Free Essay

Hacking Not Mine

In:

Submitted By meme1414
Words 583
Pages 3
Hacking - A case study

The Organization

A seller of quality model cars based in the UK. The company involved was small, employing fewer than six people. It originated as a mail order company, and saw upgrading to include Internet-based sales as a natural step. They went into this field early, and used their normal Internet Service Provider to develop their online payment system.

What Happened

The company was infiltrated online by hackers, who altered prices on the site's catalogue. They were able to set any price they wanted for any product - and they did, reducing prices to one tenth of the original.

Impact

The company suffered substantial losses as a direct result of the attack. Fortunately, they recovered from the event quickly and prevented a recurrence by employing a specialist e-commerce oriented consultancy. This involved additional expense, but less than the amount they lost in the hacking attack.Such infiltration can go beyond embarrassment and financial loss. A website can be taken over and used to host illegal sites (including pornographic and warez sites). A warez site is one that provides illegal stolen software. It also provides the means to use copy-protected and similar programmes illegally.

Lessons?

• If you use the Internet for trading, ensure your website is secure. (See our section on online trading for further information.) • If you do not have IT staff 'in house', seek information security advice from a specialist company

Ethical Hacking - A case study

The Organization

A public organization in the UK that holds and processes extremely sensitive (in some cases political) information. The organization was subjected to a deliberate penetration test (known to some as 'ethical hacking') by a specialist company.

What Happened?

The network was scanned to determine what services were available on application and data servers. Conversations with the client revealed that a data server was used to store highly sensitive information.
Testers obtained information from the data server using a tool designed to retrieve information from Windows machines. Windows will reveal a lot of information without requiring any user identification. The output revealed: • The system password policy (that password lockout was not set, allowing unlimited attempts to guess passwords) • Login times • Usernames and groups • Shared drives

Impact

This information was sufficient to mount a password guessing attack. Testers found that there were two accounts within the administrator group and that password lockout was not enabled. This allowed the testers an unlimited number of login attempts.
It took 11 guesses to reveal the administrator password, the most powerful ID on any Windows system. Knowing this allows the user to do anything, change anything and then cover their tracks.
All machines on the site were connected to an open network. This meant that any user (authorized or otherwise) within the building who could access a workstation on the network could easily gain access to data stored on the data server. At this point testers reported the finding to their client as they had gained access to extremely sensitive information.

Lessons?

• If your computer systems are used for handling sensitive information, ensure that adequate security measures are in place • Ensure that password controls are stringent. In the above example, locking a user out of the system after two or three failed attempts to enter a password would have prevented unauthorised access to systems • Do not use passwords that might be guessed by other users. For example, never use personal or company names • Use network access and permissions to restrict internal access as appropriate

Similar Documents

Free Essay

Hacking

...What Hacking means? To the popular press, "hacker" means someone who breaks into computers. Among programmers it means a good programmer. But the two meanings are connected. To programmers, "hacker" connotes mastery in the most literal sense: someone who can make a computer do what he wants—whether the computer wants to or not. To add to the confusion, the noun "hack" also has two senses. It can be either a compliment or an insult. It's called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, that's also called a hack. The word is used more often in the former than the latter sense, probably because ugly solutions are more common than brilliant ones. Believe it or not, the two senses of "hack" are also connected. Ugly and imaginative solutions have something in common: they both break the rules. And there is a gradual continuum between rule breaking that's merely ugly (using duct tape to attach something to your bike) and rule breaking that is brilliantly imaginative (discarding Euclidean space).Hacking predates computers. When he was working on the Manhattan Project, Richard Feynman used to amuse himself by breaking into safes containing secret documents. This tradition continues today. When we were in grad school, a hacker friend of mine who spent too much time around MIT had his own lock picking kit. (He now runs a hedge fund, a not unrelated enterprise.) It is sometimes hard to explain to authorities why...

Words: 931 - Pages: 4

Premium Essay

Asdsadsa

...world requires |“Data breaches are becoming ever bigger and more |“CryptoWall has primarily affected Windows |Rising trend of data infiltration by hackers, | | |secure end-to-end communications, where traffic |common. Last year over 800m records were lost, |computers and Android cellphones so far, there is|across all different technological devices | | |might cross many intermediate nodes – all of |mainly through such attacks “ |no technological barrier that prevents the virus | | | |which become weak points ripe for MiM attacks.” | |from infiltrating Macs like mine.” | | |2 |“Dispersive’s approach clearly makes MiM attacks |“ A need to provide incentives to improve |“ Keep our computers backed up on an independent |Better security infrastructure will lead to | | |quite difficult, and sometimes increased |cyber-security, be they carrots or sticks. One |drive or by using a cloud backup service like |increased difficulty for hacker’s security | | |difficulty is all the prevention you need.” |idea is to encourage internet-service providers |Carbonite, take those software update and “patch”|exploitation | | | ...

