Hacking and Cracking

(1)

Hacking...1 Hacking...1 Cracking...1 Cracking...1 History... History...1...1 a)Early 1960s a)Early 1960s ...1.1 b)Early 1970s b)Early 1970s ...2...2 c)Early 1980s ... c)Early 1980s ...22 d)Late 1980s ... d)Late 1980s ...22 e)Early 1990s e)Early 1990s ...22 f)Late 1990s f)Late 1990s ...3...3 g)1998 g)1998 ...3...3

Difference between Hacking Difference between Hacking and Cracking...and Cracking...3...3

Tools of Hacking and Cracking... Tools of Hacking and Cracking...6....6

Tools of Tools of hacking...hacking...66 Tools Tools of of Cracking...Cracking...6...6

Types of Hacking and Cracking... Types of Hacking and Cracking...7....7

a)Types of a)Types of Computer Hackers...Computer Hackers...77 Types Types of of Cracking...Cracking...8...8

Techniques Of Techniques Of Hacking And Hacking And Cracking...Cracking...9...9

a)Hacking a)Hacking techniques..techniques...9...9

Cracking Cracking TechniquesTechniques...17.17 Top 05 Hacking Incidents of All Time...19

Top 05 Hacking Incidents of All Time...19

a)1993... a)1993...19...19 1996... 1996...1919 1988... 1988...1919 1999... 1999...2020 2000... 2000...2020 Advantages of Advantages of Hacking And Hacking And Cracking...Cracking...20...20

a)Advantages of Hacking... a)Advantages of Hacking...20..20

Advantages Advantages of of cracking...cracking...21...21 Disadvantages of

Disadvantages of Hacking...Hacking...22.22 Cyber Wars between Pakistan and India...

(2)

Conclusion.

Conclusion...27...27 References...28 References...28

(3)

(4)

H

Haacckkiinng g aannd d ccrraacckkiinng g MMBBA A 22000099--1111

HACKING AN

D

CRACKING



 HackingHacking

Hacking is entering a network which is intended to be private, changing the Hacking is entering a network which is intended to be private, changing the content of another person’s Web site, redirecting elsewhere anyone trying to access a content of another person’s Web site, redirecting elsewhere anyone trying to access a particular Web site or overwhelming a site with countless messages to slow down or particular Web site or overwhelming a site with countless messages to slow down or even crash the server.

even crash the server.

A hacker is a person who is proficient with computers and/or programming to an A hacker is a person who is proficient with computers and/or programming to an elite level where they know all of the in's and out's of a system. There is NO illegality elite level where they know all of the in's and out's of a system. There is NO illegality involved with being a hacker.

involved with being a hacker.



 CrackingCracking

Cracking is the act of breaking into a computer system, often on a network. A Cracking is the act of breaking into a computer system, often on a network. A cracker can be

cracker can be doing this for profit, maliciodoing this for profit, maliciously, for some altruistic purpose or cause, or usly, for some altruistic purpose or cause, or because the challenge is there.

because the challenge is there.

A cracker is a hacker who uses their proficiency for personal gains outside of the A cracker is a hacker who uses their proficiency for personal gains outside of the law. For example stealing data, changing bank accounts, distributing viruses etc. Hacker law. For example stealing data, changing bank accounts, distributing viruses etc. Hacker is a malicious meddler who tries to discover sensitive information by poking around. is a malicious meddler who tries to discover sensitive information by poking around. Hence "password hacker", "network hacker". The correct term for this sense is cracker. Hence "password hacker", "network hacker". The correct term for this sense is cracker.

History

Ha

Hackckining g hahas s bebeen en ararouound nd fofor r momore re ththan an a a cecentnturury. y. In In ththe e 18187070s, s, seseveverarall teenagers were flung off the country's brand new phone system by enraged authorities. teenagers were flung off the country's brand new phone system by enraged authorities. a

a)) EEaarrlly y 11996600ss Un

Univiverersisity ty fafacicililitities es wiwith th huhuge ge mamaininfrframame e cocompmpututerers, s, lilike ke MIMIT'T's s arartitifificicialal intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive

1 1

(5)

term for a person with a mastery of computers who could push programs beyond what they were designed to do.

