Attacks Used to Hack Email Accounts and Their Preventive Measures Essays

Attacks Used to Hack Email Accounts and Their Preventive Measures Essays Attacks Used to Hack Email Accounts and Their Preventive Measures Essay Attacks Used to Hack Email Accounts and Their Preventive Measures Essay The present-day network threat scenario is unprecedented in both scale and impact. CYBER CRIMINALS has become increasingly confident in their own abilities because of good organization skills and years of experience in evading law enforcement. Armed with sophisticated technical knowledge, a whole bunch of tools and operating systems with exploits, their sole objective today is to cause irreparable damage to the security and business interests of organizations. The biggest brand name between all terrorist groups across the world The Al-Qaeda, Islamic militant group Tehrik-I-Taliban Pakistan and many more terrorist organizations perform cyber terrorism i. e. , disrupt attacks against information systems for the primary purpose of stealing confidential information regarding the nation’s security issues and secondary purpose is creating alarm and panic among the cyber army of the nation. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically.Therefore there is a huge requirement for each and every one of us to know the minimum preventive measures so as to avoid the exploitation of a hacker as he may use our computer as a shield to hide his identity. Our paper discusses on the types on hackers and the main motto behind these people performing these attacks in an attempt to compromise any computer system. Our paper emphasizes on various methods by which passwords can be stolen and then used for personal purpose. A live performance on how an account can be hacked (say facebook) will be demonstrated by using the phishing attack.All the preventive measures that needs to be taken to overcomes these problems and stay safe from this cyber world attackers will be briefly explained so as to make everyone technically strong and preventing their computers getting exploited†¦ Let’s build a stronger nation†¦. JAI HIND†¦ Vamshi Krishna Gudipati A. K. A h4x0r le610n, 4th year b. tech, COMPUTER SCIENCE AND ENGINEERING, WARANGAL INSTITUTE OF TECHNOLOGY AND SCIENCE. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security. Governments, military, corporations , hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status.Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. WHAT IS HACKING? Unlike most computer crime / misuse areas which are clear cut in terms of actions and legalities (e. g. software piracy), computer hacking is more difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal.There is an aura of mystery that surrounds hacking, and a prestige that accompanies being part of a relatively elite group of individuals who possess technological savvy and are willing to take the risks required to become a true hacker. An interesting alternative view of how hackers positively impact areas such as software development and hacker ideology is presented in Technology and Pleasure: Considering Hacking Constructive. WHO IS A HACKER? In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer or computer network.Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community. While other uses of the word hacker exist that are not related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. KINDS OF HACKERS White HatA white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term white hat in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council, also known as the International Council of Electronic Commerce Consultants, is one of those organizations that have developed certifications, courseware, classes, and online training overing the diverse arena of Ethical Hacking. Black Hat A black hat hacker is a hacker who violates computer security for little reason beyond maliciousness or for personal gain (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are the epitome of all that the public fears in a computer criminal Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.They choose their targets using a two-pronged process known as the pre-hacking stage. Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Next, they will port scan a network to determine if it is vulnerable to attacks, which is just testing all ports on a host machine for a response. Open ports- those that do respond- will allow a hacker to access the system. Part 2: Research and Information GatheringIt is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them access the system. The main way that hackers get desired results from this stage is from social engineering, which will be explained below. Aside from social engineering, hackers can also use a technique called dumpster diving. Dumpster diving is when a hacker will literally search through users garbage in hopes of finding documents that have been thrown away, which may contain information a hacker can use directly or indirectly, to help them gain access to a network.Part 3: Finishing The Attack This is the stage when the hacker will invade the preliminary target that he/she was planning to attack or steal. Many hackers will be caught after this point, lured in or grabbed by any data also known as a honeypot (a trap set up by computer security personnel). Grey Hat A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example.Then they may offer to repair their system for a small fee. Hacktivists Some hacker activists are motivated by politics or religion, while others may wish to expose wrongdoing, or exact revenge, or simply harass their target for their own entertainment. State Sponsored Hackers Governments around the globe realize that it serves their military objectives to be well positioned online. The saying used to be, He who controls the seas controls the world, and then it was, He who controls the air controls the world. Now it’s all about controlling cyberspace.State sponsored hackers have limitless time and funding to target civilians, corporations, and governments. Spy Hackers