black hat hackers

30
BLACK HAT HACKERS Rajitha.B 09131A1276 Information Technology 14-03-2013 1

Upload: santosh-kumar

Post on 22-Nov-2014

2.152 views

Category:

Technology


0 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Black hat hackers

1

BLACK HAT HACKERS

Rajitha.B09131A1276Information Technology

14-03-2013

Page 2: Black hat hackers

OUTLINE• Introduction• History• Famous Hackers• Types of Hackers• Black Hat Hackers• Pre-Hacking stage• Domains affected by Hacking• Types of attacks• Detection and counter measures• SQL Injection• Pros and cons• Conclusion• References

14-03-2013 2

Page 3: Black hat hackers

3

Introduction

Hacking refers to an array of activities which are done to intrude someone else’s personal information space so as to use it for malicious, unwanted purposes.

Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.

14-03-2013

Page 4: Black hat hackers

4

History

1980s- Cyberspace coined-414 arrested-Two hacker groups formed-2600 published

1990s-National Crackdown on hackers-Kevin Mitnick arrested

14-03-2013

Page 5: Black hat hackers

5

Cont.…

2001– In one of the biggest denial-of-service

attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.

2007– Bank hit by “biggest ever” hack.

Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account.

14-03-2013

Page 6: Black hat hackers

6

Famous Hackers

14-03-2013

Page 7: Black hat hackers

7

Types of hackers

White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)

Black hat hacker(illegal or bad ) Grey hat hacker(A grey hat in the hacking

community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers)

14-03-2013

Page 8: Black hat hackers

8

Black Hat Hackers A "black hat hacker” is a hacker who

violates computer security for little reason beyond maliciousness or for personal gain.

Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.

14-03-2013

Page 9: Black hat hackers

9

Pre-hacking stage

Part 1: TargetingThe hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information GatheringIt is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system.

14-03-2013

Page 10: Black hat hackers

10

Cont.…

Part 3: Finishing The AttackThis is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from.

14-03-2013

Page 11: Black hat hackers

11

Domains affected by hacking

Mobile hacking Email hacking Data stealing Injecting virus and Trojans Man -in-middle attacks Internet applications

14-03-2013

Page 12: Black hat hackers

12

TYPES OF ATTACKS

Denial of Services attacks Threat from Sniffing and Key

Logging Trojan Attacks

14-03-2013

Page 13: Black hat hackers

13

Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users.

14-03-2013

Page 14: Black hat hackers

14

DOS Attacks: Ping of Death AttackThe maximum packet size allowed to be transmitted by TCP\IP on a network is 65 536 bytes.

In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCP\IP, is sent to the target system.

As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs.

14-03-2013

Page 15: Black hat hackers

15

Threats from sniffers and Key loggers

Sniffers: capture all data packets being sent across the network. Commonly Used for:

Traffic MonitoringNetwork Trouble shootingGathering Information on Attacker.For stealing company Secrets and sensitive data.

Commonly Available Sniffers• tcpdump • DSniff

14-03-2013

Page 16: Black hat hackers

16

Threats from key loggers

Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures

Periodic Detection practices should be made mandatory.A Typical Key Logger automatically loads itself into the memory, each time the computer boots. Thus, the start up script of the Key Logger should be removed.

14-03-2013

Page 17: Black hat hackers

17

Trojan AttacksTrojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker.

Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections.3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system.

14-03-2013

Page 18: Black hat hackers

18

Trojan Attacks : Detection and counter measuresDetection & Countermeasures

Scan your own system regularly.

If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.

One can remove a Trojan using any normal Anti-Virus Software

14-03-2013

Page 19: Black hat hackers

19

SQL injection

SQL injection is a technique often used to attack data driven applications.

This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.

string literal escape characters embedded in SQL statements like (‘ or * ) etc.

SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

14-03-2013

Page 20: Black hat hackers

20

Structure of SQL Injection

14-03-2013

Page 21: Black hat hackers

21

How SQL Injection is performed?

when user input is not filtered for escape characters and is then passed into a SQL statement.

The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';"For example: For example, setting the "userName" variable as:' or '1'='1' or '1'='1' -- '' or '1'='1' ({ '' or '1'='1' /* '

14-03-2013

Page 22: Black hat hackers

22

Cont.…. The above username ‘1=1’ is always true

and can even delete the tables.SELECT * FROM users WHERE name = ''OR '1'='1'; Example:Step 1: Figure out how the application handles bad inputs• Email address is taken for the SQL

injection [email protected]' • The extra quote is added to the above

email address.

14-03-2013

Page 23: Black hat hackers

23

Cont.…

The SQL statement as follows: SELECT data FROM table WHERE Email input = [email protected]”; The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = '[email protected]' WHERE email = '[email protected]';

14-03-2013

Page 24: Black hat hackers

24

Cont.…

The hacker enters into the database and drops the tables .

Insertion of any other data in table can be done.

14-03-2013

Page 25: Black hat hackers

25

SQL Injection

14-03-2013

Page 26: Black hat hackers

26

SQL Injection Prevention

Encrypt sensitive data. Access the database using an

account with the least privileges necessary.

Install the database using an account with the least privileges necessary.

Ensure that data is valid.

14-03-2013

Page 27: Black hat hackers

27

Pros and cons

Pros

• Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company’s security.

Cons• The hacker can break into the system and

steal information.

• If the hacker is inexperience he can leave harmful programs and delete the information.

14-03-2013

Page 28: Black hat hackers

28

Conclusion

 Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security.

14-03-2013

Page 29: Black hat hackers

29

Referenceshttp://www.blackhatlibrary.net/Main_Pagehttp://prezi.com/sxnobhzvsenq/hacking-and-cracking-pros-and-conshttp://www.cybercure.in/hacking/http://en.wikipedia.org/wiki/Hacker_(computer_security)http://en.wikipedia.org/wiki/The_Hacker_CrackdownCyber cure customized e-book

http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdfhttp://crypto.stanford.edu/cs142/lectures/16-sql-inj.pdf

14-03-2013

Page 30: Black hat hackers

30

Thank you

14-03-2013