What is hacking?
Engr Sabir Hussain
Computers have become mandatory to run a successful business. It is not enough to have only computer systems, they also need to be networked to facilitate communication with external organizations, but in consequences it exposes them to the outside world and hacking. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion and stealing corporate/personal data etc. In fact, businesses need to protect themselves against such attacks and many organizations spend millions of dollars every year to protect themselves against such cyber-crime attacks.
In hacking, the hacker finds and exploit weakness in computer systems or networks to gain access. Hackers are usually skilled computer programmers with optimal knowledge of computer network security. In addition, the well-known software used for the hacking purpose is “Kali Linux”, which is Debian-derived Linux distribution specially designed for digital forensic and hacking. The basic ethical hacking process includes reconnaissance, scanning, gaining access, maintaining access, and clearing tracks.
Reconnaissance and scanning are the phases where the hacker collects information about the target to find flaws, vulnerabilities and probe the target machine or network for exploitation. This information can be collected in various methods like active reconnaissance, passive reconnaissance and foot printing etc.
Although, passive reconnaissance involves the collection of data publicly available from the target machine, but still gathering it is mandatory for the hacker to acquire some information like versions and software installed on the target system which are crucial to know to accomplish the attack. On the other hand, active reconnaissance is useful to gather accurate and relevant information which is useful to find various ways to intrude a system and obtain blueprint of the security profile of the target organization, but it can put the attacker in high risk if detected and system admin can take server actions too. In addition, scanning a system without permission is prohibited by law and can lead to legal action as well.
The next step in hacking process is gaining the access to computer in which the attacker breaks into system or network using different tools and methods. The primary tool used in this process is called Metasploit. After entering system, the hacker enhances privileges to system admin level to modify or hide data.
Now, at this phase the attacker gets the access to the target system, but to maintain the access to the target until the task completes or for the future some backdoors are installed without the knowledge of the system admin. This can be done using Trojans, rootkits or other malicious files. No theft wants to get caught and this process is also an unethical activity. An intelligent hacker always clears all evidence so no one can find any traces leading to him. The clearing phase involves deletion of all logs, folders and uninstalling all application used in this process from the target system.
In conclusion, cyber-crimes rate is boosting, and many organizations suffer a huge loss every year around the globe against cyber-attacks. According to reports, cell phones and other devices of Pakistani government officials were hacked by a foreign spy agency. Similarly, 6 million dollars were stolen from the accounts of 6,000 costumers of a local bank within 23 minutes in 2018 though international transactions.
Following the worldwide technological trend, Pakistani government also allowed ethical hacking certificates to fulfill the need of cyber market and minimize the risk of cyber-attacks. Therefore, this skill is high in demand nowadays and only a few organizations is providing this training in the country. Furthermore, hacking is legal if it is being done to find weakness in the computer or network system for testing the purpose. In addition, an international organization called ethical hacking EC-Council monitors the syllabus and conduct its exam called CEH V11.
The writer is a satellite engineer by profession. He did B.Sc Electrical Engineering (Telecom) from the COMSATS University, Lahore Campus and M.Phil in Space Science from the University of Panjab, Lahore. He can be contacted at: firstname.lastname@example.org.