]]>
خواطر :
اسقيني كاس من رحيق ذكرى وجودك ... لا تتركيه يجف ،كلما جف الكأس ازداد الحنينُ...و لا يطفي شعلة الفؤاد سوى كأس الحنين...   (بلقسام حمدان العربي الإدريسي) . 

Hacking and Security Threats

بواسطة: طارق عفيشات  |  بتاريخ: 2013-04-21 ، الوقت: 11:07:44
  • تقييم المقالة:

 

                        Hacking and Security Threats  Abstract

 

 

 

 

 

In this paper am going to navigate through several of security threats such lick hacking, identity theft and more and how its effect the information technology system and the society and what is ethical and what’s not, when it started what is the history of such crimes.

Is there any law for computer crimes and what’s the law procedure in such cases? 

What tools these people have what abilities and can we prevent them from treating our privacy and not being scared too much of getting our selves to be victims’ of such dangerous crimes.

This paper is about all type of computer crime but focusing in the ethical side of these crimes and how it affects other elements.

 

Introduction

 

As we all know there’s a big amount of data and information that’s is available on the internet And any user can get access to that information through a home network, many uses consider this property “accessing the data from the home or business office” as an advantage, but they don’t know that connecting the internet and getting any information from it can expose there own private data even if they connecting the WWW through a private network. The connected computer is easily can be hacked and expose the private data to malicious attack from anywhere in the world and you will have no idea about what’s happening.

So what we have to do to protect our Data and our PCs even if your computer is connected all the time there’s some good method can make it harder to the hackers (intruders, malicious attack…..etc) to attack but sadly until now there’s no such method can prevent the attack completely there’s always a new way to get in, there’s always a back door for those persons. But the thing is not all attackers have that strong ability to attack and we can prevent them from expose our data and harm our machines.

The windows which installed on your machine have good methods to keep any intruders away from our machine and cannot be harm; one of these methods is the Firewall

Computer or Cyber crimes are considered as illegal, unethical or unauthorized behavior of people relating to the automatic processing and transmission of data, use of Computer Systems and Networks. 

Ethics and Law

 

The choice between the ethical and the aesthetic is not the choice between good and evil, it is the choice whether or not to choose in terms of good and evil.

Ethicsare the principle and standards that guide our behavior toward other people, your ethics have consequences for you just as law do, but ethics are deferent from law.

Lawseither clearly require or prohibit an action, Ethics are more subjective more a matter of personal or cultural interpretation, that’s why ethical decision maybe complex.

The ethics are vary by cultures what maybe ethical on certain country maybe not in another and maybe illegal too, or maybe you doing legal action but it unethical.

Ethics are exist every where in Information technology world and the business world and even in your own world that beyond any business.

History of hacking

 

Hacking is not limited to computers. The real meaning of hacking is to expand the capabilities of any electronic device; to use them beyond the original intentions of the manufacturer. As a matter of fact, the first hackers appeared in the 1960's at the Massachusetts Institute of Technology (MIT), and their first victims were electric trains. They wanted them to perform faster and more efficiently.

During the 1970's, a different kind of hacker appeared: the phreaks or phone hackers. They learned ways to hack the telephonic system and make phone calls for free. Within these group of people, a phreaker became famous because a simple discovery. John Draper, also known as Captain Crunch, found that he could make long distance calls with a whistle. He built a blue box that could do this and the Esquire magazine published an article on how to build them. Fascinated by this discovery, two kids, Steve Wozniak and Steve Jobs, decided to sell these blue boxes, starting a business friendship which resulted in the founding of Apple.

By the 1980's, phreaks started to migrate to computers, and the first Bulletin Board Systems (BBS) appeared. BBS are like the yahoo groups of today, were people posted messages of any kind of topics. The BBS used by hackers specialized in tips on how to break into computers, how to use stolen credit card numbers and share stolen computer passwords.

