek searches.
The Federal Information Security Management Act (FISMA): This was signed Into law In 2001 as part of the E-Government Act of 2002, replacing the Government Information Security Reform Act (GISRA). FISMA was enacted to address the information security requirements for non-national security government agencies. FISMA provides a statutory framework for securing government—owned and -operated IT infrastructures and assets.
Federal Sentencing Guidelines of 1991: Provides guidelines to judges so that sentences are handed down in a more uniform manner.
Economic Espionage Act of 1996: Defines strict penalties for those accused of espionage.
U.S Child pornography Prevention Act of 1996: Enacted to combat and reduce the use of computer technology to produce and distribute pornography.
Compliance Regulations
Although it's good to know what laws your company must abide by ethical hackers should have some understanding of compliance regulations too. In the United States, laws are passed by congress.
Regulations can be can be created by executive department and administrative agencies. The first step is to understand what regulations your company or client needs to comply with. Common ones include the following: S0X, HIPAA, PCl-DSS, DSS, GLBA, and FISMA. One is described here:
U.S Health Insurance Portability and Accountability Act (HIPPA); Established privacy and security regulations for the health—care industry.
Conclusion
Conclusion
Because the organization cannot provide complete protection for all of its assets, a system must be developed to rank risk and vulnerabilities. Organizations must seek to identify high—risk and high-impact events for protective mechanisms. Part of the job of an ethical hacker ls to Identify potential vulnerabilities to these critical assets and test systems to see whether they are vulnerable to exploits while working within the boundaries of laws and regulations.
Books to aid your ethical hacking dream
Hacking the art of exploration download here
Ghost in the wires download here
Hacker's handbook download here
Books to aid your ethical hacking dream
Hacking the art of exploration download here
Ghost in the wires download here
Hacker's handbook download here
Comments
Post a Comment