UNIT-1: Ethical

Hacking
Introduction to
Ethical Hacking
1
 Introduction to Ethical Hacking
Agenda

● What is Ethical hacking?

● Types of hackers
● Advantages & disadvantages
● Purpose of hacking
● Types of hacking / Cyber Crimes & Attack
● Code of ethics
● Prevention from hackers
● The Indian IT Act 2000 and Amendments to
the Indian IT Act(2008)
Prof.Reeta Singh , Ethical
Hacking Notes
 Introduction
● Ethical hacking involves an authorized attempt to gain
unauthorized access to a computer system, application, or data.
Carrying out an ethical hack involves duplicating strategies and
actions of malicious attackers. This practice helps to
identify security vulnerabilities which can then be resolved before
a malicious attacker has the opportunity to exploit them.
● Also known as “white hats,” ethical hackers are security experts
that perform these assessments. The proactive work they do helps
to improve an organization’s security posture. With prior approval
from the organization or owner of the IT asset, the mission of
ethical hacking is opposite from malicious hacking.

Prof.Reeta Singh , Ethical

Hacking Notes
 Types of Hackers

WHITE HAT GRAY HAT

BLACK HAT

Prof.Reeta Singh , Ethical

Hacking Notes
 White Hat Hackers ( Ethical Hacker)
● The good guys! White hat hackers are cyber
security experts and geniuses who are officially
employed by corporations to keep their network
safe and secure from any type of breaches. They
search the network for any loopholes or any
vulnerabilities that can be exploited by Black Hat
hackers, resulting in loss of up to millions of dollars
at a time. If and when one’s network is attacked,
they are the ones who come to the rescue by trying
to minimize damage that being done by a malicious
attack.

Prof.Reeta Singh , Ethical

Hacking Notes
 Black Hat Hackers (Cyber Criminals)

● The bad guys! These are the hackers that are

shown in the many Hollywood movies. They
consider themselves above the law and are hence,
always on the lookout for vulnerabilities in
corporate and banking networks. They do so for
selfish financial gains and also for malicious intent
when they try to hack in to operations dealing with
national security and safety. They often upload
ransomware and malware onto networks hoping to
exploit any vulnerability or loophole that hasn’t
been detected by the White hat hackers.

Prof.Reeta Singh , Ethical

Hacking Notes
 Gray Hat Hackers
( Ethical Hacker + Cyber Criminals)
● The Good & Bad both! Just like there is no black and
white in life, similarly in the hacker community, the
color grey brings about a sense of balance. Grey hat
hackers are technically sound individuals which are
available for hire irrespective of the task at hand. They
can either hack in to networks and cause losses or be
employed by the same and work in a manner similar
to that of white hat hackers. The fine line of difference
between the White hat and grey hat hacker is that the
white hat finds network vulnerabilities privately while
the grey hat does it publicly. This can then be further
exploited by Black hat hackers!
Prof.Reeta Singh , Ethical
Hacking Notes
Apart From This……

Prof.Reeta Singh , Ethical

Hacking Notes
 Red Hat Hackers
● Red Hat: A Red Hat hacker sometimes refers to a
person who targets Linux based systems.
However, in the hacking world, a Red Hat hacker
plays a similar role to a White Hat hacker in
protecting IT systems from cyber attacks but
from a different perspective. This group is
considered the vigilantes of the hacker world. They
work by targeting Black Hat hackers to cease their
criminal activities or disclose their real identity to
the public. Instead of reporting the malicious
hacker to authorities, they may target criminal
devices using aggressive attack techniques, such
as launching DoSProf.Reeta
attacks or planting viruses to
Singh , Ethical
Hacking Notes
 Green Hat Hackers
● These are the “newbies” in the world of hacking. Green
hat hackers are not aware of the security mechanism
and the inner workings of the web, but they are keen
learners and determined (and even desperate) to
elevate their position in the hacker community.
Although their intention is not necessarily to cause
harm, they may do so while “playing” with various
malware and attack techniques.
● As a result, green hat hackers can also be harmful
because they often are not aware of the consequences
of their actions — or, worst, how to fix them.

