Introduction to Computer Crimes

and Ethical Hacking

LEARNING OBJECTIVES

After reading this chapter, you will be able to:

.Understand the concept of 'cybererime' and its Understand the concept of hacking and its
effect on the digital world. effect on digital world.
Interpret and apply security mechanisms on Understand the process of ethica! hacking.
various cybercrimes. Interpret and apply security mechanism to

Identify the different rypes of cybercrimes. secure system.

Explore practical knowledge about ethical Distinguish different categories ofhacking8

hacking methodology

The first faults are theirs that commit them; the second faults are theirs that permit them.

-Thomas Fuller

1.1 Introduction to Cybercrime

Crimes in India, using computers as the tool, have been on the rise. With the increasing trend of crimes
crimes from In today's world, Internet has
SIng computers, tools are being built to prevent such hackers orhappening.
criminals attack our computers to sniff
come an integral part of our everyday life. Everyday,
nto our personal data or other confidential data.
ne term cybercrime refers to crimes committed using computer (Figure 1.1). Traditionally, cybercrime
CreTS to the crime involving computer and computer network.

nCcording to the law enforcement agency, internet-related

crimes can be categorized as:

hardware and software;

Advanced cybercrime/high-tech crime: Attacks against computer
taken a new turn with the arrival of internet,
yber-enabled crime: Numerous 'traditional' crimes have
uCn as crimes against youngsters, monetary crimes, and even acts of terrorism.

and even ordinary people. For example,

ercrimes have an adverse effect on governments, businesses,
a network of internet-connected computers that are intected by viruses and controlled as a group.
 DIGITAL FORENSIC
2

WHAT IS CYBERCRIME?

sE

Figure 1.1 Cybercrime.

If
an individual wants to prevent a cybercrime, he/she has to adopt digital forensic tools to reduce the
vulnerability score. To protect our confidential data or any kind of personal data, the hard drive should be
cleansed using a solution. As the crimes related to computer are increasing day by day, tools required tofight
against the same are being developed faster.

1 . 2 Categories of Cybercrimes
Cybercrimes can be broadly divided into three major categories (Figure 1.2).

Oybercrimes

Cnmes Crmes against nes

against individua against
personS oroperi gOvernment

Cyber-stalking, Computer
email spoofing, etc. vandalism, Cyber
transmitting terrorism
viruses, etc.

Figure 1.2 Categories of cybercrime.

1.2.1 Cybercrimes Against People

ybercrimes committed against people include crimes such as cyber porn, transmission of child pornog
raphy, harassment of an individual through email, false legal agreement scams, etc. The trafficking dist
bution, posting, and dissemination of obscene material, together with pornography and misdemeanou
constituteimportantcybercrimes
to be
committed against people. The potential impact of such
a criminal offense

humanity can
hardly explained. Cyber harassment could be a distinct cybercrime. Various harassments
and do
can occur in internet, or through the use of internet. This includes sexual, racial, religious, OF other
harassments. P'eople
perpetuating such harassments are guilty of cybercrimes.
NITRODUCTION TO COMPUTER CRIMES AND ETHICAL HACKING 3

Cybercrimes Against Property

1.2.2
hercrime against all forms of property is the second category of cybercrime. Crimes in this category
Cy
trlude computer devilry meaning destruction of others property and transmission of harmful viruses
, or programs. An Indian-based upstart engincering company lost its money and repute when the
their computers with
rival company,
an assocIate
degree business major, scarfed the technical catalogue from
of a conmpany cyber spy software.
che assistance

1.2.3 Cybercrimes Against Government

is a distinct crime in this
Cyhercrimes against Government is the third type of cybercrime. Cyber terrorism the
teams to threaten
ategory. The spread of internet has shown that this medium is used by people and manifests itself into an act
international governments conjointly to terrorize the voters of a rustic. This crime
f rerrorism once a private 'cracks' into a government or military maintained website.

of Cybercrimes
13 Types
Cvbercrimes can be broadly divided as:
those that
potentially violent cybercrimes: Violent or potentially violent cybercrimes
are
1. Violent or
further categorized
physical risk to some character or people. They can be
as:
a
pose
(a) Cyber terrorism

(b) Cyber talking

c) Assaults by threat
d) Child pornography risk
Non-violent cybercrimes are those that do not directly pose physical
a
2. Non-violent cybercrimes: further as:
to some character or persons,
but indirectly they do pose a risk. They can be categorized
a) Cyber theft
(6) Cyber trespass
c) Cyber fraud
(d) Destructive cybercrimes
credit card frauds, cyber pornography,
In this section, will discuss hacking, Dos attack, Trojan attack,
we
terrorism, Salami attacks, defama-
online betting, software piracy, email spoofing, forgery, phishing, cyber
tion, and cyber stalking.

