hacking final ppt jmd
TRANSCRIPT
HACKERS’ ATTITUDE
Submitted By: Rakhi Sinha Roshni Wadhwani Surbhi Singh
CONTENTS
What is hacking? Timeline of hacking Types of hacking The Threats Some Hacking Incidents Who is Hackers? Why do Hackers Hack? Hackers’ Attitudes Indian IT Act 2000 Computer Fraud And Abuse Act Conclusion References
WHAT IS HACKING?
Hacking means finding out weaknesses in an
established system and exploiting them.
In computer networking, hacking is any
technical effort to manipulate the normal
behavior of network connections and
connected systems.
Hacking vs. Cracking
Malicious attacks on computer networks are
officially known as cracking, while hacking truly
applies to both activities having good intentions
and bad intentions. Most non-technical people
fail to make this distinction, however. Outside of
academia, its extremely common to see the
term "hack" misused and be applied to cracks
as well.
TIMELINE OF HACKING
1969 - Unix ‘hacked’ together
1971 - Cap and Crunch phone exploit discovered
1988 - Morris Internet worm crashes 6,000 servers
1994 - $10 million transferred from CitiBank
accounts
1995 - Kevin Mitnick sentenced to 5 years in jail
2000 - Major websites succumb to DoS
2000 - 15,700 credit and debit card numbers
stolen from Western Union (hacked while web
database was undergoing maintenance)
2001 Code Red
• exploited bug in MS IIS to penetrate & spread
• probes random IPs for systems running IIS
• had trigger time for denial-of-service attack
• 2nd wave infected 360000 servers in 14 hours
Code Red 2 - had backdoor installed to allow
remote control
Nimda-used multiple infection mechanisms email,
shares, web client, IIS
2002 – Slammer Worm brings web to its knees
by attacking MS SQL Server
TYPES OF HACKING
Normal data transfer
Interruption Interception
Modification Fabrication
THE THREATS
Denial of Service (Yahoo, eBay, CNN, MS)
Loss of data (destruction, theft)
Divulging private information
(Air Miles, celebrities)
SOME HACKING INCIDENTS
Internet Worm
• Robert T. Morris made an internet worm in
Nov. 1988. It spread through the internet
and crashed about 6000 systems.
Cuckoo’s Egg
• Clifford Stoll caught the hackers who are
the German hackers.
WHO IS HACKER?
A computer hacker is a person who finds out
weaknesses in the computer and exploits it.
Hackers may be motivated by a multitude of
reasons, such as profit, protest or
challenges.
Alternatively, the term hacker is used to
refer to a person that pushes technology
beyond perceived norms at the time.
WHY DO HACKERS HACK?
Just for fun
Show off
Notify many people their thought
Steal important information
Destroy enemy’s computer network during
the war.
For personal and financial gains.
HACKERS’ ATTITUDES
HACKERS’ ATTITUDE DEFINITION
WHITE HAT HACKERA white hat hacker, also rendered as
ethical hacker, is, in the realm of
information technology, a person who is
ethically opposed to the abuse of
computer systems.
BLACK HAT HACKERA black hat hacker is a person who
compromises the security of a
computer system without permission
from an authorized party, typically with
malicious intent.
HACKERS’ ATTITUDE DEFINITION
GREY HAT HACKERThey are a hybrid between white and
black hat hackers who sometimes
hacks ethically and sometimes
illegally.
BLUE HAT HACKERA blue hat hacker is someone outside
computer security consulting firms that
are used to bug test a system prior to
its launch, looking for exploits so they
can be closed.
HACKERS’ ATTITUDES
HACKERS’ ATTITUDES
HACKERS’ ATTITUDE DEFINITION
SCRIPT KIDDIESA computer intruder with little or no
skill; a person who simply follows
directions or uses a cook-book
approach.
HACKTIVISTA hacktivist is a hacker who utilizes
technology to announce a political
message.
HACKERS’ ATTITUDES
HACKERS’ ATTITUDE DEFINITION
ELITE HACKERA social status among
hackers, elite is used to describe
the most skilled.
NEOPHYTEA Neophyte or "newbie" is
someone who is new to hacking
and has almost no knowledge or
experience of the workings of
hacking technologies.
BLACK HAT HACKERS
Black hat hacker is the alternate name for
“crackers” who use their skills for destructive
purposes.
A black hat hacker is a person who uses their
knowledge of vulnerabilities and exploits for
private gain, rather than revealing them
either to the general public or the
manufacturer for correction.
BLACK HAT HACKERS
Many black hats hack networks and web
pages solely for financial gain.
Black hats may seek to expand holes in
systems; prevent others from compromising
the system on which they have already
obtained secure control.