Prof.Reeta Singh , Ethical

Hacking Notes
 Blue Hat Hackers

● These hackers don’t necessarily care about

money or fame. They hack to take personal
revenge for a real — or perceived — sleight from
a person, employer, institution, or government.
Blue hat hackers use malware and deploy various
cyber attacks on their enemies’ servers/networks
to cause harm to their data, websites, or devices.
● Sometimes, blue hat hackers use various hacking
techniques to bypass authentication mechanisms
to gain unauthorized access to their targets’
email clients or social media profiles. This gives
them the ability to send emails and post
inappropriate messages
Prof.Reeta Singh from
, Ethical
Hacking Notes
those profiles to
Topic 3: Advantages & Disadvantages
of Ethical Hacking

Prof.Reeta Singh , Ethical

Hacking Notes
 Advantages of Ethical
Hacking :
Following are the advantages of Ethical Hacking as follows.
● This helps to fight against cyber terrorism and to
fight against national security breaches.
● This helps to take preventive action against
hackers.
● This helps to build a system that prevents any kinds of
penetration ( Movement ) by hackers.
● This offers security to banking and financial
establishments.
● This helps to identify and close the open holes in a
computer system or network.

Prof.Reeta Singh , Ethical

Hacking Notes
 Disadvantages of Ethical
Hacking :
Following are the disadvantages of Ethical Hacking
as follows.
● This may corrupt the files or data of an
organization.
● They might use information gained for
malicious use.
● By hiring such professionals will increase costs
to the company.
● This technique can harm someone’s privacy.
● This system is illegal.

Prof.Reeta Singh , Ethical

Hacking Notes
Topic 4: Purpose of hacking

Prof.Reeta Singh , Ethical

Hacking Notes
 Topic 4: Purpose of hacking

1. Steal/Leak Information
2. Disrupt Services
3. Money
4. Driven by Purpose – (Hacktivism, Idealism,
Political Motives)
5. For Fun

Prof.Reeta Singh , Ethical

Hacking Notes
 Steal/Leak Information

● Some of the biggest examples are the Ashley

Madison hack or the Starbucks app hack. In the
Ashley Madison hack, hackers were able to break
into the customer database and get access to all
the information including many private
pictures of popular celebrities.
● This incident was a big shakeup in the Internet
world which also affected private lives of many
people. A lot of times, hackers also steal
information in order to assume your personal
identity and then use it for something else like
transferring money, taking a loan, etc. Such
incidents have increased after Internet banking
Prof.Reeta Singh , Ethical
and mobile banking Hacking
haveNotes started to become more
 Money
● Hacker leaks Domino's customer data

● 22 May, 2021, 11.33 PM IST As per cyber

security researcher Rajshekhar Rajaharia, -
people who have access to a portal
developed by the hacker are using it to
spy on customers by checking their
location along with order date and time.

Prof.Reeta Singh , Ethical

Hacking Notes
 Disrupt Services

Amazon Web Services (AWS) (February

2020)
● According to an article by ZDNet, in February of
2020, “Amazon said its AWS Shield service
mitigated the largest DDoS attack ever
recorded, stopping a 2.3 Tbps attack.” Prior to
this attack, the world record for largest recorded
DDoS attack was 1.7 Tbps (Terabits per second)

Prof.Reeta Singh , Ethical

Hacking Notes
Driven by Purpose – (Hacktivism, Idealism, Political Motives)

● Chinese hackers targeted shoppers during Flipkart festive

sales
● 19 Dec, 2020, 07.56 AM IST The biggest festive sale hacking
emerged via 'Spin The Lucky Wheel Scam' that emerged within
days of Flipkart announcing its 'Big Billion Day Sale' in the month
of October, said the investigation conducted by New Delhi-based
Cyber Peace Foundation.
● Telangana and AP Power Utilities Hacked
● A malicious software attacked the power utility systems of
Telangana and Andhra Pradesh last year where all the servers went
down until the glitch was rectified. Since the computer systems of
Telangana and Andhra Pradesh power utilities were interlinked, the
virus attack quickly spread, taking down all the systems.

Prof.Reeta Singh , Ethical

Hacking Notes
 Topic 5 : Types of
Hacking/ Cyber Crime

Prof.Reeta Singh , Ethical

Hacking Notes
 Introduction of Cyber Crime
Cybercrime is any criminal activity that
involves a computer, networked device or a
network. While most cybercrimes are carried out
in order to generate profit for the cybercriminals,
some cybercrimes are carried out against
computers or devices directly to damage or
disable them, while others use computers or
networks to spread malware, illegal information,
images or other materials. Some cybercrimes do
both -- i.e., target computers to infect them with a
computer virus, which is then spread to other
machines and, sometimes, entire networks.

Prof.Reeta Singh , Ethical

Hacking Notes
 Multiple Definition of cybercrime
● The U.S. Department of Justice (DOJ) divides
cybercrime into three categories:

1. crimes in which the computing device is

the target -- for example, to gain
network access.