1.3.1 Hacking
ethical!
hack, but when you do, it should be
Do not
TIC Raymond, compiler of The New Hacker's Dictionary, defines a hacker as an artless coder. A 'good hack
it.
m answer to a programming difficulty
and 'hacking (Figure 1.3) is the act of doing
a
clever as a hacker:
following five likely characteristics quality
one
ACCording to Raymond, the
language or system.
An Individual who enjoys learning details of a programming instead of simply theorizing it.
An individual who enjoys truly doing the programming
An individual capable of appreciating somebody else's hacking.
An individual who picks up programming quickly.
A n individual who is a professional in a specific programming language or system.
 DIGITAL FORENSIC

Try

No
Success?
Yes

Next

Figure 1.3 Hacking.

1.3.2 Denial-of-Service Attacks (DoS Attacks)

A
Denial-of-Service (DoS) attack is trial to make online service unavailable by overloading the network
trattic from
a an
multiple sources. DoS targets a large variety of resources (Figure 1.4).

Attacker
Attacker sends command for his
bots to attack bank.

A A A ww*so

Compromised Compromised Comprpmised Corhpromised Compromised

PC PC
HC PC PC

Internet
Thousands of requests are sent to the
bank website simultaneously.

Bank
Bank is flooded with
requests
and cannot operate effectively.

Figure 1.4 Denial-of-service attack.

INTRODUC TO COMPU
UTER CRIMES AND ETHICAL HACKING
5
1.3.3 Trojan Attacks
rticles of malware that allow the hacker to either gainor obtain remote access to any
small parti
are
Trojans and fulfill
c o m p u t e r
Trojans can neither self-replicate nor automate as they interact with the hacker to meet
(Figure 1.5).
his/her purpose be installed from an executable file (.exe) or a compiler. Sometimes, Trojans exploit the
bo
Trojans need
to
to access all
the
them
baos in the browser, media player, etc. Once the Trojan is installed, the hacker can use
dtrive or confidential and personal information or data.
sensi
Trojan
Infection occurs
Atacker Victim
IP address ICOserver IP address
and port and port
Connection
Figure 1.5 Trojan.
1.3.4 Credit Card Frauds
discloses his/her confidential data such as credit card
occur when an individual
Credit card frauds usually an unknown person, who
could be
number, CVV number, secretcode for transaction, expiry date, etc., to
when card is stolen or lost orwhen mails are diverted from the
a potential hacker. This is often
the case a
takes the
of fraud is an identity fraud in which a hacker necessary
actualrecipient to the hacker. This kind
information about the credit card for his/her personal purpose.
1.3.5 Cyber Pornography
the internet. People create and distribute porn
pornography
yber pornography refers to distributing includes
over
adults. It is a crim-
children involved in sexual acts with
Or obscene materials over the internet. It to humans. It refers to Section 67 of IT Act, which is the most
nal oftense and is classified as causing harm
Indecent Representation of Women Act
deal with pornography are
Berious Indian Law. The other laws that but not considered so in many other
countries such
dnd the Indian Penal Code. It is a serious crime in India,
as United States of America (USA).
1.3.6 Online Betting
the internet. Online
Detting is also called online gambling or
internet gambling and takes place over
a the internet. Many websites available over the internet
the basic term used for gambling over
are used
are
for gambling.
 D

