Hardware And Software Tools For Hacking: A Case Study Analysis

You are to write a technical report investigating a specific topic area related to “computer hacking”. In doing this work, it is very important that you adhere to ethical norms and that you do not in any way use any software illegally or inappropriately. Below is a list of broad topics to choose from, although you may choose your own topic (subject
to approval by the tutor):

• Ethical, Professional and Legal Issues in Hacking
• Reconnaissance and Intelligence Gathering Methods
• Software/Hardware Tools used in Hacking
• Practical Hacking Methods and Techniques
• Phishing and Social Engineering Techniques in Hacking
• Hacking into the Cloud Systems
• Hacking into Mobile Devices
• Anti-Hacking Techniques and Tools
 

Case studies of hacking incidents after January 2016

Hacking is the identification of weakness within computer networks to systems for exploiting different inadequacies to retrieve access. The following report analyzes various hardware and software tools utilized in hacking. This is because information is the most expensive resource for any business. Its security protects the image of the organization and helps in saving lots of money.

However, the main the objective of the research is to inform people regarding danger in hacking considering the Case Studies of the incidents that took place after January 2016. The incidents includes the cases of “Adult Friend Finder”,  “Under Armour/MyFitnessPal”, “WannaCry ransomware attack” and “Cybercriminals penetrating Equifax (EFX)” are demonstrated below. Here, in this study, a discussion is made on aims and objectives of the research on the usage of different hardware and software tools. Lastly, various General Data Protection Regulation or GDPR applications are investigated in this report.

As it pertains to hardware, the term hacking is commonly misused. There is a growing necessity in the today’s digital space after January 2016 to know how the existing electronics are modified to use it. This also includes understanding the enclosure and behaviour of the hardware. While looking to develop any device, some it is complicated to be aware of where to start. The angle of attack is also needed to be known and to know the areas for which it has not been designed.

Discussion on chosen Case studies:

As one looks into the hardware section, one needs to approach the area where the hacking has been depending on and what it tries to do. It is required to know whether someone has been trying to make that wireless, and what the displays have been and what is needed to be done to get that to trigger on another device. Every hacker needs a separate viewpoint of attack and it hard to determine what process is required to proceed as one has never hacked previously. Lastly, it is necessary to determine the various conventional procedures of hardware hacking and implementations in which they are utilized.

The internet possesses various downsides and upsides. Hackings are used for malicious reasons and means to find problems in systems and notify authorities for helping them to fortify multiple defences better. Hence the aim of the report is to investigate the following.

• To find out the areas of danger on behalf of the users to make that easier for hackers to continue their business after January 2016.
• Tools and scripts used in hacking used by the intruders for their purpose.
• To find the methods to stop hacking
• Notify the authorities for fortifying defenses better.

The primary objective of this paper is to know the variety of applications and specially designed tools to assist hacking. Hacking tool is generally for gaining unauthorized access to PC for inserting worming, suffers, Trojan horses and viruses. It is also needed to know how the hacking program or tool is designed for helping the hacker. Further, the self-taught prodigy or specialized programmers who can modify the computer software or hardware external to the architectural design of the developers. 

Exploration of hardware hacking and its conventional procedures

As seen from the above sections, that there has been rising concern to identify the hardware, software and wireless attacks used in piracy since 2016. For example, in the instance of Cybercriminals penetrating Equifax (EFX) hackers are unable to endorse any particularly. However, various vendors are selling wireless adapters or external wireless adapters and use real tech chipsets (Collins, 2018). AirPcap, for instance, is the best as one cracks within Windows since the drivers and devices have been stable under Windows as in the. Again Real Tech works very smartly on Linux and Windows through the drivers regarding promiscuous mode within Windows for actual tech chipsets has been slight flaky. For example, the Appendix 1 section illustrates the working principle of Hardsploit, which is a Metasploit-like tool used for hardware hacking.

However, individual antennas are not needed. Many smart hackers have chosen that has come up with stocked with real tech or AirPcap external and often buying one or two directional antennas for using point straight at an access point. Hence, one can receive better signal strength from a vast distance away. However, this not necessarily needed by others. It is seen that faster the attack gets, less time is required to spend on wireless.

Hackers have been keeping two operating systems handy, For example in the case of hacking Adult Friend Finder, Windows is chosen since running Wire Shark over Windows is more stable and usable than on Linux (Whittaker, 2018). For software, Network Monitor works on Windows. This is a great packet analysis tool and a stable and fast. However, it possesses some challenges regarding some parsers (Vetter et al., 2017). As per as hardware is concerned, a classic instance in security audits is using Raspberry Pi with proper battery pack, distribution platform such as Kali Linux and apps such as Kali Linux together is helpful for pen testing.

Again regarding software, Nikto is a smart choice which is an Open Source or GPL scanner of a web server. It performs comprehensive tests against various web servers for multiple items (Jackson, 2016). This includes over 3200 potentially harmful CGIs or Files, version specific issues on over 250 servers and versions over 620 servers. It was helpful for ransomware called WannaCry that spread around the world in 2017. Moreover, python programming is useful to develop own hacking tools. This is demonstrated in Appendix 2 section.  The next one is the Nessus remote Security Scanner when closed and essentially free as identified from the data breach incident at Under Armour/MyFitnessPal. It works with a framework of client-server. Further, it the most popular vulnerability scanner utilized on over 75,000 agencies across the globe ("Under Armour says 150 million MyFitnessPal accounts breached", 2018). The last one that is a useful tool in this case, is LAN turtle. These type of systems admin and pen-test tools delivers distant access as it is connected covertly to USB ports. Apart from this, it has been allowing users in harvesting information from a network and possesses a capacity for executing any middle-man attack. Lastly, the SDN or Software-Defined Networking is an effective paradigm to create future Internet architecture (DiMase et al., 2015). DELTA is regarded as the initial security evaluation framework for SDN. To understand the framework more effectively, Appendix 3 can be seen.