2. crimes in which the computer is used as

a weapon -- for example, to launch
a denial-of-service (DoS) attack.

3. crimes in which the computer is used as

Prof.Reeta Singh , Ethical
an accessory to aHacking
crimeNotes -- for example,
Cyber Crime Impacted
countries

24
25
26
27
 Classification of cyber
●
crime
Cybercrime against individual
● Cybercrime against property
● Cybercrime against organization
● Cybercrime against society

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual:
1. Email Spoofing and Phishing
2. Spamming
3. Cyber defamation
4. Cyber stalking and harassment
5. Computer sabotage
6. Pornographic offenses
7. Password sniffing
8. ID theft

Prof.Reeta Singh , Ethical

Hacking Notes
 Phishing Basics
Most email users have received a message asking
for verification of personal information at least
once. Often, this sort of communcation can
look something like this:
"During our regular verification of accounts, we
couldn't verify your information. Please click here
to update and verify your information."
Almost always, such a request for sensitive data
actually is a phishing attempt. Perpetrators of
phishing attacks usually seek data such as credit
card numbers (along with the expiration date and
security code), Social Security numbers, bank
account numbers, birth dates, or various
Prof.Reeta Singh , Ethical
passwords. But legitimate businesses, especially
Hacking Notes
 Spoofing Basics

● As its name implies, spoofing is the act of using a faked

(or "spoofed") email header or IP address to fool the
recipient into thinking it is legitimate. Unsolicited spam
email unrelated to phishing often uses spoofing tactics to
hide its tracks, but email spoofing often is used in
conjunction with phishing.
● If you have received an email that appears to be from a
friend but is soliciting goods or encouraging you to follow
a link, you probably have been the target of spoofing. In
such cases, the perpetrator has gained access to
someone's address book by nefarious means.
● IP spoofing frequently is used to launch denial-of-service
attacks, in which a target computer is hit with an
overwhelming amount of data and subsequently crashes.
By spoofing the IP, the attacker
Prof.Reeta can appear harmless and
Singh , Ethical
Hacking Notes
 Phishing

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual:
Spamming
Spam can be a lucrative industry, with large
volumes of emails being sent out at relatively little
cost to the spammers. At best, spam is an irritant,
at worst, a security risk:
Spam crowds inboxes, wasting users’ time.
Spam can be used to distribute malware
Spam can be a means of acquiring further
confidential details (i.e. phishing)
Spam can be used to disseminate scams (the
famous Nigerian Prince scam)

Prof.Reeta Singh , Ethical

Hacking Notes
Cybercrime against individual:
Spamming

Prof.Reeta Singh , Ethical

Hacking Notes
 How to block spam
● Most online email providers now
automatically offer an integrated anti-
spam filter. For web-hosting providers, for
whom spam presents an extensive
challenge, there are professional solutions
such as Avira Secure Email.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual:
Cyber defamation

Cyber Defamation The intention to harm the

reputation of a particular person knowing that
their conduct is likely to cause such harm to
the reputations– 499 IPC Cyber
Defamation is when defamation done with
computer as tool.

Prof.Reeta Singh , Ethical

Hacking Notes
Cybercrime against individual:
Cyber defamation

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual:
Cyber stalking and harassment
Cyberstalking is the use of the Internet or other
electronic means to stalk or harass an individual,
group, or organization.It may include false
accusations, defamation, slander and libel. It may
also include monitoring, identity theft, threats,
vandalism or gathering information that may be
used to threaten, embarrass or harass.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual
Computer sabotage

● The use of internet to hinder the normal

functioning of computer system through the
introduction of worms, viruses, logic bomb is
referred as computer sabotage.
● Used to gain electronic advantage, promote
illegal activities , steal data or program.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual
Pornographic offenses

● A definition of pornography to include magazines,

movies, videos, and pictures depicting people
engaging in any type of sexual behavior or people
posing partially or fully nude. This includes people
posing naked or partially clothed while exposing at
least some of their genitals areas. Pornography can
be in the form of magazines and pictures, video
and movies, or on the Internet.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual
Pornographic offenses

● People who physically or psychologically

coerce minors to engage in sexual activities.
● Steps of pedophiles
○ Use false identity to trap children /teenagers
○ They seek children/teens in kids areas on services
such as teensBB, GamesBB etc.
○ They befriend children
○ They extract personal info. From children by
winning confidence.
○ They get email id and start making contacts on
victim email as well.
Prof.Reeta Singh , Ethical
Hacking Notes
 Cybercrime against individual
Pornographic offenses