b) Early 1970s

John Draper makes a long-distance call for free by blowing a precise tone into a telephone that tells the phone system to open a line. Draper discovered the whistle as a give-away in a box of children's cereal. Draper, who later earns the handle "Captain Crunch," is arrested repeatedly for phone tampering throughout the 1970s. Two members of California's Homebrew Computer Club begin making "blue boxes," devices used to hack into the phone system. The members, who adopt handles "Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to found Apple Computer.

c) Early 1980s

Author William Gibson coins the term "cyberspace" in a science fiction novel called Neuromancer . Comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud. Two hacker groups form the Legion of Doom in the United States and the Chaos Computer Club in Germany.

d) Late 1980s

Computer Emergency Response Team is formed by U.S. defense agencies. Based at Carnegie Mellon University in Pittsburgh, its mission is to investigate the growing volume of attacks on computer networks. An Indiana hacker known as "Fry Guy" -- so named for hacking McDonald's -- is raided by law enforcement. A similar sweep occurs in Atlanta for Legion of Doom hackers known by the handles "Prophet," "Leftist" and "Urvile."

e) Early 1990s

After AT&T long-distance service crashes on Martin Luther King Jr. Day, law enforcement starts a national crackdown on hackers. Operation Sundevil, a special team of Secret Service agents and members of Arizona's organized crime unit, conducts raids

(6)

Hacking and cracking MBA 2009-11

in 12 major cities, including Miami. A Texas A&M professor receives death threats after a hacker logs on to his computer from off-campus and sends 20,000 racist e-mail messages using his Internet address.

f) Late 1990s

Hackers break into and deface federal Web sites, including the U.S. Department of Justice, U.S. Air Force, CIA, NASA and others. Report by the General Accounting Office finds Defense Department computers sustained 250,000 attacks by hackers in 1995 alone. Hackers pierce security in Microsoft's NT operating system to illustrate its weaknesses. Popular Internet search engine Yahoo! is hit by hackers claiming a "logic bomb" will go off in the PCs of Yahoo!'s users on Christmas Day 1997.

g) 1998

Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway.

In January, the federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of fake information requests, a hacker attack called "spamming." Hackers claim to have broken into a Pentagon network and stolen software for a military satellite system. They threaten to sell the software to terrorists. The U.S. Justice Department unveils National Infrastructure Protection Center, which is given a mission to protect the nation's telecommunications, technology and transportation systems from hackers.

Difference between Hacking and Cracking

There is a difference between cracking and hacking; unfortunately, a lot of people confuse the terms "hacker" and "cracker". There are a number of reasons for this. The two big reasons are:

(7)

• Crackers often call themselves "hackers" • The media refers to crackers as "hackers".

The basic difference is that Hackers build things and Crackers break them. In the world of cyberspace, the difference between hacking and cracking is great.

(8)

5

HACKING

1. Hacking is when something is under attack by software that has been designed to a Bypass, Disable, and Break etc in order to gain access.

2. "Hacking" was originally used to describe ways to create, alter or improve software and hardware - a "hacker" was an extremely proficient programmer that could do in 5 lines of code what would take others several modules

3. Hacking is to get the program partially (Trial) or even the entire registered program. Also files. Books, documents are subject to hacking.

4. Hacking into network computer systems is illegal, hackers believe it is ethically acceptable as long as a hacker does not commit theft, vandalism or breach any confidentiality -- the so-called hacker code of ethics.

5. Hackers possess a great deal of

CRACKING

1. Cracking is when users, passwords and keys are detected with dictionary, brute force and hybrid attacks in order to gain access to the target using existing user data.

2. "Cracking" is the illegal version of hacking, where existing software is reverse-engineered to remove restrictions like trial periods.

3. Cracking is to take the protection, limit of trial of the program. That's putting serial number, sometimes replacing the .exe trial by the cracked .exe or just pasting stuffs to take away the trial of a program.

4. But not all hackers follow a code of ethics. Those who break into computer systems with malicious intent are known in the hacking world as crackers.

