Chapter 01 - Introduction to Ethical Hacking

After the loyal reading of HackingScrew, you will be able to look at the systems you use on a regular basis in a new light and identify all the vulnerabilities in them, understand the challenges regarding data access, data protection, and privacy and deploy basic hacks like Footprinting, Scanning, System Hacking, Phishing and Sniffing.

You will also be able to understand the terminology (IP address, MAC address, DNS, etc.) and become aware of the general legal as well as career aspects in the field.

(Link : https://www.youtube.com/watch?v=u6-ADeFv3bs&feature=youtu.be)

---------------------------------------------------------------------

How much of our Data is actually out there?

With the advancements in technology and the availability of affordable smartphones as well as cheaper Data Plans, it is hard to imagine spending a day without browsing the internet or using our smartphones to 'socialize'. The biggest nightmare in today's digital era is probably when our "data stops working".

In fact, the use of Social Media platforms like Instagram, WhatsApp, Snapchat, Facebook, etc. has become such a norm that people saying they are not on Instagram or WhatsApp comes as a shock. Similarly, we access tens of thousands of online services on a regular basis, right from ordering food, booking tickets, streaming movies to pretty much everything else.

With the availability of almost everything at the click of a button, it is natural to overlook or even forget the type and amount of data we share on all these platforms on a regular basis. If we sit and take a look at how much of our data is actually available (both publicly and otherwise), we are bound to have second thoughts on whether it is actually safe to share so much online.

---------------------------------------------------------------------

Here's how you can track (and hopefully delete) everything that Google knows about you :

(Link: https://player.cnbc.com/p/gZWlPC/cnbc_global?playertype=synd&byGuid=3000676788)

---------------------------------------------------------------------

Facebook Data Center: How it looks from the inside!

(Link: https://www.youtube.com/embed/X9ELENWZqLE)

Just like Google, Facebook knows our personal details, interests, who our friends are, where we've been recently, where do we work, our shopping habits, what movies we've watched, etc., and all this is just the basic stuff. And these are just two websites! Imagine all the apps we use regularly like BookMyShow, Amazon, Paytm, Uber and the amount of data they collect!

The intention here isn't to stop using these services or live a stone-age life. But then, we should be aware (and a little careful) about the kind of data we put out there.

---------------------------------------------------------------------

Ethical Hacking v/s Not-so-Ethical Hacking

What is Hacking?

According to Techopedia, "Hacking generally refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system."

Hacking can also refer to non-malicious activities, usually involving unusual or improvised alterations to equipment or processes. The purpose of ethical hacking is to improve the security of the network or systems by fixing the vulnerabilities found during testing.

Who is a Hacker?

According to the Oxford dictionary, a hacker is

“A person who uses computers to gain unauthorized access to data."

10 Mastermind Hackers :

(Link: https://www.youtube.com/embed/cypeCErr0Ac)

Art of lock-picking: an analogy

There is a lock and there is a key that opens the lock. The hacker in this scenario will try to understand the mechanism of how the key actually works. When he studies the lock-and-key mechanism, he realizes that the same lock can be opened with a picking tool using certain techniques(without the key) which are usually referred to as Algorithms in computing terminology. So, the hacker then uses these picking tools and finally opens the lock and gains access without the approval of the owner. Similarly, when someone gets access to a system without proper authorization, it is said that the system has been hacked.

Comparison with a real-time scenario :

LOCK = Computer System

KEY = Login Credentials

PICKING TOOLS = Hacking tools or codes or scripts or exploit

LOCKING MECHANISM = Computer System Architecture or Software Algorithm

Hackers employ a variety of techniques for hacking, including (but not limited to) :

• Vulnerability scanner: checks computers on networks for known weaknesses
• Password cracking: the process of recovering passwords from data stored or transmitted by computer systems
• Packet sniffer: applications that capture data packets in order to view data and passwords in transit over networks
• Spoofing attack: involves websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites by users or other programs
• Rootkit: represents a set of programs which work to subvert control of an operating system from legitimate operators
• Trojan horse: serves as a back door in a computer system to allow an intruder to gain access to the system later
• Viruses: self-replicating programs that spread by inserting copies of themselves into other executable code files or documents
• Key loggers: tools designed to record every keystroke on the affected machine for later retrieval

Certain corporations employ hackers as part of their support staff. These legitimate hackers (called Ethical Hackers) use their skills to find flaws in the company security system, thus preventing identity theft and other computer-related crimes.

Why would one want to be a hacker, you ask?

People (usually developers) tend to get into the Hacking and Security domain primarily because they want to explore system vulnerabilities and make it even more secure or they want to exploit the vulnerability for some antisocial agenda.

There are actually different kinds of hackers.

Broadly, there are three classifications :

• BLACK HATS: hackers whose sole purpose is destruction.
• WHITE HATS: hackers who want to explore the vulnerabilities in systems and help secure them (Ethical Hackers).
• GREY HATS: hackers whose purpose is neither ethical or unethical. Their agenda is to spread awareness, expose scams, etc.