● Traditionally parents warn children about

dangers but now they hardly know about cyber
problems. This fact is misused by pedophiles.
● COPPA-children online privacy protection act –
is way of preventing online pornography.
● Net nanny, cyber sitter are software's
designed for parents concerned about
unrestricted access to the net.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual
Password sniffing

● These are programs that monitor and

record the name and password of
network user as they login.
● Whoever installs the sniffer can then act
as unauthorized user and login to access
restricted documents.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual
ID Theft

● Identity theft, also known as identity fraud,

is a crime in which an imposter obtains key
pieces of personally identifiable information,
such as Social Security or driver's license
numbers, in order to impersonate someone
else.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against individual

ID theft
● What PII includes,
○ Full name
○ SSN
○ Telephone number and mobile number
○ Driver license number
○ Credit card number
○ Digital identity
○ Birthday
○ Birthplace
○ Face and fingerprints
● Potential PII includes, first and last name ,age , country, state, city of
residence, gender, name of school/college, job position, grades,
salary, criminal record

Prof.Reeta Singh , Ethical

Hacking Notes
Cybercrime against
individual

Prof.Reeta Singh , Ethical

Hacking Notes
Cybercrime against
individual

Prof.Reeta Singh , Ethical

Hacking Notes
 Classification of cyber
●
crime
Cybercrime against individual
● Cybercrime against property
● Cybercrime against organization
● Cybercrime against society

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against property

Credit card fraud

Credit card fraud is when someone uses
your credit card or credit account to
make a purchase you didn't authorize. ...
Fraudsters can also steal your credit
card account number, PIN and security
code to make unauthorized transactions,
without needing your physical credit card.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against property

Intellectual property crime(IP crime)

● It includes s/w piracy , copyright violation,
trademark violation, theft of computer source
code etc.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against property
Internet time theft

It refers to the theft in a manner where

the unauthorized person
uses internet hours paid by another
person. The authorized person gets
access to another person's ISP user ID
and password, either by hacking or by
illegal means without that person's
knowledge

Prof.Reeta Singh , Ethical

Hacking Notes
 Classification of cyber
●
crime
Cybercrime against individual
● Cybercrime against property
● Cybercrime against organization
● Cybercrime against society

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against organization

● Unauthorized access of computer

● Password sniffing
● Denial of service
● Virus
● Email bombing
● Salami attack
● Logic bomb
● Trojan Horse
● Data diddling
● Industrial spying/Industrial espionage
● Software Piracy
Prof.Reeta Singh , Ethical
Hacking Notes
Unauthorized access of computer
Unauthorized computer access, popularly
referred to as hacking, describes a criminal
action whereby someone uses
a computer to knowingly gain access to
data in a system without permission
to access that data. Hacking is illegal under
both California and federal law, and can
result in heavy penalties.

Prof.Reeta Singh , Ethical

Hacking Notes
 Password sniffing

Password sniffing is a technique used to

gain knowledge of passwords that
involves monitoring traffic on a network to
pull out information. There are several
softwares available for
automatic password sniffing.

Prof.Reeta Singh , Ethical

Hacking Notes
 DOS & DDOS
A Denial-of-Service (DoS) attack is
an attack meant to shut down a machine or
network, making it inaccessible to its intended
users. DoS attacks accomplish this by
flooding the target with traffic, or sending it
information that triggers a crash.

Prof.Reeta Singh , Ethical

Hacking Notes
 DOS & DDOS
https://www.vxchnge.com/blog/rec
ent-ddos-attacks-on-companies

57
 Virus
A computer virus is a type of computer
program that, when executed, replicates
itself by modifying other computer
programs and inserting its own code.
When this replication succeeds, the
affected areas are then said to be
"infected" with a computer virus.

Prof.Reeta Singh , Ethical

Hacking Notes
 Email bombing

Refers to sending large number of emails to the victim to crash

victim email account.
If you suddenly start receiving an endless stream of junk email,
perhaps asking for confirmation of a subscription, you’re the victim of
email bombing.

Prof.Reeta Singh , Ethical

Hacking Notes
 Email bombing

Why Is This Happening to You?

