Discussion on online hacking
Identify the common ways hackers use to gain access to systems and analyse and evaluate the methods and systems that are being used to block the attacks and defend the systems?
Internet provides a wide source of information to the users thereby making the world available at their doorsteps. In the present scenario internet has become a source for online transactions, online shopping, web chatting, web promotions etc. However, (_) pointed that these services of internet are subject to various new dangers. Security and caution are the two major factors related with the internet services. Easttom (2012) commented that computer hacking is becoming an alarming issue for the all users. Computer hacking is considered illegal in the eye of law and the parties involved in the same are subject to imprisonment of penalties. The hackers with the help of the loopholes within the computer systems hack or lock personal files of the user, gain access to the bank accounts of the users and misuse the information for their own benefit. Hacking has given rise to things like spyware, scar ware and ransom ware. The essay will here try to evaluate the common ways through which hacking is made possible and further the essay will make a critical evaluation of the methods that are used by the organizations to prevent hacking.
Don't use plagiarized sources. Get Your Custom Essay on
Methods And Systems For Blocking Hacking Attacks
Information Management System: a Case of Online Security
Just from $13/Page
The hackers have devised various ways of intruding into the computer programs of the users. Major social media companies like LinkedIn, Google, and Yahoo had been victims of hacking. In the following segment, some of the most common methods are discussed.
The hackers use the psychological manipulation technique in order to gain access to the personal information of the user. In this method, the hackers or the cyber spies intrude into the network of the victim by sending the victim an email along with an attachment or a link to a website. Leavitt (2011) opined that as soon as the user clicks on the link or attachments with the help of Trojan horse programs, the hacker gains access to the computer system without the knowledge of the user. The hacker can then successfully configure the system of the user and introduce various computer viruses like Malware that opens up a communication channel to the hacker that allows them to browse as well as control the system of the user.(Refer to appendix 1)
An alarming instance of the case of social engineering hacking was seen when Chinese hackers hacked the personal Gmail accounts of US officials and human activists. The smart use of the social engineering technique was found in this case. The emails sent to the US officials were customized according to the user so that the user would open the link giving the hackers an opportunity to introduce the Malware. For instance, the email links of “Draft US-China Joint Statement” were sent to the officials (Sanger et al. 2013).
Another common attack strategy of the hackers are usage of the Denial of service (DOS). This is an attempt which makes the system totally unavailable to the users. The DoS attack interrupts or suspends the services of the host connected to the internet. However, Barrett (2011) commented that if the user of the system is able to identify the early symptoms of the DoS attack then the user may be able to avoid the same. Some of the symptoms concern unusual slow network performance, unavailability of certain websites, inability to access certain websites, increase in the number of spam mails, denial of internet connection etc. The DoS attacks either crash the system of the user or flood the system. The DoS attacks particularly targeted for government concerns and financial sectors cripples the whole working system making huge losses for organizations and personnel.
Common ways of hacking
The attack on the China Internet Network Information Centre on 25 August 2013 reduced the traffic levels by 32%. The organization is responsible for the conversion of readable domain names into numeric addresses that support the internet. The DoS attack on the internet system was reported to be the largest DoS attack thereby destabilizing the access of the China officials and organizations to webs, mails and other internet services (The Economist, 2013)
This technique involves capturing, decoding, inspecting and interpreting of the information within a network packet on a TCP or IP network. This method used majorly to gain access to the user Ids, passwords, credit card numbers and network details. Collective and Shaw (2012) suggested that this type of attack is the most threatening attack since the hackers can conceal their identify and this attack gives access to the personal and bank information which may result in huge financial loss of the victim. The range of information access is vast in case of packet sniffing hence majority of the hackers indulges in the sniffing process since the risk of identification is low (Coleman, 2010). In this context, the hackers use sniffer software and engage in the process either through the internal systems, or through the wireless systems or through external sniffing systems. The hacker sniffing in the packet will be able to access all the websites if the victim, the send mails of the victim, the downloads and the streaming events like audio, video and internet telephones. Holt et al. (2012) commented that various employers within an organisation also use the packet sniffing as tracking devise to track the activities of the employees while they are doing work from home. The hackers use the HTTP sessions in order to sniff into the user Id and password of the victims. Although Secure Socket layers (SSL) are being incorporated nowadays in order to secure the sessions; however, there are a large number of private sessions that use less secure encryptions. (Refer to appendix 3)
This is a rare method used in cases of target hackings. The hackers in some cases may intrude upon the websites of a third party related with the actual victim and gain personal access of the third party in order to access the information of the actual victims. These types of attacks are generally seen in cases of company hackings. If the hacker has targeted a company for hacking, then the hacker will search for the employees of that company in social websites like LinkedIn to gain personal information access. The hacker will then infiltrate into the website and mail account of the third party and steal the employee credentials. The attack becomes easier for the hacker because majority of the employees use same username and password for both personal and professional mail accounts. Thus by obtaining the personal employee credentials the hacker will be able to gain access to the company information. Panko (2010) suggested that the hackers would use the third party website as an agent of controlling the access to the victim’s website.
