Hacking/ Title Page

GROUP ASSIGNMENT # 1

Title: Hacking

Submitted By:

Name: Hafiz Abubakar Ali Toor

Rana Usama Saif

Registration No: L1F13BBAM0160

L1F13BBAM0159

Section: D
Subject: BBA

Submission Date
27-January-2014

Submitted To:
Miss. Saba Mustafa

1 | Page
Hacking/ Table of contents

TABLE OF CONTENTS

Acknowledgement...................................................................................................4
Hacking:............................................................................................................................5
History of Hacking:................................................................................................5
Phase1: 1960s to 1970s:...............................5
Phase2: 1970s to 1990s:...............................6
Phase3: 1990s to Present...............................6
Types of Hacking:....................................................................................................8
Website Hacking.............................................8
Network Hacking.............................................8
Ethical Hacking...............................................9
Email Hacking...............................................10
Password Hacking.........................................11
Online Banking Hacking................................11
Computer Hacking........................................12
Most renowned hacking attacks..............................................................14

2 | Page
Hacking/ Table of Figures
TABLE OF FIGURE

Figure 1..............................................................................5
Figure 2..............................................................................8
Figure 3..............................................................................9
Figure 4..............................................................................9
Figure 5............................................................................10
Figure 6............................................................................11
Figure 7............................................................................12
Figure 8............................................................................13
Figure 9............................................................................14
Figure 10..........................................................................14
Figure 11..........................................................................14
Figure 12..........................................................................15
Figure 13..........................................................................15
Figure 14..........................................................................15
Figure 15..........................................................................16
Figure 16..........................................................................16
Figure 17..........................................................................17
Figure 18..........................................................................17

3 | Page
Hacking/ Acknowledgment

Acknowledgement

We think if any of us honestly reflects on who we are, how we got here, what we think we
might do well, and so forth, we discover a debt to others that spans written history. We believe
it's appropriate to acknowledge all of the persons, who helped us during our project and
provide us useful information accordingly.

First of all, we are thankful to Almighty Allah, who has given us the strength, knowledge and
perseverance to complete this project successfully. We also want to thanks to our parents, who
really work hard for us. Their dedication to our lives makes us capable to perform our work
better.

We would like expressing our sincere gratitude to Miss. Saba Mustafa, for his valuable
guidance, constructive comments and continuous encouragement throughout our project.

4 | Page
Hacking/ History

Hacking:

The process of attempting to gain or successfully gaining, unauthorized access to computer resources
is called hacking.

Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of
the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted
hacking as a lifestyle and philosophy of their choice, is called a hacker.

Computer hacking is the most popular form of hacking

nowadays, especially in the field of computer security, but hacking
exists in many other forms, such as phone hacking, brain hacking,
etc. and it's not limited to either of them.

History of Hacking:
Figure 1
History of hacking is in three phases. Description is under below.

1. Phase1: 1960s to 1970s

2. Phase2: 1970s to 1990s
3. Phase3: 1990s to present

Phase1: 1960s to 1970s:

In early 1960s university facilities with huge mainframe computers like MIT's artificial intelligence
lab, become staging grounds for hackers. At first "hacker" was a positive term for a person with a mastery of
computers who could push programs beyond what they were designed to do.

John Draper makes a long-distance call for free by blowing a precise tone into a telephone that tells
the phone system to open a line. Draper discovered the whistle as a give-away in a box of children's cereal.
Draper, who later earns the handle "Captain Crunch," is arrested repeatedly for phone tampering throughout
the 1970s.

5 | Page
Hacking/ History
Two members of Californias Homebrew Computer Club begin making "blue boxes" devices used to
hack into the phone system. The members, who adopt handles "Berkeley Blue" (Steve Jobs) and Steve
Wozniak later go on to found Apple Computer.

Phase2: 1970s to 1990s:

In early 1980s one of the first arrests of hackers the FBI busts the Milwaukee-based 414s (named after
the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-
Kettering Cancer Center to Los Alamos National Laboratory.

In late 1980s veteran hacker Kevin Mitnick secretly monitors the e-mail of MCI and Digital
Equipment security officials. He is convicted of damaging computers and stealing software and is sentenced
to one year in prison. First National Bank of Chicago is the victim of a $70-millioncomputer heist.

