Hello, my name is Kunal Katke, and I’d like to welcome you to Tech- blogging.com. T
he news, which is full of stories of individuals, corporations, and countries being cyber attacked by hackers, or people who break into computer systems using their technical knowledge.
However, not all hackers are malevolent.
Hackers look find faults in software and try to plug security holes to make systems safer and more resilient.
Companies and governments frequently hire them to conduct security assessments.
“White Hats” are the term for these hackers.
They’re the nice folks, you know.
On the other hand, there are hostile hackers known as black hats that steal, exploit, and sell computer vulnerabilities and data.
Hackers’ motivations are likewise diverse.
Some hackers do it for fun and curiosity, while thieves do it for profit.
Hacktivists, on the other hand, use their skills to advance a social or political cause.
This is only the top of the iceberg.
Basically, the stereotype of a hacker as an unpopular kid sitting in a dark room filled of old pizza boxes arguably represents John Green in college more accurately than hackers.
We’re not going to teach you how to hack today.
Instead, we’ll go over some classic examples of how hackers break into computers to show you how it’s done.
The most typical approach for hackers to get access to computer systems is to dupe users into letting them in.
This is known as social engineering, and it occurs when a person is duped into divulging confidential information or configuring a computer system to allow attackers access.
Phishing is the most prevalent type of attack, which usually takes the form of an email requesting you to enter into an account on a website, such as your bank’s website.
You’ll be invited to click a link in the email that leads to a site that appears legitimate to the untrained eye but is actually a malicious clone.
When you enter your username and password, the information is sent directly to the hackers, who may then log in as you on the genuine website.
It’s bad news!
Even if a tenth of one percent of phishing emails are successful, a million of them may result in a thousand compromised accounts.
Pretexting is a type of social engineering attack in which attackers call a firm and confidently pretend to be from their IT department.
Attackers frequently dial a first number and then request to be switched to a second, giving the impression that the phone number is internal to the firm.
The attacker can then persuade an unwary victim to configure their machine in a vulnerable manner or to divulge sensitive information such as passwords or network configurations.
Attackers can be highly convincing, especially if they do some preliminary investigation to learn the identities of key personnel.
It may take ten phone calls to locate a victim, yet only one is required to get in.
Emails are also a typical distribution route for trojan horses, which are programs that appear to be harmless attachments, such as a photo or an invoice, but are actually harmful software known as malware.
Malware comes in a variety of shapes and sizes.
Some people may try to steal your personal information, such as your banking credentials.
Others may use ransomware to encrypt your files and demand a payment.
If they can’t employ malware or persuade a victim to let them in, attackers must resort to alternative methods.
One way, which we briefly mentioned in the previous episode, is to brute force a password, which entails trying every possible password combination until you obtain access.
Most current systems protect against this type of attack by making you wait longer and longer after each failed attempt, or even locking you out after a set number of tries.
NAND Mirroring is a recent hack that allows you to link wires to the device’s memory chip and create a perfect replica of its contents if you have physical access to the computer.
You can try a series of passwords with this arrangement until the gadget starts making you wait.
When this happens, simply reflash the memory with the original copy you created, thereby resetting it and allowing you to attempt more passwords right away.
This trick worked on an iPhone 5C, however many later smartphones have built
this type of assault.
You must discover a technique to hack a device remotely, like as over the internet, if you do not have physical access to it.
In general, an attacker must locate and exploit a flaw in a system, and successfully exploiting a flaw to obtain capabilities or access is referred to as an exploit.
A buffer overflow is a frequent form of exploit.
A block of memory dedicated for storing data is referred to as a buffer.
In Episode 23, we discussed video buffers, which are used to store pixel data.
Consider the login prompt on an operating system, which has fields for a username and password.
The text values entered into this operating system are stored in buffers behind the scenes.
Let’s pretend these buffers are ten by ten by ten by ten by ten by ten by ten by ten by ten by ten by ten by ten by
The two text buffers would appear something like this in memory:
Of fact, the operating system keeps track of a lot more than simply a login and password, thus data will be saved in memory before and after.
The values are copied into the buffers when a user enters a login and password, where they can be validated.
A buffer overflow attack does exactly what it says on the tin: it causes the buffer to overrun.
Any password longer than 10 characters will overwrite data in RAM adjacent to it in this instance.
Because key values are rewritten with gobbledygook, this can sometimes cause a program or operating system to crash.
Crashing a system is awful, and perhaps that’s all a malicious hacker wants to do is cause trouble.
However, attackers might use this flaw to their advantage by injecting deliberate new values into a program’s memory, such as setting the “is admin” variable to true.
Hackers can bypass things like login prompts and even use a program to hijack the entire system if they have the capacity to arbitrarily change a program’s memory.
Buffer overflow attacks can be dealt with in a variety of ways.