(9)

Tools of Hacking and Cracking

Tools of Hacking

The different tools of hacking used are

 Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool  Turbodiff v1.01 BETA Released – Detect Differences Between Binaries  Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)  Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

 Nikto 2.1.0 Released – Web Server Security Scanning Tool  Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite

 KrbGuess – Guess/Enumerate Kerberos User Accounts  Naptha – TCP State Exhaustion Vulnerability & Tool  Origami – Parse, Analyze & Forge PDF Documents  Deep Packet Inspection Engine Goes Open Source Tools of Cracking

The different tools of cracking used are Packet sniffer Spoofing attack Root kit Social engineering Trojan horse Virus Worm Key loggers 6

(10)

Types of Hacking and Cracking

a) Types of Computer Hackers

 White Hat

White Hat hackers are individuals who hack into computer systems solely to see how the computer's security systems work.

 Black Hat

Black Hat hackers are the complete opposite of "White Hats." Black Hats break into security systems in order to steal credit card numbers, vandalize websites or otherwise do harm.

 Grey Hats

Grey Hat hackers are morally ambiguous. They act in their own self-interests and do not think about the legal repercussions of their actions. They do not actively seek to break the law, but are not concerned if such is the outcome.

 Hacktivist

Hacktivists are individuals who hack websites to further some form of political or social agenda.

 Script Kiddie

Script Kiddies are faux-hackers. They use pre-packaged, pre-written software to slip past Internet security protocols and are generally looked down upon in the various hacking communities.

 Cyberterrorists

(11)

As the name implies, cyberterrorists use computers to engage in acts of terrorism, often times using DoS (Denial of Service) attacks to crash government websites.

Types of Cracking

 Password cracking

Password cracking is the process of discovering the plain text of an encrypted computer password. Attempting to crack passwords by trying

as many possibilities as time and money permit is a brute force attack. A related method, rather more efficient in most cases, is a dictionary attack. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.

 Software cracking

Software cracking is the modification of software to remove protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware. It is the defeating of software copy protection.

 Wireless cracking

In security branches wireless cracking is the unauthorized use or penetration of a wireless network. A wireless can be penetrated in

a number of ways. There are methods ranging from those that demand high level of technological skill and commitment to methods that are less sophisticated and require minimal technological skills

(12)

Techniques Of Hacking And Cracking

a) Hacking Techniques

Different hacking techniques used by hackers are

 Trojan horses

A Trojan horse is a continuing threat to all forms of IT communication. Basically, a Trojan horse is a malicious payload surreptitiously delivered inside a benign host. You are sure to have heard of some of

the famous Trojan horse malicious payloads such as Back Orifice, NetBus, and Sub Seven. But the real threat of Trojan horses is not the malicious payloads you know about, its ones you don't. A Trojan horse can be built or crafted by anyone with basic computer skills.

Any malicious payload can be combined with any benign software to create a Trojan horse. There are countless ways of crafting and authoring tools designed to do just that. Thus, the real threat of Trojan horse attack is the unknown. The malicious payload of a Trojan horse can be anything.

This includes programs that destroy hard drives, corrupt files, record keystrokes, monitor network traffic, track Web usage, duplicate e-mails, allow remote control and remote access, transmit data files to others, launch attacks against other targets, plant proxy servers, host file sharing services, and more.

Payloads can be grabbed off the Internet or can be just written code authored by the hacker. Then, this payload can be embedded into any benign software to create the Trojan horse. Common hosts include games, screensavers, greeting card

(13)

systems, admin utilities, archive formats, and even documents. All a Trojan horse attack needs to be successful a single user to execute the host program. Once that is accomplished, the malicious payload is automatically launched as well, usually without any symptoms of unwanted activity.

A Trojan horse could be delivered via e-mail as an attachment, it could be presented on a Web site as a download, or it could be placed on a removable media (memory card, CD/DVD, USB stick, floppy, etc.). In any case, your protections are automated malicious code detection tools, such as modern anti-virus protections and other specific forms of Malware scanners, and user education.

 Exploiting defaults

Nothing makes attacking a target network easier than when that target is using the defaults set by the vendor or manufacturer. Many attack tools and exploit scripts assume that the target is configured using the

default settings. Thus, one of the most effective and often overlooked security precautions is simply t o change the defaults. To see the scope of this problem, all you need to do is search the Internet for sites using the keywords "default passwords". There are numerous sites that catalog all of the default

user names, passwords, access codes, settings, and naming conventions of every software and hardware IT product ever sold. It is your responsibility to know about the defaults of the products you deploy and make every effort to change those defaults to no obvious alternatives. But it is not just account and password defaults you need to be concerned with, there are also the installation defaults such as path names, folder names, components, services, configurations, and settings. Each and every possible customizable option should be considered for customization.

