visit us at www.wilber-learndev.com
HACKING
visit us at www.wilber-learndev.com
Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data. Hacking is not always a malicious activity, but the term has mostly negative connotations due to its association with cybercrime. [1]
visit us at www.wilber-learndev.com
Hacking is one of the ways to commit a cybercrime. [2]
visit us at www.wilber-learndev.com
Hacking is one way to commit cybercrime, but it is not the only way. Cybercrime refers to any illegal activity that uses technology, such as computers, networks, or the internet. Hacking is a type of cybercrime that involves gaining unauthorized access to computer systems or networks. Other types of cybercrime include phishing, identity theft, and malware distribution.
visit us at www.wilber-learndev.com
According to the FBI, hacking is one of the most common types of cybercrime, and it can be carried out by a range of actors, including individuals, criminal organizations, and nation-states (FBI, n.d.). Hacking can be used to steal sensitive data, such as financial information or trade secrets, or to disrupt computer systems or networks.
visit us at www.wilber-learndev.com
However, it is important to note that cybercrime is a complex and multifaceted problem that involves a range of activities beyond hacking. For example, phishing is a type of cybercrime that involves using fraudulent emails or websites to trick individuals into providing sensitive information, such as usernames and passwords (FBI, n.d.). Identity theft is another type of cybercrime that involves stealing someone’s personal information, such as their name and social security number, to commit fraud (FBI, n.d.).
visit us at www.wilber-learndev.com
In conclusion, while hacking is one way to commit cybercrime, it is not the only way. Cybercrime is a complex problem that requires a range of strategies to address effectively.
visit us at www.wilber-learndev.com
So we can say that a person can commit a crime of cybercrime without hacking?
visit us at www.wilber-learndev.com
Yes. Cybercrime encompasses a wide range of illegal activities that can be committed using technology, and hacking is just one of many techniques that can be used to commit cybercrime. Other examples of cybercrime include phishing, identity theft, online fraud, malware distribution, and denial-of-service attacks, among others. In fact, many cybercrimes involve a combination of different techniques and strategies. Therefore, it is important to have a comprehensive understanding of cybercrime and its various forms in order to prevent and address these illegal activities effectively.
visit us at www.wilber-learndev.com
CYBER ATTACKS
visit us at www.wilber-learndev.com
Computer-related criminal activity is not peculiar to the 21st century. [3] One of the first reported “major” instances of cybercrime was in 2000 when the mass-mailed “I Love You” Worm (which originated from Pandacan, Manila) [4] “affected nearly 45 million computer users worldwide.” [5] This entailed as much as US$ 15 billion to repair the damage. Cyber attacks have morphed into myriad forms. The following is just a summary of some of the known attacks: [6] [7]
visit us at www.wilber-learndev.com
1. Phishing attacks:
visit us at www.wilber-learndev.com
These attacks involve the use of fake emails or messages to trick individuals into providing sensitive information or clicking on malicious links, often leading to the theft of sensitive information or malware infections.
visit us at www.wilber-learndev.com
2. Ransomware attacks:
visit us at www.wilber-learndev.com
Ransomware is a type of malware that encrypts an organization’s data and demands payment in exchange for the decryption key. These attacks can cause significant disruption to business operations and result in significant financial losses.
visit us at www.wilber-learndev.com
3. Malware attacks:
visit us at www.wilber-learndev.com
Malware is any type of software that is designed to cause harm to a computer system or network. This can include viruses, worms, and Trojan horses, among others.
visit us at www.wilber-learndev.com
4. Insider threats:
visit us at www.wilber-learndev.com
These threats come from within an organization, such as employees or contractors who misuse their access to sensitive information or systems, either intentionally or unintentionally.
visit us at www.wilber-learndev.com
5. Advanced persistent threats (APTs):
visit us at www.wilber-learndev.com
APTs are targeted attacks that are carried out over a long period of time by skilled attackers who seek to gain unauthorized access to sensitive data or systems.
visit us at www.wilber-learndev.com
6. Internet- of- Things (IoT) attacks:
visit us at www.wilber-learndev.com
As more devices become connected to the Internet, IoT devices are increasingly becoming targets for cybercriminals, who can exploit vulnerabilities to gain access to networks or cause disruption.
