Skip to main content

Ethical hacking simplified

Introduction to Hacking

Disclaimer: What I am about to teach you is highly sensitive. I am doing it for educational purpose only! ICTmagazine is not liable for any harm caused by you in attempt to intrude any system. Continue reading shows your acceptance of our disclaimer!

Hacking is an attempt to bypass computer or network security system legally or illegally. Although both the legal and illegal hacking shares some similarities and differences respectively. The person that carries out hacking is known as hacker. A legal or illegal hacker use software, techniques etc. to get access into the target network or individual.
One might be surprised to hear of legal hacking or hacker. This really exist! Think of an intruder in your house, it might be for good or bad! Laughing, how can an intruder into ones house be for good? Nice question! Lets say for example, you traveled out and left your house locked. Your neighbor called you complaining of cooking gas leakage from your locked house. What will be your solution since the only way to control the gas is by entering into the house. You see an intrusion has to take place! Otherwise any slight mistake your house might be on fire. The intrusion will take place in other to save your properties from very big calamity (fire outbreak). That's similar with legal hacking, they are there to help solve problems or avoid calamity befalling an organization.

Types of Hackers

Hackers are grouped mainly into 3.

  • White hat hacker or the good guys (Ethical hacker) .
  • Black hat hacker (Bad guys).
  • Gray hat hacker (Neutral guys).

White hat hacker (Ethical hacker)
This are the good guys! The legal hackers! This group of hackers works base on contracts or can be full-time employee's in an organization. They are security experts who help in maintaining, detecting or repairing a breached network. An Ethical hacker (the good guys) adhere by many rules to safeguard themselves and the organization they are employed or contracted by.

Black hat (Bad guys)
My father hate the word black hat hacker for the bad guys, because he sees it as “racism” laughing. The bad guys main target is to get a way to steal data, bring down an organization etc. in fact the bad guys as their name implies are only engaged in bad things in the networking world. Though they might have different reasons.
Black hat hackers are grouped into 3 categories
  • Script kiddies: This black-hat hackers knew nothing about what they are doing, they only know how to use certain tools to cause trouble.
  • Suicide hacker: This hacker only care about achieving his aim, he doesn't give a damn of the penalty, if caught trying to intrude an organization or any network.
  • Hacktivist: This is any hacker who uses his skills to achieve a political aim. Many of them use their hacking skills to protest or other form of political activism.
Gray hat hacker (Neutral guys)
Grey hat hackers are the good guys and the bad guys at the same time. They might try to intrude into an organization illegally, but later they might change to act as the good guys. Thus making the organization aware of the vulnerability on their network or system. Although this hackers are not to be trusted always.

NB: Most black hat and gray hat hacking activities can lead to prison!


The commonly used cyber-attacks (hacking attacks)

Stealing login credentials (username, passwords, pins)
One of the common target of cyber-attacks is to gain access to particular top-hierarchy privileges. This type of attack can be within the or outside the organization. The intruder will use the system vulnerability to steal the login credentials thus giving him an authorized privilege to particular resources or services. This can range from stealing of sensitive organizational login credentials, bank details, mobile financial institutions like Paypal, bitcoins etc., social networking like Facebook, Twitter etc. and many more. Mind you just login credentials stealing without even using it can take you to prison. Take note!

Network intrusion
This involves using skills to trespass a network. Although this might sometimes doesn't means any harm to the organization. In some cases is an elevation the once privilege within an organization or network, to perform a task that is above his own given permissions. Sometimes intrusion can be trying to use someone computer without his knowledge, even without using any tools.

Social Engineering
This involves dealing directly with humans to extract information. Social engineering is the ability of the attacker to beat human sense thus extracting data from the person without the targeted human realizing what he is going through. This can be simple and sometimes complex, especially when you are trying social engineering on someone smart! You might end up not getting anything.

Dumpster diving
This is considered as one of the old form of hacking. Where the attacker will go after ones dumped devices and try gather as many information as possible. Good example is selling out ones smart device (tablet, smartphone etc). Many information are still there, because not everyone do wipe out or shred his used devices before selling them out.

Software piracy
This involves copying duplicating or using software contrary to the end-user agreed terms and conditions or EULA(end user license agreement). It can again means finding a way to breach the security of that software so as to redistribute it without need for additional subscription or license.

Malicious codes(softwares or applications)
This are softwares designed to achieve intrusion or bringing down an organization. Examples are viruses, rootkits, malware, spyware, trojan horse, worms, adwares and any other type of software or instructions of that nature on any system.

Unauthorized data manipulation
This involves unauthorized data alteration to cover up some activities, example is by erasing or altering records.
Denial of Service (DoS) and Distibutive Denial of Service (DDoS)
This involves engaging the system in doing useless bulky task hence avoiding service to legitimate users.. Distributive denial of service happens when network of infected systems is built (botnet) thus helping the attacker to deliver his attack successfully using group of computers.

Phishing
This involves creating an environment similar to the legitimate one. Attackers use emails, social networking site etc to send links, prompting the party to enter his login credentials, when the target goes as planned. Boom!!! ones data has been stolen!
To be continued



join us on 
Facebook: ICTmagazine 
BBM channel: ICTmagazine

Labels:

Comments

Post a Comment

Popular posts from this blog

Powerful words from Steve Jobs on his sick bed

Powerful message. Steve Jobs’ Last Words - I reached the pinnacle of success in the business world. In others’ eyes, my life is an epitome of success. However, aside from work, I have little joy. In the end, wealth is only a fact of life that I am accustomed to. At this moment, lying on the sick bed and recalling my whole life, I realize that all the recognition and wealth that I took so much pride in, have paled and become meaningless in the face of impending death. In the darkness, I look at the green lights from the life supporting machines and hear the humming mechanical sounds, I can feel the breath of god of death drawing closer… Now I know, when we have accumulated sufficient wealth to last our lifetime, we should pursue other matters that are unrelated to wealth… Should be something that is more important: Perhaps relationships, perhaps art, perhaps a dream from younger days ... Non-stop pursuing of wealth will only turn a person into a twisted being, just l
Post a Comment
Read more

iTunes Connect is down!

Something is wrong in Cupertino. A number of developers today turned to Twitter to complain that iTunes Connect, a hub for iOS and Mac software makers, was logging them into the wrong accounts.  The service appears to be matching log-ins with the wrong accounts, showing apps and usernames from completely different people. When developers try to access one of the apps, they receive an error message leading them back to their own account. iTunes Connect has since been taken offline as Apple’s engineers presumably set off to fix the problem. We’ve contacted Apple and will update if we hear back. Culled from:  The Next Web
Post a Comment
Read more

How to Send SMS to any number anonymously

In this technology era, many of us want to send messages anonymously! the reasons might be maintaining privacy, franking etc. But many sees it as impossible! Today I'm going to take you through steps to send SMS/Text message without exposing your identity. This method is actually based on sending SMS using some online websites that will allow you to send SMS without entering any personal details. So just have a look on the websites to send free Anonymous SMS. List of Websites To Send Anonymous SMS To Any Number :- 1   Seasms.com This is the one of the best site that supports 160 character message to send to any number online and you will not need to register any personal details and can send free SMS to any of number. Must try this. 2   Spicesms.com This site only allows you to send SMS in india. The message service of this site is very fast as the message will be send instantly to the receiver end. 3   Smsti.in This website allows to send SMS in India onl
Post a Comment
Read more