[ad_1]
What’s a Hacker?
“Hacker” is one of those terms that has a different meaning depending on who uses it. Thanks to Hollywood, most people think a hacker is a person who gains illicit access to a computer and steals stuff or breaks into military networks and launches missiles for fun.
These days, a hacker doesn’t have to be a geek from a top university who breaks into banks and government systems. A hacker can be anyone, even the kid next door.
With an ordinary laptop, anyone can download simple software off the Internet to see everything that goes into and out of a computer on the same network. And the people who do this don’t always have the best of intentions.
A Brief History of Hackers
Nowadays, the word “hacker” has become synonymous with people who sit in dark rooms, anonymously terrorizing the Internet. But it was not always that way. The original hackers were benign creatures. In fact, they were students.
To anyone attending the Massachusetts Institute of Technology during the 1950s and 60s, the term “hack” simply meant an elegant or inspired solution to any given problem. Many of the early MIT hacks tended to be practical jokes. One of the most extravagant saw a replica of a campus police car put on top of the Institute’s Great Dome.
Over time, the word became associated with the burgeoning computer programming scene at MIT and beyond. For these early pioneers, a hack was a feat of programming prowess. Such activities were greatly admired as they combined expert knowledge with a creative instinct.
Why Does a Hacker Hack?
Hackers’ motivations vary. For some, it’s economic. They earn a living through cybercrime. Some have a political or social agenda – their aim is to vandalize high-profile computers to make a statement. This type of hacker is called a cracker as their main purpose is to crack the security of high profile systems.
Others do it for the sheer thrill. When asked by the website SafeMode.org why he defaces web servers, a cracker replied, “A high-profile deface gives me an adrenalin shot and then after a while I need another shot, that’s why I can’t stop.” [1]
These days, we are faced with a new type of hacker – your next door neighbor. Every day, thousands of people download simple software tools that allow them to “sniff” wifi connections. Some do this just to eavesdrop on what others are doing online. Others do this to steal personal data in an attempt steal an identity.
The Most Common Attacks
1. SideJacking / Sniffing
Sidejacking is a web attack method where a hacker uses packet sniffing to steal a session cookie from a website you just visited. These cookies are generally sent back to browsers unencrypted, even if the original website log-in was protected via HTTPS. Anyone listening can steal these cookies and then use them access your authenticated web session. This recently made news because a programmer released a Firefox plug-in called Firesheep that makes it easy for an intruder sitting near you on an open network (like a public wifi hotspot) to sidejack many popular website sessions. For example, a sidejacker using Firesheep could take over your Facebook session, thereby gaining access to all of your sensitive data, and even send viral messages and wall posts to all of your friends.
2. DNS Cache Poisoning
In DNS cache poisoning, data is introduced into a Domain Name System (DNS) name server’s cache database that did not originate from authoritative DNS sources. It is an unintended result of a misconfiguration of a DNS cache or of a maliciously crafted attack on the name server. A DNS cache poisoning attack effectively changes entries in the victim’s copy of the DNS name server, so when he or she types in a legitimate site name, he or she is sent instead to a fraudulent page.
3. Man-In-the-Middle Attacks
A man-in-the-middle attack, bucket brigade attack, or Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is being controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones. For example, an attacker within reception range of an unencrypted wifi access point can insert himself as a man-in-the-middle. Or an attacker can pose as an online bank or merchant, letting victims sign in over a SSL connection, and then the attacker can log onto the real server using the victim’s information and steal credit card numbers.
4. Smishing
Packet sniffers allow eavesdroppers to passively intercept data sent between your laptop or smartphone and other systems, such as web servers on the Internet. This is the easiest and most basic kind of wireless attack. Any email, web search or file you transfer between computers or open from network locations on an unsecured wireless network can be captured by a nearby hacker using a sniffer. Sniffing tools are readily available for free on the web and there are at least 184 videos on YouTube to show budding hackers how to use them. The only way to protect yourself against wifi sniffing in most public wifi hotspots is to use a VPN to encrypt everything sent over the air.
5. Mass Meshing
Also known as mass SQL injection, this is a method whereby hackers poison websites by illegally imbedding a redirection javascript from legitimate websites previously infected and controlled by the hackers. These javascripts redirect the visitor’s computer to servers which contain additional malicious programs that can attack a user’s computer.
The Most Common Targets
Hackers are interested in many types of computers on the Internet. The following list describes different types of targets and their appeal to hackers. [2]
1. Corporate Networks
Corporate computers are often heavily fortified so hacking into one has high cachet. Behind corporate firewalls are repositories of customer information, product information, and sometimes, in the case of a software publisher, the product itself.
2. Web Servers
Web servers are computers that contain websites. While some contain customer financial information, web servers are usually targets for vandals because they can be defaced to display information the hacker chooses to the public.
3. Personal Computers
With the ever growing use of wifi, laptops are becoming one of the most hacked devices. Everything a person visits online can be exposed to a person using software to “sniff” that connection. The website URL, passwords used to log into an online banking account, Facebook pictures, tweets, and an entire instant message conversation can be exposed. It is the easiest form of hacking as it requires little skill.
4. Tablets and Palm Top devices
Tablets, cell phones, and other mobile-ready devices are just as popular as laptops are in wifi hotspots. A hacker in a public hotspot can see a mobile device, as well as all data going into and out of it, just as easily as he can a laptop.
How You Can Protect Yourself
The simple truth is that anyone connecting to the Internet is vulnerable to being hacked. Thus, there is a need to be proactive when it comes to protecting yourself from such attacks.
Sniffing attacks are the most dangerous, as firewalls and antivirus software cannot help. Only a personal VPN can protect a person from a sniffer. The would-be victim, if connected to a personal VPN, has all their data routed through a secure server, making it impossible for the hacker to sniff. A user who has a secure VPN can surf as if he or she is invisible to hackers. PRIVATE WiFi provides such a VPN service.
Reference:
1. cs.utah.edu/~elb/folklore/afs-paper/node3.html
2. informit.com/articles/article.aspx?p=425380