Black hats may work to cause damage
maliciously and make threats.
WHITE HAT HACKERS
The term white hat hacker or ethical hacker
is also often used to describe those who
attempt to break into systems or networks in
order to help the owners of the system by
making them aware of security flaws.
Many such people are employed by computer
security companies; these professionals are
sometimes called sneakers. Groups of these
people are called tiger teams.
WHITE HAT HACKERS
The primary difference between white and
black hat hackers is that a white hat hacker
claims to observe ethical principles.
Like black hats, white hats are often
intimately familiar with the internal details of
security systems, and can find a solution to a
tricky problem.
GREY HAT HACKERS
A Grey Hat in the computer security
community, includes a skilled hacker who
sometimes acts destructively and other times
in good will.
They usually do not hack for personal gain or
have malicious intentions, but may or may
not occasionally commit crimes during the
course of their technological exploits.
GREY HAT HACKERS
A grey hat will not necessarily notify the
system admin of a penetrated system of
their carried out penetration.
A person who breaks into a computer system
and simply puts their name there whilst
doing no damage are also included in this
category.
SECTION 66 OF THE INDIAN IT ACT 2000
Whoever with the intent to cause or knowing
that he is likely to cause wrongful loss or
damage to the public or any person destroys
or deletes or alters any information residing
in a computer resource or diminishes its
value or utility or affects it injuriously by any
means, commits hacking.
Whoever commits hacking shall be punished
with imprisonment up to three years, or with
fine upto two lakh rupees, or with both.
COMPUTER FRAUD & ABUSE ACT(18
USC 1030) Hacking law 1 as stated in the section
11 of the Atomic Energy Act of 1954
Knowingly accesses a computer without
authorization or exceeds authorized access,
and by means of such conduct obtains
information that has been determined by the
United States Government pursuant to an
Executive order or
statute to require protection against
unauthorized disclosure for reasons of national
defense or foreign relations, or any restricted
data, as defined in paragraph y of section 11 of
the Atomic Energy Act of 1954.
Hacking law 2 as stated in section 1602
of title 15 of Fair Credit Reporting Act
(15 U.S.C. 1681)
Intentionally accesses a computer without
authorization or exceeds authorized access,
and thereby obtains information contained in a
financial record of a financial institution, or of
a card issuer as defined in section 1602(n) of
title 15, as such terms are defined in the Fair
Credit Reporting Act .(15 U.S.C. 1681)
Hacking law 3
Intentionally, without authorization to access
any computer of a department or agency of
the United States, accesses such a computer
of that department or agency that is
exclusively for the use of the Government of
the United States or, in the case of a
computer not exclusively for such use, is used
by or for the Government of the United States.
Hacking law 4
Knowingly and with intent to defraud, accesses
a Federal interest computer without
authorization, or exceeds authorized access,
and by means of such conduct furthers the
intended fraud and obtains anything of value,
unless the object of the fraud and the thing
obtained consists only of the use of the
computer. Shall be punished as provided in
subsection (c) of the section.
SUBSECTION C
(A)A fine under this title or imprisonment for not
more than ten years, or both, in the case
of an offense under subsection (a)(1) of this
section which does not occur after a conviction
for another offense under such subsection.
(B)A fine under this title or imprisonment for not
more than twenty years, or both, incase of an
offense under subsection (a)(1) of this section
which occurs after a conviction for another
offense under such subsection.
Hacking law 5
Intentionally accesses a Federal interest
computer without authorization, and by
means of one or more instances of such
conduct alters, damages, or destroys
information in any such Federal interest
computer, or prevents authorized use of any
such computer or information, and thereby-
(A) Causes loss to one or more others of a
value aggregating $1,000 or more during any
one year period, or
(B) Modifies or impairs, or potentially modifies
or impairs, the medical examination, medical
diagnosis, medical treatment, or medical
care of one or more individuals.
Hacking law 6 as stated in section 1029
Knowingly and with intent to defraud traffics
(as defined in section 1029) in any password or
similar information through which a computer
may be accessed without authorization, if
(A) Such trafficking affects interstate or foreign
commerce; or
(B) Such computer is used by or for the
Government of the United States.
CONCLUSION
There is no separate detailed law in India for
Computer Fraud, Abuse, Tempering and
Hacking.
There is only a slight provision in section 66 in
IT Act 2000.
Provision should be made in Indian IT Act 2000
to encourage Ethical Hacking because Ethical
Hacking is a measure to reduce illegal hacking.
REFRENCES
1. www.cyberlawsindia.net
2. www.protectivehacks.com/hackinglaws.html
3. www.cybercrime.gov/reporting.htm
4. www.asianlaws.org/abuse/hacking
5. www.kyrion.in/security/hacking