Social engineering
Apart from the above mentioned ways, hacking attacks are also implemented though web downloads, USB drive insertion and wifi compromises. In cases of open wireless networks, it becomes easier for the hackers to invade the system without any protection and firewalls. These hacking attacks are majorly common in cases of retail outlets where the transactions are done through an open system. The hackers can easily get access to the card information of the users. Commonly in some cases, it is seen that the USB or other external devices inserted within the systems may have been affected with virus thereby affecting the users system with the same. Kaufman, et al. (2002) suggested that by targeting a specific website the hackers would be able to infect a large group of users. By downloading from these websites will make the systems of the users vulnerable to the external attacks. This very common hacking method remains undetected and unprotected (Booms, 2010).
The growing rate of unethical hacking has made it indispensible for the software engineers to devise strategies for reducing the effect of hacking and protect personal information from external intruding (Bachmann, 2010). The Computer Misuse Act 1990, UK states that hacking is a criminal offense. Thus as per this law any unauthorized access to computer material, unauthorized access with intent to commit further crime and unauthorized modification are taken as criminal acts. The hackers are thus subjected to criminal offences under the Frauds Act, Forgery and counterfeiting act 1981, Theft Act 1968 and Criminal Damage Act 1971.
The most common method of securing personal data infiltration is to secure the computers and phones with antivirus software. The software is designed with database of malware and hence the software installed within the computers compare the contents of the files with the database to detect the presence of the malware. The ant viruses are capable of detecting the malwares based on the signature detection, behavior detection, heuristic detection and data mining approach. Ludlow (2010) commented that the use of data mining techniques in detection of the malware is done by assessing the behavior of the file comparing them with a given set of file feature. However, Kleiman (2011) argued that uses of this software are subject to renewal costs. For instance, McAfee requires the user to unsubscribe and again create new subscription of the software 60days before the expiry of the software life. Moreover, the installation of the antivirus in Microsoft Windows may give rise to certain false alarms that may make some of the applications in the system unusable creating problems for the user.
Apart from Antivirus systems, the organizations are also using firewall systems as a source of network security. Harris et al. (2011) opined that firewalls are system that controls the incoming and outgoing network traffic based on internet rules. In case an incoming traffic is identified from a threatening external source, then the firewall can effectively build a wall to protect the internal network. The attacks from packet sniffers are protected with the help of firewalls and packet filters. The firewalls protect the computers by filtering the traffic based on attributes like IP address, source port, destination service and IP. Thus the companies depending upon the personal security needs makes necessary configurations within the firewall. Thus by marking the specific list of programs under the firewall system the organization can effectively secure the incoming of the websites.
Denial of service attacks
Apart from these, the organizations also conduct attack and penetration tests, in order to indentify the vulnerable points within the network that the hackers can easily access. This review gives the organizations opportunity to remove personal information, makes changes in Id and passwords and uses systems that are more powerful in order to prevent the attacks (Jaishankar, 2011). The use of the proxy settings also enables the users to gain information about the IP address of hackers. This has helped the investigators to catch and imprison many inexperienced hackers. However the use of the proxy settings may create a vulnerable situation for the organization as well. The hackers may also intrude upon the personal settings through the proxy settings where there is no provision for firewall (Leavitt, 2011).
