This is a starting guide to hacking. In general, there will be a series of articles to show you how to hack computers, networks etc.
As far as posters and drafters of this article are concerned, hacking is simply a technical skillset, so understanding how hacking works, how hacking attack happens, the ability to plan hacking attacks is simply a technical skillset; you need to realize that if you decide to do hacking in a real world, these are you who are liable for any legal ramifications whatsoever.
If you steal somebody’s data that you are not supposed to possess or get familiar with, or you slow down or destroy systems etc., that is all on you, none else is to blame. Therefore, this article shows you how to do hacking based on how malicious hackers would attack, so we are going to talk about how to plan attacks, why you would do hacking, what you would do with hacking – what you want to get out of it.
That is, this article is for informational purposes, so do not come and blame anyone involved into preparation of this article.
The topics to be discussed as part of introduction to hacking are as follows:
1. What hacking actually is – most people do not understand what hacking really is.
2. Who hackers are – who are those guys out there?
4. Methods of attack
5. Planning attacks.
6. Protecting yourself
7. Actual ways of doing attacks.
That is, we are going to understand basic concepts of hacking.
This is an intro to hacking, and now let us proceed to
1. Who/What are hackers and hacking?
The first question we need to answer is what hacking is and who hackers are. Well, basically, if to boil down hacking to its simplest form, all hacking is but a non-conventional way of interacting with the systems.
What do I mean by these non-conventional ways of interacting with the systems? Well, as computer operating system is created, its designers figure out how they want you to interact with a computer. That is, you may double-click icons, you may right-click, you might run a command etc. These are conventional ways you are supposed to interact with a computer. Non-conventional ways of interacting with computers imply interacting with the system in a way that the designers have not intended for you to interact with that computer system.
To give you a hint, if you are trying to open up a file, let’s say you are trying to open up a Word file on the computer, the conventional way of opening that file is to boot up OS, have Windows logged in, double-click the file so it opens up and works. That is a conventional way of accessing that file.
A non-conventional way of accessing that file is to boot a computer out of Linux Live CD so that OS is now under that Linux Live CD. Thus you are going to the computer accessing the document using Linux Live CD OS.
Why is this important? If you boot your PC off Windows OS – the Windows OS has security and permissions, so if you boot off-Windows you may not have permission to access that file. So if you are going to open up that file, Windows will tell you that you do not have permission to view the file.
However, if you boot your system out of Linux Live CD, those security parameters are not understood by the Linux Live CD. So even if you are not supposed to have access to that file or folder, you can get to it lickety-split, because basically the Live CD does not view and does not care about the permissions.
So, that is all what hacking is about – how do you get info, how do you get at systems, with or without following the normal way. A lot of programs keep their information in .ini files or .dat files – data files – so the way you normally view those data files is by opening up an application, and so you are looking at the windows and it is telling you what’s there.
Another way you may choose to follow is to open up a data file with a text editor and to see all the information stored there.
That is all what hacking is about; hacking is simply a non-conventional way of working with systems and getting to data.
Now, if we are discussing hackers…
2. Who hackers are – who are those guys out there?
… You will hear about white hat hackers, black hat hackers, and grey hat hackers. This is a big term, everybody uses it.
Basically, black hat hackers are the hackers you are probably thinking about. These are the evil hackers, so the black hat hackers that are out there to destroy systems, to steal data etc., these are “the bad guys”, quotations are used to emphasize that it goes really complicated when you deal with human beings, but, to make it sound simple, black hat hackers are bad people, they steal data, credit card info, try to destroy stuff etc.
Further we have white hat hackers, who are basically little angels of the hacking world. These people do not want to cause damage to anybody. In general, as they hack they look for discovering security vulnerabilities so that they can pack those vulnerabilities.
If they try to hack a system, the sole reason for that is always for good, for virtuous right reasons.
There are grey hat hackers, where most of us are, probably 80 to 90 % of all the hackers population falls into this. Grey hat basically means that it is good or bad subject to the person you have argument with; I may think what I am doing is completely right, I tell my wife what I am doing, and she thinks it is completely wrong, so here comes a disagreement whether it is good or bad.
1. Black hat hackers are what’s associated with bad, evil, stealing, destruction, etc.;
2. White hats are those little angels, little saints out there;
3. Grey hats are basically where most of us fall, as we understand how systems work so well that sometimes we modify systems to improve how they works for ourselves. Like I have said, grey hat implies that depending on who is talking to you may be a saint or a sinner, that is why you are grey, you are kind of sitting there on the middle.
If we are to discuss white hat hackers, we will hear something called “ethical hacking”. I hate the term of Ethical Hacking, really. Ethical hacking is basically when you are saying you are one of those ethical guys, you only hack ethically.
I think this is more just a marketing term. You are hacker, why you hack is kind of up to you, saying you are ethical hackers muddies the water a little bit.
That is, are you always an ethical hacker? If you spy on your employee, that might be ethical; if you spy on your kids, is that ethical? I do not know.
Basically, as you hear of ethical hacking, I would argue that is but a marketing concept; basically what ethical hacking means is that you want these white hat hackers to do hacking only for the good. That is, you may hack systems, but only as you are looking for vulnerabilities as such.
As we are talking about different skill levels of hackers, there are generally three different skill levels. Whether you are a black hat, a white hat, a grey hat – whatever way you are hacking, there are three general skill levels.