J9
E

D
AITRODUCTION TO COMPUTER CRIMES AND ETHICAL HACKING
These amounts, unnoticeably taken from collective accounts, add up to a large amount of money. Most people
fail to report such deducttons, often letting it go bccause of the amount involved, which could be a fraction of
a Gent, so as to avoid Suspicion from the unsuspecting customer. A salami attack is a small attack that can be
repeated many times etticiently. T hus, the overall impact of the attack is huge. For example, stcaling the round-ot
amounts from the interest in bank accounts. Even though it is less than I cent per account, when multiplied by
millions of accounts over many months, the adversary can retrieve quite a large amount.
It is also less lhkely to De
noticeable since your average custonmer would assume that the amount was rounded down to the nearest cent
1.3.13 Defamation
Internet is an integral part of our life. It acts as a medium for interacting with people across the globe.
oral
Defamation implies causing harm to a reputed individual in front of others. Harm can be inflicted by
a
words, visuals, or any other means. Cyber defamation is a new concept, and it involves detamation or
or individual by a new or virtual medium. Cyber defamation
is considered to be a cybercrime. yber
person
defamation not only aftects the welfare of the community, but also the victim.
1.3.14 Cyber Stalking
or a group of
medium to threaten s o m e o n e or an individual
Cyber stalking refers to the use of an electronic calls or messages or emails,
This may include wrong allegations, threatening
people or certain organization. Cyber stalking is a crimn-
kind of defamation, wrong identity theft, and many
more.
wrong accusations, any stalkers could be strangers,
harassment laws. It is a kind of online stalking. Cyber
inal offense under various
know you, ex-business partners, enemies, and many
more.
people who you may know, people who
1.4 The Internet Spawns Crime
communication and content
services that is globally accessible. As inte net
The internet is a network of environment. A
in this computer
and selling, crimes are on the rise
provides a lot of options for buying crime in stealing of processor chips,
murder or fraud, the object of
as
represents a tool of crime as in involvement of computers on criminal
or the theme of crime as in hacking
and spreading viruses. The
and spreading viruses,
field of activities such as hacking
rule has been much ampler than the narrow crimes such as child
criminal concepts, and facilitating particular types of
both noteasy for traditional
pornography. about whether a particular work should be considered criminal
Criminal commandment is not just them;
that carry out criminal acts and prosecutes
that investigates those
Or not. It is a law enforcement The implementation of internet
environment.
difficult in a computer
a procedure more significantly between developed and developing
nations. Wireless communica-
technologies is not uniform, particularly countries, where the inheritance
On systems in many developing
technologies have quickly eclipsed wire Differential of
technological use may mean dissimilar patterns
nmunication was greatly underdeveloped.
threats and vulnerabilities in terms ofcybercrimes
15 Worms Versus Viruses
However, both these terms
Worn malicious that can cause harm to our system.
and viruses
are very different.
are programs
 3 DIGITAL FORENSIC
1.5.1 Viruses
A virus (vital information resources under siege) is a software that is designed to duplicate itselt. This is
done by replicating itself into various programs that are stored in the computer. Computer viruses attacn
program or a file, spreading from one workstation to another, leaving intections as
it
themsclves to a
effects while others
omputer virus can range in harshness, some may cause slightly irritating
can damage hardware, software, or files. Almost all viruses are fond of an executable file, which means a
s Cannot affect our computer unless and until we run or release the malicious program. It is signiticant
to make a note that a virus cannot spread without human action, such as running the infected program
(Figure 1.6).
Alter
data
Can Self
mutate replicate
Virus
Passive Steal
transmission information
Software Delete
code data
Figure 1.6 Virus.
1.5.2 Worms
A worm (write once read
many) is similar to a
computer virus by design. It is considered to be a secondary
category virus. A worm
of spreads from computer
without any human action.
to
computer, but unlike virus it has the capability to travel
The main threat with worm is the
So rather than our
a
capability to replicate itself on our system.
and cause a huge
computer sending a
single worm, it could send hundreds or
thousands of copies of itself
devastating
the address book, then the
effect. For example, a worm
sending out a
copy of itself to everyone listed in
Since the
worm
replicates itself to each of the receiver's
address book and it manifests itselt.
worm
copies itself and also travels across
networks, it
consumes more system
bandwidth, causing web servers and memory and nerwork
individual computers to
stop responding (Figure 1.7).
 TODUCTION TO COMPUTER CRIMES AND ETHICAL HACKING
9

Alter
data

Can Self
mutate
replicate

Worm
Active Steal
transmission information

Self-
contained Delete
software data

Figure 1.7 Worm.

1.6 Computer's Role in Crimes

shown in Figure 1.8. They can extract evidences, instrumen-
Computers can play a vital role in crimes as
taliry, illegal imports, or the fruit of a crime.
1. They can act as a communication tool.
2. They can be the target of the attacker for criminal activity.
3. They can also be tangential to crime.

Computers as
Computers as storage
Computers as targets communications
devices
tools

using the computer to crimes that are

store stolen password committed online, such
involves &n attack on lists, crodit card or
data integrity, sysiem Calling card numbers,
asfraud, gambling.
child pornography, and
integrity, data propric lary corporate the illegal sale of
confidentiality, privacy. informaticn,
presoription drugs
or availability pornogr.phic image controlled substances,
files, or pirated
COninerCial software
alcohol, or guns

Figure 1.8 Roles of computer in crimes.