visit us at www.wilber-learndev.com
7. Cloud security risks:
visit us at www.wilber-learndev.com
Cloud services have become an essential part of modern business operations, but they also introduce new security risks, including data breaches, service hijacking, and unauthorized access.
visit us at www.wilber-learndev.com
8. Social engineering attacks:
visit us at www.wilber-learndev.com
These attacks involve manipulating individuals into divulging sensitive information or taking actions that are detrimental to security, often using psychological tactics.
visit us at www.wilber-learndev.com
9. Distributed denial-of-service (DDoS) attacks:
visit us at www.wilber-learndev.com
DDoS attacks involve overwhelming a system or network with traffic to cause it to become unavailable to users. These attacks can be used to disrupt business operations or extort organizations.
visit us at www.wilber-learndev.com
8. Cyberespionage:
visit us at www.wilber-learndev.com
Cyberespionage involves the theft of sensitive information by nation-states or other organizations for strategic or competitive advantage.
visit us at www.wilber-learndev.com
COMMON CYBERSECURITY THREATS INCLUDES: [8]
visit us at www.wilber-learndev.com
Mistakes
visit us at www.wilber-learndev.com
In Computer Security, mistakes are commonly made through errors and omissions, and account for a large number of integrity issues. [9]
visit us at www.wilber-learndev.com
According to Watters (2024), errors and omissions are commonplace in computer security, giving rise to a multitude of integrity issues. A significant source of these mistakes stems from software development oversights, where failure to validate user input passing from the interface to a data or processing module can result in integrity problems and expose vulnerabilities beyond the immediate data field. Additionally, data entry errors create alternative attack vectors.
visit us at www.wilber-learndev.com
Data entry mistakes also open up other attack vectors.
visit us at www.wilber-learndev.com
Mistakes are also prevalent in the system administration area. For example, the lack of turn-on controls means that many systems are configured to be quite open rather than closed in nature. Many software products, including operating systems and database servers, are shipped with default passwords. These should be disabled and replaced with user-selected passwords, especially for system accounts. [10]
visit us at www.wilber-learndev.com
In the realm of system administration, mistakes are prevalent, notably in the absence of adequate controls. Many systems are configured to be excessively open rather than closed, and various software products, including operating systems and database servers, are shipped with default passwords. Despite the recurring advice to disable default passwords and replace them with user-selected alternatives, hackers continue to exploit widely available default password lists on the Internet, targeting inadequately protected systems.
visit us at www.wilber-learndev.com
Stealing and Fraud
visit us at www.wilber-learndev.com
When considering fraud cases, it is useful to ponder who is the most likely attacker. [11]
visit us at www.wilber-learndev.com
Considering fraud cases, Watters suggests contemplating the likely perpetrator. Is it an external entity with no knowledge of internal systems, or could the threat originate from someone inside the firewall, possibly involved in designing or maintaining the systems? The complexity deepens in an era of strategic outsourcing, where an insider operating from a different country and jurisdiction poses challenges in detection and enforcement compared to dealing with a fraudster within the same building and country. This highlights the intricate nature of addressing internal threats, especially in a globalized and outsourced environment.
visit us at www.wilber-learndev.com
Hacking [12]
visit us at www.wilber-learndev.com
According to Watters (2024), hacking involves the unauthorized attempt to access both logical and physical systems. Historically, hackers were primarily driven by curiosity, an interest in understanding and improving system functionality. While this curiosity can be constructive, it becomes problematic and often constitutes a criminal offense when it evolves into unauthorized access. With the emergence of organized crime on the Internet, hacking has transformed into a less benign activity, driven by motives of greed, aiming to infiltrate systems for information theft or monetary gain.
visit us at www.wilber-learndev.com
Various techniques are employed by attackers to gain illegal access to systems, including brute-force password cracking, phishing to obtain user credentials, and deploying malicious software to capture and remotely relay keystrokes, among others. The methods of remotely penetrating a system are virtually boundless, limited only by the hacker’s imagination and technical capabilities. Social engineering techniques are also commonly employed, manipulating individuals, such as help desk staff, into believing the assumed identity of a legitimate user, allowing the hacker to exploit this false but verified identity to reset passwords. The prevention of system penetration stands as a paramount challenge in the field of cybersecurity, given the diverse and ever-evolving array of tactics employed by hackers.
