Introduction to Hacking

The meaning of the word hacker has changed from the original definition. Originally
the hacker were the person who go deep into working structure of computer or
computerize device and software’s so as to improve the performance of the device.
But with the time the some people has changed the meaning of the hacker as a
person who cracks into other system so as to gain the accesses for personal
benefits and some even enjoy giving trouble to public. These people in the computer
world are known as crackers. To distinguish the real hacker form the cracker for
general public the word ethical is added to the term “hacker”.

With the time hacking is not just personal interest but a profession with high demand
and are the computer and network expert who perform the test against the security
system seeking vulnerabilities for which a cracker can exploit as per demand by
person or company who hire them. For this purpose, ethical hackers use the same
technique and tools as their less principled counterparts (crackers) and report
technical issues to concerned person rather than taking advantage of them. Ethical
hackers are also known as penetration testers and white hat hackers. In the 1970s
United State government has formed a team known as red teams to hack into their
own security is the one of the oldest know ethical hackers. Many companies like IBM
Micro Soft, has employee ethical hackers for test the security of the products tey
release.
(http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci921117,00.html )

Need of Ethical Hacking

In the digital age where every bits of digital device is connected to internet, cyber security is
the most threatening one that everyone must be concern about. Banks, government offices,
schools, businesses, and so on are connected to internet and all the sensitive information like
credit card number medical records, even the personal data ####means that all of your most
sensitive information—from
credit card numbers and checking accounts, to medical records and phone bills—is
accessible for viewing, stealing, or manipulating to anyone with a PC, an Internet
connection, and some computer know-how. The increasingly computer-based world is
increasingly vulnerable to malevolent computer hackers.
While we know little about these shadowy hackers we have a very clear picture of
the damage they do. In 2003, hacker-created computer viruses alone cost businesses $55
billion—nearly double the damage they inflicted in 2002 (SecurityStats.com 2004). In
2000 the total cost of all hack attacks to the world economy was estimated at a staggering
$1.5 trillion (PricewaterhouseCoopers 2000). In a 2004 survey of American companies
and government agencies conducted by the Computer Security Institute, over half of
respondents indicated a computer security breach in the past 12 months and 100 percent
of respondents indicated a Web site related incident over the same period (CSI 2004).
If anything these figures probably understate the volume of hacker-related
security breaches. Firms, especially financial institutions, are extremely reluctant to
report hacker-related break-ins for fear of how this may affect customers’ and
stockholders’ impressions of their security. In the survey of American businesses
conducted jointly by CSI and the FBI, nearly 50 percent of firms that experienced system
intrusion over the last year stated that they did not report this intrusion to anyone. The
3
primary reason cited for this was the perceived negative impact on company image or
stock (CSI 2004: 13-14), and similar findings have been corroborated by others (see for
instance, United Nations 1994; Schell et al 2002: 40). What can we say about the
enigmatic community of computer hackers and what can we do about the cost these
hackers impose?
This paper uses simple economic analysis to try and better understand the
phenomenon of hacking. In particular we are interested in creating a framework for
analyzing hacking that is policy relevant. Towards this end we divide the community of
hackers into three classes separated by motivation. The first class consists of “good”
hackers. These hackers illegally break into computer systems but voluntarily share
security weaknesses with those in charge of these systems. The second class of hackers
is fame-driven. This class constitutes a dangerous subculture of unethical hacking in
which members seek infamy and the accolades of their cohort by breaking into the
electronically stored information of vulnerable parties and wreaking havoc. The third
group of hackers is “greedy.” These hackers are not motivated by considerations of fame
but are instead driven by profits. Profit-driven hackers can be “good” or “bad”
depending upon which type of behavior yields the greatest monetary return.
An economic analysis of these distinct hacker categories yields important insights
for policy aimed at reducing the security threat posed by computer hacking. In Section 2
we offer a brief history of hacking. Section 3 discusses good hackers, Section 4
examines fame-driven hackers, and Section 5 considers profit-driven hackers. Section 6
turns to the policy implications of our analysis and Section 7 concludes.

With the development of internet world acts as are connected and world works as
a single network

Computer misuse acts

Before going any further about ethical hacking, we should know the law that is
related to hacking. Laws and judriction for different country are different and these
laws was just made as per the case that come. In UK before 1990 there so no laws
that deals with computer crime and the Computer Misuse Act was just made to solve
the case ........... The Computer Misuse Act also called as “anti-hacking legislation”
was introduce in respond to the growing threat of hacking to computer systems and
data Previously hacking was not illegal in the UK. Act now covers much more.

Levels of Offence The Act specifies 3 levels of offence

In summary these are:-

Unauthorised Access
Unauthorised access with intent to commit another offence
Unauthorised modification of data (writing viruses comes under this level)

Penalties
Unauthorised Access (level 1) is called a summary offence and penalties are
limited to 6 months imprisonment and/or a maximum fine of £5000
The other two offences (levels 2 and 3) are more serious and carry jail terms
of up to 5 years and unlimited fines

Problems

Commandments of the Ethical Hacking

Ethical Hacker must know and follow some basic commandments, in order to make
things go on their ways. These are the basic things that every professional hacker
knows but sometime they ignore or forget them, consequence of which is something
goes wrong.

Work ethically: Ethics is what separate an ethical hacker from cracker. Ethical in this
context means working with high professional principles and morals. The work must
be done according to plan that is been approved and most important is that the
information’s and security threats uncovered should be confidence and should be
disclosed to the related person. Whether tests are being conducted must be
aboveboard and must support the goal of the company. There should not be any
hidden agendas. At last everything that goes as per according to policy or law is
ethical, so one should not perform any such hacking activities though it sound ethical
but is forbidden by law or policy.

Respect privacy: The information gather should be treated with utmost respect. The
information like encryption key, passwords web-application log files must be kept
private and handled carefully so that no one except authorize person can reach to
these information. Use of this information to snoop into confidential information of
corporate or private lives should not be done.

Obtain Permission: The most important task that an ethical hackers should perform
before doing any hacking stuffs is to get the written agreement from the authorize
person. This written agreement is the only proof that proves you are not the bad guy.
A copy of this agreement should be with everybody in the team at anytime. This
agreement is called as the Get Out of Jail Free card, as its only statement you have
as proof you are not illegal.

Process of hacking