In early 1990s Lee Poulsen ("Dark Dante"), hack the military documents. Hackers break into Griffith
Air Force Base, and then hack computers at NASA and the Korean Atomic Research Institute. In late 1990s
hackers break into and deface federal Web sites, including the U.S. Department of Justice, U.S. Air Force,
CIA, NASA and others. A Canadian hacker group called the Brotherhood, angry at hackers being falsely
accused of electronically stalking a Canadian family, breaks into the Canadian Broadcasting Corp. Web site
and leave message: "The media are liars."

Phase3: 1990s to Present

In January 1998, the federal Bureau of Labor Statistics is inundated for days with hundreds of
thousands of fake information requests, a hacker attack called "spamming." Hackers break into United
Nation's Children Fund Web site, threatening a "holocaust" if Kevin Mitnick is not freed. Hackers claim to
have broken into a Pentagon network and stolen software for a military satellite system. They threaten to sell
the software to terrorists. The U.S. Justice Department unveils National Infrastructure Protection
Center, which is given a mission to protect the nation's telecommunications, technology and transportation
systems from hackers. Hacker group L0pht, in testimony before Congress, warns it could shut down
nationwide access to the Internet in less than 30 minutes. The group urges stronger security measures.

In 15 January 2000, old Raphael Gray steals over 23,000 credit card numbers from 8 small companies.
In February 2000, the first major distributed-denial of service attack (D.DoS) responsible for crippling some

6 | Page
Hacking/ History
of the internet's most popular websites was executed by the hands of a Canadian citizen not old enough to
drive.

In 1 February 2001, Hackers invade World Economic Forum. The compromised data included credit
card numbers, personal cell phone numbers and information concerning passports and travel arrangements for
a number of government and business leaders. Among the notable victims whose personal information was
pilfered were Microsoft chairman Bill Gates, Palestinian Authority chairman Yasser Arafat, U.N. Secretary-
General Kofi Annan, former U.S. Secretary of State Madeline Albright and former Israeli Prime Minister
Shimon Peres.

In February 2002, Adrian Lamo is making headlines these days for being the hacker Pfc. Bradley
Manning confessed to after leaking 400,000 stolen diplomatic cables to Wiki leaks. "The Homeless Hacker
was better known for hacking into the servers of companies like the New York Times from Kinko's shops and
Starbucks cafes.

On February 8, 2013, the media reported another incident of a compromised email, this time from
former United States president George H W Bush. It is reported that the hacker stole photographs and
personal emails which included addresses and personal details of several members of the Bush family. Email
archives from the Climatic Research Unit were leaked to create the scandal popularly known as Climate gate.
Journalists employed by News International hacked email accounts of celebrities in search of gossip and
scandal for their stories. Individuals such as Rowenna Davis have had their accounts taken over and held to
ransom by criminals who try to extort payment for their return. The email accounts of politicians such as
Sarah Palin have been hacked to try to find embarrassing or incriminating correspondence.

7 | Page
Hacking/ Types of Hacking

Types of Hacking:

There are seven types of hacking. There name and description are under below.

Website Hacking
Network Hacking
Ethical Hacking
Email Hacking
Password Hacking
Online Banking Hacking
Computer Hacking

Website Hacking

Hacking a website means taking control from the website

Figure 2
owner to a person who hacks the website. Website hacking is one
of the modern enterprises of organized crime. These organizations have professional programmers. Their
campaigns to take control of thousands of the world's computers are well planned and sophisticated, drawing
on an in-depth knowledge of operating system software, browser vulnerabilities, programming, and even
psychology, and their attacks are almost always automated. A hack occurs when somebody gets through these
security systems and obtains write access to your server, the same kind you have. Once they obtain that, they
can change, add, or delete files however they want. If you can imagine someone breaking into your home and
sitting down at your PC with a box of installation CD's, that's what a website hack is like. They might do only
a little damage, or a lot. The choice is up to them. The files of your website are stored on a computer
somewhere. The computer, called a "server" or "web server", is not too much different from your home PC,
except that its configuration is specialized for making files available to the World Wide Web, so it has a lot of
hard drive capacity and a very high speed internet connection. It probably doesn't have its own monitor or
keyboard because everyone who communicates with it does so through its internet connection, just like you
do.

