Attackers use various hacking techniques to compromise a website or a computer. The most common ones are Trojan horse programs, Denial of Service, unprotected windows shares, mobile code, cross-site scripting and packet sniffing. This paper will discuss in details how attackers use these hacking techniques to compromise a system, how attackers gather information from a victim via their e-mail communication and how to prevent the attacks.
Trojan horse programs are a common way for intruders to trick a user into installing back door programs. According to Armor2net, these programs can allow intruders easy access to a computer without the user's knowledge, change the system configurations, or infect the computer with a computer virus. These back door or remote administration programs are also known as social engineering. In fact, hackers usually use BackOrifice, Netbus, and SubSeven to gain remote access to users' computers. Once installed, these programs will allow them to access and control the computers.
Denial of Service (DoS) is another technique that hackers frequently use. DoS attack causes user's computer to crash or to become so busy processing data that the computer is unable to use it. According to Armor2net, it is important to note that in addition to being the target of a DoS attack, it is possible that the attackers also us the computer to participate in another DoS attack on another system. In fact, this technique is called Distributed Denial-of-Service (DDoS) attack. The attackers install a back door program that runs on the compromised computer and wait for further instructions. When a number of back doors are running on different computers, a single "handler" can instruct all of these back doors to launch a DoS atta...
... middle of paper ...
...derstand the concepts behind client-side attacks and how they relate to the coding. This will help to secure his or her application systems better (Riden, 2008). Being able to use existing client-side exploits to compromise lab victim machines will help a software developer understand the attacks better and be able to prevent them.
References
Riden, Jamie. August 2008. Client Side Attacks. Retrieved on April 21, 2014 from http://www.honeynet.org/node/157
Curphey, M. & Groves, D. 2008. OWASP Testing Guide: How to Value the Real Risk? Page 325-333.
Armor2net. “The most common methods used by Hackers”. Retrieved on 5/3/2014 from http://www.armor2net.com/knowledge/hackers_methods.htm
Combo fix. “Three Techniques Used by Hackers to Break Into Accounts.” Retrieved on 5/2/2014 from http://www.combofix.org/three-techniques-used-by-hackers-to-break-into-accounts.php
Crackdown* January 1, 1994 -- Austin, Texas Hi, I'm Bruce Sterling, the author of this electronic book. Out in the traditional world of print, * The Hacker Crackdown* is ISBN 0-553-08058-X, and is formally catalogued by the Library of Congress as "1. Computer crimes -- United States. 2.
Privacy and security issues have become one of the top concerns among computer users in today’s market. It has become a game of survival of the fittest in protection of your security. The only true way to defend yourself is knowledge. You should prepare your self against hackers, spammers and potential system crashing viruses and web bugs. Lets focus on how you can protect yourselves from the would be thieves.
Trojans are a type of program that can and usually will hurt a PC through software and hardware. The way it gets into the computer is by fooling the computer user into thinking that some software he/she found online is safe. When the person downloads the software, it is not actually useful software. It is actually a Trojan which has now invaded the PC. Once in, it allows the creator of the Trojan to access and control the computer from his own house. The hacker can then access passwords, important documents, and other stuff that will be mentioned later. The malware does not make ...
...er, J., & Tucker, E. (2012). Risk analysis and the security survey (4th ed.). Waltham, MA: Butterworth-Heinemann.
Computer hackers use botnets or ‘zombie’ computers to infiltrate high security computer servers and minimize attempts to be caught. A botnet is a collection of internet-connected computers that are controlled by a computer hacker that did the original infecting. “As well as using the computers they land on to spread themselves further, they're designed to take control of them, either to steal confidential user information or to convert them into remote-controlled 'zombie...
