You are on page 1of 30

Table of Contents

Hacking.........................................................................................................1
Cracking........................................................................................................1
History..............................................................................................................1
a)Early 1960s ...............................................................................................1
b)Early 1970s ...............................................................................................2
c)Early 1980s ...............................................................................................2
d)Late 1980s ................................................................................................2
e)Early 1990s ...............................................................................................2
f)Late 1990s .................................................................................................3
g)1998 ..........................................................................................................3
Difference between Hacking and Cracking.......................................................3
Tools of Hacking and Cracking.........................................................................6
Tools of hacking............................................................................................6
Tools of Cracking...........................................................................................6
Types of Hacking and Cracking........................................................................7
a)Types of Computer Hackers.......................................................................7
Types of Cracking..........................................................................................8
Techniques Of Hacking And Cracking...............................................................9
a)Hacking techniques....................................................................................9
Cracking Techniques...................................................................................17
Top 05 Hacking Incidents of All Time.............................................................19
a)1993.........................................................................................................19
1996............................................................................................................19
1988............................................................................................................19
1999............................................................................................................20
2000............................................................................................................20
Advantages of Hacking And Cracking.............................................................20
a)Advantages of Hacking............................................................................20
Advantages of cracking...............................................................................21
Disadvantages of Hacking..............................................................................22
Cyber Wars between Pakistan and India........................................................23
Conclusion......................................................................................................27
References.....................................................................................................28
Hacking and cracking MBA 2009-11

HACKING AND CRACKING

 Hacking

Hacking is entering a network which is intended to be private, changing the


content of another person’s Web site, redirecting elsewhere anyone trying to access a
particular Web site or overwhelming a site with countless messages to slow down or
even crash the server.

A hacker is a person who is proficient with computers and/or programming to an


elite level where they know all of the in's and out's of a system. There is NO illegality
involved with being a hacker.

 Cracking

Cracking is the act of breaking into a computer system, often on a network. A


cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or
because the challenge is there.

A cracker is a hacker who uses their proficiency for personal gains outside of the
law. For example stealing data, changing bank accounts, distributing viruses etc. Hacker
is a malicious meddler who tries to discover sensitive information by poking around.
Hence "password hacker", "network hacker". The correct term for this sense is cracker.

History

Hacking has been around for more than a century. In the 1870s, several
teenagers were flung off the country's brand new phone system by enraged authorities.

a) Early 1960s

University facilities with huge mainframe computers, like MIT's artificial


intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive

1
Hacking and cracking MBA 2009-11

term for a person with a mastery of computers who could push programs beyond what
they were designed to do.

b) Early 1970s

John Draper makes a long-distance call for free by blowing a precise tone into a
telephone that tells the phone system to open a line. Draper discovered the whistle as a
give-away in a box of children's cereal. Draper, who later earns the handle "Captain
Crunch," is arrested repeatedly for phone tampering throughout the 1970s. Two
members of California's Homebrew Computer Club begin making "blue boxes," devices
used to hack into the phone system. The members, who adopt handles "Berkeley Blue"
(Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to found Apple Computer.

c) Early 1980s

Author William Gibson coins the term "cyberspace" in a science fiction novel
called Neuromancer. Comprehensive Crime Control Act gives Secret Service jurisdiction
over credit card and computer fraud. Two hacker groups form the Legion of Doom in the
United States and the Chaos Computer Club in Germany.

d) Late 1980s

Computer Emergency Response Team is formed by U.S. defense agencies.


Based at Carnegie Mellon University in Pittsburgh, its mission is to investigate the
growing volume of attacks on computer networks. An Indiana hacker known as "Fry
Guy" -- so named for hacking McDonald's -- is raided by law enforcement. A similar
sweep occurs in Atlanta for Legion of Doom hackers known by the handles "Prophet,"
"Leftist" and "Urvile."

e) Early 1990s

After AT&T long-distance service crashes on Martin Luther King Jr. Day, law
enforcement starts a national crackdown on hackers. Operation Sundevil, a special team
of Secret Service agents and members of Arizona's organized crime unit, conducts raids

2
Hacking and cracking MBA 2009-11

in 12 major cities, including Miami. A Texas A&M professor receives death threats after
a hacker logs on to his computer from off-campus and sends 20,000 racist e-mail
messages using his Internet address.

f) Late 1990s

Hackers break into and deface federal Web sites, including the U.S. Department
of Justice, U.S. Air Force, CIA, NASA and others. Report by the General Accounting
Office finds Defense Department computers sustained 250,000 attacks by hackers in
1995 alone. Hackers pierce security in Microsoft's NT operating system to illustrate its
weaknesses. Popular Internet search engine Yahoo! is hit by hackers claiming a "logic
bomb" will go off in the PCs of Yahoo!'s users on Christmas Day 1997.

g) 1998

Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad,
costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying
that a computer order to launch missiles may have come from a hacker. They decide to
blow up the world anyway.