1. The first is like a computer science skill level, these are really impressive people who really understand how Network Protocol works, operating system works. Such people can actually program, so they can go in and they can program OS, modify it. They can create viruses, malware, botnets, that is the high level of hacking, be it white, grey or black. These people develop viruses, rootkits, etc.
2. Then you have like my level, more technician class of hackers. As hackers have been there for a long time, just like MS Word got much easier to you or Windows 7 OS is much easier to you, in the same way hacking tools develop, every year they come out with new better versions of hacking tools, so that when I started in computers there were, you know, all those command lines, line user interface, you had to type in commands knowing exactly what you were doing, and if you did not all of that blew up. Well, now hacking provides all these beautiful user interfaces with nice little icons, very pretty and very easy to use.
So for the technician like me, you basically go out and use tools already on the market to do hacking, you may use them in non-conventional ways. However, you do not develop new rootkits, new viruses or antivirus software, any of that – simply using what is available, open source, or what you can purchase.
3. The lowest level in the hacking world is generally called script kiddies. These are basically non-technical people that somehow got their hands on scripts like Visual Basic scripts, malicious codes, malicious programs, etc., and they decide to try to use that for their own betterment for instance. So, you know, this might be a 10-year-old girl that grew very angry at her teacher at school and went home and downloaded some nasty virus, and as the teacher was not looking she downloaded that at the teacher’s computer and thus infected it.
Or, on the other hand, these might be parents who want to know their kids are doing what they are supposed to do and therefore install software to their kids’ computer in order to capture all the instant messaging or email messages and all that kind of stuff. So maybe that is a parent that tries to spy on the kids.
Be these parents or kids, the basic idea about script kiddies is that these are the lowest level people, like consumer people. They do not really understand how computer works. Frankly, they do not really understand what they are doing. They just somehow got their hands on these scripts or these programs and try using these.
Summarizing the above, there are computer science people who are very smart; technicians using tools that are up there or technologies; and then there is the lowest level of script kiddies.
Finally, as we have talked about, you are interacting with systems in non-conventional way, so the question is why do people hack?
2.1. Why do people hack?
1. Hacking for data
The first reason is to acquire data for good or for bad. For instance, if a customer comes to me with the OS on computer dead, and thus needs to do a data recovery, I will be hacking that computer to recover the data – all those pictures, programs etc., so that would be hacking to acquire data.
You may be at the bad side, hacking to acquire credit card info to do some unfairness with it in the future, hacking to get passwords, to get contact info from the companies, so you know, if you have a company that is you competitor and you try to market to their clients, you may try to hack that company in order to acquire all that contact information.
So, the first reason for hacking is that you need to acquire data.
2. Hacking for impersonation
The next reason you may have for hacking is for impersonation. We have heard a lot of this.
Like what is wrong with those people, these 40-year-old mothers impersonate 20-year-olds, and then go and have these weird sort of affairs with other 20-year-olds on the Internet and make them commit suicide or something…
Basically, the next reason you may have for hacking is to impersonate somebody; this could either be normal fraudulent, you are trying to actually impersonate somebody. For instance, you know one of your competitors tries to line up a client, you can try to hack into their mail system and try to send email to client that looks like it comes from CEO basically telling clients to screw themselves; so that client gets mad – you may impersonate in that way, kind of fraudulent. You may as well impersonate using company’s or people’s credit accounts with other companies. Let us say you want to go and buy something at newegg.com, you may impersonate somebody else to buy a product and get it shipped to you – that will be the deal.
Otherwise, you may do impersonation to launch attacks at end target. That is, when hacking there may be lots of victims in order to get to your final target. Let us say, your target is up there – you try attacking one company or OS. You may actually hack in up to 20 or 30 or to thousands of computers, then from those computers attack those final companies.
Thus, the impersonation may be that you hack in somebody else’s PC, so that from there you can hack into your final target. The reason is that if any investigation work is done, it will point to the computer you have hacked into and, hopefully, not to you.
Then, of course, there is a destruction motivation, whether you go after a competitor or somebody you dislike – basically, what you are trying to do is destroy data, trying to destroy systems or trying to shut them down.
There is a big mess right now, there are a lot of antipiracy lawsuits and so one of the big hacking communities out there has decided that they would purposely try to shut down the websites of law firms trying to sew pirates; so be they right or wrong – I am not getting on the middle, but basically they are trying to take those websites down, they are trying to do damage to those websites, so they are not trying to steal information, impersonate anybody – this is just a sort of fisticuffs of the digital world.
3. Hacking for fun
Final reason people do hacking – this might sound strange, but that is true: a lot of people do it for fun, so it is just like when I was teenager people played Myst, just like people do Sudoku or crosswords puzzles or math problems, a lot of people find it very fun to hack systems.
A lot of people that have tried to hack the Department of Defense or Pentagon actually have not been doing this to learn how atomic bomb is created. They do it really a lot of times – basically to see if they can, it is like winning the next level of a video game, except that if caught they go to prison.
So, a lot of people actually do hacking for fun.
Basically, as I have said, hacking is simply a non-conventional way of interacting with systems.
There are black hats, grey hats, white hats.
Black hats are evil, white hats are “good”, grey hats are all the rest of us.
Again, if you have heard of ethical hacking that implies white hacking, doing it for good. I think there is a lot of crap, it is but a marketing concept.
The levels of hacking include:
– a PC science, guys that can create viruses, malware etc.
– technicians that can use software and systems already created
– finally there are script kiddies
The reasons include:
– acquiring data
– or just for fun
That is who hackers are and what hacking is.