In 1983, Mark Abene was nothing more than a beanie-wearing mall rat with too much spare time. He didn’t own a computer, so one day he wandered into a Radio Shack, cause up to one at the store, and tapped out a few commands. And that’s how his hacking habit began – as simple as that. By 1984, with echoes of Orwellian symmetry, he was already using his own PC to sneak into other people’s computer systems. While his parents were busy upgrading to a touch-tone phone, Abene was figuring out how to redirect traffic between switchboards. Then the world learned what a pimple-faced intruder with simple Radio Shack gear was truly capable of. In 1991, in response to the AT&T telephone system crash that left 60,000 customers without a phone line for nine hours, federal authorities burst into Abene’s bedroom, guns drawn, and confiscated his computer equipment. Although Abene was ultimately acquitted in the scandal, authorities nailed him for related mischief. Today, his phone hacking, or "phreaking," is an infamous milestone in hacker history. At just 19 years old, Abene became the first hacker to serve time in a federal prison.

 

It wasn't until 1986 that the US government realized the danger that hackers represented to the national security. As a way to counteract this menace, the Congress passed the Computer Fraud and Abuse Act, making computer breaking a crime across the nation.

During the 1990's, when the use of the internet widespread around the world, hackers multiplied, but it wasn't until the end of the decade that system's security became mainstream among the public.
 

1983: The movie "War Games," starring Matthew Broderick, is released in theaters. Broderick plays a teenage hacker who taps into a Pentagon supercomputer nicknamed "WOPR" and nearly starts World War III. (WOPR is a spoof of NORAD's old central computer processing system, which had the acronym "BURGR.")

In one of the first high-profile cases against computer hackers, the FBI arrests six teenagers from Milwaukee known as the "414s," named after the city's area code. They are accused of breaking into more than 60 computer networks, including those of Memorial Sloan-Kettering Cancer Center and Los Alamos National Laboratory. One hacker gets immunity for his testimony; the others are given probation.

 

Today, we are accustomed to hackers, crackers, viruses, Trojans, worms and all of the techniques we need to follow to combat them.

1998: The Cult of Hacking and the Israeli Connection

The hacking group Cult of the Dead Cow releases its Trojan horse program, Back Orifice -- a powerful hacking tool -- at Def Con. Once a hacker installs the Trojan horse on a machine running Windows 95 or Windows 98, the program allows unauthorized remote access of the machine.

During heightened tensions in the Persian Gulf, hackers touch off a string of break-ins to unclassified Pentagon computers and steal software programs. Then-U.S. Deputy Defense Secretary John Hamre calls it "the most organized and systematic attack" on U.S. military systems to date.

An investigation points to two American teens. A 19-year-old Israeli hacker who calls himself "The Analyzer" (aka Ehud Tenebaum) is eventually identified as their ringleader and arrested. Today Tenebaum is chief technology officer of a computer consulting firm.

1999: Software Security Goes Mainstream

In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugs in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers.

2000: Service Denied

In one of the biggest denial-of-service attacks to date, hackers launch attacks against eBay, Yahoo!, CNN.com. Amazon and others.

Activists in Pakistan and the Middle East deface Web sites belonging to the Indian and Israeli governments to protest oppression in Kashmir and Palestine.

Hackers break into Microsoft's corporate network and access source code for the latest versions of Windows and Office.

2001: DNS Attack

Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's Web sites are corrupted. The hack is detected within a few hours, but prevents millions of users from reaching Microsoft Web pages for two days.

 

Hacking and other security threats and ethics

 

Hacking define as gain illegal or unauthorized access to a file, computer or network.

When any person get in any computer, data, files or network without any permission to access  what he got in it consider a hacker and he responsible in front the law against what he have done and he may get a punishment considering the amount of damage he cause.

But in ethical way the hacker threat people privacy simple example that some one gain unauthorized access to a private computer and navigate through private pictures and video files this consider unethical and the law have rule for such crime.

The more damage can be is by gaining access to company computers with a customer’s data base with phone numbers, accounts, address. In this case really complicated situation is appearing:

The company is responsible for the customer privacy that his data was known to the hacker.

The company can find it self against a lawsuit from the customers.

The customers are vulnerable to another threats after there private data was compromised, identity theft for example is easier now from the hacker it self or if he sold the customer data.

The hacker made very much trouble to the company and the customers.