10
DIGITAL FORENSIC
Given below are instances where computers are used in crime scenarios.
1. Witnesses can view the suspect's picture on the screen through the use ot
. DNA computers
testing can be performed using computers. Using DNA testing, criminals can be identified from
past crimes and booked.
. Mini and
computers laptops
are used in vehicles to determine the criminal records. The
police police
Cars are installed with wireless internet connections that are linked with satellites to pertorm the work
with greater etficiency and in an easier manner.
4. Fingerprints can be taken using a computer and it can be used to determine whether the person is
linked to any case in the past.
. A computer can also determine how a fire was caused and what accelerant was used in the fire. This can
be done using the computer investigation device.
number (VIN), whether
6. Computers are also used at traffic junctions to find the vehicle identification
the car is stolen, etc. In case of a crime, the person can be arrested immediately.
of button, obtain all
7. The databases of criminals are maintained in computers. With just a push
we can
the intormation about the criminal. Also a list can be maintained of
all citizens with prior tickets, bad
behaviour, and felonies.
8. Simulations can be created by the use of computers.
INODUCTION TO COMPUTER CRIMES AND ETHICAL HACKING
11
This s Whot
2018nternet Minute Hoppens In An
facebook
Google 973,000 18 Million YouTube
3.7 Mllon Lons
Text
Search
Messages Mon
ds Vewed
NETFLIX Queries
266,000
Pors 375,000
Watched Apps Downioaded
$862,823 174,000
Spent Online
2.4 Million
Snaps
Created

60 SECONDS

Scrolling Instagram
481,000
Tweets Sent
5000 1.1 Millon
GIFS Sent via SWpes
Messenger
187 Million
inder
38 Million
Emails Sent
Messages
936,073
Voice-First iews
Devices Shipped Created By:
Lorilewis
OffhciallyChadd
Prevention of Cybercrime
1.8 better than cure.
Prevention is always
the internet.
while working on
t 15 always better to take certain precautions
as follows:
The 5P's mantra for online security are
1. Precaution
2. Prevention
3. Protection
4. Preservation
5. Perseverance
be followed to prevent cybercrimne.
Glven below are a few steps that can
companies and firms meet these challenges.
education help will
dentitication of exposures through a person whom they do not know,
information
to strangers,
One should avoid disclosing any personal social networking site.
a email while chatting or through anyto strangers online, as incidents of misuse or modification of
or
One must avoid sending any phorograph
photographs are on the rise.
 12
DIGITAL FORENSIc
. An
updated anti-virus software to guard against virus attacks
should be maintained
by all netino.
AISo, a backup of data should be takcen regularly to avoid data loss in case of virus contaminationizens.
. A person should send his/her credit card number or debit card number to any site thar ie
never
secured, to guard against frauds. not
6. Parents should keep a watch when their children arc accessing internet, to prevent any kind of hara
arass-
ment or deprivation.
Website owners should kecep a watch on the nctwork traffic, and check for any irregularities, Ir i
is the
responsibility of the website owners to adopt policies for preventing cybercrimes as the number
of
internet users are growing every day.
8. Web servers running on public domain must be segregated physically and protected trom internal netun
ork.
. It is better to use a security program by the corporate body to control intormation on sites.
10. Strict statutory laws need to be passed by the Legislatures, keeping in mind the interest of netizens
ens.
I1. TT department should pass certain guidelines and notifications for the protection of comn
laws to breakdown the criminal activities relating
system and should also up with stringent to
come

cyberspace. should be taken at the international

12. Cybercrime is a major threat to all the countries worldwide; steps
level to prevent cybercrimes from happening.
of compensatory remedy, and
must be provided to the victims of cybercrimes by way
13. Complete justice
offenders must be punished with the highest punishment.

Definition of Hacker
1.9 software is termed a hacker. Very often,
The one who is curious about the workings of any computer
advanced knowledge of operative systems and
the hackers are a unit of smart programmers. Hackers have
varied security holes among systems and are therefore
programming languages. They need data concerning
to increase their data and share what they need to be
thereasons for such holes. Hackers perpetually attempt
discovered. Hackers never have dangerous intention like damaging or stealing knowledge.