In January, the federal Bureau of Labor Statistics is inundated for days with
hundreds of thousands of fake information requests, a hacker attack called "spamming."
Hackers claim to have broken into a Pentagon network and stolen software for a military
satellite system. They threaten to sell the software to terrorists. The U.S. Justice
Department unveils National Infrastructure Protection Center, which is given a mission to
protect the nation's telecommunications, technology and transportation systems from
hackers.

Difference between Hacking and Cracking

There is a difference between cracking and hacking; unfortunately, a lot of people


confuse the terms "hacker" and "cracker". There are a number of reasons for this. The
two big reasons are:

3
Hacking and cracking MBA 2009-11

• Crackers often call themselves "hackers"


• The media refers to crackers as "hackers".

The basic difference is that Hackers build things and Crackers break them. In the world
of cyberspace, the difference between hacking and cracking is great.

4
HACKING
Hacking and cracking CRACKINGMBA 2009-11

1. Hacking is when something is under 1. Cracking is when users, passwords


attack by software that has been and keys are detected with dictionary,
designed to a Bypass, Disable, and brute force and hybrid attacks in order
Break etc in order to gain access. to gain access to the target using
existing user data.

2. "Hacking" was originally used to


describe ways to create, alter or 2. "Cracking" is the illegal version of
improve software and hardware - a hacking, where existing software is
"hacker" was an extremely proficient reverse-engineered to remove
programmer that could do in 5 lines of restrictions like trial periods.
code what would take others several
modules

3. Hacking is to get the program


partially (Trial) or even the entire
3. Cracking is to take the protection,
registered program. Also files. Books,
limit of trial of the program. That's
documents are subject to hacking.
putting serial number, sometimes
replacing the .exe trial by the cracked
.exe or just pasting stuffs to take away
the trial of a program.

4. Hacking into network computer


systems is illegal, hackers believe it is
4. But not all hackers follow a code of
ethically acceptable as long as a
ethics. Those who break into computer
hacker does not commit theft,
systems with malicious intent are known
vandalism or breach any confidentiality
in the hacking world as crackers.
-- the so-called hacker code of ethics.

5. Hackers possess a great deal of


Hacking and cracking MBA 2009-11

Tools of Hacking and Cracking


Tools of Hacking

The different tools of hacking used are

 Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool

 Turbodiff v1.01 BETA Released – Detect Differences Between Binaries

 Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)

 Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

 Nikto 2.1.0 Released – Web Server Security Scanning Tool

 Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite

 KrbGuess – Guess/Enumerate Kerberos User Accounts

 Naptha – TCP State Exhaustion Vulnerability & Tool

 Origami – Parse, Analyze & Forge PDF Documents

 Deep Packet Inspection Engine Goes Open Source

Tools of Cracking

The different tools of cracking used are

 Packet sniffer
 Spoofing attack
 Root kit
 Social engineering
 Trojan horse
 Virus
 Worm
 Key loggers

6
Hacking and cracking MBA 2009-11

Types of Hacking and Cracking


a) Types of Computer Hackers
 White Hat

White Hat hackers are individuals who hack into computer systems solely to see
how the computer's security systems work.

 Black Hat

Black Hat hackers are the complete opposite of "White Hats." Black Hats break
into security systems in order to steal credit card numbers, vandalize websites or
otherwise do harm.

 Grey Hats

Grey Hat hackers are morally ambiguous. They act in their own self-interests and
do not think about the legal repercussions of their actions. They do not actively seek to
break the law, but are not concerned if such is the outcome.

 Hacktivist

Hacktivists are individuals who hack websites to further some form of political or
social agenda.

 Script Kiddie

Script Kiddies are faux-hackers. They use pre-packaged, pre-written software to


slip past Internet security protocols and are generally looked down upon in the various
hacking communities.

 Cyberterrorists

7
Hacking and cracking MBA 2009-11

As the name implies, cyberterrorists use computers to engage in acts of terrorism,


often times using DoS (Denial of Service) attacks to crash government websites.

