HACKERS’ ATTITUDE

Submitted By: Rakhi Sinha Roshni Wadhwani Surbhi Singh

CONTENTS

What is hacking? Timeline of hacking Types of hacking The Threats Some Hacking Incidents Who is Hackers? Why do Hackers Hack? Hackers’ Attitudes Indian IT Act 2000 Computer Fraud And Abuse Act Conclusion References

WHAT IS HACKING?

Hacking means finding out weaknesses in an

established system and exploiting them.

In computer networking, hacking is any

technical effort to manipulate the normal

behavior of network connections and

connected systems.

Hacking vs. Cracking

Malicious attacks on computer networks are

officially known as cracking, while hacking truly

applies to both activities having good intentions

and bad intentions. Most non-technical people

fail to make this distinction, however. Outside of

academia, its extremely common to see the

term "hack" misused and be applied to cracks

as well.

TIMELINE OF HACKING

1969 - Unix ‘hacked’ together

1971 - Cap and Crunch phone exploit discovered

1988 - Morris Internet worm crashes 6,000 servers

1994 - $10 million transferred from CitiBank

accounts

1995 - Kevin Mitnick sentenced to 5 years in jail

2000 - Major websites succumb to DoS

2000 - 15,700 credit and debit card numbers

stolen from Western Union (hacked while web

database was undergoing maintenance)

2001 Code Red

• exploited bug in MS IIS to penetrate & spread

• probes random IPs for systems running IIS

• had trigger time for denial-of-service attack

• 2nd wave infected 360000 servers in 14 hours

Code Red 2 - had backdoor installed to allow

remote control

Nimda-used multiple infection mechanisms email,

shares, web client, IIS

2002 – Slammer Worm brings web to its knees

by attacking MS SQL Server

TYPES OF HACKING

Normal data transfer

Interruption Interception

Modification Fabrication

THE THREATS

Denial of Service (Yahoo, eBay, CNN, MS)

Loss of data (destruction, theft)

Divulging private information

(Air Miles, celebrities)

SOME HACKING INCIDENTS

Internet Worm

• Robert T. Morris made an internet worm in

Nov. 1988. It spread through the internet

and crashed about 6000 systems.

Cuckoo’s Egg

• Clifford Stoll caught the hackers who are

the German hackers.

WHO IS HACKER?

A computer hacker is a person who finds out

weaknesses in the computer and exploits it.

Hackers may be motivated by a multitude of

reasons, such as profit, protest or

challenges.

Alternatively, the term hacker is used to

refer to a person that pushes technology

beyond perceived norms at the time.

WHY DO HACKERS HACK?

Just for fun

Show off

Notify many people their thought

Steal important information

Destroy enemy’s computer network during

the war.

For personal and financial gains.

HACKERS’ ATTITUDES

HACKERS’ ATTITUDE DEFINITION

WHITE HAT HACKERA white hat hacker, also rendered as

ethical hacker, is, in the realm of

information technology, a person who is

ethically opposed to the abuse of

computer systems.

BLACK HAT HACKERA black hat hacker is a person who

compromises the security of a

computer system without permission

from an authorized party, typically with

malicious intent. 

HACKERS’ ATTITUDE DEFINITION

GREY HAT HACKERThey are a hybrid between white and

black hat hackers who sometimes

hacks ethically and sometimes

illegally.

BLUE HAT HACKERA blue hat hacker is someone outside

computer security consulting firms that

are used to bug test a system prior to

its launch, looking for exploits so they

can be closed.

HACKERS’ ATTITUDES

HACKERS’ ATTITUDES

HACKERS’ ATTITUDE DEFINITION

SCRIPT KIDDIESA computer intruder with little or no

skill; a person who simply follows

directions or uses a cook-book

approach.

HACKTIVISTA hacktivist is a hacker who utilizes

technology to announce a political

message.

HACKERS’ ATTITUDES

HACKERS’ ATTITUDE DEFINITION

ELITE HACKERA social status  among

hackers, elite is used to describe

the most skilled.

NEOPHYTEA Neophyte or "newbie" is

someone who is new to hacking

and has almost no knowledge or

experience of the workings of

hacking technologies.

BLACK HAT HACKERS

Black hat hacker is the alternate name for

“crackers” who use their skills for destructive

purposes.

A black hat hacker is a person who uses their

knowledge of vulnerabilities and exploits for

private gain, rather than revealing them

either to the general public or the

manufacturer for correction.

BLACK HAT HACKERS

Many black hats hack networks and web

pages solely for financial gain.

Black hats may seek to expand holes in

systems; prevent others from compromising

the system on which they have already

obtained secure control.

Black hats may work to cause damage

maliciously and make threats.

