“Hackers and Hacking Attacks”- Magician and Their Magic Wand For
Total Page:16
File Type:pdf, Size:1020Kb
ISSN XXXX XXXX © 2019 IJESC Research Article Volume 9 Issue No. 5 “Hackers and Hacking Attacks”- Magician and Their Magic Wand for Security Breech Manish JitendrabhaiVankani Department of SOE – MCA RK University, Rajkot, Gujarat, India Abstract: In Modern era, each and every data is available online. Any person across the world can access that data very easily. Some people use this data to gain the information while other people use this data to fulfil their malicious intent. There are lots of methods used for protection of data but the hacker is far more intelligent to hack the security. There are main two types of hackers that are different from each other on the basis of their purpose. The one who tries to break the computer system’s security with malicious intention is known as bad hacker or cracker. The other one who has good purpose is known as ethical hacker because he uses his skills to provide security to sensitive data of big firms.In this paper I describe the types of Hackers,Ethical hacking,typesof Hacking attacks and Hacking tools. Keywords: Ethical hackers, Hacking, cracker. I. INTRODUCTION: hardware as well as software. Hacker is a computer dedicated and expert in a programming language, security, and networks. As the computer technology enhances, it has its darker side He is kind of person who loves to gain knowledge ofdifferent also. In modern era the need of the internet is growing rapidly. technologies, details of the computer system and enhances his Enormous amount of data is moving online, therefore, data capability and skills. According to the way of working or security is the key issue. The internet has led to the increase in based on their intensions Hackers can be classified into three the digitization of various processes like banking, online groups: transaction, online money transfer, online sending and receiving of various forms of data, thus increasing the risk of 1. White Hat Hackers: - the data security. At present time large number of companies, A White hat hackers are driven by honourable motivations or organizations, banks, and websites aretargeted by the different agendas. They are also known as ethical Hackers, white hats types of malicious attacks by the hackers. Generally, after are talented computer security users often employed to protect listening to the term hacker we all think of the bad guys who computer networks. Ethical hackers usually have permission are computers experts with malicious intensions, who tries to from the owner of any system they work on. These cyber steal, leak or destroy someone's confidential or precious data security specialists are experts on closing vulnerabilities and without their knowledge. They are the persons with very high dealing with attacks from black hat hackers. Some white hat computer skills who tries to break into someone else’s security hackers are academic hackers. These are computer skilled for gaining access to their personal information, but all the users who are less interested in protecting systems and more times it is not like that. To overcome the risk of being hacked interested in creating clever programs and interfaces. Their by the hackers we have Ethical Hackers in industry, who are motivation is to improve a system through modifications and also computer experts just like the hackers but with good additions. Academic hackers can be casual hobbyist. intensions or bounded by some set of rule and regulations by the various organizations. These are the persons who try to 2.Black Hat Hackers: - protect the online moving data by the different attacks of the A Black Hat Hacker also known as a “Cracker” who wilfully hackers and keeping it safewith the owner. commits thefton other user’s networks. The term “black hat” is a way to describe their malicious motivation. Black hat hackers What is Hacking? are gifted with great skills but they are unethical computer Hacking is the method of searching the weak links or users who are motivated by money, fame or criminal purposes. loopholes in the computer systems or the networks and They may steal data to sell it or attempt to extort money from exploiting it to gain unauthorized access to data or to change system owners. They are bad guys of hacking world. They are the characteristics of the target computer systems or the renowned for Identity theft, worms creations, DDOS attack, networks. Hacking describes the modification in the computer etc. hardware, software or the networks to fulfil certain goals which are not aligned with the user goals. In contrast, it is also 3.Grey Hat Hackers: - called breaking intosomeone's security and stealing their A Grey Hat Hacker is a computer hacker or security expert private or confidential data such as phone numbers, credit card who sometimes break the laws but does not have any bad details,addresses, online banking passwords etc. intentions like the black hat hackers. The term Grey Hat is come from the Black Hat and the White Hat as the white hat Hackers: - hackers search the vulnerabilities in the computer system or The term Hacker in popular media is used to describe someone the networks and does not tells anybody until it is being who breaks in to someone else's security using bugs and corrected, while on the other hand the black hat hackers exploits or use his expert knowledge to act productively or illegally exploits the computer system or network to find maliciously. Hackers are the computer specialists in both International Journal of Engineering Science and Computing, May 2019 22095 http://ijesc.org/ vulnerabilities and tells others how to do so whereas the grey Man in the Middle Attack: - hat hacker neither illegally exploits it nor tells anybody how to do so. They enjoy disassembling and altering their own The man in the middle attack is the attack in which the attacker computers for pleasure, and they sometimes experiment in tries to enter in between the communication of the two parties minor white-collar hacks such as file sharing and cracking and can access all the data sent and received by them. In this software. They aren’t usually motivated by personal gain. Grey attack, the attacker makes separate connections with the Hat Hackers represents between the white hat hackers who victims and transmits messages between them to make them operate to maintain system security and the black hat hackers believe that they are talking directly to each other over a who operate maliciously to manipulate computer systems. private connection, but in reality the entire conversation is controlled by the attacker. In this type of attack, the attackers II. TYPES OF HACKING ATTACKS: try to intercept by adopting the approach of IP spoofing, DNS server spoofing, etc. Following are few Hacking attacks which big organization or end user face a lot. Phishing attack: - numbers etc. This can be accomplished by sending fake emails Phishing is a By-product of social media. It is a cyber-attack or or creating dummy websites which looks very similar to the say an online fraud in which the hacker attempts to gain some original ones. Phishing scams can also employ phone calls, sensitive and confidential information such as password, login text messages, and social media tools to trick users into information, credit card numbers, email ids, online banking pin providing sensitive information . Denial of Services (DoS) attack: - It is a type of cyberattack network resource unavailable for its end users temporarily or in which the attacker’s aim is to make a machine, website or a for an undefined time duration and disrupting the services of a International Journal of Engineering Science and Computing, May 2019 22096 http://ijesc.org/ host connected to the internet. This attack is generally done by target server or the website is very speedy in several hundred flooding the target website, server or the computer machine of MBPS or GBPS. In a Distributed Denial of Service (DDoS) with a huge number of requests and making it overloaded, attack, the incoming traffic flooding the victim originates from therefore the target is not able to fulfil most or all of the several different sources. This effectively makes it impossible requests. The DoS attacks can remain for days, weeks or even to prevent the attack by blocking a single source. for months. The attacker’s speed of sending fake requests to LFI and RFI attack: two being less sophisticated and therefore easily preventable. Local File Execution (LFI) and Remote File Execution (RFI) Although not taken seriously by the security community, LFI are similar to the immoral Cross Site Scripting (XSS) attacks. and RFI attacks constitute 21 percent of all observed web All of them are types of code injection attack, with the former application attacks. The percentage share of LFI and RFI attacks among other web application attacks Remote File Inclusion (RFI) is a method which allows an running on PHP, RFI should be on every security researcher’s attacker to employ a script to include a remotely hosted file on radar, but sadly it’s not. The severity of an RFI attack can the web server. The susceptibility promoting RFI is largely range from outputting the contents of a file to arbitrary code observed on websites running on PHP. This is because PHP execution. Local File Inclusion (LFI) is very much similar to supports the ability to “include” or “require” additional files RFI. The only difference being that in LFI, in order to carry within a script. Use of unauthorized user-supplied input within out the attack instead of including remote files, the attacker has these scripts generally leads to the exploitation of this to use local files i.e.