Types of Cracking

 Password cracking

Password cracking is the process of discovering the plain text of an encrypted


computer password. Attempting to crack passwords by trying
as many possibilities as time and money permit is a brute
force attack. A related method, rather more efficient in most
cases, is a dictionary attack. In a dictionary attack, all words in
one or more dictionaries are tested. Lists of common
passwords are also typically tested.

 Software cracking

Software cracking is the modification of software to


remove protection methods: copy protection, trial/demo
version, serial number, hardware key, date checks, CD check
or software annoyances like nag screens and adware. It is the
defeating of software copy protection.

 Wireless cracking

In security branches wireless cracking is the unauthorized use or penetration of a


wireless network. A wireless can be penetrated in
a number of ways. There are methods ranging
from those that demand high level of technological
skill and commitment to methods that are less
sophisticated and require minimal technological
skills

8
Hacking and cracking MBA 2009-11

Techniques Of Hacking And Cracking


a) Hacking Techniques

Different hacking techniques used by hackers are

 Trojan horses

A Trojan horse is a continuing threat to all forms of IT communication. Basically,


a Trojan horse is a malicious payload surreptitiously delivered inside a benign host. You
are sure to have heard of some of
the famous Trojan horse malicious
payloads such as Back Orifice,
NetBus, and Sub Seven. But the
real threat of Trojan horses is not
the malicious payloads you know
about, its ones you don't. A Trojan
horse can be built or crafted by
anyone with basic computer skills.
Any malicious payload can be combined with any benign software to create a Trojan
horse. There are countless ways of crafting and authoring tools designed to do just that.
Thus, the real threat of Trojan horse attack is the unknown. The malicious payload of a
Trojan horse can be anything.

This includes programs that destroy hard drives, corrupt files, record keystrokes,
monitor network traffic, track Web usage, duplicate e-mails, allow remote control and
remote access, transmit data files to others, launch attacks against other targets, plant
proxy servers, host file sharing services, and more.
Payloads can be grabbed off the Internet or can be
just written code authored by the hacker. Then, this
payload can be embedded into any benign
software to create the Trojan horse. Common hosts
include games, screensavers, greeting card

9
Hacking and cracking MBA 2009-11

systems, admin utilities, archive formats, and even documents. All a Trojan horse attack
needs to be successful a single user to execute the host program. Once that is
accomplished, the malicious payload is automatically launched as well, usually without
any symptoms of unwanted activity.

A Trojan horse could be delivered via e-mail as an attachment, it could be


presented on a Web site as a download, or it could be placed on a removable media
(memory card, CD/DVD, USB stick, floppy, etc.). In any case, your protections are
automated malicious code detection tools, such as modern anti-virus protections and
other specific forms of Malware scanners, and user education.

 Exploiting defaults

Nothing makes attacking a target network easier than when that target is using
the defaults set by the vendor or manufacturer. Many attack tools and exploit scripts
assume that the target is configured using the
default settings. Thus, one of the most effective and
often overlooked security precautions is simply t o
change the defaults. To see the scope of this
problem, all you need to do is search the Internet for
sites using the keywords "default passwords". There
are numerous sites that catalog all of the default
user names, passwords, access codes, settings, and naming conventions of every
software and hardware IT product ever sold. It is your responsibility to know about the
defaults of the products you deploy and make every effort to change those defaults to no
obvious alternatives. But it is not just account and password defaults you need to be
concerned with, there are also the installation defaults such as path names, folder
names, components, services, configurations, and settings. Each and every possible
customizable option should be considered for customization.

Try to avoid installing operating systems into the default drives and folders set by
the vendor. Don't install applications and other software into their "standard" locations.

10
Hacking and cracking MBA 2009-11

Don't accept the folder names offered by the installation scripts or wizards. The more
you can customize your installations, configurations, and settings, the more your system
will be incompatible with attack tools and exploitation scripts.

 Man-in-the-middle

Attacks every single person reading this white paper has been a target of
numerous man-in-the-middle attacks. A MITM attack occurs when an attacker is able to
fool a user into establishing a communication link with a server or service through a
rogue entity. The rogue entity is the system controlled by the hacker. It has been set
upto intercept the communication between user and server without letting the user
become aware that the misdirection attack has taken place. A MITM attack works by
somehow fooling the user, their computer, or some part of the user's network into re-
directing legitimate traffic to the illegitimate rogue system.

A MITM attack can be as simple as a phishing e -mail attack where a legitimate


looking e-mail is sent to a user with a URL link pointed towards the rogue system instead
of the real site. The rogue system has a look -alike interface that tricks the user into
providing their logon credentials. The logon credentials are then duplicated and sent on
to the real server. This action opens a link with the real server, allowing the user to
interact with their resources without the knowledge that their communications have taken
a detour through a malicious system that is eavesdropping on and possibly altering the
traffic.