Try to avoid installing operating systems into the default drives and folders set by the vendor. Don't install applications and other software into their "standard" locations.

(14)

Don't accept the folder names offered by the installation scripts or wizards. The more you can customize your installations, configurations, and settings, the more your system will be incompatible with attack tools and exploitation scripts.

 Man-in-the-middle

Attacks every single person reading this white paper has been a target of numerous man-in-the-middle attacks. A MITM attack occurs when an attacker is able to fool a user into establishing a communication link with a server or service through a rogue entity. The rogue entity is the system controlled by the hacker. It has been set upto intercept the communication between user and server without letting the user become aware that the misdirection attack has taken place. A MITM attack works by somehow fooling the user, their computer, or some part of the user's network into re-directing legitimate traffic to the illegitimate rogue system.

A MITM attack can be as simple as a phishing e -mail attack where a legitimate looking e-mail is sent to a user with a URL link pointed towards the rogue system instead of the real site. The rogue system has a look -alike interface that tricks the user into providing their logon credentials. The logon credentials are then duplicated and sent on to the real server. This action opens a link with the real server, allowing the user to interact with their resources without the knowledge that their communications have taken a detour through a malicious system that is eavesdropping on and possibly altering the traffic.

MITM attacks can also be waged using more complicated methods, including MAC (Media Access Control) duplication, ARP (Address Resolution Protocol) poisoning, router table poisoning, fake routing tables, DNS (Domain Name Server) query poisoning, DNS hijacking, rogue DNS servers, HOSTS file alteration, local DNS cache poisoning, and proxy re-routing. And that doesn't mention URL1 _{obfuscation, encoding, or}

manipulation that is often used to hide the link misdirection. To protect yourself against MITM attacks, you need to avoid clicking on links found in e mails. Furthermore, always

1

Uniform Resource Locator

(15)

verify that links from Web sites stay within trusted domains or still maintain SSL encryption. Also, deploy IDS2 _{systems to monitor network traffic as well as DNS and}

local system alterations.

 Wireless attacks

Wireless networks have the appeal of freedom from wires - the ability to be mobile within your office while maintaining network connectivity. Wireless networks are inexpensive to deploy and easy to install. Unfortunately, the true cost of wireless networking is not apparent until security is considered. It

often the case that the time, effort, and expense required to secure wireless networks is significantly more than deploying a traditional wired network. Interference, DOS, hijacking, man -in-the-middle, eavesdropping, sniffing, and many more attacks are made simple for attackers when wireless networks are present. That doesn't even mention the issue that a secured wireless network will

typically support under 14 Mbps of throughput, and then only under the most ideal transmission distances and conditions. Compare that with the standard of a minimum of 100 Mbps for a wired network, and the economy just doesn't make sense. However, even if your organization does not officially sanction and deploy a wireless network, you may still have wireless network vulnerabilities.

Many organizations have discovered that workers have taken it upon themselves to secretly deploy their own wireless network. They can do this by bringing in their own wireless access point (WAP), plugging in their desktop's network cable into the WAP, then re -connecting their desktop to one of the router/switch ports of the WAP. This retains their desktop's connection to the network, plus it adds wireless connectivity. All too often when an unapproved WAP is deployed, it is done with little or no security enabled on the WAP. Thus, a $50 WAP can easily open up a giant security hole in a multi -million dollar secured-wired network. To combat unapproved wireless access

2

Intrusion Detection System

(16)

points, a regular site survey needs to be performed. This can be done with a notebook using a wireless detector such as NetStumbler or with a dedicated hand -held device.

 Doing their homework

I don't mean that hackers break into your network by getting their school work done, but you might be surprised how much they learn from school about how to compromise security. Hackers, especially external hackers, learn how to overcome your security barriers by researching your organization. This process can be called reconnaissance, discovery, or foot printing.

Ultimately, it is intensive, focused research into all information available about your organization from public and non so public resources. If you've done any research or reading into warfare tactics, you are aware that the most important weapon you can have

at your disposal is information. Hackers know this and spend considerable time and effort acquiring a complete arsenal. What is often disconcerting is how much your organization freely contributes to the hacker's weapon stockpile.

