Hacking and Securing

8/2/2019 Hacking and Securing

1/22

Sudhir Pratap Singh Rathore


2/22

Basics related to the seminar topic

E-Mail: E-mail is a method of exchanging digitalmessages from author to one or more

recipients.Hacking: Unauthorized use or attempts to bypass

security mechanism of an informationsystem.

Hacker: A programmer who breaks into computersystem in order to steal or change or destroyinformation as a form of cyber-terrorism.


3/22

Cracking E-mail Accounts

E-mail Hacking is one of the most common attacks onthe internet.

Do you think someone is sending abusive e-mailsfrom your account to everybody in the address book?

Do you suspect that someone has been reading your

e-mail?


4/22

There are a few different techniques that arecommonly used by attackers, namely:

a. Password Guessing

b. Forgot Password Attacks

c. Brute Force Password Crackingd. Phishing Attacks

e. Input Validation Attacks

f. Keylogging


5/22

Password Guessing

Low Threat LevelEasily Executed

Very common, but not very effective

It is the most common attack.

Attacker gathers as much personal information aboutvictim as possible and then simply tries his luck by

entering different combination.


6/22

Forgot Password Attacks

Mid level threat Easily Executed

Not very Effective

It is an extension to password guessing attack.

All e-mail service providers have an option that allowsuser to reset or retrieve their E-mail account password

by answering few predefined questions.


7/22

Brute Force Password Attacks

High level threat.Very slow.

Very effective.

In this attack, an automatic tool or script tries allpossible combinations of available keywords.

Such a hit and trial method.


8/22

Phishing

Very high level threatEasily executed

More effective

Phishing is a technique in which attacker creates a faketimed out screen or re-login screen or error screen andsends it victim hoping that victim will re-enter accountusername and password.

Such account information reaches the attacker.


9/22

Input Validation Attacks

Very high threat level. Easily executed, not so common.

Very effective.

This attack allows an attacker to illegitimately reset thepassword of any victim without any properauthorization.

This attack can easily be executed in following steps:a) Open internet browser.

b) Copy and paste under mentioned URL into addressbar of the browser:


10/22

http://register.passport.net e-mailpwdreset.srf?lc=1033

&[email protected]&id=&cb=&[email protected]&rst=1

Simply press enter and an e-mail will be sent toattackers e-mail address, will allow attacker to changevictims password without entering any authorization.
http://register.passport.net/mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1mailto:&[email protected]&id=&cb=&[email protected]&rst=1http://register.passport.net/http://register.passport.net/http://register.passport.net/http://register.passport.net/http://register.passport.net/http://register.passport.net/http://register.passport.net/


11/22

Keylogging

It refers to the process of recording each and every keystrokes that a user types on a specific computerkeyboard. This can be done using a small softwareprogram called keylogger also known as spy software .


12/22

Securing E-mail Accounts

Basic terminology that a user can use to not let hackereasily hack your E-mail account:

Password should not be too short.

Try to use both uppercase and lowercase.

Try to use combination of alphabets, numbers andspecial characters.

Keep changing your password. Do not use same password for all your accounts.

Use a secure internet connection.


13/22

There is no any particular software to protect the E-mail account. Basically a concept is used to secure E-mail is Encryption.

Encryption is the process of converting plain text fileinto scrambled data using a predefined encryptionalgorithm.

Encrypted text back into original plaintext form bysimply running the predefined decryption algorithm.

Plaintext (encryption) CIPHERTEXT

(decryption) plaintext


14/22

Some encryption terms defined:

Plaintext : The original human readable data thathas not been encrypted.

Ciphertext : The scrambled data that has beenencrypted using an algorithm.

Cipher : Mathematical process that convertsplaintext data into ciphertext data.

Cryptography : The art of using mathematics or

logical algorithms to carry outencryption and decryption of data.

Cryptanalysis : Using of logical algorithms to break acipher to retrieve original data.


15/22

Background Information on Encryption

A strong encryption algorithm rely on two differentfeatures to successfully encrypt data:

1) Mathematical Algorithm

2) Keys

Mathematical algorithm uses a set of mathematicalformulas that convert plaintext data into ciphertext.

Mathematical algorithms are quite easy so thatattacker can easily download such algorithms to breakan encryption system.


16/22

Modern days encryption system not only rely onmathematical algorithms but also use keys to encrypt

plaintext into cipher text.

Keys are piece of data that are used by mathematical

algorithms.Keys are unique for each user and are randomlygenerated by user himself.

It means that same piece of plaintext data when

encrypted using same algorithm but with differentkeys, will generate two different sets of ciphertext data.

Hence, an attacker can decrypt ciphertext into originalplaintext only with help of the correct key.


17/22

For example:

plaintext* (algorithm1+private key)=ciphertext1

plaintext*(algorithm1+private key2)=ciphertext2

It introduces a problem that how to securely transfer

the private key of sender to recipient, when sendersends a encrypted message to recipient, so thatrecipient can decrypt that ciphertext.

This weakness of encryption system can be resolved

with help of set of two different keys:Private key

Public key


18/22

Each user is assigned both Private key (used fordecryption) and Public key (used for encryption).

User makes his public key available to all users oninternet, keeping his private key guarded securely.

Anyone can use public key to send you encrypted mail.

Such encrypted e-mail can be decrypted with the helpof private key.

So attacker will need public key along with private keyto decrypt the encrypted e-mail.


19/22

Public and Private keys are mathematicallyrelated, it is very difficult to retrieve private key of a

victim from just public key.

A slight possibility that a attacker might retrieve

private key of the victim but by choosing keys of longsize make more difficulty to the attacker to break theprivate key.

For example, a 1024 bits key is considered to be verysecure (at least for now).


20/22

There are few acts on cyber crime, such are:

Cyber stalking: Stealthily following a personand tracing his internet chat.

punishment : 3 years and fine up to 2 lakh.

Cyber Terrorism : Protection against cyberterrorism.

punishment : Imprisonment for a term, mayextend to 7years.

Privacy : Unauthorized access to computer.

Relevant sections in IT act- 43,66,67,69,72.


21/22

Cyber Hacking : Alteration, deletion, destructionin computer system.

punishment : 3years or fine up to 2 lakh.

Phishing : Bank financial fraud in electronic

banking.punishment : 3years or with fine up to 2 lakh.


22/22

Thank

You

Hacking and Securing

Documents

Transcript of Hacking and Securing