Corporations hire hackers to infiltrate the competition and steal trade secrets. They may hack in from the outside or gain employment in order to act as a mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to serve their client’s goals and get paid. Cyber Terrorists These hackers, generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting critical infrastructures.Cyber terrorists are by far the most dangerous, with a wide range of skills and goals. Cyber Terrorists ultimate motivation is to spread fear, terror and commit murder. VARIOUS ATTACKS USED BY A HACKER PHISHING Phishing is a way of attempting to acquire information such as usernames,passwords, and credit card details by masquerading as a trustworthy entity in anelectronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.Phishing is typically carried out by e-mailspoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. A phishing technique was described in detail in 1987, and the first recorded use of the term phishing was made in 1996.The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used in hopes that the potential victim will bite by clicking a malicious link or opening a malicious attac hment, in which case their financial information and passwords may then be stolen. KEY LOGGING These are software programs designed to work on the target computer’s operating system. From a technical perspective there are five categories: * Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched.It effectively becomes a virtual machine. Blue Pill is a conceptual example. * Kernel-based: This method is difficult both to write and to combat. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications. They are frequently implemented as rootkits that subvert the operating system kernel and gain unauthorized access to the hardware, making them very powerful. A keylogger using this method can act as a keyboard device driver for example, and thus gain access to any information typed on the keyboard as it goes to the operating system. API-b ased: These keyloggers hook keyboard APIs; the operating system then notifies the keylogger each time a key is pressed and the keylogger simply records it. Windows APIs on such as GetAsyncKeyState(), GetForegroundWindow(), etc. are used to poll the state of the keyboard or to subscribe to keyboard events. [1] These types of keyloggers are the easiest to write, but where constant polling of each key is required, they can cause a noticeable increase in CPU usage, and can also miss the occasional key.A more recent example simply polls the BIOS for pre-boot authentication PINs that have not been cleared from memory. * Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the web browsing onsubmit event functions. This records form data before it is passed over the Internet and bypasses HTTPS encryption. * Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords. Remote access software keyloggersThese are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods: * Data is uploaded to a website, database or an FTP server. * Data is periodically emailed to a pre-defined email address. * Data is wirelessly transmitted by means of an attached hardware system. * The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.Related features Software Keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include: * Clipboard logging. Anything that has been copied to the clipboard can be captured by the program. * Screen logging. Screenshots are taken in order to capture graphics-based information. Applications with screen logging abilities may take screensh ots of the whole screen, just one application or even just around the mouse cursor.They may take these screenshots periodically or in response to user behaviours (for example, when a user has clicked the mouse). A practical application used by some keyloggers with this screen logging ability is to take small screenshots around where a mouse has just clicked; these defeat web-based keyboards (for example, the web-based screen keyboards that are often used by banks) and any web-based on-screen keyboard without screenshot protection. * Programmatically capturing the text in a control. The Microsoft Windows API allows programs to request the text value in some controls.This means that some passwords may be captured, even if they are hidden behind password masks (usually asterisks). * The recording of every program/folder/window opened including a screenshot of each and every website visited, also including a screenshot of each. REMOTE ADMINSTRATIVE TOOL(RAT) A remote administration tool (a RAT) is a piece of software that allows a remote operator to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, RAT software is usually associated with criminal or malicious activity.Malicious RAT software is typically installed without the victims knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software. The operator controls the RAT through a network connection. Such tools provide an operator the following capabilities: * Screen/camera capture or image control * File management (download/upload/execute/etc. ) * Shell control (from command prompt) * Computer control (power off/on/log off if remote feature is supported) * Registry management (query/add/delete/modify) Other software product-specific functions Its primary function is for one computer operator to gain access to remote PCs. One computer will run the client software appl ication, while the other computer(s) operate as the host(s). CLICK-JACKING Clickjacking is possible because seemingly harmless features of HTML web pages can be employed to perform unexpected actions. A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers load another page over it in a transparent layer.The users think that they are clicking visible buttons, while they are actually performing actions on the hidden page. The hidden page may be an authentic page, therefore the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page. Clickjacking is possible because seemingly harmless features of HTML web pages can be employed to perform