Ethical Hacking (lect 1-1)

Questions and Answers

Ethical Hackers (White hat hackers)

good hackers, defenders. Works for the benefit of the public.

Grey hat hacker

between the lines of good and bad hacker. Possibly rehabilitated.

Black hat hackers and cyberterrorists

Black hat hacker: criminals Cyberterrorists: hackers that are terrorists. Destroy targets and cause physical harm (to the person using the target device). Sometimes their actions are not stealthy. Cyberterrorists aim to cause actual physical injury or danger, going beyond just digital damage.

Botnet

a network of computers that are compromised. the botnet herder or botmaster can control and command them using command and control software.

Storm botnet

infects machines mostly by malware in email attachments and have them use the eDonkey peer-to-peer network to find other infected machines. It was used not just for spam but for Distributed Denial-of-Service and for harvesting credentials.

Conficker botnet

a worm that spreads by exploiting Windows network service vulnerability. generated domain names every day and infected machines are put in those domains which the botmaster had control.

Mirai botnet

A family of botnets that exploit IoT devices. The first Mirai worm infected CCTV cameras that had been manufactured by Xiaomi and that had a known factory default password that could not be changed.

How to put machines into a domain

To put machines into a domain, particularly in the context of botnets and cybersecurity, the botmaster typically uses a method called "domain generation algorithm" (DGA). Here’s how it works:

1. Generate Domains: The botmaster's malware generates a list of domain names daily.
2. Register Domains: The botmaster registers some of these domains.
3. Malware Connects: Infected machines (bots) use the same DGA to generate the same list of domains and attempt to connect to them.
4. Command and Control: Once a bot connects to a registered domain, it can receive commands and updates from the botmaster. This technique helps the botmaster maintain control over the botnet even if some domains get blocked or taken down.

tools and activities used to develop malware

perform research on turning vulnerabilities into exploits. develop remote access trojans that delivers malware. build robust domain generation algorithm software for command and control communications. design specialized payloads for various purposes.

A Trojan, or Trojan horse

type of malware that disguises itself as legitimate software or is hidden within legitimate software. Once installed, it can perform malicious activities

Android malware

"Unpatched old Android devices" refers to older Android smartphones or tablets that haven't received recent software updates or security patches. In many countries, they are sources of malware infection.

Dropper

A replication mechanism that malware has. Examples: Worm: Malware that copies itself when it is run (Standalone!) Virus: Malware spread through other software as medium, such as macros in documents.

Payload

An actual code that causes damages. Exfiltrate the victim’s data, Encrypt the victim’s data, Steal important credentials (passwords, etc.), Surveil the victim’s machine, Steal CPU power (to, e.g., mine cryptocurrency), Install some other malware.

Ransomware

threatens to publish victim's personal data or block access to it unless a ransom is paid. it encrypts the victim's files, making them inaccessible and demands a ransom payment to decrypt them. Bitcoin and other cryptocurrencies are used as payment methods, making tracing difficult.

Scareware

a technique used by cybercriminals. It involves tricking users into thinking their computer is infected with a virus or has some other serious problem, often through fake pop-up alerts or bogus software. The goal is to scare the user into paying for unnecessary or harmful software to "fix" the problem.

Ransomware-as-a-Service (RaaS)

These platforms allow anyone, even amateurs, to launch ransomware attacks. The operators using these services might not have the technical ability to decrypt files, meaning even if the victim pays the ransom, their files may remain inaccessible.

Hactivism

It often involves cyberattacks or digital disruptions against government, corporate, or institutional targets to protest, raise awareness, or enact change in line with the hackers' beliefs or goals. the attacks are usually denial-of-service: Companies or individuals cannot operate normally if they receive a lot of angry emails or tweets and doxing: search for and publish private or identifying information about a particular individual on the internet without their consent, typically with malicious intent.

Online shaming

"Online shaming" refers to the act of publicly criticizing, ridiculing, or shaming an individual or group through online platforms. eg. dog poo girl.

Mass surveillance

Mass surveillance isn't just the government spying on people, though that's a big part of it. It also involves data collection by big companies like social media platforms and tech giants. They gather lots of info for things like targeted ads, but there's always a concern about privacy and how this data might be used or misused.

mass surveillance(tempora)

to collect data from international fibre optic cables. International fibre optic cables are physical cables that are laid on the ocean floor, connecting continents and countries across vast distances.

mass surveillance(Muscular)

it collects data as it flowed between the data centres of large service firms such as Yahoo and Google.

mass surveillance(XKeyscore)

a search engine used by the NSA and other members of the "Five Eyes" alliance (the US, UK, Canada, Australia, and New Zealand) to search through massive amounts of data. Here’s a breakdown of how it works: Data Collection: It gathers data like emails, SMS messages, chats, address book entries, and browsing histories from various sources. Remote Search: Analysts can search this collected data remotely through a distributed database. Tasked Items: Specific data requested by analysts is extracted and sent to them. Notification System (Trafficthief): Alerts analysts when their targets do something noteworthy. Target Discovery: It can also find new targets. For example, analysts can use queries like “Show me all the exploitable machines in country X” to identify vulnerable machines. A tool called Mugshot helps compile machine fingerprints for this purpose.

Identity theft

Stealing of the information that allow a person to impersonate other person(s) for illegal purposes, mainly financial gains such as opening credit card/bank account, obtaining rental properties and etc.

Theft of service

Use of phone, Internet, streaming movies or similar items without permission; it usually involves password cracking. Example: Sharing a Netflix account with even friends can be considered as theft and can be prosecuted in certain states of US.

Network intrusion or unauthorized access

Most common type of attack; it leads to other cybercrimes. Example: Breaking into your neighbour’s WiFi network will open a lot of opportunities of attack.

Posting and/or transmitting illegal material

Distribution of pirated software/movies, child pornography.

Fraud

Deceiving another party or parties to illicit information or access typically for financial gain or to cause damage

Embezzlement

A form of financial fraud involving theft and/or redirection of funds.

Dumpster Diving

Gathering information from discarded/unattended material (ATM receipt, credit card statement and etc.),Going through rubbish itself is not illegal but going through rubbish in private property is.

DoS (Denial of Service) /DDoS (Distributed Denial of Service)

Overloading a system’s resources so that it cannot provide the required services to legitimate users. DDoS is performed in a larger scale – It is not possible to prevent DoS by blocking one source.

Cyberstalking/Cyberbullying

A relatively new crime on the list. The attacker uses online resources and other means to gather information about an individual and uses this to track, in some cases, to meet the person (cyberstalking); to harass the person (cyberbullying)

Cyberterrorism

Attackers make use of the internet to cause significant bodily harm to achieve political gains. The scope of cyberterrorism is controversial. Related to information warfare.