Operating Systems of Choice for Professional Hackers

Sarah Delasko and Weifeng Chen California University of Pennsylvania, USA [email protected] [email protected]

Abstract: Real “black hat” hackers use their skills to provide malicious attacks against government, institutions and other organizations for either financial benefits, methods of protest or publicity. Although it is true that most hackers prefer Linux operating systems, many advanced attacks occur in Microsoft Windows in plain sight. Linux is an easy target for hackers because it is an open-source system. This means that millions of lines of code can viewed publicly and can easily be modified. The system is very flexible, and the hacker can easily check for vulnerabilities through penetration testing, while also having the capabilities to hide their tracks. Windows is a required, but dreaded target for most hackers because it requires them to work in Windows-only environments. It is much more restrictive than Linux, yet is still vulnerable because most exploits are directed at targets running on Windows operating systems. These types of attacks can only be approached in a Windows based environment. This research paper will compare different operating systems used to hack, with a focus of Linux and Windows. It will explain the methodology behind why Hackers choose Linux, as their system of choice to and include key preferences such as source code and interface types. This paper will also cover some of the most popular operating systems besides Linux and Windows for 2017, including: Parrot Security OS, Samurai, Pentoo and Bugtraq.

Keywords: cyber-attacks, cyber warfare, cyber security, operating systems, professional hackers, Microsoft Windows, Linux, open source, closed source, command line interface, graphical user interface, portability, traceability, universality, system vulnerabilities, Parrot Security OS, Samurai, Pentoo, Bugtraq 1. Introduction Professional hackers need to use operating systems that cannot be traced back to them. The purpose of this research is to examine what hackers look for in operating systems. We will examine and compare user interfaces, source type, portability, universality and other features of operating systems. Previous research indicates that hacking requires an extensive and detailed understanding of information technology. By determining methods hackers use and their preference of attacks, one can better prepare to defend against such attacks. This study can both benefit ethical hackers and researchers, as well examine different attack mechanisms of black hat hackers. Black and gray hat hackers are considered the typical professional in the industry, despite the “morally disputable nature of their operations” (Richard, 2016). Most hackers’ knowledge is used to launch malicious attacks against institutions, governmental agencies for monetary gains or personal gain. What remains a mystery is the types of operating systems they prefer and the reasoning behind it. Considering the nature of their work, we will examine this in this study. 2. What is Linux? Linux is an operating system that has been around since the mid ‘90s and has since reached a global user base. It is a type of software that manages all hardware components associated with one computer and manages all communication between the hardware and installed software of a system. It contains the bootloader, kernel, daemons, shell, graphical server, desktop environment and any applications in the system (Unknown Author, 2017).

2.1 Do hackers prefer Linux over Windows and other operating systems? Most black and gray hackers prefer Linux-based operating systems, although Windows and Ubuntu are preferred by hackers with special needs. Hackers tend to favor Linux distro, which is a tailor-made operating system. It is designed to conduct digital forensics, security testing and penetration of a system.” (Richard, 2016) Kali Linux seems to be the most popular choice for hackers due to the versatility of the platform, its newly incorporated features, including its upgraded forensic mode in live boat and its compatibility with some Android devices. Kali Linux has a “Delian-derived Linux distribution” designed for penetration testing and digital forensics (Vijay, 2016_2). Although Linux appears to dominate the hacking world, Windows is still vulnerable because most exploits are directed at targets running on Windows operating systems and “can only be accessed in Windows based environment” (Richard, 2016). “According to the United States Government database of computer security vulnerabilities maintained by the National Institute of Standards and Technology in 2004, there have

159

Sarah Delasko and Weifeng Chen been more high-risk vulnerabilities found in Linux than in Microsoft Window.” (Silberschatz, Galvin & Gagne, 2012)

2.2 Why hackers choose Linux? Hackers choose Linux because of its general lack of patch management for the OS system, outdated third-party applications and lack of password enforcement. Most organizations today have extensive patching methodologies for Windows, but most do not have such a system in place for Linux. When IT administrators overlook Linux, when utilizing their patch management tools, hackers can exploit a system. An example of this would be the Red Hat 2003:138-08 patch for Samba, which fixes a remote code vulnerability. The free Metasploit hacking tool can create a “remote command prompt that allows full access system that can go undetected for an extensive period.” (Silberschatz, Galvin & Gagne, 2012) Many systems use outdated software such as Apache, OpenSSL and My SQL, which create a large footprint, where hackers can use tools to gain malicious access (Silberschatz, Galvin & Gagne, 2012). This is especially true when using an unsecured network. Administrators also tend to lack the enforcement of strong passwords, on the Linux side, thus enabling them to be easily cracked. Hackers find the amount of control they have appealing, when using Linux, due to its architecture around a strongly integrated command line surface. Hackers can customize and maliciously modify all aspects of the operating system (Lynch, 2016).