Most organizations are hemorrhaging data; companies freely give away too much information that can be used against them in various types of logical and physical attacks. Here are just a few common examples of what a hacker can learn about your organization, often in minutes:

 The names of your top executives and any flashy employees you have by perusing your archive of press releases.

 The company addresses, phone number, and fax number from domain name registration.

 The service provider for Internet access through DNS lookup and trace route.

(17)

 Monitoring Vulnerability

Research Hackers have access to the same vulnerability research that you do. They are able to read Web sites, discussion lists, blogs, and other public information services about known problems, issues, and vulnerabilities with hardware and software. The more the hacker can discover about

possible attack points, the more likely it is that he can discover a weakness you've yet to patch, protect, or even become aware of. To combat vulnerability research on the part of the hacker, you have to be just as vigilant as the hacker. You have to be looking for the problems in order to protect against them just as intently as the hacker is looking for problems to exploit.

This means keeping watch on discussion groups and web sites from each and every vendor whose products your organization utilizes. Plus, you need to watch the third -party security oversight discussion groups and web sites to learn n about issues that vendors are failing to make public or that don't yet have easy solutions. These include places like securityfocus.com, hackerstorm.com, and hackerwatch.org.

 Being patient and persistent

Hacking into a company network is not typically an activity someone undertakes and completes in a short period of time. Hackers often research their targets for weeks or months, before starting their first tentative logical interactions against their target with scanners, banner-grabbing tools, and crawling utilities. And even then, their initial activities are mostly subtle probing to verify the data they gathered through their intensive "offline" research. Once hackers have crafted a profile of your organization, they must then select a specific attack point, design the attack, test and drill the attack, improve the attack, schedule the attack, and, finally, launch the attack. In most cases, a

(18)

hacker's goal is not to bang on your network so that you become aware of their attacks. Instead, a hacker's goal is to gain entry subtly so that you are unaware that a breach has actually taken place. The most devastating attacks are those that go undetected for extended periods of time, while the hacker has extensive control over the environment. An invasion can remain undetected nearly indefinitely if it is executed by a hacker who is patient and persistent. Hacking is often most successful when performed one small step at a time and with significant periods of time between each step attempt at least up to the point of a successful breach. Once hackers have gained entry, they quickly deposit tools to hide their presence and grant them greater degrees of control over your environment. Once these hacker tools are planted, hidden, and made active, the h ackers are free to come and go as they please. Likewise, protecting against a hacker intrusion is also about patients and persistence. You must be able to watch even the most minor activities on your network with standard auditing processes as well as an automated IDS/IPS system. Never allow any anomaly to go uninvestigated. Use common sense, follow the best business practices recommended by security professionals, and keep current on patches, updates, and system improvements. However, realize that securi ty is not a goal that can be fully obtained. There is no perfectly secure environment. Every security mechanism can be fooled, overcome, disabled, bypassed, exploited, or made worthless. Hacking successfully often means the hacker is more persistent than t he security professional protecting an environment.

 Confidence games

The good news about hacking today is that many security mechanisms are very effective against most hacking attempts. Firewalls, IDSes, IPSec, and anti -Malware scanners have made intrusions and hacking a difficult task. However, the bad news is many hackers have expanded

their idea of what hacking means to include social engineering: hackers are going after the weakest link in any organization's security —the people. People are

(19)

always the biggest problem with security because they are the only element within the secured environment that has the ability to choose to violate the rules.

People can be coerced, tricked, duped, or forced into violating some aspect of the security system in order to grant a hacker access. The age -old problem of people exploiting other people by taking advantage of human nature has returned as a means to bypass modern security technology. Protection against social engineering is primarily education. Training personnel about what to look for and to report all abnormal or awkward interactions can be effective countermeasures. But this is only true if everyone in the organization realizes that they are a social engineering target. In fact, the more a person believes that their position in the company is so minor that they would not be a worthwhile target, the more they are actually the preferred targets of the hacker.

 Already being on the inside

All too often when hacking is discussed, it is assumed that the hacker is some unknown outsider. However, studies have shown that a majority of security violations actually are caused by internal employees. So, one of the most effective ways for a hacker to breach security is to be an employee. This can be read in two different ways. First, the hacker can get a job at the target company and then exploit that access once they gain the trust of the organization. Second, an existing employee can become disgruntled and choose to cause harm to the company as a form of revenge or retribution.