1.10 Definition of Crackers

crackers. Crackers cause
People who break into different systems with malicious intentions are referred
to as
by
issues to victims by an unauthorized access, destroying necessary information, stopping services provided
the server, and more. By their malicious actions, crackers are often simply known.
Hackers try to do constructive work, while crackers just destroy systems. Hackers are professionals, while
crackers are criminals (Figure 1.9).

Hacker Cracker
Lots of knowledge and Lots of knowledge and
Experience Experience
Good guyy Bad guy
Strong ethics Poor ethics

No crime Commits crime

Fights criminals Is the criminal

Figure 1.9 Hacker versus cracker.

 INTRODUCTION TO COMPUTER CRIMES AND ETHICAL HACKING 13

1.11 Definition of Phreakers

Phreaker is the onewho gains illegal access to the telephone system as shown in Figure 1. 10. Phreakers are
considered the original computer hackers and they are those who break into the telephone network illegally,
to nmake free long distance phone calls or to
eypically tap phone
lines.

Figure 1.10 Phreakers.

Phreakers are people who specialize in attacks on the telephone system. The word, which became popular
in the mid-1980s, is probably a combination of the words phone and freak (Phreakers are also known as
phreaks" or "phone phreaks"). In the early days, phreakers whistled or used an instrument to mimic the
rones of the phone system and then used to route calls and identify payment, especially as a way to avoid
paying for an expensive call. Modern phreaking involves breaking into and manipulating the phone compa-
ny's computer system, making it a specialized kind of hacking.
Recent examples of phreaker from the Web:

In fact, the friends first business venture together was marketing blue boxes to aspiring phreakers.
-Laura Yan, Popular Mechanics, "An Early Hacker Used a Cereal
Box Whistle to Take Over Phone Lines," 20 May 2018

1.12 Ethical Hacking

Hacking has been a locality of computing for nearly 5 decades and it is a really broad discipline, which covers
age variety of topics. The primary famed cvent of hacking had taken place in 1960 ar Massachusets
nstitute of Technology and at identical time, the term "Hacker was originated. Hacking is the act of
naing the possible entry points that exist in a very system or an electronic network and at last
nto them. Hacking is typically done to achieve unauthorized access to a system or an electronic getting
cther to hurt the systems or to steal sensitive data out there on the pc. Hacking is network,
S being done to seek out weaknesses in a pc or network system for testing typically legal long as
as
This
Wnat we have a tendency to decision moral hacking. An expert who does purpose. the act of
type of hacking
1acker". Hackers are people who get information to know how systems hacking is called a
and then
commit to play with these operate, how they are
designed,
systems.
113 Difference between Hacking and Ethical Hacking

Hacking Ethical Hacking

Computer hacking refers to breaking into some- hacking refers to the methodology
Ethical
in information systems.
one's system for personal or commercial gains. adopted to find loopholes
Hackers also called pirates, who use various
to cause damage to information and assets.
that hackers use tools to

Same tools are used by both hackers and ethical hackers.

The only difference is hackers
from
u s e same tools
to safeguard systems
whereas ethical hackers
stcal destroy intormation,
or the client.
with permission from
With malicious is legal and hacking is done
intent". Ethical hacking

1.14 Steps of Ethical Hacking

of distinct phases. It helps hackers to make a structured
has a set
good projects, ethical hacking
too
Like all
the systems in illegal way.
ethical hacking attack. Even process use for attacking
same
in different ways, but the
the process of ethical hacking
Diterent security training manuals explain 1.11:
can be categorized into the following five
phases as shown in Figure
entire process
In the final phase, attackers

Reconnaissance is nothing more In the gaining a c c e s s phase, true attempt to conceal their
success
attacks are leveled against the
than the steps taken to gather and avoid detection by security
in the second

4
enumerated
evidence and information on the targets professionals.
targets you want to attack.
2 phase.

Gaining Access
Covering tracks
Reconnaissance

Scanning and Maintaining Access

Enumeration

1
Take the information you gathered
in recon and actively apply tools
and techniques to gather more
3 In the fourth phase, hackers
attempt to ensure they have a way
back into the machine or system
5
in-depth information on the targets. they've already compromised

Figure 1.11 Steps of ethical hacking.

1.14.1 Reconnaissance
Reconnaissance is the phase where the attacker gathers information about a target using active or passive
means as shown in Figure 1.12. The tools that are widely used in this process are NMAR Hping, Maltego,
d Google Dorks (these Tools are discussed in later part of this chapter).