● An email bombing is often a distraction used

to bury an important email in your inbox and
hide it from you. For example, an attacker
may have gained access to one of your
accounts on an online shopping website like
Amazon and ordered expensive products for
itself. The email bombing floods your email
inbox with irrelevant emails, burying the
purchase and shipping confirmation emails
so you won’t notice them.
Prof.Reeta Singh , Ethical
Hacking Notes
 Salami attack
A salami attack is when small attacks add up
to one major attack that can go undetected
due to the nature of this type of cyber crime.
It also known as salami slicing. Although
salami slicing is often used to carry out
illegal activities, it is only a strategy for
gaining an advantage over time by
accumulating it in small increments, so it
can be used in perfectly legal ways as well .

Prof.Reeta Singh , Ethical

Hacking Notes
 Salami attack – Example
In 2008, a man was arrested for fraudulently
creating 58,000 accounts which he used to
collect money through verification deposits from
online brokerage firms a few cents at a time.
While opening the accounts and retaining the
funds may not have been illegal by themselves,
the authorities charged that the individual
opened the accounts using false names
(including those of cartoon characters),
addresses, and social security numbers, thus
violating the laws against mail fraud, wire
fraud, and bank fraud.
Prof.Reeta Singh , Ethical
Hacking Notes
 Logic bomb
A logic bomb is a piece of code
intentionally inserted into a software
system that will set off a malicious
function when specified conditions are
met. For example, a programmer may hide
a piece of code that starts deleting files
(such as a salary database trigger), should
they ever be terminated from the
company

Prof.Reeta Singh , Ethical

Hacking Notes
 Trojan Horse-Example
A Trojan horse is so-called due to its delivery method, which
typically sees an attacker use social engineering to hide malicious
code within legitimate software.

Prof.Reeta Singh , Ethical

Hacking Notes
 Trojan Horse
In computing, a Trojan horse is a
program downloaded and installed on a
computer that appears harmless, but is, in
fact, malicious. Unexpected changes to
computer settings and unusual activity,
even when the computer should be idle,
are strong indications that a Trojan is
residing on a computer

Prof.Reeta Singh , Ethical

Hacking Notes
 Data diddling
● Data diddling is a type of cybercrime in
which data is altered as it is entered into
a computer system, most often by
a data entry clerk or a computer virus.
Computerized processing of the
altered data results in a fraudulent
benefit

Prof.Reeta Singh , Ethical

Hacking Notes
 Data diddling
● "Examples of data diddling are forging,
misrepresenting, to counterfeiting
documents; exchanging valid computer
tapes or disks with prepared
replacements; keyboard entry
falsifications; failure to enter data; and
neutralizing or avoiding controls."

Prof.Reeta Singh , Ethical

Hacking Notes
 Industrial spying/Industrial espionage
Industrial espionage is the illegal and
unethical theft of business trade secrets for
use by a competitor to achieve a competitive
advantage. Industrial espionage is conducted
by companies for commercial purposes
rather than governments for national
security purposes. Industrial espionage may
also be referred to as "corporate spying or
espionage," or "economic espionage."

Prof.Reeta Singh , Ethical

Hacking Notes
 Software Piracy
Software piracy is the illegal copying,
distribution, or use of software. It is such a
profitable "business" that it has caught the
attention of organized crime groups in a
number of countries. According to the
Business Software Alliance (BSA), about
36% of all software in current use is stolen.

Prof.Reeta Singh , Ethical

Hacking Notes
Cybercrime against
society

70
 Cybercrime against society
Forgery

The crime of forgery generally refers to the

making of a fake document, Forgery is a white-
collar crime that generally refers to the false
making or material alteration of a legal
instrument with the
specific intent to defraud anyone

Prof.Reeta Singh , Ethical

Hacking Notes
Prof.Reeta Singh , Ethical
Hacking Notes
 Cybercrime against society
Cyberterrorism

Cyberterrorism is the use of the Internet

to conduct violent acts that result in, or
threaten, loss of life or significant bodily
harm, in order to achieve political or
ideological gains through threat or
intimidation.

Prof.Reeta Singh , Ethical

Hacking Notes
 Cybercrime against society
Web jacking

Web jacking is simply when someone

clones your website, and tricks you to
believe the cloned site is yours. The
malicious link is placed somewhere on your
webpage waiting for a click. Immediately,
you click on it; a malicious web server
replaces it. And that means you have lost
complete access to your website

Prof.Reeta Singh , Ethical

Hacking Notes
Code of Ethics

75
 What do you mean by Code of
Ethics
Like Army , Police, Doctor & Lawyer , Ethical Hacker also have
to follow some code of ethics.

