In our series on identity theft on the Internet today, we look at hacking and clarify these points: What is hacking, and what are hackers’ intentions? What hacking methods should you be wary of? And how can you protect yourself against hacker attacks?
The answer to hacking depends on who you ask: Traditionally, hackers are considered experienced specialists who delve deeply into computer and software culture. The hacker could be described as someone who uses his extensive computer skills to solve problems. The traditional hacker speaks less of “hacking” than “cracking” when it comes to criminal subversion of security systems – similar to the safe-cracking bank robber.
However, the mainstream sees hacking as something different: Hackers are seen as criminals who overcome security measures to gain access to computers or networks. In the following paragraph, “Hackers and their intentions,” you will learn why the definitions of the hacker can differ so much.
As just mentioned, the term “hacking” can also refer to innocuous activities. However, hacking itself is a very general term for a wide range of computer and network activities. Criminals, known in the mainstream as hackers, have unauthorized access to devices, networks, or servers, can violate the respective users’ privacy, and damage computer-aided properties such as programs, files, or even websites. Still, in the following, we speak of malicious attempts to exploit system vulnerabilities to the advantage of the hacker himself.
People who deal with hacking are called hackers. This term was first used in a magazine article in 1980. A few years later, various films popularized the term “hacker.” While many hackers have good to excellent computer and programming skills, they don’t necessarily need them to be labeled hackers because there are now numerous psychological tactics such as social engineering to gain access to data as a hacker.
A hacker’s motivation can be pure fun and thrill, but financial benefits, data theft, access to confidential information, idealism, and political activism can also be behind the hacking.
Have hackers now experienced computer specialists who want to solve problems, or are hackers criminals who pursue their interests? Both, because there are different types of hackers, which differ depending on their intent:
White hat hackers from the traditional hacker group: They use their talents to support companies and institutions in strengthening their digital defenses. With the owner’s permission and thus legally, white hat hackers penetrate systems to be able to identify weak points. One also speaks of “ethical hacking.”
White hat hackers can be found directly in companies, which are instrumental in securing the company as part of a cybersecurity strategy. Others see themselves more as consultants or contractors and test the security of companies. Such tests can go beyond the classic penetration test and aim, for example, to try employees with targeted phishing campaigns so that their login information can be secured.
The gray hats are between the white and black hat hackers. Although they do not engage in criminal activities like the black hats, they also do not live the altruism of the white hat hackers. While the White Hat is still waiting for the client’s approval to hack the system, the Gray Hat hacker gets going and starts hacking.
If the Gray Hat hacker encounters vulnerabilities, he informs the owner of his discovery and charges a more or less small fee to fix the problem. However, the owners do not always respond to this. In this case, the gray hats openly share their results online so that their black hat colleagues also become aware of them. This increases the probability that the weak points will be exploited immensely – and the owners of the respective systems know that too.
The black hat hackers correspond to the image of the mainstream hacker mentioned above: They are seedy criminals. This type of hacker penetrates security systems to gain access – without the appropriate permission and the owner’s knowledge, i.e., illegally. If the black hat hacker has found vulnerabilities, he either exploits them himself or draws colleagues’ attention to this possibility – for a fee, of course.
As a rule, the black hat hacker only has one goal: to improve his earnings. Whether he succeeds in doing this directly through theft, through the sale of information, or extortion varies. Some black hats try to wreak havoc without any ulterior financial motives. Black hat hackers also speak of “unethical hacking.”
Regardless of the type of hacker, there are many methods that hackers use to infiltrate other systems. Although we cannot go into every single practice, below is a brief overview of the most common methods:
DDoS attacks (Distributed Denial of Service) are, so to speak, distributed DoS attacks (Denial of Service) that lead to system blockages. In other words: Hackers willfully overload the IT infrastructures with this attack. Cybercriminals succeed in paralyzing the web-based systems of companies or institutions and their websites, which can lead to immense financial damage for those affected.
A distinction is made between different types of DoS and DDoS attacks. The most common are:
In the case of a teardrop attack, the attacker sends an information packet from his client that is deliberately incorrectly formatted. The aim is to exploit a bug that some operating systems have in the handling of IP packets. The error occurs when reassembling IP packets. Not only the operating system but also the application processing the packet can fail. While the attacked system tries to reassemble the packages, crashes or restarts take place.
In smurf attacks, IP spoofing and ICMP (Internet Control Message Protocol) get the target network flooded with requests. The attacker uses fake IP addresses to send ICMP echo requests to broadcast IP addresses. The proposal is sent via all IP addresses in the respective address range. All responses go back to the spoofed IP address, so the network becomes overloaded. Since the process can be repeated and even automated, hackers can use massively overload networks with Smurf attacks.
This form of attack targets the buffer memory usage during the handshake at the beginning of the connection establishment in TCP-based networks. The attacker floods the processing queue of target systems with connection requests. However, the attacker device does not react when the target system answers the queries. This results in a timeout on the target system. It breaks down or stops responding to the connection queue filling.
In a “ping of death” attack, the attacker sends IP packets to the target system whose size exceeds the permitted length. If the attacker breaks up the IP packet into smaller fragments, this can lead to buffer overflows and other crashes when these fragments are assembled on the target system.
Do you know that? People sit to your right and left and talk over your head – you are the “man in the middle.” It is precisely this method that hackers use in a “man-in-the-middle” attack: they latch onto the communication between two conversation partners, read the data traffic, and can even manipulate it. This can happen if the communication between two parties is not or insufficiently encrypted.
SQL injection (SQLi) is one of the most common attacks on databases via web applications. The database language SQL (Structured Query Language) is usually used to query and process data in databases. Information stored in databases can be susceptible to so-called SQL injection, in which code is injected into the database queries. This is how hackers manage to read and even manipulate information. In the worst case, the hackers gain control of the entire database.
With brute force attacks, hackers decrypt passwords by systematically trying out all possible options with suitable hardware and software. One also speaks of the exhaustion method or the term “exhaustive search.”
The attacker either runs scripts in the victim’s browser or scriptable applications. Attackers smuggle payloads containing malicious JavaScript into a website’s database. When the victim visits the website, the attacker’s cargo is transferred to the victim’s browser, executed by the malicious script. For example, the hand could send a cookie from the victim to the attacker’s server. This can extract the cookie and use it specifically for session hijacking.
XSS attacks become dangerous when additional security gaps are exploited. Attackers can use these security holes to trace keyboard entries, capture screenshots, or remotely control the victim’s computer. The attack is carried out via JavaScript in most cases, but Flash, VBScript, or ActiveX are also possible.
Backdoors can be set up by the developer of a software or application himself to access the application for troubleshooting or other purposes. Attackers proceed differently: They use backdoors that they discover or install themselves. Malware like viruses or worms can be designed to take advantage of backdoors created in the first place by previous attacks.
The Advanced Persistent Threat (APT) is a network attack. An unauthorized person gains access to the network and stays there undetected for as long as possible. APT attackers primarily want to steal data; they are usually not interested in causing any other damage. For this reason, organizations that hold valuable information ready, such as ministries, production, or the financial sector, are particularly affected by APT attacks.
As you can see, the intentions of the hackers are diverse, as are their methods. Perhaps while reading about attack methods, you have already got some ideas on protecting yourself and your organization from hacking. The following tips should help you make it much more difficult for hackers to break through your defenses: