Karini tried to explain few hacking terms in simple ways possible, every effort have been taken to be original and simplistic in terms of definition and explanation. These are important to understand, as it will give a simple idea of how the things are and what works behind any online hack and data theft.
I have tried to explain types of hackers then I have slowly moved to their techniques, one will find that it is written in easy and simple language which any person with no knowledge of computer can understand it easily.
This article is just an attempt to make people aware and spread the knowledge, how one can be protected in this highly vulnerable world where data flows and goes through various channels and networks.
TYPES OF HACKER’S
There are various types of a hacker but prominently we can categorize them into three main types.
1. White Hat Hacker or good hackers
2. Gray Hat Hacker or conditional hacker
3. Black Hat Hacker or evil hacker
So let’s understand each of them in more detail
1. White Hat Hacker: ‘White Hat’ refers to ‘Ethical Hackers or Computer Security Expert’.
White hat hackers are those hackers who use their skills to check and improve the security, by fixing the existing vulnerabilities in a system.
They use their skills for the benefits of society or organizations.
The white hat hackers are hired by the business/organization/company to check their system security to protect from a hack.
The white-hat hacker first takes the required permission from the owner of the company and legally try to hack their system and find vulnerabilities.
If they hack their system or find any vulnerabilities in their system, they fix it and get paid, these type of hackers are known as a ‘Good Hacker’ with good intention because they never violate laws of ethical hacking.
2. Gray Hat Hacker: A ‘Gray Hat’ is a type of hacker or security expert who may sometimes violate laws of ethical hacking but with good intention or just for their fun. These hackers hack the system without the permission of the business, company or organizations but after hacking or after finding the vulnerabilities in the system of that business or organizations or they also work for the public welfare if the company or business going wrong they leak their data to public but it is illegal according to the laws of ethical hacking and against these people (hacker) the organization, business or company can file a report against them and the hacker will be jailed.
This hacker also hacks the system for their fun not to harm them and they never use data for illegal purposes.
The intention of grey hat hacker is not to violate the rules and regulation or to disturb the service of the organization, company or business and they did not leak their data or did not use their data for own benefits.
But according to the rules of ethical hacking, the grey hat hacker is violating their rules so they may have to face jail for their illegal work.
NOTE- Before hacking any system always take proper permission from the organization, business or company concerned.
3. Black Hat Hacker
IMPORTANT-IT IS ILLEGAL AND YOU WILL BE JAILED IF YOU DO BLACK HAT HACKING.
Black Hat hackers are those hackers who hack the system for their gain like they can hack your social media account or bank account etc and use the same for illegal purposes.
WAYS TO HACKING
There are many ways to hack a system
I will make you understand some basic way of hacking:-
1. Phishing: It is an attempt to acquire sensitive information such as your username, password, credit card details and many more. Via phishing, there are many ways to hack so let’s first understand the meaning of phishing.
In phishing, the hacker creates a fake web page/login page or a website which look like the original page and somehow convince you to login on these fake website pages
They make use of fake offers, promises or any other eye-catching things. This can be done by the means of SMS, MMS.
When you open these fake web page or website, it looks similar to the original page and sometimes it is difficult to differentiate between real and a fake website page and it asks you to enter details login or excess the website when you enter your details to that page these details get stored in the hacker server and you are hacked.
By this method, many criminal-minded peoples are stealing information from common peoples who do not have proper knowledge of cyber tricks and hacking.
So let’s now we are going to understand the method of phishing and how it works.
We already know about how fake website or pages are created and we also know about how hackers take you on these websites or pages and make you enter various information.
Now the question arises what happens after entering personal details.
So when you enter your details and click on login button all the entered data get stored in hacker’s server and gets in control of hacker and now the website is coded like that it will automatically transfer or redirect to you at the original website and a normal people think that it is a normal error and he/she forgot it but your data is now in the control of hacker and the hacker can use the data for illegal purposes and it gives you a great loss.
These types of fake web pages are created through coding and uploading to the private server so it creates a barrier or creates difficulty to track the hacker by police but it is not impossible and police will track you by any method.
NOTE-Phishing is illegal, and by this method, many criminal-minded peoples are stealing information from common peoples who do not have proper knowledge of cyber tricks and hacking.
keylogger: Key logger is a type of surveillance software (considered to be either software or spyware that can record every key which you type, by the help of your physical keyboard or by the help of inbuilt keyboard (like as in your mobile phone or laptop)) and makes a log file which is usually encrypted and it records instant messages, e-mail or any other information you type with the help of your keyboard.
So whenever you enter anything on your computer with the help of your keyboard (both) it will secretly store in the key logger.
There are two types of key loggers
a)Software key logger – These type of key logger are installed in a computer or hidden in a computer and whenever someone types in that computer they store keystrokes in the encrypted file without the permission of the owner.
This software is not easily detectable by a normal person. So all the data which you are typed with the help of keyboard are after readable and your data may be used for illegal purposes.
1.Software key logger
These are basically of two types
Those which are installed by the owner of the system.
They did not need the internet for their work.
Those which install with other software or by any other way and sends your data through the internet to their servers
They need the internet for their work.
b) Physical key logger – This type of key logger are seen is mostly public computers like cyber café.
The hardware or physical key logger is attached to the system and whenever you type in this system they store in the key logger and after these details are further used by the owner of cyber café.
Types of data key logger store everything which you type with the help of key logger are stored in the key logger like your bank account details, card details, personal chat, personal data etc.
Types of data key logger store
Everything which you type with the help of key logger is stored in the key logger like your bank account details, card details, personal chat, personal data etc. How to protect from key logger always evade/escape entering personal information in public computer and before using the computer check, if you find any key logger then complain against the cyber café owner.
How to protect from key logger always evade/escape entering personal information in public computer and before using the computer, check, if you find any key logger then complain against the cyber café owner.
3. Man In The Middle Attack
According to his name says ‘Man in the middle’ a hacker attack on their victim by intercepting the victim’s communication. Let’s understand this with an example You are using internet through Wi-Fi so all the data which you send or revives go throw the Wi-Fi if a person (hacker) intercept your communications between your server and the device(the data which you are sending or receiving through the internet) so that they can excess your communications and also do changes with it. These types of attack are mainly done on those Wi-Fi routers which have a poor quality of security. Those people who use public Wi-Fi have more change to be hacked so didn’t use open public Wi-Fi until you are not sure with them.
4. Malware Attack
These types of software are specially coded to access the data of the victim’s device. These types of software are downloaded with the files without the permission of the owner of that device basically for their personal profit of the hacker. This is download with other software which is already affected by this malware. This type of malware can attack in all type of devices like windows, android, macOS and IOS. This type of malware is mostly downloaded from that software which is unauthorized or not downloads through play store (android) and app store (IOS). To protect from these malware attack always try to download application for respective app store but something the app store application may also be affected with malware but it is the safe and easiest way to protect themselves from malware-free software.
Note- malware mainly downloaded when you try to download pirated content like games, movies, software etc or visit websites like porn websites when you install this software they may also install and store in your system.
Types of malware-Viruses, spyware (for stealing sensitive information), ransomware, adware (for forced advertising to earn profits), Trojan horses, zombie computers (for email spam) and many other types. So let’s now understand more about spyware and how its work
Spyware-It is a type of software, command line or a program which stolen data (personal details like as your password, credit card, personal image or any other data) from your pc mobile and computer and sends this data to their owner (hacker).
These type of malware (spyware) are mainly downloaded in your pc which you download anything from the internet, Basically it is mainly seen that when you try to download pirated content like movies, games, software etc from internet this small spyware is also downloaded with them because a software has thousands of file to install them and this spyware is attach with and download in your system and normal people cannot detect them and when you install this software they also install in your system(in the files so it can’t be detectable easily) and when you connect to the internet this spyware start their function and sends personal data like your bank details which you enter earlier for online payment and also sends your personal other data to their owner and many times the owner of spyware leak this data and it gives great loss to the people and if the spyware install in the system of organization/business/company it may lead to great damage for the organization/company/business because
in today’s world maximum of the data of the organization/business/company is stored in their system or internet server.
Note- if you are using the system of your organization or your personal computer where your personal data is stored then try to avoid to download unwanted files from the internet and use good anti-virus to protect the system.
5. Denial of service attack(DDOS ATTACK) Basically denial of service attack (Dos or DDoS attack) is a type of cyber attack in which the victim website is flooded with the traffic of fake users created by the hacker to make slow down their website or makes them temporary unavailable for the real user of the website, it creates a great loss to the website owner. Let’s now understand in some more details with example Let’s suppose you are a website owner where you are selling clothes for men and women’s and you are on the best seller and any other person who also want to start the same business and want to sell clothes online but you are the best seller so why people visit on their website to buy clothes. So the people make do dos attack or hire black hat hacker to perform dos attack on their website and make your website temporary unavailable for their buyers and then by using marketing he/she can attract these buyers from your website and earn profit from it. Now the question arises what is the benefits of hacker and how this attack perform
So first we will understand how dos attack performs The hacker sends fake users on the victim website which lead to more traffic on their website and as we know that every website has limited (e.g. how many people visit a website in per second) let’s suppose your website can handle 100 people per second but the hacker sends suppose 150 or 200 users per second.
Note – before performing the dos attack the hacker that complete information regards your website like who is the owner of the company website, there address your server address, limit and many other required things before to hack the website.
It is because the denial of service is an illegal and criminal offence.
After getting all the information the hacker perform dos attack on victim website which leads to more traffic and the website will become temporary down or not respond here the hacker work will complete after this attack real user of the website which is buying a product from the website is unable to buy which lead to the great loss to the owner of the website and the competitor can attract these audiences or buyers to their website.
Now let’s understand what are benefits of dos attack to the hacker.
Basically, the hacker didn’t have any profit from them but it leads to damage to the owner of the website. This attack is mostly used to take revenge the revenge to the owner of the website and the hacker will be jailed because of DDoS attack in term of ethical hacking.
WARNING: – ALL the ways are illegal and you will be jailed if you are for illegal purposes. So before using these ways please take proper and complete permission with the owner of the company, organization.
LEARNING BASIC HACKING IS IMPORTANT
In the today’s growing world of internet millions of people come online daily and serve internet and also many companies are also on internet to sell their service or product online but with the growth of the internet the social crime is also growing with internet and hacker also try different methods to hack you to steal your personal details like your bank details social media account or any other personal details which affect your life.
Growing internet also lead to growing crime.
By learning some basic steps of hacking you may protect yourself from stolen your
• Bank details
• Personal details
• Personal chat
• Card details
• Business data and many others.
In the growing world of online business, they need to protect their data also from hackers so these organization businesses or company hire cybersecurity hacker (white-hat hacker- to check the vulnerabilities or security of the system and they are paid a very good amount of money and this is also one of the most reputed work in the field of internet and it also gives opportunities to many people to make carrier in this field.
SCOPE OF HACKING IN THE WORLD OF INTERNET
As we know all the companies are now coming online to sell their product or services from the digital medium.
Digital service is also growing with time daily ‘millions’ of people use the internet to transfers money or to buy something online or to buy products or services online and many companies depend on the internet for their business but black hat hacker uses the internet in different ways to hack so to protect the companies or organizations.
The white-hat hacker is hired by the business to check the vulnerabilities in their system because now these days, many important data or the business are stored in their system or on the internet.
Let’s take an example for better understanding
• Now maximum of the banks are online and millions of people excess their bank account online and transfer money (digital money) from one account to another or for digital/online payment. If any of these bank websites will hack them it will create a great loss of money and the users of the bank get disturbed and they did not access their money or use their money because all the money of the bank are under control in the hacker and it also creates a great loss of money. So to protect these websites, the bank or business/organization/companies hire ‘white hat hackers’ to protect their system from ‘black hat hacker’ and time to time they will update their security so no one can hack there system and they can be protected from social attacks.
Now many ‘white hat hacker’ works for a particular companies/business/organizations because ‘black hat hacker’ always try to find new methods of hacking
Here the ‘white hat hackers’ plays important role to help them to protect the companies/organizations/business from these hackers and we know that with the time the need of ‘white hat hacker’ is also increased.
In the cybersecurity filed you did not need any particular type of certification or degree for their work but if you have degree or certification of white hat it also helps to grow in your field.
Anyone can get work in these fields if you have talent or skills and if you want to make carrier in this field and it is one the best paying job in the field cybersecurity and it is also good for those people who interested in learning something new.
If you are finding any job in the field of internet or technology or if you are belonging to the engineering field then it may also help you to get better jobs and new opportunities. There we understand that the need for white hat hacker is also increasing with time and it is new opportunities for the people in this field. But in hacking always choose white hat hacking because it is legal.
Certification for white hat hacker
Basically in the field of cybersecurity, you do not need any proper certification for the job because the work of white-hat hacker depends upon their skills and how he/she protect the companies from their skills and many reputed hackers worldwide did not have a certification but they are in a good position so if you have skills then on basis of your skills you will get paid in this filed. But it did not mean certification is nothing in this field many organizations hire people according to their certification.
The worldwide most reputed organization named as EC COUNCIL it is the most popular organization who conduct examination for the white hat hacker and complete details about the examination or certification and their criteria is available on their website and syllabus of the examination is also on their website.
PROTECTION AGAINST SOCIAL ATTACK
I will make you understand:
1. Protection against phishing
2.Spyware or malware attack
6.Email spam and urgency account span
7.The distinction between real and fake web website.
8. Benefits of anti-virus and how to use it properly
1. Protection against phishing
It is one of the most popular ways to hack and most hackers use this in different types to hack the victim. Here we are going to understand how you can protect your personal and important data from this hacker.
The hacker has different ways to sends you on this website like throw emails(mainly) or throw web and many other ways. In this topic, we basically deal with how hacker hacks your data throw email.
Because email is one of the most popular ways to take you on this website. By any mean hackers wants to take you on these fake website or pages by any methods hacker use some common way to influence you to these websites like as by mail, promotional offer or discount or throw website.
To protect yourself from phishing from mail then follow given points below
• Don’t click or open those emails which are in the spam folder of your email box because Google or other email providing company review with this mail from the last history. And sometimes throw these mail some additional file is also attached of malware
• Check the mail id of the sender(hacker easily bypass this)
• Compare that mail with other mail of particular company or organization
• Check the word mistake or grammar mistake (because in the reputed companies mail we may do not see any mistakes of word or grammar
• If you think these entire things are correct and when you click on the website first check the URL of the website.
Note- sometimes some mails of the spam box are not spamming they are just mistakenly added in the spam email box.
To protect you from phishing from the web or any other source then follow given points below
• First check the security of the website like(https)
• Then check the URL of the website.
Let’s take an example for better understanding
E.g. 1 -The hacker buy the related domain of original websites like faceebook.com or faceboook.com now you are thinking everything is book but now check the spelling of the website (original website facebook.com ) in first one’s” is extra and second having “O” extra and you may think It is ok and you ignore this but this is fake phishing which is created to hack you (to protect users from these different domain related to the original website the owner of the website also buy some related domain but something these are already register and hacker or the owner these websites sometimes misuse them.)
E.g. 2- you many have sometimes seen that many big companies use there sub. A domain like as login.google.com but the hacker also misuse them they buy a domain or makes domain like login.facebook.xyz.com but the people might think it is real and spelling of Facebook is also correct by here the hacker use subdomain in a different way so to protect themself also check complete URL before.com, .in, .xyz, web etc.
2. Spyware or malware attack If you are using the system of any organization, company, a business where the data of the company is stored or connected to company server where all personal information of the company is stored they should avoid to download unwanted data from an unauthorized website. In your system and always try to download data from “reputed websites” and always use a good antivirus to protect because some malware will install in your computer by any mean because they are very small and bind to other software or files of your system.
If you are using your personal computer then also try to avoid downloading of unwanted software from an unauthorized website and always use anti-virus.
A Note- Basic step of protection is the same for all.
The biggest mistake most people do – After installing anti-virus the most people didn’t update the anti-virus, it leads to creating low security for the system so the new malware which is new for the anti-virus the antivirus did not detect them because thousands of new malware are created daily and the anti-virus companies update their anti-virus to fight against malware, they update them regularly but many the people did not install the latest version of anti-virus so it leads a passage for the malware and the anti-virus did not work as a barrier between system and the malware.
So to protect your system from a virus you need to update your anti-virus so it can work more efficiently and helps you to keep your data safe.
Now we know how you can protect your system from malware.
i. If your system is slow below normal from sometimes because malware duplicate very fast in the system and it takes more memory from your system and due to which your system will become slow because they did not get proper memory for their function.
ii. If your system is consuming more battery then normal from sometimes when you connect though internet it happens because malware starts their functions and sending data to their owner.
Note- sometimes your system may be slow or consume more battery because sometimes companies slow their old devices when they are launching a new version of the system or something it is happening due to when you are using more applications or using high processing software in the low capacity device.
iii. Those devices which are affected by malware it creates unwanted ads on your system screen. (something it is happening due to internal software of the system which is by default installed by the brand of the system.
Carding is another why of hacking where hacker hack your bank card details by different methods and how can you protect yourself
Definition-Carding is nothing just a way to get the credit card details of the victims by different methods
Lets now understand the mechanism of carding –
a. When you buy a service or a product through internet and pay money through your credit card which is issued by your bank and when you enter your card details on this website the website store your data on their server for future payment now suppose the website will hack them your card details which are stored on the website server are now in the control of hacker and now the hacker can use your card for future payments which gives you a great loss of money.
b. The hacker can create a website or through marking offering you a discount a takes you on their website and when you enter you card details for the payment the hacker can get excess your card and it can transfer or your money for personal use and it also gives a great loss of money to you.
c. In the above two ways, hacker hack your card details throw internet but one more may of carding is possible.
Let’s suppose you are buying something throw supermarket near your house and you are paying money through your card. When you swipe your card in their machine for the payment.
Here the machine can store your card details and it also gets your pin when you enter and now the supermarket owner or hacker use your card and gives you a great loss of money.
Here we understand how carding is performed now we will understand how can you protect yourself from it Online If you are paying money online through your card also check the website is real or not and also check the security of the website (e.g. check https) or also prefer https because it is more secure then HTTP website.
Here https website gives you extra protection against hacking.
Always done payment on that website which is reputed in the market place and secure and avoid the websites which are giving you lot of discount because mostly these websites are fake and they just hack your card details and your other personal data. Here I am not talking about the entire website.
If a reputed website giving you this type of discount then you can use this website for payment because they are genuine and highly secure (with some exception). Note- when you will know that your account has been hacked or someone is using your card details without your permission than as soon as possible information to your respective bank or your issued credit card company and block your card temporary.
4. Key logger
We have already disused about key logger and its types.
Keylogger is of two types :
a. Software keylogger.
b. Physical or hardware key logger
Now it’s time to understand each of them,
a. Software key logger As we already know software is installed in our system and saves all the Command done by the help of our keyboard.
To protect yourself from hacking always try to use own computer for personal uses like for your bank account or social media account and you already know that some key logger is also installed through the internet and sends data to their owner to protect from this you can use good anti-virus to protect.
b.Physical or hardware key logger We already know that physical or hardware key logger is mostly present in a public computer where the different people use this computer to excess their account.
It is mostly seen in cyber café computer and the owner of the cyber café can excess your information which you enter through your keyboard like email, bank details, social media account password or other data if you ever saw physical key logger in cyber café computer you can complain in the cyber branch of police and the police will help you and file case against cyber café owner why cyber café owner use these physical key logger if the owner can’t explain then they will be jailed for the use of physical key logger and to use people account without their permission.