unexpected actions.A clickjacked page tricks a user into performing undesired actions by clicking on a conceal ed link. On a clickjacked page, the attackers load another page over it in a transparent layer. The users think that they are clicking visible buttons, while they are actually performing actions on the hidden page. The hidden page may be an authentic page, therefore the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.Examples A user might receive an email with a link to a video about a news item, but another valid page, say a product page on amazon. com, can be hidden on top or underneath the PLAY button of the news video. The user tries to play the video but actually buys the product from Amazon. Other known exploits include: * tricking users into enabling their webcam and microphone through Flash (which has since been corrected by Adobe); * tricking users into making their social networking profile information pub lic; * making users follow someone on Twitter; share links on Facebook SPAMS Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE (unsolicited commercial email). The opposite of spam, email which one wants, is called ham, usually when referring to a messages automated analysis (such as Bayesian filtering). Email spam has steadily grown since the early 1990s.Botnets, networks of virus-infected computers, are used to send about 80% of spam. Since the expense of the spam is borne mostly by the recipient, it is effectively postage due advertising. The legal status of spam varies from one jurisdiction to another. In the United States, spam was declared to be legal by the CAN-SPAM Act of 2003 provided the message adheres to certain specifications. ISPs h ave attempted to recover the cost of spam through lawsuits against spammers, although they have been mostly unsuccessful in collecting damages despite winning in court.Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users address books, and are sold to other spammers. They also use a practice known as email appending or epending in which they use known information about their target (such as a postal address) to search for the targets email address. According to the Message Anti-Abuse Working Group, the amount of spam email was between 88–92% of email messages sent in the first half of 2010. PREVENTIVE MEASURES TO OVERCOME THE ATTACKS OF HACKERS KEYLOGGERSSCAN THE FILE WITH DR. WEB LINK CHECKERBEFORE DOWNLOADING. SCAN THE FILE WITH ONLINE MULTIPLE ANTI-VIRUS ENGINE IE. , www . novirusthanks org USE ANTI KEYLOGGERS LIKE ZEMANA,KEYSCRAMBERS ETC.. RATS STRICTLY FOLLOW THE INSTRUCTIONS OF THE ANTI-VIRUS.. ALWAYS USE AN UPDATED ANTI-VIRUS. DONT DOWNLOAD ANY FILE FROM AN ANONYMOUS WEBSITE. PHISHING ALWAYS TYPE THE COMPLETE URL OF THE INTENDED WEBPAGE FOR LOGIN. USE ANTI-VIRUS WHICH HAS WEB BROWSER INTERGRATION FACILITY TO COMBAT PHISHING LIKE KASPERSKY ETC.. NEVER LOGIN IN ANY LINK WITHOUT VERIFING ITS AUTHENTICATION. SPAMSome Facebook users were fooled into verifying’ their account. Many Facebook walls were flooded with verify your/my account’ spam messages/wall posts. My advice to all Facebook users. To get rid of FB spams, do not click the link. As simple as that. Clicking the link will just cause you to become one of the spam victims. It will automatically post the same spam messages on different Facebook walls. CONCLUSION * Data Security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. * . The Internet is a scary place.Criminals have the ability to hide behind their computers, or even other people’s computers ,they attempt to break into computer to steal personal information or to use it for their own purposes. * So to protect your Data with a firewall so that you are not an easy target to hackers and viruses in the future * When you leave your house, you lock your doors to prevent robbery, why not use a firewall to put a lock on your computer. AUTHORS: G. VAMSHI KRISHNA A. K. A h4x0r le610n, Computer Science amp; Engineering, 4nd year B. Tech, WARANGAL INSTITUTE OF TECHNOLOGY amp; SCIENCE.

Master a Seasonal Essay, the Holiday Way

Master a Seasonal Essay, the Holiday Way Master a Seasonal Essay, the Holiday Way Proofread as You Go When writing anything, it is important to check work as you go. Many writers do not check for errors until the very end of an essay; this can be problematic. Its a lot less effort to check for errors as you write. Having a second pair of eyes is always useful; professional writing services can check your work and help you make improvements. Be Sensible If you aim to make your writing â€Å"visual,† you must be descriptive. Unless youre adding pictures to the text, the reader can only experience an essay through your words. Before writing, take in the scene of a holiday greeting card, or write in a festive setting. Incorporate details regarding how the holiday smells, feels, tastes, and looks. Use a variety of senses to convey your images and meaning. Know Your Audience Just as businesses do market research, a writer ought to know his/her audience. What reading level is the audience? What’s their geographical location? Keep the audience in mind as you write. If It Sounds Right, Write! Reading your essay aloud throughout the process. Though a phrase may be grammatically correct, the phrasing could be awkward. Awkward phrasing is distracting to the reader, especially in an essay attempting to convey the spirit or energy of the holiday season. Think Big, and Add a Touch of You It can be easy to get discouraged when writing; most people do. Try allowing yourself to â€Å"dream big† when it comes to your essay. Push yourself to write 1000 words, and then push beyond that. Think up imaginative topics, and make it you by adding a personal touch. Are you funny? Add humour. Are you sad? Talk about how people get blue during the holidays. Your feelings and thoughts make the essay stronger. Every voice is different and valuable. Keep working on your writing, and seek the help of a professional writing service when you hit a stumbling block. Call toll-free throughout Canada at 1-800-573-0840.