Insight into software tools and their effectiveness

GDPR or General Data Protection Regulation has been able to replace “UK Data Protection Act” and has been impacting business that processes various personal customer data. As per as GDPR directive, personal data denotes to the info formation related to a person like upgrades on social networking websites, computer IP address, location details and so on (Macenaite, 2017). This latest protection law puts consumers in driver’s seat and the task to comply with regulation falling on organizations and business. GDPR, in short, applies to every business established at UK instead of whether the data processing has been taking place in EU or not. As the company provides services and goods to citizens in the UK as it is subjected to GDPR.

Every type of agencies working with personal data must be appointed to data protection officer or data controller who has been in charge of the GDPR compliance (Spindler & Schmechel, 2016). There has been a severe penalty for the business who never complies with GDPR fines that are up to 4% of yearly worldwide revenue. Various companies have been thinking that GDPR is only a problem with IT. However, it is very much away from reality. This comprises of a wide-sweeping implication for the overall company. This includes the process the companies has been handle marketing and performing sales activities (Bieker et al. 2016).

Conclusion:

Thus to continue the research from the perspective of a consultant or security researcher and social engineering and various other tools various aspects are to be considered. Of this importance must be given to understand attackers who have been penetrating into the targeted system. The research has shown that data is a valuable currency in this world. However, for further progress it must be kept in mind that GDPR has been creating challenges and problems for business apart from creating opportunity. In future, organizations that have been showing that they have been valuing the privacy of people alone from being legal compliance should build more profound trust and have more loyal customers. This must also include the business that has been transparent regarding how data is utilized, designing and implementing improved and new ways and controlling customer data across the entire life-cycle.  

As primary software and hardware gets developed under corporate environment and closed-source negotiating power of marginalized social users and groups are diminished sufficiently. Different forms of counter-mobilization and reactive efforts might appear in future. This might also have a vital efefc6. However, these kinds of reactive efforts are been constrained through technical codes. These are built to technologies through those in power. Fort the future open source world, the actors would comprise of more degree of freedom. This has been allowing proactive modification and shaping of technologies including use and design. The future engineers should look at the products from the attacker’s perspective. Thus they need to consider benefits from cyberattacks and understand how to make the attacks more costly. 

References:

Ateniese, G., Mancini, L. V., Spognardi, A., Villani, A., Vitali, D., & Felici, G. (2015). Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. International Journal of Security and Networks, 10(3), 137-150.

Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., & Rost, M. (2016, September). A process for data protection impact assessment under the European general data protection regulation. In Annual Privacy Forum (pp. 21-37). Springer, Cham.

Collins, K. (2018). Equifax stock is plummeting after it announced a massive hack affecting 143 million US consumers. Retrieved from https://qz.com/1072476/equifax-efx-stock-is-plummeting-after-the-company-announced-a-hack-affecting-143-million-us-consumers/

DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), 291-300.

Hacking Tools with Python: Part 1. (2018). InfoSec Resources. Retrieved 18 April 2018, from https://resources.infosecinstitute.com/writing-hacking-tools-with-python-part-1/#gref

HardSploit.io | Hackaday.io. Retrieved 2018, from https://hackaday.io/project/4837-hardsploitio

Jackson, D. (2016). HACKING: Ultimate Beginner's Guide to Computer Hacking in 2016 Hacking for Beginners, Hacking University, Hacking Made Easy, Hacking Exposed, Hacking Basics, How To Hack, Penetration Testing.

Macenaite, M. (2017). From universal towards child-specific protection of the right to privacy online: Dilemmas in the EU General Data Protection Regulation. New Media & Society, 19(5), 765-779.

Peerlyst. (2018). Peerlyst.com. Retrieved 18 April 2018, from https://www.peerlyst.com/posts/sdn-security-evaluation-framework-delta-cyberpunk

Spindler, G., & Schmechel, P. (2016). Personal Data and Encryption in the European General Data Protection Regulation. J. Intell. Prop. Info. Tech. & Elec. Com. L., 7, 163.

Under Armour says 150 million MyFitnessPal accounts breached. (2018). Retrieved from https://www.reuters.com/article/us-under-armour-databreach/under-armour-says-150-million-myfitnesspal-accounts-breached-idUSKBN1H532W

Vetter, J., Almgren, A., DeMar, P., Riley, K., Antypas, K., Bard, D., ... & Hack, J. (2017). Advanced Scientific Computing Research Exascale Requirements Review. An Office of Science review sponsored by Advanced Scientific Computing Research, September 27-29, 2016, Rockville, Maryland. Argonne National Lab.(ANL), Argonne, IL (United States). Argonne Leadership Computing Facility.

Whittaker, Z. (2018). AdultFriendFinder network hack exposes 412 million accounts. Retrieved from https://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/