Network Hacking

Network hacking is generally means gathering information about domain by using tools
like Telnet, Ns look up, Pring, Tracert, Netstat etc over the network. Hacking on computer networks is often

8 | Page
Hacking/ Types of Hacking
done through scripts or other network programming. These programs generally manipulate data passing
through a network connection in ways designed to obtain more information about how the target system
works. Many such pre-packaged scripts are posted on the Internet for anyone, typically entry-level hackers, to
use. More advanced hackers may study and modify these scripts to develop new methods. A few highly
skilled hackers work for commercial firms with the job to protect that company's software and data from
outside hacking. The IP address gives the attackers Internet address. The numerical address like
212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in
WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for
Packet Internet Groper.

Ethical Hacking
Figure 3

9 | Page
Hacking/ Types of Hacking
Ethical hacking is where a person hacks to find weaknesses and in a system and then usually patches
them. An ethical hacker is a computer and network expert who attacks a security system on behalf of its
owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers
use the same methods as their less principled
counterparts, but report problems instead of
taking advantage of them. Ethical hacking is also
known as penetration testing, intrusion testing and red
teaming. An ethical hacker is sometimes called a
white hat, a term that comes from old Western
movies, where the "good guy" wore a white hat
and the "bad guy" wore a black hat. Ethical
hacking and ethical hacker are terms that describe
hacking performed to help a company or
Figure 4
individual identify potential threats on the computer or network. An ethical hacker attempts to hack their way
past the system security, finding any weak points in the security that could be exploited by other hackers. The
organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not
eliminate any potential hacker attacks.

Email Hacking

Email hacking is illicit access to an email account or email correspondence. Electronic mail (email) is
a widely used communication mechanism that can be categorized into two basic types of web-based service:
an open web-based email service and a closed web-based service. The first category provides web-based
email accounts to anyone for free or at a fee. The second category provides email accounts that are managed
by organizations for employees, students, and members only. Commercial and social websites rely on the
security of email accounts. Large amounts of email exchanges are occurring daily, some of which contain
personal information, company secrets, and sensitive information. This makes email accounts very valuable
and becomes one of the main causes of email hacking. As rules that govern unsolicited emails tighten,
spammers attempt to find new ways around them. Attackers often send massive email broadcasts with a
hidden or misleading incoming IP address and email address. Some users may open the spam, read it, and
possibly be tempted by whatever wares or schemes are offered. If the spammer were to get a hold of a
companys sending email and IP address, the impact on the company's business would be devastating. Some
emails incorporate a virus as a means of transportation. The So big virus is an example of such technology,
10 | P a g e
Hacking/ Types of Hacking
creating a spamming infrastructure by taking over unwilling participants P.C. This was a major threat to email
security as spam will continue to spread and trigger dangerous viruses for malicious internet.

Password Hacking

Password hacking and password cracking is the process of recovering secret passwords from data that
has been stored in or transmitted by a computer system. Password hacking can help a legitimate user retrieve a
forgotten password. System administrators may use password hacking as a preventive tactic, to check for
easily hacked passwords in order to modify them for increased security. Unauthorized users hack passwords
to gain access to a secure system. Guessing and brute force are two methods used to hack passwords.
Individuals with knowledge of the password owner's personal information may guess at the password and
choose possibilities
based on that owner's
date of birth, pet,
relative or other
information.
The brute force method
involves attempting to
input every Figure 5 possible
password combination to retrieve a password. This is most effective if the hacker knows the password hash
function, or algorithm, or mathematical computation, used to encrypt, or code, password data. The time to
crack a password is related to bit strength which is a measure of the password's information entropy. Most
methods of password cracking require the computer to produce many candidate passwords, each of which is
checked. One example is brute-force cracking, in which a computer tries every possible key or password until
it succeeds. More common methods of password cracking such as dictionary attacks, pattern checking, word
list substitution etc attempt to reduce the number of trials required and will usually be attempted before brute
force. Higher password bit strength increases exponentially the number of candidate passwords that must be
11 | P a g e
Hacking/ Types of Hacking
checked, on average, to recover the password and reduces the likelihood that the password will be found in
any cracking dictionary.

