NIK MUHAMAD AIMAN AKIF BIN NIK AYUB

4 Ibn Rushd
930805-03-5851

WRITING ASSIGNMENT

HACKING
 What Is Hacking?
 Inreference to a system’s security, hacking is
usually defined as the act of illegally entering a
computer system, and making unauthorized
changes to the files and data contain within
(Winegarden, November 2003).
 Hacker is a programming specialist who has the
expertise to enter a computer or network without
proper authorization (CyberAngels, November
2003)
 History Of Hacking
 The History
Hacking has been around for more than a century. In the 1870s, several teenagers
were flung off the country’s brand new phone system by enraged authorities.

 Early 1960s - University facilities with huge mainframe computers, like MIT's artificial
intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive
term for a person with a mastery of computers who could push programs beyond
what they were designed to do.

 Early 1970s - John Draper makes a long-distance call for free into a telephone that
tells the phone system to open a line. Draper discovered the whistle as a give-away in
a box of children's cereal. Draper, who later earns the handle "Captain Crunch," is
arrested repeatedly for phone tampering throughout the 1970s.
 Yippie social movement starts YIPL/TAP (Youth International Party Line/Technical
Assistance Program) magazine to help phone hackers (called "phreaks") make free
long-distance calls.
 Two members of California's Homebrew Computer Club begin making "blue boxes,"
devices used to hack into the phone system. The members, who adopt handles
"Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to
found Apple Computer.
 Early 1980s - Author William Gibson coins the term "cyberspace" in a
science fiction novel called Neuromancer .In one of the first arrests of
hackers, the FBI busts the Milwaukee-based 414s (named after the local
area code) after members are accused of 60 computer break-ins ranging
from Memorial Sloan-Kettering Cancer Center to Los Alamos National
Laboratory.Comprehensive Crime Control Act gives Secret Service
jurisdiction over credit card and computer fraud.Two hacker groups form,
the Legion of Doom in the United States and the Chaos Computer Club in
Germany.2600: The Hacker Quarterly is founded to share tips on phone and
computer hacking.
 Late 1980s - At 25, veteran hacker Kevin Mitnick secretly monitors the e-
mail of MCI and Digital Equipment security officials. He is convicted of
damaging computers and stealing software and is sentenced to one year in
prison.First National Bank of Chicago is the victim of a $70-million computer
heist. An Indiana hacker known as "Fry Guy" -- so named for hacking
McDonald's - - is raided by law enforcement. A similar sweep occurs in
Atlanta for Legion of Doom hackers known by the handles "Prophet,"
"Leftist" and "Urvile."
 Early 1990s - After AT&T long-distance service crashes on Martin Luther King Jr.
Day, law enforcement starts a national crackdown on hackers. The feds nab St.
Louis' "Knight Lightning" and in New York grab Masters of Deception trio "Phiber
Optik," " Acid Phreak" and "Scorpion." Fellow hacker "Eric Bloodaxe" is picked up in
Austin, Texas.Hackers break into Griffith Air Force Base, then pewwwte computers at
NASA and the Korean Atomic Research Institute. Scotland Yard nabs "Data Stream,"
a 16-year-old British teenager who curls up in the fetal position when seized.A Texas
A&M professor receives death threats after a hacker logs on to his computer from off-
campus and sends 20,000 racist e-mail messages using his Internet address.In a
highly publicized case, Kevin Mitnick is arrested (again), this time in Raleigh, N.C.,
after he is tracked down via computer by Tsutomu Shimomura at the San Diego
Supercomputer Center.
 Late 1990s - Hackers break into and deface federal Web sites, including the U.S.
Department of Justice, U.S. Air Force, CIA, NASA and others.Report by the General
Accounting Office finds Defense Department computers sustained 250,000 attacks by
hackers in 1995 alone.A Canadian hacker group called the Brotherhood, angry at
hackers being falsely accused of electronically stalking a Canadian family, break into
the Canadian Broadcasting Corp. Web site and leave message: "The media are
liars." Family's own 15-year-old son eventually is identified as stalking culprit.Popular
Internet search engine Yahoo! is hit by hackers claiming a "logic bomb" will go off in
the PCs of Yahoo!'s users on Christmas Day 1997 unless Kevin Mitnick is released
from prison. "There is no virus," Yahoo! spokeswoman Diane Hunt said .
 1998 - Anti-hacker ad runs during Super Bowl XXXII. The Network
Associates ad, costing $1.3-million for 30 seconds, shows two
Russian missile silo crewmen worrying that a computer order to
launch missiles may have come from a hacker. They decide to blow
up the world anyway.In January, the federal Bureau of Labor
Statistics is inundated for days with hundreds of thousands of fake