Prof.Reeta Singh , Ethical

Hacking Notes
 Designing the Ethical Hacking Code of Ethics
or Conduct

● Codes of ethics or conduct for ethical hacking are

focused on the duties, responsibilities and
limits of the ethical hacker in doing his job.
● The ethical hacker makes sure that the client’s
system or network is properly evaluated for
security issues and vulnerabilities. Because
of the nature of ethical hacking, it is not
surprising that the ethical hacker could come
across sensitive, personal, confidential or
proprietary information. In this regard, the
ethical hacking code of ethics should guide the
actions of the ethical hacker
Prof.Reeta Singh , Ethical in handling such
Hacking Notes
 Code of Ethics for Ethical Hackers
(An Example)

● Before performing any ethical hacking,

ensure that you know and understand the
nature and characteristics of the client
organization’s business, system and
network. This will guide you in handling
sensitive, confidential or proprietary information
you might encounter during the ethical hacking

I Know Everything
Prof.Reeta Singh , Ethical
Hacking Notes
 Code of Ethics for Ethical Hackers
(An Example)

● Before and during ethical hacking,

determine the sensitivity or
confidentiality of the information
involved. This should ensure that you do
not violate laws, rules and regulations in
handling sensitive personal, financial or
proprietary information.

Prof.Reeta Singh , Ethical

Hacking Notes
 Code of Ethics for Ethical Hackers
(An Example)

● During and after ethical hacking, maintain

transparency with the client. Communicate all
relevant information you found while ethically
hacking the client’s system or network.
Transparency ensures that the client knows what
is going on. Transparency enables the client to
take necessary actions for security of the system
or network.

Prof.Reeta Singh , Ethical

Hacking Notes
 Code of Ethics for Ethical Hackers
(An Example)
● While performing ethical hacking, do not go beyond
the limits set by the client. In ethical hacking, it is
possible for you to have access beyond the target
areas that the client signed up for. Stay within the
target areas of the system or network specified in
the work agreement. Do not go to other areas or
components of the system or network that are not
specified in the agreement. Minimize exposure of
sensitive information. Increase your trustworthiness
and reliability as an ethical hacker. Ensure the
overall effectiveness of the ethical hacking activity.

Prof.Reeta Singh , Ethical

Hacking Notes
 Code of Ethics for Ethical Hackers
(An Example)

● After performing ethical hacking, never disclose

client information to other parties. Ensure
the protection of the client. Ethical hacking is
done for the security of the client’s system or
network. Disclosure of the client’s confidential
information renders ethical hacking ineffective.
Private information must be kept private, and
confidential information must be kept
confidential.

Prof.Reeta Singh , Ethical

Hacking Notes
Prevention of cyber crime

83
 Prevention of cyber crime

The 5p’s mantra for prevention of

cyber crime are :
● Precaution ( Safety)
● Prevention ( Stop)
● Protection ( Defense / Shelter)
● Preservation- (Care)
● Persistence ( resolve)
Prof.Reeta Singh , Ethical
Hacking Notes
Prof.Reeta Singh , Ethical
Hacking Notes
 Tip 1. Don’t open a file from
an unknown sender
○ Emails are one of the common ways hackers get access to
your data. You’ll get an email from someone asking you to
open an attachment. The attachment can be a script that puts
code on your machine, starts collecting data, and sends it to
the hacker. Some scripts may also delete your files and more.
○ Also, if you notice a hyperlink in an email, before clicking on it,
try to hover over and see the URL is legit. If it looks fishy, do
not click.

Action

Do not open an attachment unless you know the person. Also

check the file type before opening it. Sometimes the file
extension can be tricky, make sure you've your anti-virus settings
to check for email attachments.

Prof.Reeta Singh , Ethical

Hacking Notes
 Tip 2. Don’t use same
password everywhere
● Most people use the same password for multiple accounts.
Do not use the same password for more than one account.
Create separate passwords. I understand it is very difficult
to remember passwords. If any app or website provides
secure logins such as face recognition in apps, enable it.
● Did you know the 10 most popular passwords are the
following?
● 123456
● 123456789
● name@123
● password
● 111111
● 12345678
● abc123
Prof.Reeta Singh , Ethical
● 1234567 Hacking Notes
Tip 2. Don’t use same password everywhere
● Just don't use them. Also don't use Password1 or
Password123 or password123.
● Create difficult passwords for different
account
● In a research project, a cyber security firm found
that the most-used password was Password123.
● Make sure to change the default password
provided by a company.
● Make sure to change passwords every few
months, if not earlier.