Words: 527 - Pages: 3

Premium Essay

Hacking

...Hacking Another one got caught today, it's all over the papers. "Teenager Areested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"....Damn kids. They're all alike. But did you , in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world...Mine is a world that begins with school... I'm in junior high or high school. I've listened to teachers expain for the fifteenth time how to reduce a fraction. I understand it "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid . Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because i screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong... "I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all.....

Words: 976 - Pages: 4

Premium Essay

Ethical Hacking

...Importance of ethical hacking Chapter 1 Introduction Ethical hacking is an emerging tools used by most of the organizations for testing network security. The security risks and vulnerabilities in a network can be recognized with the help of ethical hacking. This research completely concentrates on ethical hacking, problems that may occur while hacking process is in progress and various ethical hacking tools available for organizations. Information is the important source for any organizations while executing business operations. Organizations and government agencies have to adopt ethical hacking tools in order secure important documents and sensitive information (Harold F. Tipton and Micki Krause, 2004). Ethical hacker professionals have to be hired in order to test the networks effectively. Ethical hackers perform security measure on behalf of the organization owners. In order to bring out the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely. Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical...

Words: 9223 - Pages: 37

Free Essay

Surveillance

...Build Your Own Micro RC Surveillance Robot HOW DO YOU BUILD YOUR OWN MICRO RC SURVEILLANCE ROBOT? Why don't I show you how?   Almost every roboticist has wanted to create a small Surveillance Robot at some point in their time. The biggest problem being the Receiver/Transmitter pairs are always too expensive. My solution: Extract the RC receiver from a small RC car and modify it for our purposes. By the end of this tutorial, you will create and modify an RC robot to do: 1. Direct Radio Control using the remote's joysticks. 2. Computer control via a microcontroller connected to the remote.   Later, I plan on making this base teleoperational. When I do, I'll be sure to document it and continue the tutorial for it!!!!!!!!!!    It will used the receiver from a $10 ZipZaps RC car purchased at a RadioShack (US) or a Microz GT car purchased at The Source (Canada). Any inexpensive RC car, though, will do. It will also use a wireless camera and 2 Solarbotics gear motors.  The main goal of this robot always remains the same; to be able to perform surveillance that you could watch on your television or on your computer (this depends on the camera used). I broke this tutorial into steps for simplicity and organization of categories (why should you put the construction of chassis with building the electronics? :P) Now for some general examples of the design for the robot (you don't have to follow my example exactly). The image at the top of the page shows an angled view of...

Words: 5094 - Pages: 21

Premium Essay

What Excites Me About My Future in Technology

...Ibukunoluwa Sobayo Lee University April 10, 2015 What Excites Me About The Future Of Technology? It is not news that we are at the peak of technological advancements that will change our lives. Nothing has made more impact on how we live our lives today or carry the potential to so seriously improve the human condition, as the technologies each one of us now has at our disposal, and the wonders yet to come. The inter-connectedness we have, the vast amounts of information accessible to us in less than a minute, the way in which anyone with basic knowledge can communicate with their friends and family, or even the entire world is quite impressive. The ease and convenience with which we can access almost any resource on the internet using anything from a mere personal computer to a small smart device in the pocket is highly impressive. I am encouraged and grateful to be part of such a great global innovation. I truly believe that personal and individually accessible technologies, will become an important part of humanity’s next stage of growth in the general quality of life and even survival. There is such a great potential to empower any individual to interact with people all over the world – from family and friends to new people on the other side of the planet. Nothing the human race has seen to date has the potential to empower the individual to make as much of a difference, to make as much of a connection, to make as much of himself as the technologies we have now and those...