In either case, when someone on the inside decides to attack the company network, many of the security defenses erected against outside hacking and intrusion are often ineffective. Instead, internal defenses specific to managing internal threats need to be deployed. This could include keystroke monitoring, tighter enforcement of the principle of least privilege, preventing users from installing software, not allowing any

(20)

external removable media source, disabling all USB ports, extensive auditing, host-based IDS/IPS, and Internet filtering and monitoring.

There are many possible ways that a hacker can gain access to a seemingly secured environment. It is the responsibility of everyone within an organization to support security efforts and to watch for abnormal events. We need to secure IT environments to the best of our abilities and budgets while watching for the inevitable breach attempt. In this continuing arms race, vigilance is required, persistence is necessary and knowledge is invaluable.

Cracking Techniques

Followings are the different ways and techniques used for cracking.

 Password cracking

Password cracking doesn't always involve sophisticated tools. It can be as simple as finding a sticky note with the password written on it stuck right to the monitor or hidden under a keyboard. Another crude technique is known as "dumpster diving," which basically involves an attacker going through your garbage to

find discarded documentation that may contain passwords. Of course attacks can involve far greater levels of sophistication.

 Dictionary attack

A simple dictionary attack is by far the fastest way to break into a machine. A dictionary file (a text file full of dictionary words) is loaded

into a cracking application (such as L0phtCrack), which is run against user accounts located by the application. Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to the job.

(21)

 Hybrid attack

Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the filename to successfully crack a

password. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month password is "cat"; second month password is "cat1"; third month password is "cat2"; and so on.

 Brute force attack

A brute force attack is the most comprehensive form of attack, though it may often take a long time to work depending on the complexity of the password. Some brute force attacks can take a week depending on the complexity of the password. L0phtcrack can also be used in a brute force attack.

 Internal attacks

Internal attackers are the most common sources of cracking attacks because attackers have direct access to an organization's systems. The first scenario looks at a situation in which a disgruntled employee is the attacker. The

attacker, a veteran systems administrator, has a problem with her job and takes it out on the systems she is trusted to administer, manage, and protect.

 External attacks

External attackers are those who must traverse your "defense in depth" to try and break into your systems. They don't have it as

(22)

easy as internal attackers. The first scenario involves a fairly common form of external attack known as Web site defacing. This attack uses password cracking to penetrate the systems that the attacker wants to deface. Another possible password cracking attack is when an attacker tries to obtain passwords via Social Engineering. Social Engineering is the tricking of an unsuspecting administrator into giving the account ID and passwords over to an attacker.

Top 05 Hacking Incidents of All Time

Instances where some of the most seemingly secure computer networks were compromised.

a) 1993

They called themselves Masters of Deception, targeting US phone systems. The group hacked into the National Security Agency, AT&T, and Bank of America. It created a system that let them bypass long-distance phone call systems, and gain access to private lines.

1996

US hacker Timothy Lloyd planted six lines of malicious software code in the computer network of Omega Engineering which was a prime supplier of components for NASA and the US Navy. The code allowed a "logic bomb" to explode that deleted software running Omega's manufacturing operations. Omega lost $10 million due to the attack.

1988

Twenty-three-year-old Cornell University graduate Robert Morris unleashed the first Internet worm on to the world. Morris released 99 lines of code to the internet as an experiment, but realized that his program infected machines as it went along. Computers crashed across the US and elsewhere. He was arrested and sentenced in 1990.

(23)

1999

The Melissa virus was the first of its kind to wreak damage on a global scale. Written by David Smith (then 30), Melissa spread to more than 300 companies across the world completely destroying their computer networks. Damages reported amounted to nearly $400 million. Smith was arrested and sentenced to five years in prison.

2000

Mafia Boy, whose real identity has been kept under wraps because he is a minor, hacked into some of the largest sites in the world, including eBay, Amazon and Yahoo between February 6 and Valentine's Day in 2000. He gained access to 75 computers in 52 networks, and ordered a Denial of Service attack on them. He was arrested in 2000.

Advantages of Hacking And Cracking

a)

Advantages of Hacking

Some of the advantages of hacking are given below:

 Hacking makes us aware about the possible loopholes of the any system.

 Hacking tools are used to test the security of a network.

 Its advantage is it is fun for you and can enjoy services that are paid.