Prof.Reeta Singh , Ethical

Hacking Notes
Tip 3. Enable Multi-Factor Authentication
● Most of the websites and apps that store sensitive
and financial data now provide a 2-factor or multi-
factor authentication. To login to a website or an
app, you will have to enable it. That means, in
addition to an email and password, you will also get
an email or text message to confirm before you can
login. I understand this is one extra step but enable
it. Text message verification is not that difficult.
● For my bank and financial accounts, I've set a 2FA.
That means, everytime I login to my account, I must
confirm a PIN text to my mobile.

Prof.Reeta Singh , Ethical

Hacking Notes
 Tip 4. Try not login to your accounts on
public networks

● Public networks such as an airport, are

usually not secure. Unless its necessary,
do not login to your important accounts on
public networks. Tourists places and
private home rentals are also an easy
target for hackers. Some hackers setup
tracking on home routers. Try not to
access your bank accounts, personal
information on untrusted networks.

Prof.Reeta Singh , Ethical

Hacking Notes
 Tip 5. Don’t keep a copy of plain text
login
● Do not store your login details in a plain text. If
you must store your login credentials, keep the
file in a safe location and password protect it.
Microsoft Word or Excel allows you to password
protect a file. Additionally, you can also add
some codes to your password that only you
know. For example, in a password, you could
insert your date of birth or your house number.
Example

If your password is “xatpatro” and your house

number is 404, you can save password as
“xatpatro404” or “xat4pa0tro4”.
Prof.Reeta Singh , Ethical
Hacking Notes
 Tip 6. Social Media

● Hackers monitor your social media to learn

about your traveling and other statuses.
Don’t put your updates on social media
such as travel plans or location. Disable
auto updates from apps that use your
location or maps.

Prof.Reeta Singh , Ethical

Hacking Notes
 Tip 7. Don’t give your personal info on
phone or email
● No company or business calls you and ask you for
your social security number. If someone pretends
to be from a company that you’re not expecting a
call from, make sure the person is from that
company. If not required, do not give your
personal information over the phone or email.
● Sometimes, spammers will call you and introduce
as they are calling from a bank. They may already
have your personal details such as your credit
card and address. You must clarify if they are
actually calling from the bank. OR ask them to
provide you a number where you can confirm its
bank's number and youSingh
Prof.Reeta can call them.
, Ethical
Hacking Notes
 Tip 8. Don’t visit fishy
websites
● Just don’t go to fishy websites. Do not click on
those ads that look suspicious. If you’re not sure
about an ad or a website, first search that name in
the browser to find the original website. Most of
the fishing plug-ins are installed from junk
websites.
● If you must use suspicious and fishy websites, try
to open them on a separate machine in a high level
security setting on your Web browser. Any website
that opens links and links, you do not want to visit
them.

Prof.Reeta Singh , Ethical

Hacking Notes
 Tip 9. Change credit cards
● Every year try to change your credit cards. This is also good
for you to know, what monthly charges being charged that
you’re not aware of. Also, try to monitor your monthly credit
card bill and look for any transactions that you’re not aware
of.
● If you can, use one credit card for most of the online
transactions and keep a close eye on that. Do not use your
Debit Card for online purchases. That way, you're not
risking your entire bank account.

Prof.Reeta Singh , Ethical

Hacking Notes
 Tip 10. Enable Auto Updates
● Most important tip: Update your machine with the
latest patches and security updates. Operating
systems such as Windows have regular security
patches and updates. Make sure you’re up to date
with the updates. You can enable Auto Updates so
your operating system will automatically install
and update security patches.
● Do not use old browsers. New browser are getting
better at monitoring and stopping fishing attacks.
Get yourself the latest browser.
● Anti-virus is another important need. Make sure
you have an anti-virus installed with the latest
patches and updates.
Prof.Reeta Singh , Ethical
Hacking Notes
 The Indian IT Act 2000
and Amendments to the
Indian IT Act(2008)

Prof.Reeta Singh , Ethical

Hacking Notes
 IT ACT 2000
● The Information Technology Act, 2000
(also known as ITA-2000, or the IT Act) is
an Act of the Indian Parliament (No 21 of
2000) notified on 17 October 2000. It is
the primary law in India dealing with
cybercrime and electronic commerce.

Prof.Reeta Singh , Ethical

Hacking Notes
 Why need IT Act/Law
● Cyber law is important because it touches
almost all aspects of transactions and
activities and on involving the internet,
World Wide Web and cyberspace. Every
action and reaction in cyberspace has some legal
and cyber legal angles. In other words 'any
offence or crime in which a computer is used is a
cyber-crime'.