Online Banking Hacking

Online banking hacking unauthorized accessing banks accounts without knowing the password or
without permission of account holder is known as online banking hacking. E-banking is an interesting target
for attackers. The easiest way of stealing money in e-banking is to attack
its weakest point of the client. In online hacking hacker break the control
of bank on his customer account and can easily stolen the amount. In
online hacking hacker can transfer someone amount to their account. It
also gets the personal detail of the client his phone number, postal
address and his bank statement or many other thinks. In Pakistan Official
website of Habib Bank Limited the largest bank of Pakistan hacked when
a hacker called Xploiter hacked the website and leaked the databases of Figure 6
the website and posted credentials online. Hacker hacked the section of online banking but unfortunately
hackers are not succeeding in getting information of client.

Computer Hacking

Computer hacking is the practice of modifying

computer hardware and software to accomplish a goal outside
of the creators original purpose. People who engage in
computer hacking activities are often called hackers. Since the
word hack has long been used to describe someone who is
incompetent at his/her profession, some hackers claim this
term is offensive and fails to give appropriate recognition to
their skills. Figure 7

Computer hacking is most common among teenagers and young adults, although there are many older
hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work
and consider computer hacking an art form. They often enjoy programming and have expert-level skills in
one particular program. For these individuals, computer hacking is a real life application of their problem-
solving skills. Its a chance to demonstrate their abilities, not an opportunity to harm others.

12 | P a g e
Hacking/ Types of Hacking
Since a large number of hackers are self-taught prodigies, some corporations actually employ
computer hackers as part of their technical support staff. These individuals use their skills to find flaws in the
companys security system so that the y can be repaired quickly. In many cases, this type of computer hacking
helps prevent identity theft and other serious computer-related crimes.

Computer hacking can also lead to other constructive technological developments, since many of the skills
developed from hacking apply to more mainstream pursuits. For example, former hackers Dennis Ritchie and
Ken Thompson went on to create the UNIX operating system in the 1970s. This system had a huge impact on
the development of Linux, a free UNIX-like operating system. Shawn fanning, the creator of Napster, is
another hacker well known for his accomplishments outside of computer hacking.

In comparison to those who develop an interest

in computer hacking out of simple intellectual
curiosity, some hackers have less noble motives.
Hackers who are out to steal personal information,
change a corporations financial data, break security
codes to gain unauthorized network access, or conduct
other destructive activities are sometimes called
crackers.

Figure 8

13 | P a g e
Hacking/ Most renowned hacking attacks

Most renowned hacking attacks

1) November, 1988: Robert Tappan Morris Vs The World

Robert Tappan Morris created a monster. In 1988, while enrolled as a

graduate student at Cornell University, Morris designed a self-replicating
worm and gave it a mission: go out to determine the size of the internet. It
backfired, replicating itself beyond control as it infected thousands of
computers (a lot at the time), cost millions of dollars in damage, and inspired
the U.S. government to create a emergency response for computers
Figure 9
CERT. Morris was eventually charged under the Computer Fraud &
Abuse Act for his accidental crimes and ordered to pay $10,000 and do 400 hours of community service.
The source code was archived on a black 3.5-inch floppy disk now on display at the Boston Museum of
Science.

2) June, 1990: Kevin Poulsen Vs KISS-FM

Kevin Poulsen was a teenage telephone hacker. He hacked the phone

lines to be the 102nd winning caller on Los Angeles-area radio station
KIIS-FM's "Win a Porsche By Friday" contest. In the ensuing months, he
also allegedly wire-tapped a Hollywood actress and hacked into Army and
FBI computers. After months on the run, the FBI charged Poulsen with a
Figure 10
series of fraud and laundering offenses. He was sentenced to 51 months in prison, ordered to pay $56,000 to
the burned radio stations, and banned from touching a computer for three years. Today,
Poulsen is a journalist with Wired.com and runs its Threat Level blog.

3) August, 1999: Jonathan James Vs NASA

Jonathan James is one of historys all-time most infamous computer hackers who, in
1999, broke into military computers at the Defense Threat Reduction Agency and
intercepted thousands of confidential messages, log-in information, and $1.7 million
software that controlled the living environment on the International Space Station. Once
detected, his breach led NASA to shutdown their network for three weeks that fall, costing thousands of

14 | P a g e
Hacking/ Most renowned hacking attacks
dollars in security upgrades. In 2007, James committed suicide. In his suicide note, he denied having anything
to do with a recent spate of computer takes that he was being investigated for.