 You can see private and sometimes information that you aren't supposed to see.

 You can play music and DVDs from DVD disks, flash drives, and SD cards.

 You can play NES, SNES, Genesis, Sega Master System, Atari2600-7800, Saturn, N64, PS1, Colecovision, Every Gameboy version, and Turbo Grafix titles.

(24)

You can select games from a wide library of freeware titles. These include Doom, Wolfenstein 3D, Quake, and many more games.

You can backup your NAND and install a preloader so if ever get bricked, you can

repair it without Nintendo's help.

 You can play games off a hard drive instead of wearing out the laser. Plus the games load a lot faster.

Used in internationally recognized training financial crime prevention.

 Hacking is good for FBI computer forensics because it can help keep us safe.

 The "advantage" so to speak of computer hacking is that you get programs etc free.

The main advantage is to detect the cyber crimes.  To monitor the terror activities in internet.

 To build a strong security system for protecting from malicious attacks.

To retrieve protected data.

To stop crime.

Hacking and its associated hostile code distribution are operating on a mass

production line with profit as the goal. Advantages of Cracking

Several advantages of cracking are listed below:

 If for some reason your password program is not enforcing hard-to-guess

passwords, you might want to run a password-cracking program and make sure your users' passwords are secure.

(25)

 Cracking has also been a significant factor in the domination of companies such as Adobe Systems and Microsoft, as these companies and others have benefited from piracy.

 Crack is a registered code for software, so that instead of purchasing it you can

use the crack to use it.

 The most obvious advantage is that your chance of actually finding the password is quite high since the attack uses so many possible answers.

 Another advantage is that it is a fairly simplistic attack that doesn't require a lot of work to setup or initiate.

 You can get windows genuine advantage in a pirated windows xp sp 2 by

cracking.

 Brute force attacks, such as "Crack" or "John the Ripper" can often guess passwords unless your password is sufficiently random.

 Its advantage is to consider periodically running Crack against your own password database, to find insecure passwords. Then contact the offending user, and instruct him to change his password.

Disadvantages of Hacking

The media often presents these individuals in a glamorous light. Adolescents may fantasize about their degree of technological skills and, lacking the social skills required to be accepted well by others, move online in search of those who profess to have technological skills the students’ desire. A simple search using the term "hacker" with any search engine results in hundreds of links to illegal serial numbers, ways to download and pirate commercial software, etc. Showing this information off to others may result in the students being considered a "hacker" by their less technologically savvy friends, further reinforcing antisocial behavior.

(26)

In some cases, individuals move on to programming and destruction of other individuals programs through the writing of computer viruses and Trojan horses, programs which include computer instructions to execute a hacker's attack. If individuals can successfully enter computers via a network, they may be able to impersonate an individual with high level security clearance access to files, modifying or deleting them or introducing computer viruses or Trojan horses. As hackers become more sophisticated, they may begin using sniffers to steal large amounts of confidential information, become involved in burglary of technical manuals, larceny or espionage.

Cyber Wars between Pakistan and India

Cyber wars between the two countries started in May 1998, when India conducted its nuclear tests. Soon after India officially announced the test, a group of Pakistan-based hackers called milw0rm broke into the Bhabha Atomic Research Center web site and posted anti-India and anti-nuclear messages. The cyber wars usually have been limited to defacements of each others' sites. Defacement is a low level damage, in which only the home page of a site is replaced with hacker's own page, usually with some message for the victim. Such defacements started in May 1998 and continued during Kargil War in 1999 and then during that era when the tension between India and Pakistan was at its peak from Dec 2001 to 2002. Therefore, the period between 1999-2002 was very crucial, when the troops were busy across the LOC exchanging gunshots and the hackers busy in defacing sites of each others.

According to attrition.org, a web site that tracks computer security related developments on the Internet, show that attacks on Indian websites increased from 4 in 1999 to 72 in 2000 where as the Pakistani websites were hacked 7 times in 1999 and 18 times in 2000. During the first half of 2001, 150 Indian websites were defaced.

