Different Strategies that Are Used by Hackers - Example

Information Systems Management Contents Contents 2 Introduction 3 Discussion 3 Common ways hackers use to gain access to systems 3 Phishing 4 Trojan horse: 5 Bypass passwords 6 Open Wi-Fi 6 Methods and systems used to block the attacks 6 Updates 7 Training employees 8 Tracking or monitoring activities on the web 8 Security software 8 Uniform standard operating procedures 9 Monitoring system behaviour 9 Plan and review 9 Conclusion 9 References 11 Introduction Hacker is someone who accesses the loopholes in the security of others computers and network so as to intrude and steal secret information. Hackers may be motivated by a no. of factors to do hacking such as profit seeking, challenges or for fun. Hackers as a community actually refer to a group of programmers who are extremely talented and take pleasure in breaking into the security system of other computers. For the most talented of the hacking community the target institutions are large companies or government institutions. While for some hackers the motive may be profit seeking but for most of the hackers the motive is just intellectual satisfaction or to just show that it is possible to hack (Fadia, 2006). Whatever may be the reason behind a hacking, it presents a pertinent security problem for the company. For the company the aim is prevent such attacks as may be possible so as to prevent the secured data being disclosed and ensuring data security. However with the hackers getting evolved in the use of the technologies that they use to hack and more and more data being digitized or in other words with increase in digitization the threat of the data being hacked and the cost of hacking for the company is increasing day by day. The present essay analyzes hacking in this perspective in order to analyze the different strategies that are used by hackers to hack and the various methods used by the company to prevent the attacks. Discussion Common ways hackers use to gain access to systems As digitization increases in every front of our lives more and more secured data are released on the web. Although this means that information sharing is much easier this days, but this in turn increases the risk of hacking as hackers look for loopholes in the security to sneak into the system and decipher the secret information. As the threat of these hackers looms large the hidden costs increases for the company to a great extent. Hackers, spammers and scammers are always hard at work in looking for tools to penetrate into the social network, steal bank account information and hack into the accounts at social media. After being able to penetrate into any of the above mentioned systems that can either steal valuable and secret information, can steal the money or trick one of the several contacts into giving money. The problematic part is that anyone can be a hacker now days with the availability of several soft wares’ that helps in hacking. The software does not cost muck and can be purchased for a few thousand dollars. So any armature hacker wanting to hack his way into the system can use this tool. In addition to these armatures are the more experienced one who may also be called the masters of the game or are the elite hackers, who use sophisticated programming languages to hack into other’s private data. In order to prevent an attack it is essential to know the strategies or techniques that the hackers can possibly use to hack into the system. Some of the common strategies or techniques used by hackers to hack are: Phishing One of the most common strategies used by hackers is to treat the potential targets as fish in the sea. In order to catch a fish in the sea, the fisherman hangs bait and waits for the fish to come and eat the same only to be get caught by the fisherman (Komando, 2013). Similarly in a phishing attack the hacker either acts like a rich Nigerian prince or some other rich individual who has lots of money and wants to give the same to the victim (the person whose account the hacker wants to hack). Now if the victim responds to such emails the hacker asks him of his bank account details in order to give him the money. As soon as the individual divulges this information his bank account is hacked and the hacker steals all the money. Sometimes the phishing mail may ask the users to provide other sort of information. For example sometimes the hacker may create a false website of a bank or the social network site and wait for the users to log in into their account in order to steal the same and use it for profit seeking purpose. Trojan horse: In this type of attack the attacker sends a virus or a program in disguise of something that the victim thinks is usable or harmless. Once the virus is installed it records everything that the user types and sends back all the data back to the hacker. The hacker sends out emails to its intended victim (Erickson, 2008). The mail often contains within it a word document or any other attachments with it. The mail body says that the mail is from a reputable bank or something and it contains important information for the victim to take into consideration. To know more about the information the victim has to then open an attachment. As soon as the victim opens the attachment the virus gets installed automatically in the system and the virus then starts doing its work by a system called probing and finger printing. Sometimes the Trojan horse may also be used to steal personal data from social net working sites. In the social networking site such as facebook or twitter the hacker may post a video titled funny video. In order to watch the particular video the victim has to download or install some software which in disguise is actually the virus. Once the victim installs the software the Virus starts doing it work silently as previously explained. Drive-by downloads The hackers who want to take advantages of the weaknesses that are present in the programmes that are in the computer, hackers set up websites that are filled with viruses. One might get to this websites by clicking on a link in one of the phishing mails or links that may be present in a social network. The user may find one of these sites in the Google search as well when one searches for a particular program or software. Once into the particular site the code used by the hackers scans for potential loop holes in the programs installed at the computer and automatically downloads a malicious software or virus to hack all the information without the Victim having to do anything. The key is for the hacker to find out any old version program the user or victim may be using and to exploit that loop hole. Bypass passwords One of the ways that the hackers use to get into a system and steal the personal information is by actually getting to know his or her password. In order to know the password of an individual or a company the hackers may use a no. of different methods. One of the simplest methods is random guessing. In this method the hackers have software which automatically guesses the different types of software that the victim is likely to use and inputs them randomly in order to try if any of them actually clicks (Jordan, 2013). Sometimes the hackers may try forgot password feature and then try to answer the security question. Most of the times the answer to the particular security question is readily available in the social networking site that the victim uses. Other means of knowing the password of the victim that the hacker uses is through the use of Trojan horses or some other probing and fingerprinting software that tracks the keys that the victim presses in order to enter his username or password and sends an automatic mail to the hacker that contains all details of the user id and password of the victim that the victim uses to log into the system. Open Wi-Fi The company which uses Wi-Fi that is not encrypted is vulnerable to the attacks