1.14.2 Scanning
In scanning, the attacker begins to actively probe a target machine or network for vulnerabilities that can
be exploited as shown in Figure 1.13. The tools used in this process are Nessus, Nexpose, Wireshark, and
NMAP (tools are discussed in later part of this chapter).
 HACKING
CRIMES AND ETHICAL
TO COMPUTER
TRODUCTION

seeke to
where an attacker
Reconnaissance refers to the preparatory phase
an attack
Reconn- gather Information about a target prior to launching
alssance for an attack when
noted for ease of entry
Could be the future point of return,
a broad scale
more about the target is known on
cllenis,
include the target organization's
Scanning Heconnalssance target range may
and systems
employees, operations, network,

Gaining Reconnaissance Types

access
Actve Reconnaissande

Passve Reconnaissance
Active reconnaissanceinvolves
Mainta Passive reconnaissance involves
target
Interacting with the
ining acquiring information without means
directly by any
access
directly interacting with the
target calls to the
For example, telephone
For example, searching public help desk or technical
department
Clearing records or news releases

tracks

Figure 1.12 Reconnaissance.

Reconn when the

aissance the pre-attack phase
Scanning refers to information
network for specific
attacker scans the
Pre-attack information gathered during
on the basis of
phase reconnaissance

Scanning

include use of dialers, port scanners, Port

Scanning can
Gaining network mappers, ping tools, vulnerability canner
Scanners, etc.
access

Mainta
ining such as live machines,
information
access Attackers extract
device type, system
Extract port, port status, OS details,
information uptime, etc. to launch attack

Clearing
tracks

Figure 1.13 Scanning.

1.14.3 Gaining Access

it in order to enter into the system as
the vulnerability is located and you attempt exploit
to
this process,
n
OWn in Figure 1.14. The primary tool that is used in this process is MMetasploit.
 16 DIGITAL FORENSIC

Reconn Gaining access refers to the point

where the attacker obtains access
The attacker can gain access at
aissance the operating system level,
to the operating system or
application level, or network
applications on the computer or
level
network
Scanning

Gaining
access

Mainta-
ining Examples include
access password cracking., buffer
The attacker can escalate privileges to overflows, denial of
obtain complete control of the system.
service, session hijacking,
In the process, intermediate systems
Clearing that are connected to it are also
etc.
tracks compromised

Figure 1.14 Gaining access.

1.14.4 Maintaining Access

lt is the process where the hacker has already gained access into a system as shown in Figure 1.15. After
he/she needs access
gaining access, the hacker installs some backdoors in order to enter into the system when
in this owned system in future. Metasploit is the preferred tool in this process.

Reconn- Maintaining access refers to the phase when the attacker tries
aissance 01 to retain his or her ownership of the system

Attackers may prevent the system from being owned by other

Scannin9
02 attackers by securing their exclusive access with Backdoors,
RootKits, or Trojans

Gaining
access
Attackers can upload, download, or manipulate data,
03 applications, and configurations on the owned system
Mainta
ining
access
Altackers use the compromised system to launch further
Clearing
tracks
04 attacks

Figure 1.15 Maintaining access.

1.14.5 Clearing Tracks

This process is actually unethical
an
activity.It has to do with the deletion of
logs of all the activities that
take place during the hacking process as shown in igure 1.16.
iNNTRODUCTION 10 COMPUTER CRIMES AND
ETHICAL HACKING 17

Reconn-
aissance
01 Covering tracks
attacker to
retfers to the activities carrled out
hlde maliclous acts by an

Scanning

The attacker's intentions

include: Continuing access
Gaining 02 victim's system, remaining unnoticed and
uncaught,
o the

access
deleting evidence that might lead to his prosecution

Mainta-
ining
access
03 The attacker overwrites the
logs to avoid suspicion
server, system, and application

Clearing
tracks
Attackers always cover tracks to hide their identity

Figure 1.16 Clearing tracks.

1.15 Exploring Some Tools for Ethical Hacking tools for

project, it is troublesome in accomplishing the task if you do not have the
correct
As with any
can discover al
ethical hacking. Simply because the correct tools are used does not mean that you simply
vulnerabilities. It is necessary to understand the private and technical limitations. Many security-assessment
Others may miss vulnera-
tools generate false positives and negatives (incorrectly identifying vulnerabilities). miss
you may
bilities. If you are pertorming tests such as social engineering physical-security
or assessments,

concentrate on specific tests. Therefore, you will

weaknesses. One tool will take a look at everything, as some the
will invoke for the task at hand. The more tools you have,
want a group of specitic tools that you simply

easier your ethical hacking efforts are.