During Kargil war, the first Indian site reported to be hacked was http://www.armyinkashmir.com, established by the Indian government to provide factual information about daily events in the Kashmir Valley. The hackers posted photographs showing Indian military forces allegedly killing Kashmiri militants. The pictures sported

(27)

captions like 'Massacre,' Torture,' 'Extrajudicial execution' and 'The agony of crackdown' and blamed the Indian government for its alleged atrocities in Kashmir. That was followed by defacement of numerous Indian governmental sites and reciprocal attacks on Pakistani sites.

Two prominent Pakistani hacker groups are PHC (Pakistan Hackers Club) and G-Force. The founder of PHC is Dr. Nuker. The US Department of Justice has identified "Doctor Nuker" as Misbah Khan of Karachi. Misbah Khan was involved in defacement of the official site of AIPAC (American Israel Public Affairs Committee). Doctor Nuker struck back with an interview to a magazine Newsbytes where he claimed that the 'federal grand jury made a mistake in indicting Misbah Khan of Karachi' and that 'he merely uses insecure servers in Pakistan to get online anonymously'. Doctor Nuker has been featured in international publications including Time and Newsweek.

G-Force is based in Lahore and it consists of eight members. Both Pakistan Hackers Club and G-Force are professional hackers with a specific aim: to work for the cause of Kashmir and Palestine. It is still to be seen how their hackings are helping the cause of Palestine or Kashmir! Pakistan Hackers Club has been around since quite long and apart from Indian site, they have defaced many USA and Israeli sites including US Department of Energy's site. G-Force was founded in May 1999 after the nuclear tests and their initial target was Indian sites but after 9/11, their concentration has been shifted to US-based sites. According to zone-h.org, G-Force has successfully defaced 212 sites. G-Force's "achievements" includes National Oceanic and Atmospheric Agency and three military sites associated with the US Defense Test and Evaluation Professional Institute.

During this cyber war, in December 2000, a wired.com news story created waves that claimed that an Indian hacker's group "Patriotic Indians" has defaced the official site of Pakistani government pakgov.org. Later, it was revealed that the actual site of Pakistani government is pak.gov.pk, not pakgov.org and pakgov.org was in fact registered by the alleged hacker himself with fake information.

(28)

On the Indian side, there are various hackers groups that have defaced Pakistani sites. Among them, the most famous one is H2O or the Hindustan Hackers Organization. However, the independent as well as Indian analysts admit that at this cyber-front, Pakistan has always been winning this war. There are two main reasons for this. Firstly, Pakistani hackers are organized in groups where as most of the Indian hackers are working as solo. Secondly and the most important reason is the religious motivation of the hackers based in Pakistan, to do something for the cause of Muslim brothers & sisters in Palestine and Kashmir.

At the government level, both the countries are doing their best to curb hacktivism. NIC3 _{of India and Cybercrime division of FIA}4 _{in Pakistan are taking}

necessary steps to eliminate all forms of cybercrime, including hacking.

A few of the Indian sites defaced by Pakistani hackers are:

 Indian Science Congress  National Informatics Centre

 Videsh Sanchar Nigam Limited (State-run international voice carrier)  External Affairs Ministry

 . UP government site

 Ministry of Information Technology  Mahindra & Mahindr

3

National Informatics Centre

4

Federal Investigation Authority

(29)

 . Rediff Chat

 . Asian Age newspaper  Aptech India

 University of Mumbai

 Official site of Gujarat Government  . GlaxoWellcome India

 The Parliament home page

A few of the Pakistani sites defaced by Indian hackers are

 The Nation (newspaper)

 Pakistan Television

 Pakistan Tourism Development Corporation  Official site of Punjab Government

 Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology

 Prime bank

 Hamdard University

(30)

Conclusion

While computer hackers constitutes a major security concern for individuals, businesses and public institutions across the globe, hacking and hackers’ underground culture remains much of a black box for both lawmakers and those vulnerable to hacker attacks. The mystery that surrounds much of hacking prevents us from arriving at definitive solutions to the security problem it poses; but our analysis provides at least tentative insights for dealing with this problem. Analyzing computer hacking through the lens of economics gives rise to several suggestions in this vein.

It is critical to recognize that are different kinds of hacker characterized by disparate motivations. Because of this, the most effective method of reducing the risk posed by hackers in general will tailor legislation in such a way as to target different classes of hackers differentially.

As there are different tools for hacking and cracking, there are several ethical issues involved in dealing with crimes related to this. Different policies are adopted to locate hackers and eliminate the harms of hacking by improving security systems.