by the hackers. The hackers may use that unencrypted Wi-Fi connection in order to gain access to the victims’ computer and personal data. Methods and systems used to block the attacks If the hacking incidents that have occurred all over the globe is analyzed in detail then it can be found that most of the hacking takes place are due to a compromise that is in turn caused by vulnerability. The vulnerability might have been caused either by technical issues such as defective software or by human factors such as employees disclosing secret information or potentially sensitive information unknowingly. The hackers usually attack and target those spots or those leaks in the security that can be easily exploited. So, one of the foremost strategies that can be used to prevent hacking is to cover any loopholes. Most of the times covering the loopholes isn’t that hard and needs only some careful attention and some preliminary precautionary measures. The findings highlights the facts that the company needs to have comprehensive defence practices in place to protect it against these attacks. Building a defence strategy that acts as an effective shield against the potential attacks requires that the company spends considerable amount of resources and also trains its staffs accordingly to exercise caution. For hacking attacks in particular, in order to keep a company’s network secure will require both proactive and reactive approaches to be taken up by the company in order to keep itself secure an prevent potential attacks. Some of the strategies that the company may use to keep its data secure and safe from the hackers are: Updates The security software and other critical software should be regularly checked for updates and updates if available should be installed immediately. This regular updating of the software has two way benefits (Fadia, 2005). One of the benefits is that updating the security software will cause it to have with it all the latest virus definitions with it and so it will be easily able to detect all the latest viruses. Another benefit is that several of the virus infested sites which the hackers create in order to find potential loopholes in the users programmes to be in turn exploited by the hacker cannot find loop holes if all the programs that are in the computer are up to date. The company should especially ensure that all the endpoints specially use updated software programs so that the entry point to the company’s network architecture is completely secure. Training employees Many of the security breaches that the company actual faces is a result of the ignorance of the employees. The employees who do not know the implication of their actions posts on several social networking or other sites details of hardwire and network architecture that their company uses (Engebretson, 2013). Many a times they additionally give the name of the company. Sometimes they may use the company mail id to post this information. Hackers are always on the lookout for these internal sensitive data and once they get hold of these data it is much easier for them to break into the security infrastructure of a company and its network. The employees should also be careful about the garbage and trash that they delete from the system. While deleting something care should be exercised to see that there is no secret information contained in the data which can be accessed by the hacker. Tracking or monitoring activities on the web The company must be doubling cautious about the activities of its employees on the web. The employees of the company should not be allowed to access any sites that they want using the company’s software or download anything that they want to (Spivey, 2006). The company should also ensure that the different bank accounts or different accounts that the company maintains would all have different passwords and different encryption. This will ensure that even if the hacker is successful is deciphering one of the passwords he or she won’t be able to break into other accounts. Security software Another important strategy is to ensure that the particular security software is present and being used by all the computers of the company that are connected to the network. This will ensure that none of the systems is vulnerable and the hackers won’t be able to enter the system through any of the loopholes. The security software should be able to detect any possible attack that may happen on the system and should be able to successfully prevent the same. The security software should also be able to detect indicators over network, on disk and in memory. Uniform standard operating procedures Process and standard operating procedures are designed to be building with security in mind. The standard operating procedures should be applied to not just employees but also to partners, contractors and customers so as to ensure uniformity and compatibility. Monitoring system behaviour Any system behaviour that is not normal should be closely monitored. Normally all attacks are said to have their beginnings in reconnaissance. So if suspicious activities are found out then it can be said to be the first sign of an attack. As such if the company is able to take any such activities it will be able to take suitable steps to rectify the same. Plan and review The company should continuously plan and review the incident response procedures that are in place with all the concerned stakeholders and not just the department that is associated with the information technology department. The company can also learn the details of the security breaches that any other company has faced and the mechanisms that the other company has used to prevent the attacks. This company can learn from the loopholes of other companies. Conclusion In the modern digital world that we live in more and more digitization of data is occurring. Although this means greater efficiency and increased coordination at lower cost this has opened the doors to security threats. The security threats that a company in today’s world faces has its origin in the increased digitization of the data. The hackers may hack into the system for several reasons like monetary, challenge or just for fun. However, whatever may be the reason behind a hacker hacking into the system it presents to the company a high security concern which needs to be resolved. The present essay discusses the hacking in details in terms of the strategies and techniques that the hackers use to hack and the strategies and techniques that the company uses to protect themselves. There are various methods and strategies that can be used by the hackers to hack into the system. These are Trojan horse, phishing, Drive by downloads, bypass password etc. The companies may in turn ay use a variety of strategies to prevent such attacks and protect itself. Some of these strategies are providing training to the employees, updating software, installing security software at all computers and keeping the same up to date, tracking and monitoring activities on the web, planning and review etc. However the most important defence is to be careful and keeping an eye open to detect and counter such attacks. References Engebretson, P., 2013. The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. MA: Elsevier. Erickson, J. 2008. Hacking: the art of exploitation. CA: No Starch Press. Fadia, A., 2005. An ethical guide to hacking mobile phones. ND: Macmillan. Fadia, A., 2006. An unofficial guide to ethical hacking. ND: Macmillan. Jordan, T., 2013. Hacking: digital media and technological determinism. Cambridge: John Wiley & Sons. Komando, K., 2013. 5 ways hackers attack you (and how to counter them). [Online]. Available at: < http://www.usatoday.com/story/tech/columnist/komando/2013/07/19/hacker-attack-trojan-horse-drive-by-downloads-passwords/2518053/ > [Accessed 12 March 2015]. Spivey, M. D., 2006. Practical hacking techniques and countermeasures. FL: CRC Press. Read More