He will find him self against a major lawsuit from the customers and the company.

If we look at the ethical point here the hacker mad several unethical action in this case:

Get in the company computer with no authorized access was a privacy breaking and yes the law is prohibiting this and it unethical too.

Tacking the customer information was the second unethical action he did.

Sold that information was unethical too.

The ethics and law are intersecting in so many cases but not all, example:

If some one asks you for your friend phone number and you give it to him..?

In this situation you are making unethical action that law don’t prohibit because it not from your authority to give your friend phone number to any one before you ask him about what he desire.

So law and ethics intersection can be complex.

Hacking tools

The hacker tools is increased day by day but they all using some certain methods that’s allow them from breaking any system or breaking at your computer.

The most using method for hacking is the IP hacking, if a hacker has your computer IP address then consider your computer is hacked and your privacy is no longer protected, for sure there is some methods to prevent them from getting in but most of these methods just slowing theme down but in the end they going to be able of breaking them some of these methods provide by Microsoft and it installed with your version of windows as a free feature we all know it but don’t know the importance of it functionality it’s windows firewall.

Windows firewall is one of the features that installed with the windows and it’s ON by default and helps protect your computer against viruses and other security threats, such as intruders who might try to access your computer over the Internet to expose specific data.

Windows fire wall main job is to make our machines secure as much as possible as I mention before there’s lots of dangers on your data and your machine while you online to the web, for example if you are downloading a file (Document file) from any web site, anonymous web site and after you done you want to open that file you click on it and then you get a strange message from the windows fire wall telling you that is this file is a binary file “for example” and it will ask you if you still like to open this file, now you know that’s  not the file you have requested and you going to stop trying open it. That was one of the secure methods that’s fire wall fallow and it’s a good advantages of the fire wall     

 

 

 

Angry IP Scanner

IPscan is one of the simple tools that hackers use is simply work by entering the IP  address and search for the host and then if the specific computer was running it will find it and he will get in that computer without any permission or even if the computer is protect by a password or firewall it’s no going to alert you it just like the remote desktop.

                                                                    

 

How can a hacker get your IP address?

Well there’s several easy way to hacker to get an IP address:

When you send an E-mail message your IP address will be sent with that message, you can easily open the source of that message and you going to find the IP address in the header part and even if you have hard time to find the IP address there’s some software that take the message source and search for the IP address and select it and give it to you.

The second way you can send a file (Image, document…etc) through the messengers to any another online contact and then go to start menu->Run-> typed CMD->and then write NETSTATE then the IP address will be shown in the menu that will appears and that IP address is the IP address of the contact you send him the message.

There is more ways to get an IP address providing by websites which allow you to create a fake website and send it to other people or announce it to a public network then the web server going to send you  all the information of the persons who check that web site including there IP address and the computer name.

Hacking, Ethics and Laws

The ethical points in hacking have deferent vary opinion, it related to the hacking or hacker type and for sure the ethical point does not specify the law, there is not such standard line that say this is ethical law but legal or legal but not ethical and so on, because the situations are deferent and can not be measured, every situation have deferent state of complexity so to category any complex situation we have to study it at first. 

In hacking or hackers the ethics have some categories for them it relate to the type of the hacker process and the intention of that hacker, lets see what are the type of hackers and what the ethics and law says, and does the law and ethics have to match there opinions in the same state? Let’s see.  

The hackers are categorizing from the nature of the hacking process they did and there intensions:

Hacker’s hat isa way to classify the hackers.

  1. White hacker hat: it refers to an ethical hacker or penetration tester who focuses on securing and protecting IT systems , this kind of hackers are an employee in some company there work not to hack other systems in other companies, there work is to hack there own system.!!  These persons have an employee names as a information security (name is varied by the type of the organization they work in.) they work under the CSO (Chief Security Officer) there work is to find some week point in the system some gabs that make there system vulnerable to an attack and then they have to report these problems and gabs to be fixed by the system developers or programmers, thus the system is being more secure which have all of his gabs removed an attacker going to find a hard time to enter there system, and this type of hacking completely Ethical and the law allow.

