What Exactly is Hacking? Types of Hackers | Introduction to Cybercrime

April 23, 2021 0 Comments
Share:

 


What is Hacking?

Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. An example of computer hacking can be: using a password cracking algorithm to gain access to a computer system.

Computers have become mandatory to run successful businesses. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. This exposes them to the outside world and hacking. System hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cybercrimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.

In this hacking tutorial, we will learn-

  • Common Hacking Terminologies
  • What is Cyber Crime?
  • Types of Cyber Crime
  • What is Ethical Hacking?
  • Why Ethical Hacking?
  • The legality of Ethical Hacking
  • Summary

Before we learn hacking, let’s look at the introduction of hacking and some of the most commonly used terminologies in the world of hacking.

Who is a Hacker?

Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.

Types of Hackers

Hackers are classified according to the intent of their actions. The following list classifies types of hackers according to their intent:

SymbolDescription
White hat hackerEthical Hacker (White hat): A security hacker who gains access to systems with a view to fixing the identified weaknesses. They may also perform Penetration Testing and vulnerability assessments.
Black hat hackerCracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts, etc.
Grey hat hackerGrey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
Script kiddiesScript kiddies: A non-skilled person who gains access to computer systems using already made tools.
HacktivistHacktivist: A hacker who uses hacking to send social, religious, political, etc. messages. This is usually done by hijacking websites and leaving a message on the hijacked website.
PhreakerPhreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

Introduction of Cybercrime

Cybercrime is the activity of using computers and networks to perform illegal activities like spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc. Most cybercrime hacks are committed through the internet, and some cybercrimes are performed using Mobile phones via SMS and online chatting applications.

Type of Cybercrime

  • The following list presents the common types of cybercrimes:
  • Computer Fraud: Intentional deception for personal gain via the use of computer systems.
  • Privacy violation: Exposing personal information such as email addresses, phone numbers, account details, etc. on social media, hacking websites, etc.
  • Identity Theft: Stealing personal information from somebody and impersonating that person.
  • Sharing copyrighted files/information: This involves distributing copyright-protected files such as eBooks and computer programs etc.
  • Electronic funds transfer: This involves gaining unauthorized access to bank computer networks and making illegal fund transfers.
  • Electronic money laundering: This involves the use of the computer to launder money.
  • ATM Fraud: This involves intercepting ATM card details such as account numbers and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
  • Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
  • Spam: Sending unauthorized emails. These emails usually contain advertisements.

     

What is Ethical Hacking?

Ethical Hacking is identifying weaknesses in computer systems and/or computer networks and coming up with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.

  • Get written permission from the owner of the computer system and/or computer network before hacking.
  • Protect the privacy of the organization been hacked.
  • Transparently report all the identified weaknesses in the computer system to the organization.
  • Inform hardware and software vendors of the identified weaknesses.

Why Ethical Hacking?

  • Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
  • Fake hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cybercriminals who would otherwise lead to loss of business.

The legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests an individual’s skills. Those who pass the examination are awarded certificates. The certificates are supposed to be renewed after some time.

Summary

  • Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.
  • Cybercrime is committing a crime with the aid of computers and information technology infrastructure.
  • Ethical Hacking is about improving the security of computer systems and/or computer networks.
  • Ethical Hacking is legal.

  • Potential Security Threats To Your Computer Systems

    A computer system threat is anything that leads to loss or corruption of data or physical damage to the hardware and/or infrastructure. Knowing how to identify computer security threats is the first step in protecting computer systems. The threats could be intentional, accidental or caused by natural disasters.

    In this article, we will introduce you to the common computer system threats and how you can protect systems against them.

    Topics covered in this tutorial

    • What is a Security Threat?
    • What are Physical Threats?
    • What are Non-physical Threats?

    What is a Security Threat?

    Security Threat is defined as a risk that can potentially harm computer systems and organizations. The cause could be physical such as someone stealing a computer that contains vital data. The cause could also be non-physical such as a virus attack. In this tutorial series, we will define a threat as a potential attack from a hacker that can allow them to gain unauthorized access to a computer system.

  • What are Physical Threats?

    A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems.

    The following list classifies the physical threats into three (3) main categories;

    • Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware, etc.
    • External: These threats include Lightning, floods, earthquakes, etc.
    • Human: These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.

    To protect computer systems from the above-mentioned physical threats, an organization must have physical security control measures.

    The following list shows some of the possible measures that can be taken:

    • Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out a fire. The unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room.
    • External: Lightning protection systems can be used to protect computer systems against such attacks. Lightning protection systems are not 100% perfect, but to a certain extent, they reduce the chances of Lightning causing damage. Housing computer systems in high lands are one of the possible ways of protecting systems against floods.
    • Humans: Threats such as theft can be prevented by the use of locked doors and restricted access to computer rooms.

    What are Non-physical threats?

    A non-physical threat is a potential cause of an incident that may result in;

    • Loss or corruption of system data
    • Disrupt business operations that rely on computer systems
    • Loss of sensitive information
    • Illegal monitoring of activities on computer systems
    • Cyber Security Breaches
    • Others

    The non-physical threats are also known as logical threats. The following list is the common types of non-physical threats;

    • Virus
    • Trojans
    • Worms
    • Spyware
    • Key loggers
    • Adware
    • Denial of Service Attacks
    • Distributed Denial of Service Attacks
    • Unauthorized access to computer systems resources such as data
    • Phishing
    • Other Computer Security Risks

    To protect computer systems from the above-mentioned threats, an organization must have logical security measures in place. The following list shows some of the possible measures that can be taken to protect against cyber security threats

    To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In addition to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting the website that is most likely to download unauthorized programs onto the user’s computer.

    Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometrics, etc.

    Intrusion-detection/prevention systems can be used to protect against denial of service attacks. There are other measures too that can be put in place to avoid denial of service attacks.

    Summary

    • A threat is any activity that can lead to data loss/corruption through to disruption of normal business operations.
    • There are physical and non-physical threats
    • Physical threats cause damage to computer systems hardware and infrastructure. Examples include theft, vandalism through to natural disasters.
    • Non-physical threats target the software and data on the computer systems.
CAMBRIDGE IT COLLEGE
Tags
Share:

No comments

Subscribe to: Post Comments ( Atom )