MITM attacks can also be waged using more complicated methods, including
MAC (Media Access Control) duplication, ARP (Address Resolution Protocol) poisoning,
router table poisoning, fake routing tables, DNS (Domain Name Server) query poisoning,
DNS hijacking, rogue DNS servers, HOSTS file alteration, local DNS cache poisoning,
and proxy re-routing. And that doesn't mention URL1 obfuscation, encoding, or
manipulation that is often used to hide the link misdirection. To protect yourself against
MITM attacks, you need to avoid clicking on links found in e mails. Furthermore, always

1
Uniform Resource Locator
11
Hacking and cracking MBA 2009-11

verify that links from Web sites stay within trusted domains or still maintain SSL
encryption. Also, deploy IDS2 systems to monitor network traffic as well as DNS and
local system alterations.

 Wireless attacks

Wireless networks have the appeal of freedom from wires - the ability to be
mobile within your office while maintaining network connectivity. Wireless networks are
inexpensive to deploy and easy to install. Unfortunately, the true cost of wireless
networking is not apparent until security is considered. It
often the case that the time, effort, and expense required
to secure wireless networks is significantly more than
deploying a traditional wired network. Interference, DOS,
hijacking, man -in-the-middle, eavesdropping, sniffing,
and many more attacks are made simple for attackers
when wireless networks are present. That doesn't even
mention the issue that a secured wireless network will
typically support under 14 Mbps of throughput, and then only under the most ideal
transmission distances and conditions. Compare that with the standard of a minimum of
100 Mbps for a wired network, and the economy just doesn't make sense. However,
even if your organization does not officially sanction and deploy a wireless network, you
may still have wireless network vulnerabilities.

Many organizations have discovered that workers have taken it upon themselves
to secretly deploy their own wireless network. They can do this by bringing in their own
wireless access point (WAP), plugging in their desktop's network cable into the WAP,
then re -connecting their desktop to one of the router/switch ports of the WAP. This
retains their desktop's connection to the network, plus it adds wireless connectivity. All
too often when an unapproved WAP is deployed, it is done with little or no security
enabled on the WAP. Thus, a $50 WAP can easily open up a giant security hole in a
multi -million dollar secured-wired network. To combat unapproved wireless access

2
Intrusion Detection System
12
Hacking and cracking MBA 2009-11

points, a regular site survey needs to be performed. This can be done with a notebook
using a wireless detector such as NetStumbler or with a dedicated hand -held device.

 Doing their homework

I don't mean that hackers break into your network by getting their school work
done, but you might be surprised how much they learn from school about how to
compromise security. Hackers, especially external hackers, learn how to overcome your
security barriers by researching your organization. This process can be called
reconnaissance, discovery, or foot printing.
Ultimately, it is intensive, focused research
into all information available about your
organization from public and non so public
resources. If you've done any research or
reading into warfare tactics, you are aware
that the most important weapon you can have
at your disposal is information. Hackers know this and spend considerable time and
effort acquiring a complete arsenal. What is often disconcerting is how much your
organization freely contributes to the hacker's weapon stockpile.

Most organizations are hemorrhaging data; companies freely give away too much
information that can be used against them in various types of logical and physical
attacks. Here are just a few common examples of what a hacker can learn about your
organization, often in minutes:

 The names of your top executives and any flashy employees you have by
perusing your archive of press releases.

 The company addresses, phone number, and fax number from domain name
registration.

 The service provider for Internet access through DNS lookup and trace route.

13
Hacking and cracking MBA 2009-11

 Monitoring Vulnerability

Research Hackers have access to the same vulnerability research that you do.
They are able to read Web sites, discussion lists, blogs, and other public information
services about known problems, issues, and vulnerabilities with hardware and software.
The more the hacker can discover about
possible attack points, the more likely it is
that he can discover a weakness you've yet
to patch, protect, or even become aware
of. To combat vulnerability research on the
part of the hacker, you have to be just as
vigilant as the hacker. You have to be
looking for the problems in order to protect
against them just as intently as the hacker
is looking for problems to exploit.

This means keeping watch on discussion groups and web sites from each and
every vendor whose products your organization utilizes. Plus, you need to watch the
third -party security oversight discussion groups and web sites to learn n about issues
that vendors are failing to make public or that don't yet have easy solutions. These
include places like securityfocus.com, hackerstorm.com, and hackerwatch.org.

