CHAPTER lll

The Hacker, Hacking Tactics and the Victim

Who is the hacker?

Hacking emerged with the invention of computers. The term “hacker” has a variety of definitions.
Among computer professionals, it is applied to someone who is proficient at software programming,
debugging systems, or identifying vulnerabilities in a given computer, software application, or computer
network. These are valuable skills for computer programmers and technicians. However “hacker” has
taken on a negative meaning among the public and in the media. Outside the computer industry, the
term is now generally used to describe a person with these skills who decides to apply them toward a
damaging or illegal purpose.

A hacker is an individual who uses computer, networking or other skills to overcome a technical
problem. The term hacker may refer to anyone with technical skills, but it often refers to a person who
uses his or her abilities to gain unauthorized access to systems or networks in order to commit crimes. A
hacker may, for example, steal information to hurt people via identify theft, damage or bring down
systems and often, hold those system hostage to collect ransom.

The term hacker has historically been a divisive one, sometimes being used as a term of admiration for
an individual who exhibits a high degree of skill, as well as creativity in his or her approach to technical
problems. However, the term is more commonly applied to an individual who uses this skill for illegal or
unethical purposes.

There is a community, a shared culture, of expert programmers and networking wizards that tracer its
history back through decades to the first time-sharing minicomputers and the earliest ARPAnet
experiments. The members of this culture originated the term “hacker”. Hacker built the internet.
Hackers made the Unix operating system what it is today. Hackers make the World Wide Web work. If
you are part of this culture, if you have contributed to it and other people in it know who you are and
call you a hacker, you’re a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the
hacker attitude to other things, like electronics or music, actually, you can find it at the highest levels of
any science or art. Software hackers recognize these kindred spirits elsewhere and may call them
“hackers” too and some claim that the hacker nature is really independent of the particular medium the
hacker works in.

There in another group of people who loudly call themselves hackers, but aren’t. these are people
(mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone
system. real hackers call these people “crackers” and want nothing to do with them. Real hackers mostly
thinks crackers are lazy, irresponsible, and not very bright, and object that being able to break a security
doesn’t make you a hacker any more than being able to hotwire cars makes you an automotive
engineer. Unfortunately, may journalist and writers have been fooled into using the word “hacker” to
describe crackers; this irritates real hackers no end
 The basic difference is this: hackers build things, crackers break them.

Types of Hackers

The security community has informally used references to hat color as a way different types of
hacker are identified, usually divided into three types:

1. White hat
2. Black hat
3. Gray hat

White hat hackers, also known as ethical hackers, strives to operate in the public’s best interest, rather
than to create turmoil. Many white hat hackers work doing penetration, hired to attempt to break into
the company’s networks to find and report on security vulnerabilities. The security firms then help their
customers mitigate security issues before criminal hackers can exploit them.

Black hat hackers intentionally gained unauthorized access to networks and system with malicious
intent, whether to steal data spread malware or profit from ransomware, vandalize or otherwise
damage system or for any other reason including gaining notoriety. Black hat hackers are criminals by
definitions because they violate laws against accessing systems without authorization, but they may also
engage in other illegal activity, including identify theft and distributed denial-of-service attacks.

Gray hat hackers fail somewhere between white hat hackers and black hat hackers. While their motives
may be similar to those of white hat hackers, gray hats are more likely than white hat hackers to access
systems without authorization; at the same time, they are more likely than black hat hackers. Although
they aren’t typically-or only-motivated by money, gray hat hackers may off to fix vulnerabilities they
have discovered through their own, unauthorized, activities rather than using their knowledge to exploit
vulnerabilities for illegal profit.

Hackers of all types participate in forums to exchange hacking information and tradecraft. There are a
number of hacker forums where white hat hackers can discuss or ask questions about hacking. Other
white hat hackers forums offer technical guides with step-by-step instructions on hacking.

Forums and marketplaces serving black hat hackers are often hosted on the dark web, and offer black
hat hackers with an outlet for offering, trading and soliciting illegal hacking services.

Criminal hackers, who sometimes lack their own technical skills, often use scripts and other specifically
designed software programs to break into corporate networks. This software may manipulate network
data network connection to gather intelligence about the workings of the target system.

These scripts can be found posted on the internet for anyone, usually entry-level hackers, to use.
Hackers with limited skill are sometimes called script kiddies, referring to their need to use malicious
scripts and their inability to create their own code. Advanced hackers might study these scripts and then
modify them to develop new methods.
How do cyber criminals attack?

Three methods that cyber criminals use to attack as defines Security in the digital world

1. Social engineering: The attacker tries to manipulate you into giving them either your information, or
access to your computer so that they can get the information themselves. This can take place through
many types of communications, including the telephone (vishing), email (phishing), text messages
(smishing) or chats within games or apps. The aim of social engineering is to exploit human nature by
targeting common human traits such as the fear of being attacked.

2. Malware: Malware is malicious software that will damage or harm your computer, network or
information with the sole intent of infecting your system. Some malware will attempt to take control of
the system, allowing the attacker to do anything they want with it or the information in the device, deny
you the device or the information, or benefit from taking control of the device or the information.
Malware is constantly altered by attackers to create new strains, so it is almost impossible to keep track.
Known strains include Trojans, jailbreaks, viruses, bots and worms.

3. Ransomware: Petya, Wanna Cry and not Petya are all strains of ransomware that affected the
computer systems of organizations worldwide. Ransomware is a type of malware that is delivered by
social engineering and blocks access to the information stored on your device/system. Users will be
denied access to their information unless they pay a ‘ransom’ to the attacker – usually in an electronic
currency such as bitcoin.

These methods may be use on their own, or you could fall victim to an attack that uses a combination.
The attacker uses more than one type of communication to make you more confident that you are nit
being duped or manipulated