A PROJECT ON

Project Guide:Sariga Raj, Senior Lecturer, Division of Information Technology

By:Harish kumar Kumar Anurag Akash Kalp

What is HACKING ?
Hacking can be defined as unauthorized use or attempts to circumvent or bypass the security mechanism of an information system, device or network.

Who is a HACKER ?

A person , who delights in having an intimate understanding of the internal workings of a system , computers and computer networks in particular. It is used to refer to someone skilled in use of computer systems, especially if that skill was obtained in a exploratory way.

TYPES OF HACKER WHITE HAT GREY HAT BLACK HAT PHREAKER SCRIPT KIDDIES HACTIVISTS

WHITE HAT :A WHITE HAT is the hero or good guy, especially in computing slang, where it refers to an ethical hacker or penetration tester who focuses on securing and protecting IT systems. White Hat hackers are also known as ethical hackers.

GREY HAT :A GREY HAT, hacking community ,refers to a skilled hacker who sometimes legally, sometimes in good will, and sometimes not. They are hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions.

BLACK HAT:A BLACK HAT is the bad guy or the villain. It refers to a hacker that breaks into networks or computers, or creates computer viruses. They are also called crackers who are specialized in unauthorized penetration of information systems . They may attack systems for profit, fun or even in a part of social cause.

PHREAKER:PHREAKING is a slang term coined to describe the activity of a subculture of people who study , experiment with, or explore telecommunication systems, like systems connected to public telephone networks.

SCRIPT KIDDIES:They are the people who use script and programs developed by others to attack systems and networks. HACKTIVISTS:These are people who hack systems and websites for political motives. They are hackers who are also activists

MALICIOUS HACKER STRATEGY: Reconnaissance Scanning Gaining Access Maintaining Access Clearing tracks

INFORMATION GATHERING The initial process in hacking. Process of profiling any organization , system ,server or any individual using methodological procedure. Used by attacker as well as investigator to get more information about target.

SCANNING: Process of finding out open/close port , vulnerabilities, in remote system , server & network. The main type of SCANNING is PORT SCANNING.

PORT SCANNING:Most popular technique used by attacker All machines connected to LAN or connected to internet run at ports 1 to 65535 ports are available By port scanning the attacker finds which ports are available.

TYPES OF PORT SCANNING: Internal port scanning- Port scanning within a computer External Port scanning- Port scanning in a network or outside our own system

VIRUS , WORMS , TROJANS: VIRUS is an application that self replicates by injecting its code into data files. WORMS copies itself over a network. It is a program that views the infection points on the network and exploits them. TROJAN is a program that once executed performs a task other than expected.

SQL INJECTION: An attack in which malicious code is inserted into strings that are later passed to an instance of SQL server for parsing and execution.

The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

CROSS SITE SCRIPTING (XSS): A type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner.

EMAIL FLOODING: Technique used by hackers to bomb an e-mail account with a large number of mails. These mails are generally spam and have motives such as marketing or just fun. It has grown into a popular technique in online market.

IDN HOMOGRAPH ATTACK: Also called internationalized domain name (IDN) homograph attack It is a way a malicious party may deceive computer users about what remote system they are communicating with. They exploit the fact that many different characters look alike, (i.e., they are homographs, hence the term for the attack). For example, a person frequenting citibank.com may be lured to click the link [itibank.com] (punycode: xn-itibank-xjg.com/) where the Latin C is replaced with the Cyrillic .

GOOGLE HACKS: These are the techniques to implement google tools in their best way These are used by novices all over the world as an introduction to small hacking tools.

PHISHING: Phishing is a way of attempting to acquire sensitive information by masquerading as a trustworthy entity in electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public

KEYLOGGER: It is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.

CYBER LAWS: Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable

CYBER LAWS IN INDIA: The IT Act 2000 ,the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities.

CYBER LAWS & THE WORLD: Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan

INDIA IN CYBER LAWS: India has failed to keep in pace with the world in this respect, and the consequence is not far enough from our sight; most of the big customers of India s outsourcing company have started to re-think of carrying out their business in India .

NO. OF CASES UNDER IPC ACT

450 400 350 300 250 200 150 100 50 0

NO. OF CASES UNDER IPC ACT

2004

2005

2006

2007

2008

2009

THE CONCLUSION:ONE WHITE HACKER FOR ONE BLACK HACKER