visit us at www.wilber-learndev.com
Espionage (Commercial and Government) [13]
visit us at www.wilber-learndev.com
As outlined by Watters (2024), in the digital era, the primary source of wealth creation is intellectual property. Traditionally, wealth was derived from ownership of physical resources and means of production in manufacturing. However, a profound shift has occurred, transitioning from physical products to virtual products and services, posing new challenges in an interconnected world. In this landscape, business competitors may engage in attempts to infiltrate systems to acquire commercially sensitive information, including future sales forecasts, designs for new products, client lists, and more.
visit us at www.wilber-learndev.com
Governments can play a role in sponsoring such espionage activities, either on behalf of state-sponsored enterprises or to gain insights into foreign government activities, encompassing defense and national security vulnerabilities. Notably, these espionage-driven attacks often go undetected, as the attackers purposefully aim to leave no trace of their activities. Long-term compromise of a system can serve as a valuable source of data for foreign governments, reminiscent of the strategic cracking of the Enigma machine during World War II, which allowed Allied governments to eavesdrop on Axis communications. This underscores the persistent threat posed by espionage, both in the corporate and government sectors, in the ever-evolving digital landscape.
visit us at www.wilber-learndev.com
Malicious Code (Malware) [14]
visit us at www.wilber-learndev.com
As elucidated by Watters (2024), the proliferation of malicious code stands out as the paramount threat to systems in terms of penetration. Similar to the innocent origins of hacking rooted in curiosity, early instances of malicious code, like the stoned virus, were initially treated as practical jokes. However, in recent years, malicious code has evolved into the primary means for system penetration, comprising various types such as viruses, Trojan horses, and worms.
visit us at www.wilber-learndev.com
In the realm of computer viruses, their self-replicating nature allows them to insert themselves into executable code on disk or memory. These viruses can rapidly spread among computers through email attachments or USB disks, exemplified by the Kenzero virus, which blackmails users downloading explicit content. Trojan horses, on the other hand, camouflage their malicious intent within seemingly benign code that users willingly install. For instance, a user might unknowingly install malware while intending to install security software, leading to the unauthorized retrieval of user files by an attacker. Notable examples of Trojans include Torpig, Zeus, and SpyEye, the latter being particularly sophisticated in presenting fake banking statements to deceive users about the status of their accounts.
visit us at www.wilber-learndev.com
Worms, distinct from viruses, exploit network services for propagation and attacks without attaching themselves to executables on disk or in memory. Modern malware has advanced to the extent of utilizing zombie computers or botnets, controlled by a botmaster, to launch coordinated attacks from thousands of PCs simultaneously, often resulting in server crashes and denial of access to legitimate users (DDoS). This has been exploited for extortion, where a DDoS attack is launched unless a ransom is paid.
visit us at www.wilber-learndev.com
Unpatched software emerges as a significant vector for malware infections, as attackers exploit vulnerabilities to attach malicious code to applications or documents containing valuable data. Macro viruses associated with word processing or spreadsheet documents exemplify this, along with frequent discoveries of vulnerabilities at the operating system level, providing hackers with opportunities for unauthorized access. The evolving sophistication of malware underscores the critical need for constant vigilance and robust cybersecurity measures.
visit us at www.wilber-learndev.com
Scams [15]
visit us at www.wilber-learndev.com
Scams are often used by cybercriminals to obtain financial benefit by fraud and deception. Scams can fall into either the technically enhanced or technically enabled categories. Scams are a growing threat and can range across a whole variety of mechanisms to steal information or trick consumers. Common scam types include:
visit us at www.wilber-learndev.com
- Banking scams (such as card skimming and phishing)
- Chain letters and pyramid schemes
- Investment schemes
- Job and employment schemes
- Mobile phone schemes
- Fake online pharmacies, and so on.
visit us at www.wilber-learndev.com
Sometimes, scams simply promise something that they can’t deliver, but trickery or deception is always the common element.