4) February, 2000: Mafiaboy Vs. Yahoo, CNN, eBay, Dell, & Amazon Figure 11

The first major distributed-denial of service attack (D.DoS)

responsible for cripplin g some of the internet's most popular websites
was executed by the hands of a Canadian citizen not old enough to drive.
"Mafiaboy" 15-year-old Michael set out to make a name for himself in
February 2000 when he launched "Project Rivolta" which took down the
website of the #1 search engine at the time and second most popular
website Yahoo. Thinking it may have been a fluke, he went on to batter Figure 12

the servers of CNN, eBay, Dell, and Amazon in a wave of highly publicized attacks that were the first to show
the world how easily one kid can knockout major websites. Michael was ultimately picked up by Canadian
police while watching Goodfellas, allegedly and pleads guilty for hacking. He faced 3 years, but was
sentenced to eight months in a juvenile detention center and forced to donate $250 to charity.

5) February 2002: Adrian Lamo Vs. The New York Times

Adrian Lamo is making headlines these days for being the hacker Pfc.
Bradley M anning confessed to after leaking 400,000 stolen diplomatic
cables to Wiki leaks. But before this summer Lamo "The Homeless
Hacker" was better known for hacking into the servers of companies
like the New York Times from Kinko's shops and Starbucks cafes. In
Figure 13
February 2002, having snuck inside the Grey Lady's database, Lamo
added his name to a list of Op-Ed contributors, spent endless hours searching himself on Lexis-Nexis 3,000
searches in 3 months a "serious offense" per the Times. The FBI claimed the Lexis-Nexis searches cost the
Times $300,000 and Lamo faced 15 years in jail for the breach. In the end, Lamo was sentenced to two years
probation, 6 months home detention and ordered to pay $65,000.

6) November 2008: Unknown Vs. Microsoft Windows (& the World)

15 | P a g e

Figure 14
Hacking/ Most renowned hacking attacks

If there's one word that causes shudders in internet security circles, it's
Conficker. Sta rting in late-2008, the Conficker worm exploited vulnerabilities
in a number of Microsoft operating systems. Once it takes over an infected
machine, it links unwilling computers together into a massive boot net that can
be controlled by its authors, whomever, and wherever, they are. Since its first
detection, Conficker has infected millions of computers and business networks
in countries around the world, as authorities struggle to identify its authors some say they may be military and
stamp out the threat.

7) July, 2009: Unknown Vs. United States & South Korea

For three days in July, 2009, the web sites of South Koreans
largest daily newspaper, a large-scale online auction house, a bank,
the countrys president, the White House, the Pentagon and U.S.
Forces Korea to name a few came under D.DoS attack as upwards of Figure 15

166,000 computers in a botnet unleashed wave after wave after wave of a data-powered onslaught. Some
believed operatives at North Koreas telecommunications ministry were to blame, using a backdoor for the
infamous My-doom worm of 2004, but this has never been proven.

8) April, 2011: Unknown Vs. Sony

After a recent hacker attack took down the Sony PlayStation

Network for an extended period of time, Sony has admitted that
hackers broke into its servers on April 16 and 17 and may have
stolen personal user data. This time, hackers targeted the
accounts of Sony Online Entertainment (SOE) users; according
to Sony, they may have stolen personal data from approximately Figure 16

24.6 million SOE accounts, as well as some of the data from an outdated database from 2007. This database
includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card
security codes), and about 10,700 direct debit records of some customers in Austria, Germany, the
Netherlands and Spain

16 | P a g e
Hacking/ Most renowned hacking attacks
9) January, 2012: YamaTough Vs. Symantec

In January 2012, Symantec admitted that its servers were successfully

hacked and Norton antivirus and other software source code was stolen.

The firm acknowledged that a portion of its source code was obtained
from a third party but said that would not affect Norton antivirus users.
Figure 17
The hack came from a hacker known as YamaTough, who then went on to
release the source code he had accessed.

YamaTough said he had tricked Symantec into offering him a bribe so that he could humiliate them.

10) March, 2013: Unknown Vs. South Korean authorities

This year, South Korea became history's first cyber-war victim.

Beginning in March 2013, South Korea became the victim of a full scale
cyber attack that targeted numerous government websites and work
systems. South Korean authorities stated that the attacks continued for
nearly four months at the end of which South Korea had suffered a loss
of 800 billion won (over 500 Million USD).
Figure 18

17 | P a g e