Words: 636 - Pages: 3

Free Essay

Kevin Mitnick - Social Engineering and Computer Hacking Mastermind

...Kevin Mitnick – Social Engineering and Computer Hacking Mastermind Shelby Descoteaux Professor Kabay IS 340 A Nov. 22, 2013 Table of Contents Introduction 3 Kevin Mitnick 3 Hackers and Their Motives 3 The Early Years 4 Adolescence 5 Kevin in Trouble 6 Kevin’s Final Visit from the FBI 7 Hacker or Engineer? 8 Impact on Computer Security 8 Conclusion 9 Works Cited 10 Introduction Most people today are aware of the detrimental risk that hackers pose to their computers. They might know about identity theft, viruses, Trojans and worms however what they fail to recognize is how these things are accomplished and if they have actually fallen victim to one of these horrible attacks. But what about attacks with even greater impacts…like someone hacking into the computer system of a car that controls the brakes? Perhaps penetrating the systems that control nuclear power plants? Although it seems unlikely that either of these extremely scary scenarios would ever happen, it is most definitely possible. One researcher for IBM’s Internet Security Systems told the owners of a nuclear power station that he could hack into their system through the Internet. The power station took this as a joke, responding to Scott Lunsford, the IBM researcher, with a laugh in his face saying that it was “impossible”. In response, Scott took up the power plant on their words and proved them wrong. In less than twenty-four hours, Scott’s team had infiltrated the system and in...

Words: 4016 - Pages: 17

Free Essay

Unit 2 Assignment 2: Vulnerability of a Cryptosystem

...Unit 2 Assignment 2: Vulnerability of a Cryptosystem 09-27-2014 ITT Technical Institute Unit 2 Assignment 2: Vulnerability of a Cryptosystem This assignment gives us a job at a University as a Security analyst. One of the first things that was placed on our plate as a responsibility was getting the cryptosystem up to date. A high risk vulnerability has been identified and they have asked me to make recommendations on how to remedy the situation. There is a few websites that I have been advised to read as they may assist in my decision making process. After reading further I have been asked a large number of questions. I am planning to read up so I know about the cryptosystem then go into answering the provided questions. When we think about MD5 hashing we have to consider the hash and its long history of collisions on the network. When we were doing the practice labs in class the other night we say a number of student using the MD5 hashing and getting the same hash out of different text documents. This is not a good sign that this is the best type of hashing algorithm to use. I would advised using the latest greatest out with a known history of being secure. Asking if the threat is significant is an easy question to answer. Any organizations documentation at some level needs to be protected so it is not used in the wrong way. Yes, of course the cryptosystem being vulnerable is something that needs to be addresses right away. Modifying the hardware and software to...

Words: 1643 - Pages: 7

Free Essay

Information Technology Act Paper

...electronic terminal, telephone, computer (including on-line banking) or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account. EFTs include, but are not limited to point-of-sale (POS) transfers; automated teller machine (ATM) transfers; direct deposits or withdrawals of funds; transfers initiated by telephone; and transfers resulting from debit card transactions, whether or not initiated through an electronic terminal” (Electronic Funds Transfer Act of 1978, Section 205.3(b)). By having EFT defined, clearly can demonstrate the advances that information technology brought with this process. The creation of this EFT Act prevents and establishes control to avoid hacking information, protect the personal identifiable information (PII), and provide basic guidelines on solving issues of unauthorized or unsolicited transactions as well as liabilities and responsibilities for individuals and institutions....

Words: 1012 - Pages: 5

Free Essay

Top Ten Leaders

...With the passing of my dear friend Stephen R. Covey, I have been taking some time to consider many of the greatest business leaders who are wielding strong influence on the business world we live in today. I’d like to present my personal top 10 list of the people I consider most influential in terms of innovative thinking, focus on customers, and their desire to serve the less-fortunate, which is a strong and continual interest of mine. Richard Branson has one of the world's most widely recognized personal brands Without further ado and in no particular order, I present to you my personal Top 10: 1. Jeff Bezos, Amazon– Jeff Bezos is a pioneer in world of internet commerce, and was instrumental in defining this space that is now defining many aspects of the internet world. It is Jeff Bezos who innovated the concept of “predictive analytics”–recommending products to customers based on search history and buying habits. Whether you like the concept or you hate it, the idea has made online commerce more profit rich and efficient, and is making online shopping a better experience for consumers throughout the world. The End of Middle Managers (And Why They'll Never Be Missed) David K. WilliamsDavid K. Williams Contributor The Case for Hiring 'Under-Qualified' Employees David K. WilliamsDavid K. Williams Contributor Who's Starting America's New Businesses? And Why? Cheryl ConnerCheryl Conner Contributor ...