 Being patient and persistent

Hacking into a company network is not typically an activity someone undertakes


and completes in a short period of time. Hackers often research their targets for weeks
or months, before starting their first tentative logical interactions against their target with
scanners, banner-grabbing tools, and crawling utilities. And even then, their initial
activities are mostly subtle probing to verify the data they gathered through their
intensive "offline" research. Once hackers have crafted a profile of your organization,
they must then select a specific attack point, design the attack, test and drill the attack,
improve the attack, schedule the attack, and, finally, launch the attack. In most cases, a

14
Hacking and cracking MBA 2009-11

hacker's goal is not to bang on your network so that you become aware of their attacks.
Instead, a hacker's goal is to gain entry subtly so that you are unaware that a breach has
actually taken place. The most devastating attacks are those that go undetected for
extended periods of time, while the hacker has extensive control over the environment.
An invasion can remain undetected nearly indefinitely if it is executed by a hacker who is
patient and persistent. Hacking is often most successful when performed one small step
at a time and with significant periods of time between each step attempt at least up to
the point of a successful breach. Once hackers have gained entry, they quickly deposit
tools to hide their presence and grant them greater degrees of control over your
environment. Once these hacker tools are planted, hidden, and made active, the h
ackers are free to come and go as they please. Likewise, protecting against a hacker
intrusion is also about patients and persistence. You must be able to watch even the
most minor activities on your network with standard auditing processes as well as an
automated IDS/IPS system. Never allow any anomaly to go uninvestigated. Use
common sense, follow the best business practices recommended by security
professionals, and keep current on patches, updates, and system improvements.
However, realize that securi ty is not a goal that can be fully obtained. There is no
perfectly secure environment. Every security mechanism can be fooled, overcome,
disabled, bypassed, exploited, or made worthless. Hacking successfully often means the
hacker is more persistent than t he security professional protecting an environment.

 Confidence games

The good news about hacking today is that many security mechanisms are very
effective against most hacking attempts. Firewalls, IDSes, IPSec, and anti -Malware
scanners have made intrusions and hacking a difficult task. However, the bad news is
many hackers have expanded
their idea of what hacking means
to include social engineering:
hackers are going after the
weakest link in any organization's
security —the people. People are

15
Hacking and cracking MBA 2009-11

always the biggest problem with security because they are the only element within the
secured environment that has the ability to choose to violate the rules.

People can be coerced, tricked, duped, or forced into violating some aspect of the
security system in order to grant a hacker access. The age -old problem of people
exploiting other people by taking advantage of human nature has returned as a means
to bypass modern security technology. Protection against social engineering is primarily
education. Training personnel about what to look for and to report all abnormal or
awkward interactions can be effective countermeasures. But this is only true if everyone
in the organization realizes that they are a social engineering target. In fact, the more a
person believes that their position in the company is so minor that they would not be a
worthwhile target, the more they are actually the preferred targets of the hacker.

 Already being on the inside

All too often when hacking is discussed, it is assumed that the hacker is some
unknown outsider. However, studies have shown that a majority of security violations
actually are caused by internal employees. So, one of the most effective ways for a
hacker to breach security is to be an employee. This can be read in two different ways.
First, the hacker can get a job at the target company and then exploit that access once
they gain the trust of the organization. Second, an existing employee can become
disgruntled and choose to cause harm to the company as a form of revenge or
retribution.

In either case, when someone on the inside decides to attack the company
network, many of the security defenses erected against outside hacking and intrusion
are often ineffective. Instead, internal defenses specific to managing internal threats
need to be deployed. This could include keystroke monitoring, tighter enforcement of the
principle of least privilege, preventing users from installing software, not allowing any

16
Hacking and cracking MBA 2009-11

external removable media source, disabling all USB ports, extensive auditing, host-
based IDS/IPS, and Internet filtering and monitoring.

There are many possible ways that a hacker can gain access to a seemingly
secured environment. It is the responsibility of everyone within an organization to
support security efforts and to watch for abnormal events. We need to secure IT
environments to the best of our abilities and budgets while watching for the inevitable
breach attempt. In this continuing arms race, vigilance is required, persistence is
necessary and knowledge is invaluable.

Cracking Techniques

Followings are the different ways and techniques used for cracking.

 Password cracking

Password cracking doesn't always involve sophisticated tools. It can be as simple


as finding a sticky note with the password written on it stuck right to the monitor or
hidden under a keyboard. Another crude technique is known as "dumpster diving," which
basically involves an attacker going through your garbage to
find discarded documentation that may contain passwords. Of
course attacks can involve far greater levels of sophistication.

