Professional Documents
Culture Documents
Explained
A must knowledge for everyone to stay protected from
cyber attacks
By
All Rights Reserved. No part of this publication may be reproduced in any form or by
any means, including scanning, photocopying, or otherwise without prior written
permission of the copyright holder. Copyright © 2017
Table of Contents
1. Introduction 2. What is cybercrime? Is Hacking
Considered A Cyber Crime? 3. Keylogger attack 4.
Doxing Attack 5. What is Ransomware? 6. What is a
botnet? 7. What is Carding? 8. ATM Card Skimmers
9. DDoS (Distributed Denial of Service) attack 10.
Phishing attack 11. Pharming Attack 12. Smishing &
Vishing Attack 13. Some more attacks & threads 14.
Conclusion
1. Introduction
I want to thank you and congratulate you for downloading the book (Top Hacking
Techniques & Terms Explained)
Cybercrime has become a common phenomenon today. The more advanced we become
in terms of technological development, the more severe and dangerous is the attack.
Individual security is under threat. Therefore I have created this book to provide basic
knowledge to everyone, to create awareness about cybercrime and how to save one self
from cyber attack by keepingone’s personal information secured and protected.
It is time for you to become aware of top hacking techniques and terms which I have
tried to explain in my book along with the ways by which one can prevent such abuse of
cyber law.
Thank you once again, Cheers!
There are several widely acknowledged subgroups of computer hackers: white hats,
black hats and grey hats. White hat professionals hack to check their own security
systems to make it more hackproof. In most cases, they are part of the same organisation.
Black hat hackers hack to take control over the system for personal gains. They can
destroy, steal or even prevent authorized users from accessing the system. They do this
by finding loopholes and weaknesses in the system. Some computer experts call them
crackers instead of hackers. Grey hat hackers comprise curious people who have just
about enough computer language skills to enable them to hack a system to locate
potential loopholes in the network security system. Grey hats differ from black hats in
the sense that the former notify the admin of the network system about the weaknesses
discovered in the system, whereas the latter is only looking for personal gains. All kinds
of hacking are considered illegal barring the work done by white hat hackers.
So, it is also important to know some of the hacking techniques that are commonly used
to get your personal information in an unauthorized way.
In the subsequent chapters, I would try to explain the top hacking techniques & term
along with the way out to prevent such attacks.
3. Keylogger attack
Keylogger is a simple software that records the key sequence and strokes of your
keyboard into a log file on your machine. These log files might even contain your
personal email IDs and passwords. keyloggers can also be embedded in spyware
allowing your information to be transmitted to an unknown third party.
Keylogger is one of the main reasons why online banking sites give you an option to use
their virtual keyboards.
To protect yourself and your data against known and unknown keyloggers, practice the
following:
A firewall program might not detect a keylogger, but it can help to prevent the keylogger
to transmit information to the remote location. This is possible only if your firewall
program is a two-way and rule-based firewall in which you configure the firewall to
prompt you for any applications that require an Internet connection to transfer data from
and to your PC.
4. Doxing Attack
Doxing simply refers to the process of gathering or deducing other people’s information
such as name, age, email, address, telephone number, photographs etc. using publicly
available sources such as the Internet. In other words, doxing is the act of using the
Internet to search for personal details about a person.
Doxing is done by initially taking a piece of information (such as “name” or “email
address”) and keeping it as a baseto find out other possible details about the person. The
term “doxing” is derived from the word “document tracing” which means to retrieve
documents about a particular person or company in order to learn more about them.
Doxing Techniques:
Today, Internethas grown to such a size that it contains almost any information that
you’ve ever imagined! All you’ve to do is use the right techniques to search for what
you want. Here is a list of doxing techniques that are most commonly used by Internet
geeks and ethical hackers:
1. Using Google: Google is undoubtedly a powerful tool that plays a key role in doxing.
Since Google indexes almost anything on the Internet (sometimes even the private
information), it is possible to dox for details such as email ID, address, phone numbers
and photographs of a person or company. Once you obtain the search results for your
query, carefully examine the description part which in most cases contain the piece of
information that you are looking for.
2. Social Networking Websites: As most Internet users are found to be active on social
media, social networking sites such as Facebook and LinkedIn provide a virtual
goldmine of information necessary to perform doxing. As most users are unaware of
online security issues, they have weak privacy settings on their profile. This makes it
easy for the attackers to gain access to personal information such as photographs, real
names, location, job, partner’s name etc.
The following are some of the most commonly targeted pieces of information that can be
easily obtained through doxing:
Full name
Age, gender and date of birth
Location and place of birth
Email addresses and username
Social networking profiles, websites and blogs
So, it is always a good practice to keep the above bits of information hidden. Even
though it is not possible to do this in all cases, you can still take care to protect as much
information as you can from going public. You can consider the following additional tips
for further protection:
1. Do not upload personal photographs on web albums such as “Picasa”. Even if you do,
make sure that your album is hidden from public and search engines.
