Hacking Techniques - Computer Hacking: The Essential Hacking Guide for Beginners (2015)

Computer Hacking: The Essential Hacking Guide for Beginners (2015)

Chapter 4. Hacking Techniques

There are various techniques that can be used by hackers in order to gain unauthorized access to a computer system, in order to wreak havoc, steal money or data, or to prevent the system from operating as it is supposed to. The three main methods that are used in order to attack a system that is connected to the Internet are: network enumeration, vulnerability analysis and exploitation.

A network enumerator is a program that is used in order to discover the usernames and other information from networked computers. The program discovers any weaknesses in the computer network’s security and the findings are reported to a hacker who may then use this information in order to access the network and cause damage (either by stealing data or corrupting the network.)

On the other hand, ethical hackers can use the same process simply to discover any weaknesses in their system in order to tighten security. Another method used is vulnerability analysis, which identifies any points of vulnerability in a system; this information can then be used to either attack the system, or to remove the weakness. Vulnerability analysis can then lead to exploitation, where the hacker uses the vulnerability information in order to breach a computer or system’s security.

There are many specific techniques that can be used, but they all employ the main concepts and methods described above. The first more specific example of a hacking technique is a vulnerability scanner, which is a program used to check a network for susceptibility to attack. A port scanner can also be used, which identifies avenues of access to a computer and can establish how to circumnavigate a firewall.

As well as these mechanized devices, hackers can also find these vulnerabilities themselves, which can be done by manually searching the code of the computer and then testing whether they are right. Brute-force attack is another method by which a hacker can gain unauthorized entry to a computer network, and this involves for example guessing passwords. Password cracking is another hacking technique that uses passwords, but rather than guessing the password, the hacker recovers password information that has been stored in the computer, or transmitted.

A spoofing attack (otherwise known as phishing) is an enemy program, system or website that poses as a trusted one. By falsifying data the hacker is able to masquerade as a trusted system and thus fool a program or user into revealing confidential information such as passwords or bank details. Another hacking technique that is commonly used is a root kit, which is a program that manages to take over the control of an operating system by employing hard to detect methods.

A Trojan horse is yet another technique that is a program which manages to fool systems and users; it works by working in one way while seeming to be doing something else. By using this method a hacker is able to gain unauthorized access to a system and create an access point so that they can re-enter via that established route later on. A computer virus is the most widely recognized form of hacking, as it is the computer threat that most of the public is aware of.

The virus works by self-replicating and implanting itself into documents and code; while some computer viruses are malicious some are merely irritating or harmless. A computer worm is similar in that it is self-replicating, but it is able to enter a computer program without a user inadvertently letting it in, and it does not need to insert itself into present programs.

Finally, a keylogger is a tool that records every keystroke on a given machine, which can later be accessed and viewed by the hacker. This is usually to enable the hacker to access confidential information that has been typed by the victim. In fact, there are some legitimate uses for such a technique, for example some companies use a keylogger in order to detect any dishonesty or fraud committed by an employee.

A large area of computer hacking involves the use of social engineering, whereby in order to circumvent information security a person is manipulated in order to reveal confidential information or to grant access to secure networks. This technique (which includes phishing) is usually only part of a complex routine in a wider fraud scheme, but it is also a dangerous step because human beings are more likely to be won over by a convincing trickster than a machine is.

Social engineering relies on the psychological act of decision-making, and can be thought of as one of the most significant vulnerabilities in a computer security system. There are many different ways in which social engineering can be applied in order to gain unauthorized access to a computer system, and this includes criminals posing as IT technicians who pretend that they are fixing the company computers whilst in fact stealing data.

Another example would be a trickster informing a company that the number of the IT helpdesk has changed, so that when employees phone the number they will willingly disclose their account details thinking that they are talking to somebody who they can trust with the information. These sorts of scenarios come under the category of ‘pretexting’ because making up a believable scenario allows the criminal to access the required information and this leads the victim to disclose the information.

Other professionals that a hacker involved in social engineering could pose as include the police or bank manager, because these are individuals who we believe have the right to be granted any information that they request. Baiting is a subcategory of social engineering because it relies on human psychology in order to work. Baiting is where a victim’s computer security is compromised when an infected disk, device or USB stick is used.

An example of baiting would be for the criminal to post a USB through somebody’s door with a tempting sounding label and simply wait for the curious victim to plug it into their laptop, at which point malware would automatically install and infect their computer. This technique makes the most of the human tendency towards curiosity and greed, because if a label promises erotic images, money or gossip then a victim may find it hard to resist taking a look.

Kevin Mitnick, a once computer criminal who later because a security consultant, has pointed out that it is much easier and quicker to trick a person into disclosing confidential information than it is to crack into the system using luck, brute force or technical knowledge. Christopher Hadnagy has written a book titled Social Engineering: The Art of Human Hacking, which emphasizes the way in which humans are the most vulnerable part of any computer system.

Conclusion

This book has provided an overview of some of the key concepts to do with hacking. We have considered the beginnings of hacking and how it was influenced by the literary tradition of Cyberpunk. It is interesting to note that what was once depicted in science-fiction as an imagined activity in a dystopian society has become real and has gone on to pose a significant threat to computer security and a central concern of information technology experts.

Here we can see the true beginnings of hacking and how what was once a fictional theoretical concept has become a reality with a significant impact on the digital culture. Next we looked at the different types of hackers and noted the distinction between ethical hackers, who perform hacking legally and in order to improve computer security (otherwise known as white hat hackers) and unethical hackers, who use their skills illegally in order to wreak havoc, disrupt services, and steal information and data (otherwise known as black hat hackers.)

With this it is interesting to note how technical skill can be used differently depending on motivation, and how the hacking community is not united by a clear and consistent ideology. Subsequently we looked at computer security in order to better understand the conditions within which hacking takes place. By learning about computer security it is possible to understand the challenges faced by hackers who come up against security measures, as well as the challenges faced by those seeking to maintain the security of their computer systems.

Any introduction to hacking would not be complete without this examination of computer security because the value of maintaining computer security is what motivates ethical hackers, and what unethical hackers are fighting against. Finally we looked at the numerous different hacking techniques that can be utilized, including both automated software that finds and exploits vulnerabilities in computer systems, as well as manual methods for breaking through security measures such as discovering a password through trial and error.

In this chapter we also considered the vast area of hacking that is social engineering, by which a hacker is able to access a secure network by illegally obtaining the information needed. In today’s digital culture we are becoming increasingly reliant on technology for everything that we do.

As technology has improved our lives have become easier in many ways, but with this blossoming industry new types of criminals have also been created. A criminal does now not even need to leave the house in order to steal money, but can do so simply by hacking into their victim’s computer and accessing confidential data.

Hacking is not always illegal though, and this book has also looked at the ways in which there is an increasing demand for computer experts to become ethical hackers in order to further promote and protect computer security. This introduction to the world of hacking has revealed that hacking is not a simple activity but a huge spectrum of different behaviors that involve a wide range of techniques and motivations.

Moreover, hacking is shown to be an activity that has a strong sense of cult affiliation, in the sense that hackers strongly feel part of the hacking community. As digital culture continues to grow, it seems that both ethical and unethical hacking will become more and more skilled and its impact evermore significant.

Thank you for reading. I hope you enjoy it. Ask you to leave your honest feedback.