Hackers also prefer Linux because it susceptible to PHP web misconfigurations, including un-validated parameters, broken access control, cross-site scripting flaws, buffer overflows, command injection flaws, error handling problems, remote administration flaws and insecure use of cryptography. Other top vulnerabilities in the system include a BIND domain name system, remote procedure calls, Apache web server, general UNIX authentication, clear text services, Send mail, Simple Network management protocols, secure shell (SSH), misconfiguration of enterprise services, system vulnerabilities, numerous vulnerable ports and an open secure sockets layer (Beaver, 2017). Many Linux systems have privacy vulnerabilities due to “SNMP running with default community strings, anonymous FTP providing everyone access to sensitive files, telnet communications susceptible to interception and unprotected Samba shares that allow for user account enumeration.” (Beaver, 2017) Linux also continues to work efficiently even when there is little space left on the hard drive, which is nearly impossible in most other operating systems. 3. Open source vs. closed source Open source refers to a software that has its code freely available on the Internet and is distributed under different types of licenses including LGPL, Apache and GNU. In most cases, the software can be used free of charge. Open source operating systems are available in source code format, rather than a compiled binary code. Open source code can be modified and additional capabilities can be added. If hackers can see the code, hackers have ability to gain intelligence to exploit the code. Users can delete or copy parts of the code at their own discretion. Closed software refers to software that is owned by an organization and is in binary code. It must be purchased from the organization via a physical or digital project. The source code is held safe and encrypted and not available to the public, nor for anyone to modify.

Figure 1: Illustrates the differences in closed source (used by Windows) and open source (used by Linux). (Source: http://blog.ulisesmejias.com/wp-content/uploads/2007/12/oi_software.jpg)

160

Sarah Delasko and Weifeng Chen

Linux is one of the most popular examples of an open-source operating system. It is distributed under an open source license, meaning it has the freedom to distribute copies of your modified versions to others, run the program for any purpose, redistribute copies or analysis and modify the program. There are hundreds of unique distributions of the system including Red Hat, USE, Fedora, Debian, Slackware and Ubuntu (Lynch, 2016). Windows source code is not public and is owned by Microsoft, although hackers may still attempt to hack the code. The source code is currently shared with partners, governments, enterprises and customers who are licensed through the “Shared Source Initiative.” (Beaver, 2017) However, a portion of Microsoft’s Windows 10 source code was leaked during the week of June 24th, 2017, and published on Beta archive (Warren, 2017). 4. Command line interface vs. graphical user interface Two popular ways to interact with a computer are command line interfaces and graphical user interfaces. (See Figure 2) A command line interface permits the user to interact with a computer by typing text commands into a terminal window. A graphical user interface permits the user to interact with a computer by using a mouse or keyboard to control and make changes to visual elements on the computer’s screen. Hackers enjoy working with a command line interface, such in Linux, because it gives them greater access over the system the exploit. Hackers have excellent customization abilities and greater access to the system. “Hacking tools built into Linux have greater functionality above and beyond their Windows counterparts.” (Vijay, 2016_1) Graphical user interfaces, such as Windows restrict user interaction to point-and-click navigation, which is much slower than that of a command line interface. Configuration of system menu options is also delayed as well (Vijay, 2016_1).

Figure 2: Illustrates the difference in a graphic user interface and a command line. (Unknown Author, 2015) 5. Portability and universality Hackers enjoy working on a light and portable system, such as Linux, because it allows “customize live boot disks and drives from any Linux distribution that they want.” (OccupyTheWeb, 2016) Linux can be customized to become even lighter via the installation of a lightweight Linux distro. Installation on Linux is light on resources and can be accomplished quickly and easily. Some form of UNIX is in everything from Internet of Things, routers and web servers. It makes sense for hackers to target systems running a device from the same platform. This helps to eliminate compatibility problems and makes the exploit easier (OccupyTheWeb, 2016). 6. Other operating systems professional hackers use Some of the most popular operating systems besides Linux and Windows for 2017 were Parrot Security OS, Samurai, Pentoo and Bugtraq. Parrot Security OS was developed by Frozen Box’s team and was designed to conduct penetration testing, mitigation, vulnerability assessment, anonymous surfing and computer forensics. The system includes forensic boot options which help hackers to avoid boot automounts and can be used for reverse engineering. It provides the user with a choice of a 32-bit or 64-bit installable Live CD (Gupta, 2017). It also has a custom interface designed for GPG and crypt set-up (Figure 3). Samurai is a popular choice in the Black Hat community due it being one of the top operating systems for web penetrations and hacker friendly tools such as ratproxy, WebScarab, w3af, BeEF.v and Burp Suite (Gupta, 2017) (Figure 4).