 Dictionary attack

A simple dictionary attack is by far the fastest way to break into a machine. A
dictionary file (a text file full of dictionary words) is loaded
into a cracking application (such as L0phtCrack), which is
run against user accounts located by the application.
Because the majority of passwords are often simplistic,
running a dictionary attack is often sufficient to the job.

17
Hacking and cracking MBA 2009-11

 Hybrid attack

Another well-known form of attack is the hybrid attack. A hybrid attack will add
numbers or symbols to the filename to successfully crack a
password. Many people change their passwords by simply
adding a number to the end of their current password. The
pattern usually takes this form: first month password is "cat";
second month password is "cat1"; third month password is
"cat2"; and so on.

 Brute force attack

A brute force attack is the most comprehensive form of


attack, though it may often take a long time to work depending on
the complexity of the password. Some brute force attacks can
take a week depending on the complexity of the password.
L0phtcrack can also be used in a brute force attack.

 Internal attacks

Internal attackers are the most common sources of cracking attacks because
attackers have direct access to an organization's systems. The first scenario looks at a
situation in which a disgruntled employee is the attacker. The
attacker, a veteran systems administrator, has a problem
with her job and takes it out on the systems she is trusted to
administer, manage, and protect.

 External attacks

External attackers are those who must


traverse your "defense in depth" to try and
break into your systems. They don't have it as

18
Hacking and cracking MBA 2009-11

easy as internal attackers. The first scenario involves a fairly common form of external
attack known as Web site defacing. This attack uses password cracking to penetrate the
systems that the attacker wants to deface. Another possible password cracking attack is
when an attacker tries to obtain passwords via Social Engineering. Social Engineering is
the tricking of an unsuspecting administrator into giving the account ID and passwords
over to an attacker.

Top 05 Hacking Incidents of All Time

Instances where some of the most seemingly secure computer networks were
compromised.

a) 1993

They called themselves Masters of Deception, targeting US phone systems. The


group hacked into the National Security Agency, AT&T, and Bank of America. It created
a system that let them bypass long-distance phone call systems, and gain access to
private lines.

1996

US hacker Timothy Lloyd planted six lines of malicious software code in the
computer network of Omega Engineering which was a prime supplier of components for
NASA and the US Navy. The code allowed a "logic bomb" to explode that deleted
software running Omega's manufacturing operations. Omega lost $10 million due to the
attack.

1988

Twenty-three-year-old Cornell University graduate Robert Morris unleashed the


first Internet worm on to the world. Morris released 99 lines of code to the internet as an
experiment, but realized that his program infected machines as it went along. Computers
crashed across the US and elsewhere. He was arrested and sentenced in 1990.

19
Hacking and cracking MBA 2009-11

1999

The Melissa virus was the first of its kind to wreak damage on a global scale.
Written by David Smith (then 30), Melissa spread to more than 300 companies across
the world completely destroying their computer networks. Damages reported amounted
to nearly $400 million. Smith was arrested and sentenced to five years in prison.

2000

Mafia Boy, whose real identity has been kept under wraps because he is a minor,
hacked into some of the largest sites in the world, including eBay, Amazon and Yahoo
between February 6 and Valentine's Day in 2000. He gained access to 75 computers in
52 networks, and ordered a Denial of Service attack on them. He was arrested in 2000.

Advantages of Hacking And Cracking


a) Advantages of Hacking

Some of the advantages of hacking are given below:

 Hacking makes us aware about the possible loopholes of the any system.

 Hacking tools are used to test the security of a network.

 Its advantage is it is fun for you and can enjoy services that are paid.

 You can see private and sometimes information that you aren't supposed
to see.

 You can play music and DVDs from DVD disks, flash drives, and SD cards.

 You can play NES, SNES, Genesis, Sega Master System, Atari2600-7800,
Saturn, N64, PS1, Colecovision, Every Gameboy version, and Turbo Grafix
titles.

20
Hacking and cracking MBA 2009-11

You can select games from a wide library of freeware titles. These include Doom,
Wolfenstein 3D, Quake, and many more games.

You can backup your NAND and install a preloader so if ever get bricked, you can
repair it without Nintendo's help.

 You can play games off a hard drive instead of wearing out the laser. Plus the
games load a lot faster.

Used in internationally recognized training financial crime prevention.

 Hacking is good for FBI computer forensics because it can help keep us safe.

