Hacking???

• The other day, the NASA network was attacked by a kid from Russia who managed to control a spaceship in space. So imagine being able to do something like that! More recently, there’s something called the Stuxnet Worm. Everybody says that the US government created the virus and what the virus did was that it attacked only the Iranian nuclear department computer. So the next world war, if it ever happens, may actually be through the internet. You don’t necessarily need to go with tanks and bombs and airplanes to take over a country anymore.

Normal

data transfer

Interruption Interception

Modification Fabrication

• Internet Worm

– Robert T. Morris made an internet worm. It spread through the internet and crashed about 6000 systems.

• Cuckoo’s Egg

– Clifford Stoll caught the hackers who are the German hackers applied by KGB

– IP Spoof

• Kevin Mitnick was caught by Tsutomu Shimomura who was security expert. Kevin Mitnick uses the IP Spoof attack in this accident

• Hack

– Cut with repeated irregular blows

– Examine something very minutely

• Hacker

– The person who hacks

• Cracker

– System intruder/destroyer

• Just for fun

• Show off

• Hack other systems secretly

• Notify many people their thought

• Steal important information

• Destroy enemy’s computer network during the war

Let me jus see, what he saves on his

system

Goddamn this computer is

hacked again

• How much fun can you derive from prying into people’s private details?

Let me see what’s on his

facebook account

• Hacker: Intruder and criminal

• Hacker: Brilliant programmer

• Hacker: Security expert

• Hacker: Computer Modifier

WHITE HATBLACK HAT

GRAY HAT

White Hats, in contrast, are hackers who use their talent to protect and defend networks.

Black Hats who are highly skilled, but have malevolent and detrimental intent

Gray Hats hack for different reasons either ethically or unethically depending on the situation and circumstances at hand

• Install irc related program

– identd, irc, bitchx, eggdrop, bnc

• Install scanner program

– mscan, sscan, nmap

• Install exploit program

• Install denial of service program

• Use all of installed programs silently

An ethical hacker is usually somebody hired by a company and given permission to hack into their network and in the process get to know what the security loopholes are. In the process, they will create a report saying “Hey these are your problems and this is how you can fix them”. So this is what an ethical hacker does. He takes the knowledge of the criminal and uses it against him.

• Study C/C++/assembly language

• Study computer architecture

• Study operating system

• Study computer network

• Examine the hacking tools for a month

• Think the problem of the computer

• To become a hacker you need four things: You need to know about programming, you need to know networking,the basics of Linux and, most importantly, you need to know how to think like a criminal.

• The first three things can be learned but the fourth thing you have to learn on your own. It’s a talent you have to develop, and I classify thinking like a criminal as a talent which you definitely require if you want to be successful as a hacker.

• the biggest risk in an organization is its own employees…

• Does that mean that all the companies are sitting there reading all the emails that we are sending out from the company account?

• Of course. In the U.S, employees have to sign a document authorizing the company to look into their email accounts whenever they wish. I don’t know about Mauritius but in India they don’t make employees sign anything but go through the employees’ emails nevertheless.

• Patch security hole often

• Encrypt important data

– Ex) pgp, ssh

• Do not run unused daemon

• Remove unused setuid/setgid program

• Setup loghost

• Backup the system often

• Shutdown the system

– Or turn off the system

• Separate the system from network

• Restore the system with the backup

– Or reinstall all programs

• Connect the system to the network

• It can be good to call the police