161

Sarah Delasko and Weifeng Chen

Figure 3: This image is of the Parrot Security OS, which is known for its forensic boot options (Gupta, 2017)

Figure 4: This is an image of Samurai, one of the top operating systems for web penetrations (Gupta, 2017) Pentoo is another popular choice amongst hackers because it can be running live or via a USB for penetration testing. It contains valuable customizable tools and kernels including Cracker, Database, Exploit and Scanner. It also has packet injection patched Wi-Fi Drivers (Figure 5).

Figure 5: This is an image of Pentoo and some of its valuable hacking tools (Gupta, 2017) Bugtraq is available in 11 different languages. It is like an electronic mailing system that is based upon security. It has an extensive variety of tools that can be used for penetration testing. It also has some of the best optimal and distribution services ever created. Forensic tools are available in both 32-bit and 64-bit (Figure 6).

162

Sarah Delasko and Weifeng Chen

Figure 6: This is an image of Bugtrac, which is available in 11 different languages (Gupta, 2017) 7. Conclusion In this research, I have compared different operating systems with a focus on Windows and Linux, as well as comparing different features of each including source type, interface type, portability and universality. Linux is the most popular choice for hackers due to its flexibility, open source platform, portability and command line interface and compatibility with popular hacking tools. Windows is a required, but dreaded target for most hackers because it requires them to work in Windows-only environments. Although more restrictive than Linux, many advanced attacks are directed at targets running on Windows operating systems and can only be carried out in Windows-based environments. Other top choices for hackers, in 2017, included Parrot Security OS, Samurai, Pentoo and Bugtraq. It is important to understand this topic because there are numerous vulnerabilities, both known and unknown that exist in all operating systems today. Cyber warfare is likely to continue to intensify, despite efforts of cyber security experts and government organizations. By studying the methodology behind cyber warfare, cyber security analysts can use preventative measures to increase overall network security and defend against these malicious attacks. References Beaver, K. (2017, August 10). Five common Linux security vulnerabilities you may be overlooking. Retrieved from Techtarget.com. http://searchdatacenter.techtarget.com/tip/Five-common-Linux-security-vulnerabilities-you-may- be-overlooking Gupta, T. (2017, June 25). Top 10+ Best Operating Systems for Hackers 2017 Latest. Retrieved from TechyKeeday. https://www.techykeeday.com/best-operating-systems-for-hackers/ Lynch, J. (2016, September 21). Why do hackers prefer Linux? Retrieved from Infoworld.com. https://www.infoworld.com/article/3122590/linux/why-do-hackers-prefer-linux.html OccupyTheWeb. (2016, June 2). Why Every Hacker Should Know & Use Linux. Retrieved from Wonderhowto.com. https://null-byte.wonderhowto.com/forum/why-every-hacker-should-know-use-linux-0151287/ Rechard. (2016, December 8). The Operating System Real Hackers Use. Retrieved from Darkwebnews: https://darkwebnews.com/anonymity/operating-systems-real-hackers-use/ Silberschatz A., Galvin P. & Gagne, G. (2012) “Operating Systems and Concepts” Operating system concepts (9th ed.). Hoboken, NJ: Wiley. Unknown Author. (2015, May 29). Difference between GUI and Command Line. Retrieved from Differencebtw.com. https://www.differencebtw.com/difference-between-gui-and-command-line/ Unknown Author. (2017, July 30). What is Linux? Retrieved from Linux.com: https://www.linux.com/what-is-linux Vijay. (2016, September 18). Why real hackers prefer Linux over Windows and Mac? Retrieved from Techworm.net: https://www.techworm.net/2016/09/real-hackers-prefer-linux-windows-mac.html Vijay. (2016, November 20). Which operating system do ‘professional’ hackers use? Retrieved from Techworm.net: https://www.techworm.net/2016/11/operating-system-professional-hackers-use.html Warren, T. (2017, June 24). Microsoft confirms some Windows 10 source code has leaked. Retrieved from TheVerge.com. https://www.theverge.com/2017/6/24/15867350/microsoft-windows-10-source-code-leak

163 Copyright of Proceedings of the International Conference on Cyber Warfare & Security is the property of Academic Conferences & Publishing International Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.