The Denial of Service attack (DoS), in this attack, the attacker does not actually access the system, but rather simply blocks access from legitimate users. In the words of the CERT (Computer Emergency Response Team) Coordination Center (the first computer security incident response team), “A ‘Denial-of-Service’ attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service” (CERT, 2003). One often-used blocking method is flooding the targeted system with so many false connection requests that it cannot respond to legitimate requests. DoS is an extremely common attack method, second only to malware. (Easttom, 2014)
The use of hacking to identify weaknesses in computer security has become an increasingly controversial issue in recent years. Awareness of this issue is important, because our ever increasing reliance on technology means that breaches in computer security have the potential to have wide-ranging and devastating consequences to society, worldwide. This essay will begin by clearly defining the term ‘hacking’ and will examine the type of people who hack and for what reasons. There will then follow a discussion of the moral argument on hacking before examining a few brief examples. The essay will then conclude by arguing against the use of hacking as a means of identifying weaknesses in computer security.
few might wonder what it does and then move on. The hacker, the true hacker,
Denial of Service(DOS) : It is an attack which makes the attacked machine busy such that it is not able to serve legitimate client (eg apache, smurf, neptune, ping to death etc).
The attackers accomplish this task by sending an intrusion agent commonly known as worm'. There are "two major types of malicious codes in the wild" (Todd, 2003, pp. 2). These codes are differentiated by their means of propagation: worms are self-replicating, self-propagating, whereas, viruses require some form of human interaction. Much like biological viruses cause disease in humans by compromising their body defence mechanism, a worm can not only damage or shut down host or networks but they are also mutating and becoming more complex. Worms can carry payloads designed for specific malicious intent (Todd, 2003). According to Geer (2005) there is a less familiar threat that many experts say could be just as dangerous: malicious bot software. According to Nazario et al. the evolution of the Internet worms will prove to be more difficult to identify and eradicate (Nazario, Anerson, Wash & Connelly, 2001).
Through the administrator account access, the criminals were able to install a program called “BladeLogic” which mimicked another program developed by BMC. This process, replacing legitimate programs with those designed to spy, steal, or manipulate data, is called usurpation (Kroenke 312). The hackers exploited a vulnerability in Target’s system to gain access. A vulnerability is a point of entrance that can be used to access private data (Kroenke 310). In the case of Target, the vulnerability was the unsafe administrative account.
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...
Malicious code is a real danger to modern systems. Most systems nowadays do not work in isolation; they are more likely to be connected to other systems and sometimes they can even be dependent on them. Therefore an attack on one of the systems in the network is a potential attacking attempt to any other systems, with which it is interacting. Therefore, it is inevitable for any networked or Internet-connected computers to deal with malicious code attacks at some point. Businesses lose billions of dollars each year because of malicious code attacks. Responding to the attack and restoring all the data on the computers is a time-consuming and expensive task. It is a much better practice to try preventing it through organizing and maintaining effective defenses. However, it is important to keep in mind that there is no one general solution that can help to prevent all the attacks. Attackers are constantly looking for new ways to take advantage of systems’ vulnerabilities and find new ones. That’s why organizations have to not only defend themselves against existing attack methods, but also try to predict and prevent new attacking techniques. It means that computer and network security is a never-ending challenge and expense.
Cyber Crimes are crimes committed via the Internet. In some cases, the source of attack is the computer system. These types of attacks can come in the forms of computer viruses such as worms or Trojan horses, DOS (denial of service), and electronic vandalism. (OJP, 2013). The computer can also be used to commit theft such as embezzlement, financial information, and fraud. Other uses involves malicious adware, phishing, spoofing, spyware, and hacking; to name a few.
A cyber crime called 'Bot Networks', wherein spamsters and other perpetrators of cyber crimes remotely take control of computers without the users realizing it, is increasing at an alarming rate. Computers get linked to Bot Networks when users unknowingly download malicious codes such as Trojan horse sent as e-mail attachments. Such affected computers, known as zombies, can work together whenever the malicious code within them get activated, and those who are behind the Bot Networks attacks get the computing powers of thousands of systems at their disposal.