visit us at www.wilber-learndev.com
Recent research has attempted to group together all the different scam types since law enforcement and government reporting bodies tend to use their own descriptions which are often incompatible with each other. These categories includes:
visit us at www.wilber-learndev.com
- Financial gain through low-level trickery, such as psychic and clairvoyant scams
- Financial gain and information gathering through developed story-based applications, such as dating and romance scams
- Participation and information gathering through employment-based strategies, leading to identity theft
- Financial gain through implied necessary obligation, such as callbacks to a premium rate number
- Information gathering through apparently authentic appeals, such as spyware and phishing
- Financial gain through merchant and customer-based exploitation, including shill bidding, bid shielding, merchandise, and nondelivery
- Financial gain and information gathering through marketing opportunities, such as Ponzi and pyramid schemes.
visit us at www.wilber-learndev.com
Research indicates that the key business processes for scams are:
visit us at www.wilber-learndev.com
(1) what the scam is offering,
(2) the victim’s role,
(3) the scammer’s role, and
(4) the way that the scam is introduced.
visit us at www.wilber-learndev.com
Conclusion
visit us at www.wilber-learndev.com
In conclusion, Watters (2024) [16] emphasizes the multifaceted nature of security threats faced by organizations in the realm of cybercrime and cybersecurity. The chapter highlights that while attention often gravitates towards highly technical cyber threats, the failure to implement and enforce organizational policies and guidelines can be equally detrimental. The author underscores the significance of a holistic security response, combining both technical and non-technical countermeasures.
visit us at www.wilber-learndev.com
The chapter suggests that effective organizational countermeasures, such as stringent access control and authorization protocols, can play a pivotal role in preventing many technical penetrations associated with cyberattacks. By addressing vulnerabilities at the foundational level, such as restricting access for ordinary users and mitigating the risk of “drive-by downloads” from malicious websites, organizations can proactively fortify their defenses. Watters advocates for a strategic approach to cybersecurity, emphasizing proper planning and implementation of access controls over relying solely on advanced antivirus systems.
visit us at www.wilber-learndev.com
In subsequent chapters, the reader is teased with the promise of further insights into the integration of technical and non-technical measures for a comprehensive security posture. This holistic perspective aligns with the evolving landscape of cyber threats, encouraging organizations to adopt a proactive stance in safeguarding their systems and data. Overall, Watters encourages a shift in focus from reactive measures to a proactive and strategic approach to cybersecurity, acknowledging the interconnectedness of technical and organizational factors in effectively combating cyber threats.
visit us at www.wilber-learndev.com
Notes:
visit us at www.wilber-learndev.com
[1] Kaspersky. (2023, December 5). What is hacking? and how to prevent it. www.kaspersky.com. https://www.kaspersky.com/resource-center/definitions/what-is-hacking
[2] FBI. (2016, May 3). Cyber crime. FBI. Retrieved February 28, 2023, from https://www.fbi.gov/investigate/cyber
[3] “In 1994, the United Nations Manual on the Prevention and Control of Computer Related Crime noted that fraud by computer manipulation; computer forgery; damage to or modifications of computer data or programs; unauthorized access to computer systems and service; and unauthorized reproduction of legally protected computer programs were common types of computer crime.” ‘Comprehensive Study on Cybercrime’ prepared by United Nations Office on Drugs and Crime for the Intergovernmental Expert Group on Cybercrime, February 2013, 5 (visited October 16, 2013).
[4] ‘Love bug hacker is Pandacan man, 23’ (visited October 16, 2013).
[5] ‘Issues Monitor: Cyber Crime–A Growing Challenge for Governments’, KPMG International 2014, 2 (visited October 16, 2013).
[6] Id. at 2, citing Cyber attacks: from Facebook to nuclear weapons, The Telegraph, February 4, 2011; A Good Decade for Cybercrime, McAfee, 2010; Spamhaus on March 10, 2011; PCMeg.com on March 10, 2011; and The cost of cybercrime, Detica, February 2011.
[7] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press.
[8] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press.
[9] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 31
[10] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 31
[11] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 31
[12] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 34-35
[13] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 35
[14] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 36-37
[15] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press, pp. 37-38
[16] Watters, P. A. (2024). Cybercrime and cybersecurity. CRC Press.
visit us at www.wilber-learndev.com
— END OF LESSON 3 —
visit us at www.wilber-learndev.com