This is what refer to a good hacker, another definition of good hacker is:

Good Hackers,The hacker term was originally defined as: 

1. A person who enjoys learning the details of computer systems and how to stretch their capabilities, as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 

2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming (Raymond, 1991). Ami, a 19 year old, third-year student of computer science, working at the computer help desk of a university, describes what it is like to be a hacker:

I define myself as a hacker. A hacker can cope with technical details… A hacker is someone with: a knack for the technical, usually having something in connection with computers, someone who has the ability to improvise and be resourceful... It’s not a Matter of breaking the law. It’s a fact that there’s this system and you can manipulate it.  Although Ami clearly sees himself as a hacker, he does not perceive hacking to necessarily include unauthorized penetration of computer systems (break-in) or viewing others’ files without permission, but as having technical capabilities

  1. Black hat hacker: where it refers to a hacker who breaks into networks or computers, or creates computer viruses, this type of hacking are the bad one, it intension is to break in the system and stole some information or data or even edit some information like if he break to a banking system he can increase his salary or see other employee information and edit with there information he can delete, add and change the information, and this type of hackers is the most one that all system afraid from the Ethical and Law pointsit’s not Ethical because it make unauthorized access and changing in the data and lets not forget that this hacker have break some privacy law that the law have him arrested for that, and he will find him self against a serious lawsuit.  

  

  1. Grey hacker hat: sometimes acts illegally, sometimes in good will, and sometimes not, this hacker do what he do because of no reason except he have a curiosity of his ability of how far he can get in this, they often don’t make any damage to the system he just go in there and have a look to it and walks out, BUT even with this process he mad unethical action by breaking the privacy he can charge for that against law, these types of hacker don’t have any intension of altering the system functionality but the made a mistake Accidentally and cause a big damage of that system the now responsible of there own mistakes

 

Negligence

If a hacker causes harm and the hacker is judgment proof, then hacking victims may look to recover from others whose negligence fostered the attack.  This could be the ISP who failed to properly secure its network, companies whose computers were used as “bounce” sites or as “zombies” to launch attacks, or even companies that hired a known hacker and gave him or her access to high bandwidth and a computer.  A negligence claim brought against any of these potential defendants will have to overcome several hurdles to be successful.

Kludge

A kludge (or kluge) is a workaround, a quick-and-dirty solution, a clumsy or inelegant, yet effective, solution to a problem, typically using parts that are cobbled together. This term is diversely used in fields such as computer science, aerospace engineering, Internet slang, and

Crackers

Software cracking is the modification of software to remove protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check.

The distribution and use of cracked copies is illegal in almost every developed country. There have been many lawsuits over cracking software, but most had to do with the distribution of the duplicated product rather than the process of defeating the protection, due to the difficulty of constructing legally sound proof of individual guilt in the latter instance.

In the United States, the Digital Millennium Copyright Act (DMCA) made software cracking, as well as the distribution of information that facilitates software cracking, illegal. However, the law has hardly been tested in U.S. courts in cases of reverse engineering for personal use only. The European Union passed the EU Copyright Directive in May 2001, which makes software copyright infringement illegal as the member states pass legislation pursuant to the directive.

Hacking (Conclusion)

A true hacker DOESN'T get into the system to kill everything or to sell what he gets to someone else. True hackers want to learn, or want to satisfy their curiosity, that's why they get into the system. To search around inside of a place they've never been, to explore all the little nooks and crannies of a world so unlike the boring cases-pool we live in. Why destroy something and take away the pleasure you had from someone else?

True hackers are intelligent, they have to be. Either they do really great in school because they have nothing better to do, or they don't do so well because thy feel that the school is boring. And the ones who are bored start to search for some challenging actions to do. A true hacker wants to know everything. They're bored because schools teach the same things over and over, nothing new, nothing challenging. Many words, many opinions in the term of hacking. They all have a little bit different in syntax but there are agree that’s hacking in its very deferent kinds is illegal. Many others termed under Hacking that it should identify alone like crackers and kludge.

What is worthy to mansion is scam another way Froude using.

