Embed Size (px)
DESCRIPTION
This will share little bit knowledge about hacking to you...!
Citation preview
Hacking
Group Members
Adnan Mansha
Adeel Aftab Ali Raza Bhatti
Contents HackingTypes of Hackers
Ethical Hacking
Case StudyBackground
Own motivation Investigation
Palenties
Conclusion
Cracking
Hacking
Hacking is the gaining of access(wanted or unwanted) to a computer and viewing, copying, or creating data without the intention of destroying data or harming the computer.
Hacker
Hacker is programmer who breaks into computer systems in order to steal or change information
Cracking
Process in which a person who gains unauthorized access to a computer with the intention of causing damage.
Cracker
Cracker is a programmer who cracks (gains unauthorized access to) computers, typically to do malicious things ."crackers are often mistakenly called hackers"
Types of Hackers
White Hat Hackers
Black Hat Hackers
Grey Hat Hackers
ETHICAL HACKING A LICENCE TO HACK
Ethical hacking is the term that describes hacking performed to help a company or individual and identify potential threats on the computer or network.
Ethical Hacker
Ethical hacker Refers to a person who apply hacking skills for defensive purposes
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” The Art of War
Ethical Hacking is Legal, so ethical hacker should have to follow rules
Rules for Ethical Hacker
Hacker should have permission to probe the network and attempt to identify potential security risks.
Hacker should respect the individual's or company's privacy and only go looking for security issues.
Hacker should let the company know of any security vulnerabilities you locate in their software or hardware if not already known by the company.
Need of Ethical Hacking
Ethical hacking is necessary to protect against an attack, understanding where the systems are vulnerable is necessary.
Ethical hacking helps companies first understand their risk and then, manage them. Ethical hacking can be one of the most effective ways to fix security Problems
Case Study
AAPT -- HACKING
AAPT- Australian Associated Press Telecommunications
Background
This case involved AAPT's company data (including customers' personal information) being accessed and stolen by Anonymous, an international network of "hackers“ between 17 and 19 July 2012.
Anonymous subsequently published the data on the internet.
The data was held on a server managed by WebCentral Pty Ltd, a web-hosting business unit of Melbourne IT.
Under the contract between AAPT and WebCentral, WebCentral was required to fully manage and maintain the server, except for the custom application content and data, which was the responsibility of AAPT.
Anonymous accessed the data though the application (Cold Fusion) installed on the server, which was a "customer-managed application" and was AAPT's responsibility under the contract.
AAPT was using an old version of Cold Fusion, which was known to have vulnerabilities.
When Melbourne IT (Australian domain name registration Service ) became aware of the attack , it notified AAPT, which immediately disconnected from the network and took steps to ensure the data could not be further compromised.
Own motion investigation
Agencies didn’t get any Complaint about this act, so they started Own Motion Investigation
Results of Inverstigation
The Commissioner found AAPT failed to take reasonable steps to secure the personal information.
the Commissioner examined the Cold Fusion application to determine whether it was suitable in the circumstances.
The Commissioner noted that AAPT used a seven year-old version of Cold Fusion, which was known to have vulnerabilities.
Cont...... Results of Inverstigation
While the security "patches" on the version used by AAPT were upto-date, the failure to use newer versions of the application that did not have the vulnerabilities of the older version, meant that AAPT had not taken reasonable steps to protect the information.
The Commissioner noted that it was unclear whether AAPT was aware of what personal information was on the server, what Cold Fusion applications were installed and the parts of the server they related to or who was responsible for the maintenance and management of the application.
Cont...... Results of Inverstigation
The Commissioner identified several deficiencies in the security of data provisions in the contract between AAPT and WebCentral including:data was not assessed to determine whether it included personal information and its sensitivityexisting or emerging security risks were not required to be identified and addressed.vulnerability scanning and the effectiveness of the Cold Fusion application was not required to be undertaken.
Cont...... Results of Inverstigation
The Commissioner identified several deficiencies in the security of data provisions in the contract between AAPT and WebCentral including:data was not assessed to determine whether it included personal information and its sensitivityexisting or emerging security risks were not required to be identified and addressed.vulnerability scanning and the effectiveness of the Cold Fusion application was not required to be undertaken.
Ethical Issues
The Computer Fraud and Abuse Act of 1986 made it illegal to access a computer without authorization and steal private information or financial information.
It is responsibility of an orgranization to protect the private information of it’s user.
AAPT failed to protect the users personal information.
Penalties
The Commissioner recommended AAPT:Take steps to ensure all IT applications held internally or externally, which hold or use personal information, are subject to vulnerability assessment and testing and regular vulnerability scanning.
conduct regular audits of AAPT's IT security framework to ensure security measures are working effectively, and that policies and procedures relating to data security are being complied with.
Cont... Penalties
Undertake steps to ensure appropriate classification of data it holds either internally or externally, including whether it includes personal information and the sensitivity of that information. Review the terms of the contracts it has with IT suppliers that hold or manage AAPT data to ensure clarity around which party has responsibility for identifying and addressing data security issues (such as vulnerabilities associated with old versions of IT applications).As the case involved breaches of NPPs, the Commissioner was unable to impose a penalty on AAPT.
NPP2.1
An organisation may only use or disclose personal information for the primary purpose of collection under NPP2.1. As the publication of the data was not for the primary purpose of the collection, the Commissioner examined whether the publication amounted to disclosure by AAPT.
As the data was made public through the malicious actions of Anonymous, the Commissioner found that the publication was not a disclosure by AAPT.
Conclusion
If a hacker wants to get inside your system, he/she will, and there is nothing you can do about it. The only thing you can do is make it harder for him to get in.
Always upgrade your system or softwares regularly.