Words: 1090 - Pages: 5

Premium Essay

Spiritual Leadership Philosophy

...In my lifetime as a Christian I have seen many leaders that are very honest people fail at being in leadership. So being a good leader an effective leader, a leader that carries God’s anointing is one of my biggest and greatest desires. According to our text Spiritual Leadership the anointing is so important (pg. 25). Isaiah 42:1 says Behold my servant, whom I uphold; mine elect, in whom my soul delighted; I have put my spirit upon him: he shall bring forth judgment to the Gentiles. Trying to be a leader without God’s spirit will carry you for a while but will not last. Even if you have all the other great qualities. The Holy Spirit will live in the ideal servant in leadership. God guided me to Living Faith Fellowship with a Pastor that teaches a...

Words: 1928 - Pages: 8

Premium Essay

Role of the Internet & Crime

...The Role of the Internet and Crime The Role of the Internet and Crime CIS 170 May 13, 2013 How the Internet has Aided Crime   The internet has aided criminal activity by communicating with each other without having to be near, as well as fraud and identity theft.   The rise of the Internet over the last decade has paralleled some of the greatest milestones in communications history. Along with such great strides in bringing the world together, the frightening aspect of accessing information and propaganda that tests the very limits of the U.S. Constitution has arrived. Above all, the Internet is used to commit against persons that include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important criminal activity known today. With just a few keystrokes, an individual can have access to all forms of personal information, bomb-making instructions, and poison recipes; and a plethora of extremist ideologies expressing everything from radical religious cults to clandestine organized crime groups.    Examples how Internet has Aided Crime    One of the examples could be considered as identity theft. Identity theft is the use of one person's personal information by another to commit fraud or other crimes. The most common forms of identity...

Words: 1226 - Pages: 5

Premium Essay

My Favorite Book

...and create balls of light. Sam is Astrid Ellison’s main love interest. He is the son of Connie Temple and biological fraternal twin of Cain Soren. He does not like considering himself a hero although that’s what he is. * Cain Soren Cain attended Coates Academy, and was the one who took control of Perdido Beach. He has telekinesis; the power to move things with his mind, and is the only 4-bar besides Sam. He is the main love interest of Diana Ladris. Although she only believes he is capable of puppy love. * Gaiaphage Also known as The Darkness, the Gaiaphage is a sentient alien virus who gave everyone their powers and caused the mutations. It appears as a green glowing slime with the capability to touch people’s minds. It lived in the mine shaft. In Gone it is only a mystery that can read people’s minds and it gave Drake his whip hand and made him leader of the coyote pack. * Peter Ellison The four year old brother of Astrid Ellison who is diagnosed with autism and is incapable of understanding anything other than what is happening on his Gameboy. He is discovered to have powers like telekinesis and teleportation. * Drake Merwin Also known as whip hand,...

Words: 1201 - Pages: 5

Premium Essay

Infosec Career

...help from many of my colleagues and friends in the field, I have endeavored to compile a comprehensive blog about starting an InfoSec career. This is a very lengthy blog broken into sections that may help people as parts or as a whole. We want you to succeed in our field. As always, please feel free to ask questions or leave comments / gripes / suggestions. Chapter 1: The Fundamentals  Unfortunately, for all the interminable hacking tool tutorials and security guides floating around the internet, many InfoSec job candidates haven’t grasped two fundamental concepts: * To hack something (or defend it from hacking), you must have a solid understanding of how that thing works. And, * InfoSec is not a career that can be put in a box once you go home from work or school. You must be passionate enough about the field to be continually learning and aware of quickly changing current events. If you want a career that you can forget about once you go home at 5:00 PM, InfoSec is probably not the right choice. The really intriguing thing about InfoSec and hacking in general is how they draw heavily from knowledge of all sorts of IT subjects. It’s difficult to understand attacks,...

Words: 11232 - Pages: 45

Premium Essay

Qcf Level 3 Assignment

...IGN (InGame Name): _SavageOG Date of application: Today (October 24th, 2015) at 11:12 AM Age: 14 years old turning 15 on December 6th Country: USA Time zone: Central Time Zone (Arkansas) InGame ranks (Mine rank and Donation Rank,only if you have one): Rank W on Prison (No Donator Rank) 1. Why do you want to be staff?: I have chosen to become staff member because i am very trustworthy. I know all of the rules which i have written down on my phone, paper, and saved it on my computer. I know what kick/mute/ban is and how long it should be to do a punishment. I have been playing on this server and constantly on the forums voting and helping people with any problems they may have. I believe that if I where chosen for staff, i will use the rank for answering questions, helping people with problems, and using my...

Words: 1205 - Pages: 5