The most straightforward method is to always check the length of input before copying it into a buffer, a process known as bounds checking.
Bounds checking is built into many modern computer languages.
Programs can also randomly place variables in memory, such as our example “is admin” flag, so that hackers don’t know which memory address to alter and are more likely to crash the program than obtain access.
In addition, programs can leave free space after buffers and monitor those values to see if they change; if they do, they know an attacker is messing with memory.
These areas are known as canaries, after the little birds that miners used to bring underground to alert them of hazardous circumstances.
Code injection is another well
It’s most typically employed against websites that use databases, which almost all large websites do.
Because databases aren’t covered in this course, here’s a simple example to show how this type of attack works.
We’ll use the Structured Query Language, or S
a popular database API also known as sequel.
Assume our login prompt is now shown on a webpage.
When a user clicks “login,” the text values are transmitted to a server, which runs code to see if the username is valid and, if it is, if the password is correct.
To accomplish this, the server will run code known as a SQL query, which looks like this.
It must first indicate what data is being retrieved from the database.
We wish to get the password in this scenario.
The server must also specify where in the database the value should be retrieved.
Let’s pretend that all of the users’ information is kept in a data structure called a “users” table.
Finally, because the server does not want to get a massive list of passwords for every user in the database, it specifies that it only needs data for the account whose username equals a specific value.
The server copies that value into the SQL query based on the user’s input, so the actual instruction sent to the SQL database would look like this, where username equals Philby.
It’s also worth noting that SQL commands terminate in a semicolon.
So, how can one get around this?
By using a fraudulent username with SQL commands embedded in it!
For example, we may send the server the following unusual username:
When the server inserts this text into the SQL query, it appears as follows:
As previously stated, semicolons are used to divide commands, therefore this is the first command that is executed:
The database will return the password if there is a user named “whatever.”
Of course, we have no idea what “whatever”
is, so we’ll make a mistake and be rejected by the server.
If no user named “whatever” exists, the database will return no password or an error, and the server will reject us once more.
We don’t mind in either case because we’re more interested in the next SQL instruction, “drop table users,” which we injected by modifying the username column.
This command tells the SQL database to delete the table that contains all of the user’s information.
Which would cause a slew of problems in a bank or, frankly, anywhere.
We didn’t even hack into the system it’s not like we got the username and password correctly.
We were able to cause havoc despite having no formal access by exploiting a bug.
This is a fairly basic example of code injection, against which almost all servers today have safeguards.
With more complex attacks, hackers can add entries to the database
for example, a new administrator account
or even get the database to divulge data, allowing them to steal credit card numbers, social security numbers, and other sensitive information.
We won’t, however, tell you how to do it.
Programmers should always presume that input from the outside is potentially harmful, just as they should with buffer overflows.
As a first line of defense, most online username and password forms don’t allow you to use special symbols like semicolons or quotes.
Before conducting database queries, good servers sanitize input by eliminating or changing special characters.
Working exploits are frequently bought and sold on the internet.
The higher the price or prestige, the more common the problem or the more harmful the exploit is.
Even governments have been known to purchase exploits that allow them to compromise computers for espionage reasons.
” occurs when a new exploitable bug is uncovered that the software’s designers were unaware of.
Before white hat programmers produce a patch for the bug, black hat hackers race to exploit it to its full potential.
This is why keeping your computer’s software up to date is critical; many of those downloads are security fixes.
If enough holes are left open on enough systems, hackers can develop a program that automatically hops from computer to computer, known as a “worm.”
If a hacker is able to gain control of a large number of computers, they can be utilized to form a botnet.
This can be used for a variety of things, including sending massive amounts of spam, mining bitcoins with other people’s computers and electricity, and launching Distributed Denial of Service (DDoS) assaults against servers.
When all of the machines in a botnet deliver a flood of phony messages, this is known as a DDoSattack.
This can take down services to force owners to pay a ransom or simply to be bad.
Cyberattacks happen on a daily basis, despite all of the hardworking white hats, exploits detailed online, and software engineering best practices.
They cost the world economy almost half a trillion dollars per year, and the cost will only rise as we become more reliant on computers.
This is especially concerning for governments, as infrastructure such as power plants, the electrical grid, traffic lights, water treatment facilities, oil refineries, air traffic control, and many other critical systems are becoming increasingly computer – driven.
Many analysts believe that the next major war will be fought in cyberspace, with nations being brought to their knees by destroying their economy and infrastructure through cyberwarfare rather than by physical invasion.
Even if no bullets are fired, the risk of lives being lost is still quite high – possibly even higher than in conventional conflict.
As a result, we should all practice proper cybersecurity.
Furthermore, as a community connected by the internet, we must ensure that our computers are protected from those who desire to exploit them for their high potential for harm.