2. If you do not intend to show up your profile on search engines, it is a wise choice to
make all the Internet profiles private.
3. Maximize the privacy settings of your social network profiles. Make sure that your
individual albums and photographs have their privacy settings configured.
5. What is Ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their
system, either by locking the system's screen or by locking the users' files unless a
ransom is paid.
There are different types of ransomware. However, all of them will prevent you from
using your PC normally, and they will all ask you to do something before you can use
your PC.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise
network, or servers used by a government agency or healthcare provider.
Ransomware can:
1. Prevent you from accessing Windows.
2. Encrypt files so you can't use them.
3. Stop certain apps from running (like your web browser).
Ransomware will demand that you pay money (a “ransom”) to get access to your PC or
files. We have also seen them make you complete surveys. There is no guarantee that
paying the fine or doing what the ransomware tells you will give access to your PC or
files again.
Older versions of ransom usually claim you have done something illegal with your PC,
and that you are being fined by a police force or government agency.
These claims are false. It is a scare tactic designed to make you pay the money without
telling anyone who might be able to restore your PC.
Newer versions encrypt the files on your PC so you can’t access them, and then simply
demand money to restore your files.
6. What is a botnet?
The word botnet is made up of two words: bot and net.
Bot is short for robot which is a computer that is infected by malicious software. Net
comes from network, a group of systems that are linked together.
A botnet is a network of infected computers, where the network is used by the malware
to spread. Since a bot infected computer does the bidding of its master, many people
refer to these victim machines as “zombies.” The cyber criminals that control these bots
are called bot herders or bot masters. They use C&C (command and control) server
which is a centralized computer to issue commands to a botnet and receives reports
back from the chosen computers.
Some botnets might have a few hundred or a couple thousand computers, but others have
tens and even hundreds of thousands of zombies at their disposal. Many of these
computers are infected without their owners' knowledge. A bot might cause your
computer to slow down, display mysterious messages, or even crash. Examples of well-
known botnets that have emerged in recent years include Conficker, Zeus, Waledac,
Mariposa and Kelihos.
After a computer is taken over by a bot, it can be used to carry out a variety of
automated tasks, including the following:
1. To send spam emails, transmit viruses and engage in other acts of cybercrime.
2. To steal personal and private information like (credit card numbers, bank credentials,
other sensitive personal information) and communicate it back to the malicious user.
3. Launching DoS (Denial of service) attacks against a specified target. Cybercriminals
extort money from Web site owners, in exchange for regaining control of the
compromised sites.
7. What is Carding?
A form of credit card fraud in which a stolen credit card is used to charge pre-paid
cards. Carding typically involves the holder of the stolen card purchasing store-branded
gift cards, which can then be sold to others or used to purchase other goods that can be
sold for cash.
Credit card thieves who are involved in this type of fraud are called carders.
The United States is a significant target for credit card fraud because it is a large market
in which credit card and debit card use is common, and because the types of cards that
are used only contain a magnetic strip rather than the chip and pin technology found in
other countries.
Carding typically starts with a hacker gaining access to a store or website’s credit card
processing system, with the hacker obtaining a list of credit or debit cards that were
recently used to make a purchase. The hacker then sells the list of credit or debit card
numbers to a third party, a carder, who uses the stolen information to purchase a gift
card.
Most credit card companies offer cardholders protection from charges made if a credit
or debit card is reported stolen, but by the time the cards are canceled the carder has
often made a purchase. The gift cards are used to purchase high value goods, such as
cell phones, televisions, and computers, since those goods do not require registration
and can be resold later.
If the carder purchases a gift card for an electronic retailer, such as Amazon, he or she
may use a third-party to receive the goods and then ship them to other locations. This
limits the carder’s risk of drawing attention. The carder may also sell the goods on
websites offering a degree of anonymity.
However, to gain full access to your bank account on an ATM, the thieves still need your
PIN number. That's where cameras come in -- hidden on or near the ATMs, tiny spy
cameras are positioned to get a clear view of the keypad and record all the ATM's PIN
action. Always pay attention to objects mounted on the ATM or located close by. A
pinhole or off-color piece of plastic could give away the camera's hiding place.
Cameras could even be hidden in brochure racks. Some ATM skimming schemes employ
fake keypads in lieu of cameras to capture PIN numbers. Just like the card skimmers fit
over the ATM's true card slot, skimming keypads are designed to mimic the keypad's
design and fit over it like a glove. If you notice that the keypad on your ATM seems to
protrude oddly from the surface around it, or if you spy an odd color change between the
pad and the rest of the ATM, it could be a fake.
If hackers or skimmers gain access to the information stored on your debit card's
magnetic strip, they may be able to make purchases without bothering to discover your
PIN. ATM withdrawals require the PIN number, but online retailers don't need it -- and
some of them don't ask for the debit/credit card security codes, either. Skimmers who
successfully obtain both your PIN number and debit information will transfer your data
to a blank debit gift card, then use it at an ATM to make withdrawals.
1. Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM
packets to the target. Legitimate requests get lost and these attacks may be accompanied
by malware exploitation.
2. Bandwidth attacks: This DDos attack overloads the target with massive amounts of
junk data. This results in a loss of network bandwidth and equipment resources and can
lead to a complete denial of service.
The 'phishers' then use these bank details to login to the victim's bank account and take
their money. The e-mail looks very convincing. It even has the bank's logo. And it
sounds urgent and scary... someone has tried to take money from our bank account! What
should we do?
This is exactly the scare tactic that phishers use to make people panic.
If you were to click the link, you would be taken to a fake bank website. Then if you
were to enter your login details, these would be recorded by the phishers and used to
empty your real bank account.
Larger numbers of computer users can be victimized because it is not necessary to target
individuals one by one and no conscious action is required on the part of the victim. In
one form of pharming attack, code sent in an e-mail modifies local host files on a
personal computer. The host files convert URLs into the number strings that the computer
uses to access Web sites. A computer with a compromised host file will go to the fake
Web site even if a user types in the correct Internet address or clicks on an affected
bookmark entry.
Once personal information such as a credit card number, bank account number, or
password has been entered at a fraudulent Web site, criminals have the information and
identity theft can be the end result.
Check the http address. When you get to the page where you're asked to enter personal
information, the http should change to https. The "s" stands for secure.
Verify the certificate of the site. It takes just a few seconds to tell if a site you land on is
legitimate. On the latest version of Internet Explorer and on many other commonly
available Web browsers, go to "File" in the main menu and select "Properties," or right-
click your mouse anywhere on the browser screen and, from the menu that pops up, click
"Properties." When the "Properties" box opens, click "Certificates," and check if the site
carries a secure certificate from its legitimate owner.
Look for a padlock or key on the bottom of your browser or your computer task bar. A
locked padlock, or a key, indicates a secure, encrypted connection and an unlocked
padlock, or a broken key, indicates an unsecured connection.
Install an antivirus program from a trusted security software provider to reduce your
exposure to pharming scams. Use a personal firewall to protect your data from hackers,
viruses, worms, and Trojan horses.
1. Smishers send SMS intimating customer’s of prize money, lottery, job offers etc. and
requesting them to share their Card or Account credentials.
2. Unaware, the customer’s follow instructions to visit a website, call a phone number
or download malicious content.
3. Details thus shared with the person who initiated the SMS are then used to conduct
fraudulent transactions on customer’s account, causing them financial loss.
SMS instantly.
If you receive any urgent communication from your bank asking for personal
information,
call your bank to check if it was a legitimate communication.
Vishing (Voice phishing) is the criminal practice of using social engineering over the
telephone system to gain access to private personal and financial information from the
public for the purpose of financial reward. A vishing attack can be conducted by voice
email, VoIP (voice over IP), or landline or cellular telephone.
If you suspect that you have been a victim of Vishing, follow the steps mentioned below:
Immediately change the password, ATM PIN, Phone Banking PIN, secret
questions/answers that you have shared over the fraudulent call. Verify if any
unauthorized transaction has been carried out recently. If yes, then immediately contact
your branch or get in touch with the bank through the phone banking number provided on
the debit/credit card or bank/credit card statement; or published on the official website
only, and let the bank know the details of the suspected incident.
Document call details like conversation between the customer and Visher, the phone
number, information shared with the Visher etc. for further investigation.
Contact your local police and lodge a complaint.
ClickJacking is also known by a different name, UI Redress. In this attack, the hacker
hides the actual UI where the victim is supposed to click.
In another word, the attacker hijacks the clicks of the victim that aren’t meant for the
exact page, but for a page where the hacker wants you to be.
Cookie theft:
The cookies of a browser keep our personal data such as browsing history, username,
and passwords for different sites that we access. Once the hacker gets the access to your
cookie, he can even authenticate himself as you on a browser.
Waterhole attacks:
If you are a big fan of Discovery or National Geographic channels, you could relate
easily with the waterhole attacks. To poison a place, in this case, the hacker hits the
most accessible physical point of the victim.
For example, if the source of a river is poisoned, it will hit the entire stretch of animals
during summer. In the same way, hackers target the most accessed physical location to
attack the victim. That point could be a coffee shop, a cafeteria etc.
Once hackers are aware of your timings, they might create a fake Wi-Fi access point and
modify your most visited website to redirect them to you to get your personal
information.
14. Conclusion
Thank you again for downloading this book!
I hope this book was able to help you to gain good knowledge on hacking techniques and
terms which would definitely help you to stay aware and take necessary steps of
prevention against cybercrime.
The next step is to use this knowledge and take positive actions in terms of data
protection and prevention from illegal data use.
Finally, if you enjoyed this book, please take the time to share your thoughts and post a
review on Amazon.
It’d be greatly appreciated!