 The "advantage" so to speak of computer hacking is that you get programs etc
free.

The main advantage is to detect the cyber crimes.

 To monitor the terror activities in internet.

 To build a strong security system for protecting from malicious attacks.

To retrieve protected data.

To stop crime.

Hacking and its associated hostile code distribution are operating on a mass
production line with profit as the goal.

Advantages of Cracking

Several advantages of cracking are listed below:

 If for some reason your password program is not enforcing hard-to-guess


passwords, you might want to run a password-cracking program and make sure
your users' passwords are secure.

21
Hacking and cracking MBA 2009-11

 Cracking has also been a significant factor in the domination of companies such
as Adobe Systems and Microsoft, as these companies and others have benefited
from piracy.

 Crack is a registered code for software, so that instead of purchasing it you can
use the crack to use it.

 The most obvious advantage is that your chance of actually finding the password
is quite high since the attack uses so many possible answers.

 Another advantage is that it is a fairly simplistic attack that doesn't require a lot of
work to setup or initiate.

 You can get windows genuine advantage in a pirated windows xp sp 2 by


cracking.

 Brute force attacks, such as "Crack" or "John the Ripper" can often guess
passwords unless your password is sufficiently random.

 Its advantage is to consider periodically running Crack against your own


password database, to find insecure passwords. Then contact the offending user,
and instruct him to change his password.

Disadvantages of Hacking

The media often presents these individuals in a glamorous light. Adolescents may
fantasize about their degree of technological skills and, lacking the social skills required
to be accepted well by others, move online in search of those who profess to have
technological skills the students’ desire. A simple search using the term "hacker" with
any search engine results in hundreds of links to illegal serial numbers, ways to
download and pirate commercial software, etc. Showing this information off to others
may result in the students being considered a "hacker" by their less technologically
savvy friends, further reinforcing antisocial behavior.

22
Hacking and cracking MBA 2009-11

In some cases, individuals move on to programming and destruction of other


individuals programs through the writing of computer viruses and Trojan horses,
programs which include computer instructions to execute a hacker's attack. If individuals
can successfully enter computers via a network, they may be able to impersonate an
individual with high level security clearance access to files, modifying or deleting them or
introducing computer viruses or Trojan horses. As hackers become more sophisticated,
they may begin using sniffers to steal large amounts of confidential information, become
involved in burglary of technical manuals, larceny or espionage.

Cyber Wars between Pakistan and India

Cyber wars between the two countries started in May 1998, when India
conducted its nuclear tests. Soon after India officially announced the test, a group of
Pakistan-based hackers called milw0rm broke into the Bhabha Atomic Research Center
web site and posted anti-India and anti-nuclear messages. The cyber wars usually have
been limited to defacements of each others' sites. Defacement is a low level damage, in
which only the home page of a site is replaced with hacker's own page, usually with
some message for the victim. Such defacements started in May 1998 and continued
during Kargil War in 1999 and then during that era when the tension between India and
Pakistan was at its peak from Dec 2001 to 2002. Therefore, the period between 1999-
2002 was very crucial, when the troops were busy across the LOC exchanging gunshots
and the hackers busy in defacing sites of each others.

According to attrition.org, a web site that tracks computer security related


developments on the Internet, show that attacks on Indian websites increased from 4 in
1999 to 72 in 2000 where as the Pakistani websites were hacked 7 times in 1999 and 18
times in 2000. During the first half of 2001, 150 Indian websites were defaced.

During Kargil war, the first Indian site reported to be hacked was
http://www.armyinkashmir.com, established by the Indian government to provide factual
information about daily events in the Kashmir Valley. The hackers posted photographs
showing Indian military forces allegedly killing Kashmiri militants. The pictures sported

23
Hacking and cracking MBA 2009-11

captions like 'Massacre,' Torture,' 'Extrajudicial execution' and 'The agony of crackdown'
and blamed the Indian government for its alleged atrocities in Kashmir. That was
followed by defacement of numerous Indian governmental sites and reciprocal attacks
on Pakistani sites.

Two prominent Pakistani hacker groups are PHC (Pakistan Hackers Club) and G-
Force. The founder of PHC is Dr. Nuker. The US Department of Justice has identified
"Doctor Nuker" as Misbah Khan of Karachi. Misbah Khan was involved in defacement of
the official site of AIPAC (American Israel Public Affairs Committee). Doctor Nuker struck
back with an interview to a magazine Newsbytes where he claimed that the 'federal
grand jury made a mistake in indicting Misbah Khan of Karachi' and that 'he merely uses
insecure servers in Pakistan to get online anonymously'. Doctor Nuker has been
featured in international publications including Time and Newsweek.