Prof.Reeta Singh , Ethical

Hacking Notes
 What is the IT Amendment Act (ITA-
2008)?
● A major amendment was made in 2008. It introduced Section
66A which penalized sending "offensive messages". It also
introduced Section 69, which gave authorities the power of
"interception or monitoring or decryption of any information
through any computer resource". Additionally, it introduced
provisions addressing - pornography, child porn, cyber
terrorism . The amendment was passed on 22 December
2008 without any debate in Lok Sabha. The next day it was
passed by the Rajya Sabha. It was signed into law by
President Pratibha Patil, on 5 February 2009
● The original Act was developed to promote the IT industry,
regulate e-commerce, facilitate e-governance and prevent
cybercrime.

Prof.Reeta Singh , Ethical

Hacking Notes
Offences -Penalty & Punishment

Prof.Reeta Singh , Ethical

Hacking Notes
Offences -Penalty & Punishment

Prof.Reeta Singh , Ethical

Hacking Notes
Offences -Penalty & Punishment

Prof.Reeta Singh , Ethical

Hacking Notes
Offences -Penalty & Punishment

*I.C.E.R.T - Indian Computer Emergency Response Team

Prof.Reeta Singh , Ethical

Hacking Notes
Prof.Reeta Singh , Ethical
Hacking Notes
PHASES OF HACKING

Prof.Reeta Singh , Ethical

Hacking Notes
 Phase 1. Footprint /
Reconnaissance
● This is the first phase where the Hacker tries to collect
information about the target. It may include
Identifying the Target, finding out the target’s IP
Address Range, Network, DNS records, etc. Let’s
assume that an attacker is about to hack a websites’
contacts.
He may do so by using a search engine like maltego,
researching the target say a website (checking links,
jobs, job titles, email, news, etc.), or a tool like HTTPTrack
to download the entire website for later enumeration, the
hacker is able to determine the following: Staff names,
positions, and email addresses.

Prof.Reeta Singh , Ethical

Hacking Notes
 Phase 2- Scanning
● This phase includes the usage of tools like dialers, port
scanners, network mappers, sweepers, and vulnerability
scanners to scan data. Hackers are now probably seeking any
information that can help them perpetrate attacks such as
computer names, IP addresses, and user accounts. Now that
the hacker has some basic information, the hacker now
moves to the next phase and begins to test the network for
other avenues of attacks. The hacker decides to use a couple
of methods for this end to help map the network (i.e. Kali
Linux, Maltego and find an email to contact to see what email
server is being used). The hacker looks for an automated
email if possible or based on the information gathered he
may decide to email HR with an inquiry about a job posting.

Prof.Reeta Singh , Ethical

Hacking Notes
 Phase 3. Gaining Access
● In this phase, the hacker designs the blueprint of
the network of the target with the help of data
collected during Phase 1 and Phase 2. The hacker
has finished enumerating and scanning the
network and now decides that they have some
options to gain access to the network.
For example, say a hacker chooses a Phishing
Attack. The hacker decides to play it safe and use
a simple phishing attack to gain access.

Prof.Reeta Singh , Ethical

Hacking Notes
 Phase 4- Maintaining Access
● Once a hacker has gained access, they want to
keep that access for future exploitation and
attacks. Once the hacker owns the system, they
can use it as a base to launch additional attacks.
In this case, the owned system is sometimes
referred to as a zombie system. Now that the
hacker has multiple e-mail accounts, the hacker
begins to test the accounts on the domain. The
hacker from this point creates a new administrator
account for themselves based on the naming
structure and tries and blends in.

Prof.Reeta Singh , Ethical

Hacking Notes
 Phase-5. Clearing Tracks (so
no one can reach them)
● Prior to the attack, the attacker would
change their MAC address and run the
attacking machine through at least one
VPN to help cover their identity.

Prof.Reeta Singh , Ethical

Hacking Notes
 University Question
● What is Ethical hacking? Explain Advantages & Disadvantages of
Ethical Hacking?
● Explain in detail types of hackers ?
● Explain classification of Cyber Crimes & Attack in detail?
● Write short note on Code of ethics ?
● Short note on -Prevention from hackers ?
● What is The Indian IT Act 2000 and Amendments to the Indian IT
Act(2008) ?
● Explain Phases of hacking in detail ?

Prof.Reeta Singh , Ethical

Hacking Notes