Computer Hacking: A Computer Based Crime
...heir servers have been hacked into. Upon investigation, the RCMP found out that the hacker group consisted on two adults and three teenagers who used to communicated using an online chat software called IRC. The hackers had access to several user names and passwords which they got from the ISP servers. In addition to this, the hackers also hacked into one of the ISP’s e-mail server on several occasions . Current criminal code RCMP Below is a list of some of the criminal code from the Criminal code of Canada that relate to hacking. “Unauthorized Use of Computer 342.1 (1) Every one who, fraudulently and without color of right, obtains, directly or indirectly, any computer service, (2) Uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence Mischief in Relation to Data 430. (1) Everyone commits mischief who willfully destroys or damages property. (2) Every one who commits mischief that causes actual danger to life is guilty of an indictable offence and liable to imprisonment for life. (3) Every one who commits mischief in relation to property that is a testamentary instrument or the value of which exceeds five thousand dollars (4) Every one who commits mischief in relation to property. (5) Every one who commits mischief in relation to data is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years (6) No person commits mischief within the meaning of this section by reason only that he stops work as a result of the failure of his employer and himself to agree on any matter relating to his employment.” Detailed laws are available at the RCMP Criminal Code of Canada offences related to hacking at http://www.rcmp.ca/crimint/hackers_a_e.htm#appendixA How are theses crimes committed? Types of Hackers White Hats White Hat hackers are those who no long commit illegal acts. They may have committed illegal operations at one time or never done anything illegal and just hacked for the love of it. Black Hats Black Hats hackers are those who commit illegal acts. They work alone or in small groups and do not like to be recognized. Black Hat hackers normally promote a cause of movement. Grey Hats Grey hat hackers are the most skillful of all hackers. They hardly get caught and if they do, they are found to have root access on many systems that are considered to be secure. Old and New School Hacker Old school hacker is a term that refers to all types of hackers (new and old). On the other hand, new school hackers refer to the new generation of hackers. Most of the new generation hackers are proud of what they do and have no problem in publicly calling themselves hackers. Majorities of the new school hackers barely learn the required essentials of the operating system and use pre-programmed tools that assist them in hacking. Ethical Hackers Ethical Hackers is a new term that refers to white hat hackers who are hired by companies to test their security system. They are required to follow strict rules and are heavily insured. Lamer Lamers are only interesting in gaining financial profit from their hacking. They target e-businesses where they can gain credit information. They also tend to delete files to clear off their track and spread viruses. Newbie Newbie’s refers to new school hackers who like to hack but have little or no clue or will to learn hacking. They start off reading information from the web with the aim of becoming a Lamer. Very few of the Newbie’s are successful in reaching their goals. Pthreads Pthread hackers used to be known as telephone hackers. The first global computer system that was the target for hackers was the telephone system. With the rise in cell phone use, cellular hacking is gaining popularity. Push Button Hackers As the name implies, push button hackers refer to those people who have no knowledge in programming, nor can they analyze code. They get pre-programmed tools off the web and hope to crack into systems. Warez Dudez Warez Dudez aim is to get free software. The way they do this is by using P2P software or by cracking trial versions of softwares. Methods used in Hacking No matter how hackers launch their attacks, there are some steps that they follow in order for their attacks to be successful. Before Entering Passive Reconnaissance After the hacker chooses his target, he has to get some information about the system and the network where its target resides. When the hacker learns about his victim’s system, he also finds out several ways to get in. One way of passive reconnaissance is by using sniffing tools such as tcpview, ESniff, Snoop, to name a few. Active Reconnaissance Active Reconnaissance is done after the hacker gains enough information about its victim (using Passive Reconnaissance). Now the hacker tried to get some more information regarding the system using which he could easily enter the system. Such information include: accessible hosts, services, and ports, operating system, location of firewalls and routers. The more information the hacker has at this point, the easier it will be for him to get in. Gaining Access At this point the hacker has enough information to enter the victim’s system. There are many ways in which the hacker could enter the system. Two most common ways are using the operating system and the application. Operating System The operating system is a crucial part of the computer. If the OS is not secure, then hackers can get access to the victim’s computer and cause chaos. The hacker can transfer files to his computer, edit/delete files on the victim’s computer, create user accounts (create a back-door) so that he or she could access the system in a legitimate way in the future. Most OS attacks are caused because companies don’t keep their system updated by applying patches. Applications Another way of hackers to enter a system is through applications. In many cases, application software are not thoroughly tested because companies like to save money or they are under pressure to release the software. Hackers take advantage of the possible security holes that the application might have to cause damage. After gaining access Running Scripts and Programs (Uploading Programs or Downloading Data) Once the hacker has entered the system, he or she can run scripts or programs that cause damage to the system. In many cases, scripts or programs are available for people to use on the net. The scripts are so easy that a person with no programming skills can execute them. Elevating Privileges It is possible that the hacker has entered the system but has not received root access to it. In this case, the hacker will try to work his way up using whatever tools he can. This, in many cases, leads to failure as many systems have strict restrictions on the amount of access provided to their users or employees. Denial of Service One way for the hacker to cause chaos is by denying access to legitimate users. If this were to happen to a bank, then the customers would be scared and transfer their funds to other banks thus causing lots of financial damage to the bank that was hacked into. Before Leaving Keeping Access Now that the hacker has gained access to whatever it is he needed, they want to make a way by which they can access the system in the future. This is done by creating a back door (possibly creating a user account). Covering Tracks Before exiting the system, the hacker should clear his track to avoid getting caught. This means clearing up the log files or turning off logins as soon as the hacker gains access so that system administrators cannot easily find out the users who are online. Who commits these acts and why? Reason for Hacking The reason for hackers to hack varies from hacker to hacker. Some common motives include challenge, ego, espionage, ideology, mischief, money, revenge. The table below summarizes the type of hackers, their reason or hacking, and resources used. Type of Hacker Reason for hacking Resources used Kids, Teens, Students Thrill, Ego, Learning Individual, Little or no money Trouble Makers Harassment, boredom Pre-programmed hacking software, no training Nations Profit, power, sanctions Lots of money, technology, large pool of talent, professionally trained Competitors Embarrass vendor, economic gain Enough financial and technology support Intelligence Competitive Intelligence Lots of money, technology, large pool of talent, professionally trained Terrorist Personal and Religious beliefs Lots of money, technology, large pool of talent, professionally trained US Government Sanctions, National Strength Lots of money, technology, large pool of talent, professionally trained * Above table summarized by referring to Table...