The password hacking is an alarming issue for individuals as well as the organizations hence the individuals should firstly use long passwords of approximately 10 characters so that the cryptography becomes stronger. Moreover, rather than using a single word password, the individuals can use a combination of uppercase and lower case in order to frame a different password. The passwords should also be a combination of special characters and numbers along with the alphabets in order to reduce the scope of guess by the hackers. Cheswick et al. (2003) opined that for the prevention of network sniffing the organizations also use tools like Ant sniff that detects the mode of the network. The network traffic can also be protected by the use of encryptions like Secure Sockets layers or Transport Layer Security. Furthermore, to reduce the attacks through social engineering, Google has framed the policy of Spam mails. Majority of the social engineered mails are directly transmitted to the spam box of the user making them unreachable for the user. Moreover, Google provides security warnings to the users making them alert and vigilant about their data protection and instruct and instructing them to change the passwords frequently (Reddy et al. 2010).
Conclusion
The essay shows the vulnerability of the users in respect of internet services. With the advent of technologies, the companies have tried to devise strategies in order to protect their security systems; however, the hackers use the smallest loopholes within the system to track the networks and to gain access on the personal information of the user. With the huge progress in the field of hacking in terms of computer hacking, phone hacking, personal database hacking and external security exploits, the organizations as well as the individuals are falling under harassments and financial losses. The essay shows the major common methods used by the hackers. However, the essay also critically analyses the different prevention methods employed by the individuals and the organizations. With the help of vulnerability scanners, the organizations can check the network vulnerability from the viewpoint of the hackers. This is the basic step that all organizations should take in order to ensure that their data is protected. Thus from the easy it can be evaluated that the use of the antivirus is also essential for the individuals and the organizations to protect their systems from computer virus and computer worms. However the major step should be taken on part of the individuals by remaining alert and vigilant while using internet services and avoid sharing personal information with anyone over the internet in order to avoid prospects of social engineering.
Reference list
Bachmann, M. (2010). The risk propensity and rationality of computer hackers.The International Journal of Cyber Criminology, 4(1-2), 643-656.
Barrett, D. (2011). Hackers penetrate NASDAQ computers. The Wall Street Journal, 5.
Booms, T. E. (2010). Hacking into federal court: employee authorization under the computer fraud and abuse act. Vand. J. Ent. & Tech. L., 13, 543.
Cheswick, W. R., Bellovin, S. M., and Rubin, A. D. (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley Longman Publishing Co., Inc..
Coleman, G. (2010). The hacker conference: A ritual condensation and celebration of a lifeworld. Anthropological Quarterly, 83(1), 47-72.
Collective, B. S. M., and Shaw, D. (2012, February). Makey Makey: improvising tangible and nature-based user interfaces. In Proceedings of the sixth international conference on tangible, embedded and embodied interaction (pp. 367-370). ACM.
Easttom, W. C. (2012). Computer security fundamentals. Pearson Education India.
Harris, S., Ness, J., Eagle, C., Lenkey, G., & Williams, T. (2011). Gray Hat Hacking: The Ethical Hacker’s Handbook. McGraw-Hill.
Holt, T. J., Strumsky, D., Smirnova, O., and Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Criminology, 6(1), 891-903.
Jaishankar, K. (Ed.). (2011). Cyber criminology: exploring internet crimes and criminal behavior. CRC Press.
Kleiman, D. (2011). The Official CHFI Study Guide (Exam 312-49): For Computer Hacking Forensic Investigator. Syngress.
Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
Leavitt, N. (2011). Mobile security: finally a serious problem?. Computer, 44(6), 11-14.
Ludlow, P. (2010). Wikileaks and hacktivist culture. The Nation, 4, 25-26.
Panko, R. (2010). Corporate Computer and Network Security, 2/e. Pearson Education India.
Reddy, S. V., Sai Ramani, K., Rijutha, K., Ali, S. M., and Reddy, C. P. (2010, June). Wireless hacking-a WiFi hack by cracking WEP. In Education Technology and Computer (ICETC), 2010 2nd International Conference on (Vol. 1, pp. V1-189). IEEE.
Sanger, D., Barboza, D., and Perlroth, N. (2013). Chinese Army Unit is seen as tied to Hacking against US. The New York Times, 21.
The Economist, (2013). The Economist explains. [online] Available at: https://www.economist.com/blogs/economist-explains/2013/08/economist-explains-16.) [Accessed 18 Mar. 2015].