Scam

Some of the most dangerous among them are scammers. Scammers are people who try to get you to invest in their scheme in one way or another, only to disappear and offer you no payback for what you have given them -- whether it is time, money, or information. Sometimes they can string you along for years, always offering that big break or those big winnings. It all ends in lost time and money, disappointment and frustration -- this is the last place you want your hard-earned resources to end up. Unfortunately, all too often people only see the rewards that scammers offer without pausing to examine the clues that they might be scammers. With their eyes filled with dollar signs and pots of gold, people will fork over a few dollars, or even their life savings in hopes of cashing in at the end of the rainbow. But most of the time if an offer seems too good to be true, it probably is. There are many types of scams you need to watch out for. These scams include:

  • literary scams
  • poetry scams
  • jury duty scams
  • chain letters and email scams
  • lottery scams
  • Nigerian scams
  • work at home scams
  • credit card scams
  • IRS email scams
  • Vector Marketing Scams
  • PayPal Scam
  • Missing Persons Scam
  • Envelope Stuffing
  • Work From Home Scams
  • Free Vacation Scam

  

 

Extra Material

 

Funny study (Hacker in Psychology)

Donn Parker, Max Kilger, Terry Gudaitis, Marcus Rogers and Eric Shaw have come up with their responses to seven common myths about criminal hackers:

Computer criminals are motivated by greed or achieving a high standard of living.   “These people are motivated by a huge range of factors, but generally, on average, they are motivated by intense personal problems and not by greed or high living.” –Donn Parker

Computer criminals don’t like to talk.  “Among 200 convicts that I interviewed,  most of them told me they were willing to cooperate with me because they were  willing to do whatever they could to keep other people from getting into the situation they were in.” –Donn Parker

The hacker culture is chaotic, with no clear hierarchy or social controls.  “It just looks like chaos to people, but if you look behind it with a trained eye of a social scientist, the social structure is very clear, very strong and very organized.  It’s a meritocracy.” –Max Kilger

Hackers are all young males who drink too much Mountain Dew and eat too much pizza.  “The more dangerous hackers are more sophisticated, older, insiders at a company and may be involved in organized crime.” –Terry Gudaitis

Computer criminals tend to be better educated.  “A recent study of computer crime in Canada during the last five years suggests no socio-demographic differences between people found guilty of computer crimes and those convicted of similar offenses, such as assault and burglary.  That includes education levels.” –Marcus Rogers

Computer criminals lack social skills.  “The same study of 132 Canadian criminals found no significant difference between the number of convicts who were married or single.”  “Their marital status indicates they may not be as socially dysfunctional as we thought.” –Marcus Rogers

The threat from insider and outsider attacks is very different, and information security professionals should plan accordingly.  “In fact, many insiders want to make their attacks look like outside hacks to protect their identity.  They may also seek outsiders to work through.  Many outside hackers operate in “tribes” based on shared interests and professional and personal background.  Through these groups, outside hackers may have access to insiders to aid them in their attacks.”  -Eric Shaw

You must learn how to protect yourself from getting fraud from this kind of thieves  because being a victim of identity theft is very frustration you going to have every single information changed and you going to find yourself require to report this problem not just to the police but for all the company that you have deal with.

So don’t through important information in the trash make sure that the place you through the bills or any other papers that have sensitive information is a save place, don’t trust any one on the phone don’t give him lot of information if you don’t make sure about his ID, be aware of the spam and Junk E-mails.


http://www.hackingalert.com/hacking-articles/history-of-hacking.php

http://archives.cnn.com/2001/TECH/internet/11/19/hack.history.idg/

Http://infosecuritymag.techtarget.com/articles/june01/features_hacker_psychology.shtml

http://www.wikipedia.org/


... المقالة التالية »

» إضافة تعليق :

لكي تتمكن من التعليق يجب عليك تسجيل الدخول
البريد الالكتروني
كلمة السر  
او يمكنك الدخول والتعليق عن طريق فيسبوك او تويتر
 انشر التعليق على حائطي في فيسبوك او على صفحتي بتويتر
علق مع فيسبوك       الدخول عن طريق تويتر
او يمكنك التعليق بإستخادم اسم مستعار
اسمك المستعار:
آضف تعليق