1.15.1 Reconnaissance Tools

1.15.1.1 Nmap tools. Is a free and
or "Nerwork Mapper" is one of
the most popular and widely used security auditing
Nmap
and network exploration across local and remote hosts.
open-source utility that is utilized for security auditing
Some of the main features include:
. Host detection: Nmap has the ability to identify hosts inside any network that have certain ports open,

and TOCP packets.

response to ICMP
or that can send a Mac addresses, and even reverse DNS names.
2.P and DNS information detection: It includes device type,
. Port detection: Nmap can detect any port open on the target network, letting you know the possible

running services on it.

and hardware specifications of any host connected.
0S detection: Provides full OS version derection
name and version number.
Version detection: Nmap is also able to get application

1.15.1.2 Google Dorks

newbies forget the importance of using tradi-
nvestigating people or companies, a lot of IT security
tional
r c h engines for recon and intel gathering. In this case, Google DorkS can be your best friend.
 DIGITAL FORENSIC
18
Dorks are
reconnaissance. G00gle
DEEn there since 2002 and can help you a lot in vour intel
dv that may be useful for your security investigaion,
p y ways to query Google against certain information internet, including individual,
anything on the
Odrcn index a lot of information about almost
engines
companies, and their data.
are as follows:
ome popular operators used to perform Google Dorking

1. Filetype: You can use this dork to find any kind of file types.
Z. Ext: lt can help you to find files with specific extensions (e.g., .xt, .log. etc.
It can pertorm queries and helps to search for specific text inside any page.
e
4. x
Intitle: It will search for any specific words inside the page title.
website.
inside the URL of any
S. Inurl: It will look out for mentioned words
however, they are indexed and you can get valu
not supposed to be indexed by search engines;
Og files are Dorks, as you see in Figure
l1.17:
able intormation from these Google
O
filetype:log
Settings Toois
News Maps More
All Images

About 357.000 resuts (0.26 seconds)

in Preferences

Search for English results only. You can specify your search language
Tip:
the best Instagram viewer
Aztec Lead (@aztec.log)-Ligavieweris
https://viewer.com/aztec.log
aztec.log, Aztec Lead- My presets and project files.

Picbear
@suzy.log Instagram Profile |
picbear.club/suzy.log Translate this page
07. 07suzy.
Mar 14, 2018 Check @suzy.log instagram profile. 90.

mogu.log- Picbear
picbear.club/mogu.log- Translate this page
Mar 12, 2018 - Check mogu @mogu.log instagram profile. E(18a ) {LOES5ROF
britishshorthair Sapporo Japan.

jisoo.log(|4E1) Instagram Photos and Videos | instidy.com

instidy.comfjisoo.log Translate this page
1 AET9 Iso.log ( 3) nstagram Profile.

Figure 1.17 Valuable information from Google Dorks.

1.15.1.3 Maltego
lt is a tremendous tool to trace down footprints of any target you wish to match. This piece of software
package has been developed by Paterva, and it is a part of the Kali UNIX system distribution.
Using Maltego can enable you to launch intelligence activity ne testes against specific targets.
of the simplest things this sofrware package includes is about their "decision 'transforms". Tlranstorms
are oftered without charge in some cases, and on orhers, you will realize industrial versions solely. They
are
going to assist you to run a unique quite tests and
knowledge integration with external application
NTRODuCTION TO COMPUTER CRIMES ANDETHICAL HACKING 19

In order to use wish to open a free account on thcir website, after that, you will
Maltego, you a
launch
renlacement machine or run transtorms on the target from Associate in Nursing existing one. Once you have
chosen your transtorms, Maltego app can begin running all the transforms from Maltego servers. Finally
Malrego can show you the results for the desired targets, such as IP, domains, AS numbers, and far additional.

1.15.2 Scanning tools

1.15.2.1 Nexpose
Nexpose vulnerability scanner, developed by Rapid7, which is an open-source tool is developed by Kapia
nd is used to scan the vulnerabilities and performs various network checks as:
itselt to new

1. Nexpose employed to watch the exposure of vulnerabilities in time period, acquaint

is

hazards with recent information. scale.

or medium or low
most of the vulnerability scanners categorize the risks employing high
a
2. Generally, in it, what blessings
Nexpose considers the age of the vulnerability like that malware kit is employed
3.
it etc., and fix the difficulty supported its priority.
area unit utilized by
assesses the
vulnerabilities once they
4. Nexpose mechanically detects and scans the new devices and
access the network.