WHITE HAT HACKERS

The term white hat hacker or ethical hacker

is also often used to describe those who

attempt to break into systems or networks in

order to help the owners of the system by

making them aware of security flaws.

Many such people are employed by computer

security companies; these professionals are

sometimes called sneakers. Groups of these

people are called tiger teams.

WHITE HAT HACKERS

The primary difference between white and

black hat hackers is that a white hat hacker

claims to observe ethical principles.

Like black hats, white hats are often

intimately familiar with the internal details of

security systems, and can find a solution to a

tricky problem. 

GREY HAT HACKERS

A Grey Hat in the computer security

community, includes a skilled hacker who

sometimes acts destructively and other times

in good will.

They usually do not hack for personal gain or

have malicious intentions, but may or may

not occasionally commit crimes during the

course of their technological exploits.

GREY HAT HACKERS

A grey hat will not necessarily notify the

system admin of a penetrated system of

their carried out penetration.

A person who breaks into a computer system

and simply puts their name there whilst

doing no damage are also included in this

category.

SECTION 66 OF THE INDIAN IT ACT 2000

Whoever with the intent to cause or knowing

that he is likely to cause wrongful loss or

damage to the public or any person destroys

or deletes or alters any information residing

in a computer resource or diminishes its

value or utility or affects it injuriously by any

means, commits hacking.

Whoever commits hacking shall be punished

with imprisonment up to three years, or with

fine upto two lakh rupees, or with both.

COMPUTER FRAUD & ABUSE ACT(18

USC 1030) Hacking law 1 as stated in the section

11 of the Atomic Energy Act of 1954

Knowingly accesses a computer without

authorization or exceeds authorized access,

and by means of such conduct obtains

information that has been determined by the

United States Government pursuant to an

Executive order or

statute to require protection against

unauthorized disclosure for reasons of national

defense or foreign relations, or any restricted

data, as defined in paragraph y of section 11 of

the Atomic Energy Act of 1954.

Hacking law 2 as stated in section 1602

of title 15 of Fair Credit Reporting Act

(15 U.S.C. 1681)

Intentionally accesses a computer without

authorization or exceeds authorized access,

and thereby obtains information contained in a

financial record of a financial institution, or of

a card issuer as defined in section 1602(n) of

title 15, as such terms are defined in the Fair

Credit Reporting Act .(15 U.S.C. 1681)

Hacking law 3

Intentionally, without authorization to access

any computer of a department or agency of

the United States, accesses such a computer

of that department or agency that is

exclusively for the use of the Government of

the United States or, in the case of a

computer not exclusively for such use, is used

by or for the Government of the United States.

Hacking law 4

Knowingly and with intent to defraud, accesses

a Federal interest computer without

authorization, or exceeds authorized access,

and by means of such conduct furthers the

intended fraud and obtains anything of value,

unless the object of the fraud and the thing

obtained consists only of the use of the

computer. Shall be punished as provided in

subsection (c) of the section.

SUBSECTION C

(A)A fine under this title or imprisonment for not

more than ten years, or both, in the case

of an offense under subsection (a)(1) of this

section which does not occur after a conviction

for another offense under such subsection.

(B)A fine under this title or imprisonment for not

more than twenty years, or both, incase of an

offense under subsection (a)(1) of this section

which occurs after a conviction for another

offense under such subsection.

Hacking law 5

Intentionally accesses a Federal interest

computer without authorization, and by

means of one or more instances of such

conduct alters, damages, or destroys

information in any such Federal interest

computer, or prevents authorized use of any

such computer or information, and thereby-

(A) Causes loss to one or more others of a

value aggregating $1,000 or more during any

one year period, or

(B) Modifies or impairs, or potentially modifies

or impairs, the medical examination, medical

diagnosis, medical treatment, or medical

care of one or more individuals.

Hacking law 6 as stated in section 1029

Knowingly and with intent to defraud traffics

(as defined in section 1029) in any password or

similar information through which a computer

may be accessed without authorization, if

(A) Such trafficking affects interstate or foreign

commerce; or

(B) Such computer is used by or for the

Government of the United States.

CONCLUSION

There is no separate detailed law in India for

Computer Fraud, Abuse, Tempering and

Hacking.

There is only a slight provision in section 66 in

IT Act 2000.

Provision should be made in Indian IT Act 2000

to encourage Ethical Hacking because Ethical

Hacking is a measure to reduce illegal hacking.

REFRENCES

1. www.cyberlawsindia.net

2. www.protectivehacks.com/hackinglaws.html

3. www.cybercrime.gov/reporting.htm

4. www.asianlaws.org/abuse/hacking

5. www.kyrion.in/security/hacking