Uses/ benefits of key logger like as
1. The key logger can be used by the parents to monitor the online activities of their children and protect their children if he/she doing anything wrong on the internet.
2. The key logger may be useful for the organization because the owner of the logger can monitor the working activity of their employees and monitor if the employees were anything wrong or doing work against the organization or companies.
5. USB hacking :
You might many a time had heard that don’t use any other people pen drive because the virus may be present in the pen drive of that people then that virus may also transmit to our system. After all, many malware duplicates very rapidly and when you insert that malware-infected pen drive the malware which attached to the files of that pen drive also enter in your system and bind with your files and due to duplication of malware it will infect your complete computer and the hacker get excess to your computer due to which your system will consume more memory of your system due to which your system will become slow and when the computer connects to the internet the malware sends all the data to their owner and due to which the system will consume more battery than normal and system will consume more internet then normal or before malware attack and most important all the data of your system is now in the control under the hacker.
Some malware is also present in a new pen drive so always buy pen drive of big brands and before uploading data in pen drive first format them so the malware will not affect your system.
To protect from USB hacking did not use unwanted pen drive and before accessing the pen drive always scan them with a good anti-virus so the changes of protection against USB hacking increases. It is the easiest way of protection against USB hacking.
6. Email spam and urgency account span
It is same as phishing where the hacker sends you mail and create urgency you to excess your account like as it may send you have not used your account from many time or your account has been hacked or the company update their policy by this method or any other method they can create urgency and you will think it is original mail from the company because it looks same as official mail of the website and when you click on the given link to excess the website you will redirect to a fake website which is created by the hacker and when you enter your details and click on login button all the details were store in hacker’s server and now hacker get the excess of your account now
the hacker uses your account for their benefits.
How to protect from it
• The company never sends you these types of mail.
• If you get this type of mail always contacts to your companies regarding the mail.
• After clicking the URL check the URL of the website. These are some basic ways so you can protect from cyber attacks.
7. The distribution between a real and fake website
We have discussed the majority of the distribution between real and fake web page now here we are going to understand more about this topic Let’s take an example for better understanding lets assume two pages one of them is real and other one is fake. In the first check, the URL of the website which is facebook.com and other one is faceebook.com are you find any difference between them.
No, now again see the URL and check the spelling of Facebook, have you find any difference between then,
Yes, so by buying a similar domain of related website the hacker hack your personal data
and we already discussed how the hacker takes you on these websites.
Here the second example for more better understand Before understanding thing lets understand some basic things related to web designing and domain. Many time you have seen that many big companies e.g. google.com use their subdomain for their website like as youtube.google.com here the google.com is the main domain and here the word YouTube work as sub-domain.
So let’s understand how hackers use this for hacking
Those people who know basic about of hacking they did not fall in the first way of phishing so hacker started using one another may like as they make subdomain for their website like login.facebook.xyz.com so when people see the URL they might think everything is ok but this type of pages are fake and created by the hacker for their personal gain. So now the question arises how to check the page is real or not. a) Firstly check the security of the website. ( prefer –https secure website)
b) Then check the URL of the website
There are two types of error
1. Check the spelling of the domain which we discuss in example-1 if you find any mistake in the spelling of the website then it is a fake website and copies from the original website to gain your information.
2. Check complete URL which we disused in example-2 if you find that the subdomain or domain is not of the original website and it is created to gain/hack your information by the hacker.
9. Benefits of anti-virus and how to use it properly
A good anti-virus may protect you from much malware spyware and it gives you and an additional sheet of protection from malware attack and helps you to keep your data safe but many types the malware will infect your system in the presence by anti-virus this is happening due to when people do not update their anti-virus or the anti-virus company did not update their anti-virus to protect against new malware attack. So always try to keep your system from updated anti-virus which not 100% protect you but it protects you in many ways and it helps to keep your data personal.