G-Force is based in Lahore and it consists of eight members. Both Pakistan


Hackers Club and G-Force are professional hackers with a specific aim: to work for the
cause of Kashmir and Palestine. It is still to be seen how their hackings are helping the
cause of Palestine or Kashmir! Pakistan Hackers Club has been around since quite long
and apart from Indian site, they have defaced many USA and Israeli sites including US
Department of Energy's site. G-Force was founded in May 1999 after the nuclear tests
and their initial target was Indian sites but after 9/11, their concentration has been shifted
to US-based sites. According to zone-h.org, G-Force has successfully defaced 212 sites.
G-Force's "achievements" includes National Oceanic and Atmospheric Agency and three
military sites associated with the US Defense Test and Evaluation Professional Institute.

During this cyber war, in December 2000, a wired.com news story created waves
that claimed that an Indian hacker's group "Patriotic Indians" has defaced the official site
of Pakistani government pakgov.org. Later, it was revealed that the actual site of
Pakistani government is pak.gov.pk, not pakgov.org and pakgov.org was in fact
registered by the alleged hacker himself with fake information.

24
Hacking and cracking MBA 2009-11

On the Indian side, there are various hackers groups that have defaced Pakistani
sites. Among them, the most famous one is H2O or the Hindustan Hackers
Organization. However, the independent as well as Indian analysts admit that at this
cyber-front, Pakistan has always been winning this war. There are two main reasons for
this. Firstly, Pakistani hackers are organized in groups where as most of the Indian
hackers are working as solo. Secondly and the most important reason is the religious
motivation of the hackers based in Pakistan, to do something for the cause of Muslim
brothers & sisters in Palestine and Kashmir.

At the government level, both the countries are doing their best to curb
hacktivism. NIC3 of India and Cybercrime division of FIA4 in Pakistan are taking
necessary steps to eliminate all forms of cybercrime, including hacking.

A few of the Indian sites defaced by Pakistani hackers are:

 Indian Science Congress

 National Informatics Centre

 Videsh Sanchar Nigam Limited (State-run international voice carrier)

 External Affairs Ministry

 . UP government site

 Ministry of Information Technology

 Mahindra & Mahindr


3
National Informatics Centre
4
Federal Investigation Authority
25
Hacking and cracking MBA 2009-11

 . Rediff Chat

 . Asian Age newspaper

 Aptech India

 University of Mumbai

 Official site of Gujarat Government

 . GlaxoWellcome India

 The Parliament home page

A few of the Pakistani sites defaced by Indian hackers are

 The Nation (newspaper)

 Pakistan Television

 Pakistan Tourism Development Corporation

 Official site of Punjab Government

 Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology

 Prime bank

 Hamdard University

26
Hacking and cracking MBA 2009-11

Conclusion

While computer hackers constitutes a major security concern for individuals,


businesses and public institutions across the globe, hacking and hackers’ underground
culture remains much of a black box for both lawmakers and those vulnerable to hacker
attacks. The mystery that surrounds much of hacking prevents us from arriving at
definitive solutions to the security problem it poses; but our analysis provides at least
tentative insights for dealing with this problem. Analyzing computer hacking through the
lens of economics gives rise to several suggestions in this vein.

It is critical to recognize that are different kinds of hacker characterized by


disparate motivations. Because of this, the most effective method of reducing the risk
posed by hackers in general will tailor legislation in such a way as to target different
classes of hackers differentially.

As there are different tools for hacking and cracking, there are several ethical
issues involved in dealing with crimes related to this. Different policies are adopted to
locate hackers and eliminate the harms of hacking by improving security systems.

27
Hacking and cracking MBA 2009-11

References

• Sterling, Bruce. "Part 2(d)". The Hacker Crackdown. McLean, Virginia:


IndyPublish.com. p.61. ISBN 1-4043-0641-2.

• (http://ezinearticles.com/?expert=Pauline_Go)

• Tim Jordan, Paul A. Taylor (2004). Hacktivism and Cyber wars. Routledge.
pp.133–134. ISBN 9780415260039. "Wild West imagery has permeated
discussions of cyber cultures.

• Cheswick, W.R. (1994). Firewalls and Internet Security: Repelling the Wily
Hacker, Addison-Wesley, Mass.

• http://www.computereconomics.com/article.cfm?id=133

• Thomas, Douglas (2002). Hacker Culture. Minneapolis: University of Minnesota


Press.

28