5. Nexpose may
be integrated with a Metaspoilt framework.

1.15.2.2 Wireshark

Wireshark is the worlds leading and extensively

used network protocol analyzer.
agencies,
varied streams, like instructional establishments, government
1. Wireshark is employed across

etc., to appear into the networks at a microscopic level. the

enterprises, fond of it captures the problems on-line and pertorms
a special feature am
2. Wireshark encompasses
analysis offline.
like Windows, Linux, masOS, Solaris,
etc.

3. Wireshark runs on varied platforms all the time.

inspecting several protocols with additional supplementary
4. Wireshark has the potential of deeply most powerful tool.
toolkit, Wireshark is that the
5. Among the protection practitioners
1.15.2.3 Nessus
branded vulnerability scanner developed by Tenable Network Security
Nessus is a patented and
countless users throughour the planet
for vulnerability
1. This tool has been put in and employed by
assessment, configuration problems etc. created by hackers by assessing the
2. Nessus is employed to forestall the networks from the penetrations
vulnerabilities at the earliest. cloud
DBs, and lots of more network devices among
3. Nessus supports wide-range ofOS, applications,
networks.
infrastructure, physical and virtual
4. Nessus is capable of scanning the vulnerabilities which permit remote hacking of sensitive information
from a system.

1.16 What to Do if Been Hacked?

are being hacked, the primary factor

*ut-off your internet connection: If you think that you simply
so as to prevent any more intrusion.
u y to do is to cut-off internet from your system
 20 DIGITAL FORENSIC

2. Turn on firewall: Typically, we have a tendency to close up windows firewall so as to put in some
package. From a security purpose of read, forever we must always activate firewalls. Hardware firewall
1s another smart choice to install. It acts as an associate isolator between external network and your
internal systems.
Contact your internet service supplier: It's a decent apply to contact your ISP within the case of
result necd their own and
policy for any malicious intrusion.
pointers
hacking as a of they

Summary
Criminalization is a social phenomenon, which has however, it is an intrusion into your privacy. Wipe
witnessed an increasing trend in the last tew years. them out with this piece of package. Nowadays,
Crime investigation analysis is a field where digital hackers' hindrance has become a task for everyone.
forensic investigation plays a vital role in terms of It is not the responsibility of the supervisor of our
predicting and analyzing criminals. There is the company. After all, he/she will install every protection
anti-spyware program. As if viruses were not enough, within the company's network; however, if you let a

corporationsfrom around the world determined to deadly disease in due to your carelessness, he/she will
make programs that might develop knowledge from not be ready to stop it. The same goes for your PC
data for his/her databases. reception. Keep in mind that there hacker
are new
your PC so as to amass
it should not be as dangerous as a deadly disease; tricks every day. Therefore, you need to be ready

Key Termns
.Bot: For 'robot - a program used for a specific Cookie: Cookies are text files sent from your Web
function such as keeping a port open or launching browser to a server, usually to customize intorma-
a flood of packets in a distributed denial-of-ser- tion from a website.
vice attack. Cracking: To break into a secure computer
Cracking: Malicious or criminal hacking. system, frequently to do damage or gain tinan-
Unauthorized penetration of computer systems cially, though sometimes in political protest.
and networks, abuse of privilege, unauthorized Firewall: A system using hardware, sofrware, or
use of services. both to prevent unauthorized access to a system
Easter egg: Undocumented, unauthorized program or machine.
functions in a production program; a kind of Trojan Hash: A hash is a number generated by an algo-
rithm from a string of characters in a message or
horse
Identity theft: Creating a false identity using other string.
someone else's identity, identitying information (e.g., IRC: Internet relay chat is a protocol used by both
name, social security number, birthday) to create groups and for one-on-one conversations. Often
new credit cards or establish loans which then go into utilized by hackers to communicate or share files.
default and affect the original victims credit record. Malware: A software program designed to hijack»
Malware: Malicious softrware, including Trojan damage, or steal information from a device or
horses, viruses, worms, logic bombs, exploits, and system.
time bombs.
Zombie: A program inserted into
Packet sniffer: Sniffers are programs designed to
a vulnerable detect and capture certain types of data. Packet
system to await further instructions; sniffers are designed to detect packets travelling
of a distributed usually part
denial-of-service (DDoS) attack. online.