How Hackers operate & how you can safeguard urself online ?

What are hackers ?

A hacker is a person who has great knowledge over computers and networks and has the ability to research, exploit, program and make tools and use existing tools to break into remote computers without authorization and can gain/modify/destroy/ steal data.

What type of hackers out there ?

This is quite a complex question. there are different type of hackers such a Black hats, White hats.. etc.. basically there are noobs.. often called as skiddies. who are new to the world of hacking and often like to show off to others that they are hackers and can hack but in real terms they are not capable of carrying out any real hack without using ready made tools. they involve in carrying out DDOS (Distributed denial of service) attacks on websites and they often target myspace accounts, facebook,runescape accounts, personal mail accounts (LAME) and mostly use keylogging programs, Trojans.. etc..

The other kind of hackers are often know as scammers. who make a living out of fraud and scamming others by gaining sensitive informations of their victims.. such as bank logins, Credit card (A Process Known as Carding) etc.. even though they use same techniques and tools they are not respected in the underground community and NOT considered as hackers..

The other kind of hackers are the Professionals..White hats (Who hack systems and do penetration testing and use the knowledge to make better systems), The Blackhats (Who hack systems but never reveal the methods to others and not involved with any firms or agencies) These professionals who rarely speak out about hacking and has a much greater knowledge about networks and core systems and has the ability to exploit and write his own programs and never use any of the knowledge to gain any financial interests. the only point of these guys is to prove that they can do anything and in return they expect others to respect them for what they are capable of and help make better systems.

Big question.. how do they do it ?

Ahhaa ! not a bad question at all.. well its much more complicated if you are just a home pc user. I’m not going to confuse you all with so much technical terms. instead ill explain it with easy to understand examples.

Method 1

Using a Trojan/key logger/Bot

These are all malicious programs which can infect a computer and open connections to an hacker in your pc or even scan all your files for sensitive information such as login user names and passwords and remotely distribute them to hackers..

Method 2

Using exploits

Exploits are certain weaknesses in applications in operating systems which allows a hacker to use them to hack into a system. for an e.g : A exploit in internet explorer can help a hacker to code a shell which once embedded into a html file and hosted in a server and a victim who runs internet explorer and visits that infected web page (the victim can be lured into viewing that page) will trigger an event where a bot or a trojan server is remotely downloaded into the victims pc and executed (Remote code execution) and then later the hacker can break into your system with the method 1 mentioned above..

A hacker can do a random port scanning to find out informations about computers in his networks ..such as what kind of services running in the target computer, applications, operating system (Known as OS Fingerprinting) and look for a exploit that exploits a certain application a target victim is running !

Info : These days the exploits has gone far beyond anything an anti virus company or a operating system developers can think of preventing with the invention of automated tools such as icepack, mpack etc.. these tools are often very expensive and sold up to £1000 a piece in black markets and can scan millions of systems for holes and can even do an automated infection once a certain exploit is found..

method 3

Social engineering

Its a method of exploiting the greatest weakness of all time.. HUMANS… sounds weird ? Yes ! when it comes to computer security humans are the biggest weakness ! A social engineering works in the basics of tricking a person to do something that will help a hacker to gain enough information or fool the person to execute certain procedures in order to hack into the system. this system is used by one of the legends Kevi.D.Mitnick ..A well known hacker who was able to hack into many highly secured systems just by calling and tricking the employees to reveal passwords !

Hint : If you want to know more read the book “Art of Deception” by Kevin.D.Mitnick on how he executed these tricks successfully !

Those are the main types of hackings.. now moving on will see how you might become a victim to one these methods ?

1. Downloading files over P2P, Torrents, Warez sites.. etc.. – Ok we all love software piracy.. hackers normally target these sites. A hacker can bind a malicious piece of software with a legitimate program which you badly looking for free… and spread over torrents, P2P (like kaazza, limewire) and once you download and execute the file and while you enjoy your new program you are very unaware that you just became part of a bot net or your credit card details are stolen and being used to purchase something very expensive !

CURE : DON’T download any file that has an executable extension (.exe, .cmd, .pif, .hta) over these methods. only download from legitimate sites.. also please support the developers by buying the products !

2. Update your operating systems regularly. if you are using a windows operating system make sure your live update is ON and it gives you certain amount of protection over exploits. but its not a 100% fault proof as a new exploit (often called as a 0day) can exploit your system. avoid using internet explorer as the standard web browser. install Firefox or opera as they give a bit more protection over IE. Avoid using Outlook as the e-mail client as a computer worm ( self replicating program) almost every one of them looks for your contact lists and tries to make them a victim as well.. (by sending copies of infected files by hijacking your mail and pretending to be you)

3. If you receive phone calls from your bank, credit card company DO NOT reveal your PIN numbers, passwords to them.. some of the social engineers can ask lot of personal information from you without asking for passwords which they can use with your credit card company to scam you by pretending to be YOU ! or use for Identity theft ! so be careful when answering the phone. if you feel suspicious hang up and contact your bank. I would take a walk..

4. Avoid logging into your bank.. etc from public computers or other places where you can’t trust. e.g : An internet cafe seems to be a safe place but a employee can be a part of a scam ring and has access to administrator privileges and might be stealing your passwords ! TRUST NO ONE ( I know i stole it from X-files but i don’t care :p )

4. DO NOT store passwords in your computer. cause most of the Trojans can steal them with a click of a button. so store them in a USB Key and use them when needed. there are many password storing programs. use one of them. (I personally use IRON KEY.. its a revolutionary product.. Google for more details)

5. Always have a Strong password.. A strong password takes ages to break by brute force (A Process in which a program tries different combinations to try ans guess the password) and never use a password which can be guessed by someone such as your wifes name, common words, date of birth, words from a dictionary etc..because a dictionary attack (A Process where a word list is used to guess the password) can break your passwords in minutes. when creating a password use lengthy passwords..like 12 Chars, UPPERCASE, lowercase, symbols.. e.g : TWat&$17*&lo

6. Always encrypt your sensitive data. there are plenty of free programs that can do it. e.g : True crypt use private/public key encryption methods..

7. DO NOT post your email address online. in forums, blogs..etc your e-mails can be grabbed by automated bots and used for spamming purposes. always post your e-mails in such a format maxguy{at}hotmail.com A Email collecting bot will normally look for strings with the format of username@domain.com so we have prevented it from collecting our e-mail by replacing ‘@’ with ‘{at}’

8. Use a good firewall & Anti-virus programs.Do not buy something just because a agent is trying to sell it to you. do your research before buying..search and read what experts think about them.. I would personally visit a hackers website and see their comments as they are always a step ahead of anti-virus company experts… Regularly update the virus definitions and buy a Proactive defense internet security tool..(e.g : kaspersky) But keep in mind every piece of technology can be Beaten by hackers and there is no such thing as ‘THE BEST ANTI-VIRUS’

Ok now you know what you should do and what you shouldn’t to protect yourself ! lets see how the hackers get away with doing illegal activities ?

A Hacker can use many ways to protect himself. Normally hackers use proxies and a good hacker will always use Socks4,5 or even a VPN to protect himself or buy a Static IP, use a foreign domain, use a hacked server to run a botnet, use a hacked computer to bounce off to networks, relayed servers..etc

The law enforcement agencies are getting high tech these days with the state of the art equipment and softwares to track down hackers but as long as the technology exists the HACKERS will always exist !

Once a hacker is always a hacker my mate tom used to tell me

Written by – Max 02-July-2008 (15.25PM) All rights reserved.

~ by netsecurityfactor on July 3, 2008.