information requests, a hacker attack called "spamming."Hackers
break into United Nation's Children Fund Web site, threatening a
"holocaust" if Kevin Mitnick is not freed.Hackers claim to have
broken into a Pentagon network and stolen software for a military
satellite system. They threaten to sell the software to terrorists.The
U.S. Justice Department unveils National Infrastructure Protection
Center, which is given a mission to protect the nation's
telecommunications, technology and transportation systems from
hackers.
 Ethical Hacking
 Ethical hacker's discoveries made during the evaluation. Vulnerabilities that were found to exist
are explained and avoidance procedures specified. If the ethical hacker's activities were noticed
at all, the response of the client's staff is described and suggestions for improvements are made.
If social engineering testing exposed problems, advice is offered on how to raise awareness. This
is the main point of the whole exercise: it does clients no good just to tell them that they have
problems. The report must include specific advice on how to close the vulnerabilities and keep
them closed. The actual techniques employed by the testers are never revealed. This is because
the person delivering the report can never be sure just who will have access to that report once it
is in the client's hands. For example, an employee might want to try out some of the techniques
for himself or herself. He or she might choose to test the company's systems, possibly annoying
system administrators or even inadvertently hiding a real attack. The employee might also
choose to test the systems of another organization, which is a felony in the United States when
done without permission.
 The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report
could be extremely dangerous if it fell into the wrong hands. A competitor might use it for
corporate espionage, a hacker might use it to break into the client's computers, or a prankster
might just post the report's contents on the Web as a joke. The final report is typically delivered
directly to an officer of the client organization in hard-copy form. The ethical hackers would have
an ongoing responsibility to ensure the safety of any information they retain, so in most cases all
information related to the work is destroyed at the end of the contract.
 Once the ethical hack is done and the report delivered, the client might ask “ So, if I fix these
things I'll have perfect security, right? ” Unfortunately, this is not the case. People operate the
client's computers and networks, and people make mistakes. The longer it has been since the
testing was performed, the less can be reliably said about the state of a client's security. A portion
of the final report includes recommendations for steps the client should continue to follow in order
to reduce the impact of these mistakes in the future.
 What to do if been hacked?
Shut down Internet connection
 The most important step to consider if you suspect your system ’ s security has been
compromised is to shut off all connections to the Internet.
 Although this temporarily detains us from the ability to trace the PC responsible for
the attack, it does enable us to first protect our information, which is probably your
primary concern.
Install Firewalls
 Luckily, if you were followed any of the advice on this website, you have a firewall
installed on our system.
 Many firewalls, Zonealarm for one, possess the ability of maintaining a detailed
description of attempted intrusions. If your firewall does alert you to possible
invasions, it probably has the capability of providing the IP address as well.
Contact ISP
 Once us have obtained the name of the Internet Service Provider(ISP), the next step
is to initiate contact with them. Most ISP ’ s have some type of acceptable use policy,
and typically illegal intrusion is not contained in it ’ s guidelines. After us have
reported the incident to the specific ISP, the punishment/penalty proceedings are in
their hands (Hart, November 2003).
 The idea of testing the security of a system by trying to break into it is not
new. Whether an automobile company is crash-testing cars, or an individual
is testing his or her skill at martial arts by sparring with a partner, evaluation
by testing under attack from a real adversary is widely accepted as prudent.
It is, however, not sufficient by itself. As Roger Schell observed nearly 30
years ago:
From a practical standpoint the security problem will remain as long as manufacturers
remain committed to current system architectures, produced without a firm
requirement for security. As long as there is support for ad hoc fixes and security
packages for these inadequate designs and as long as the illusory results of
penetration teams are accepted as demonstrations of a computer system security,
proper security will not be a reality .
 Regular auditing, vigilant intrusion detection, good system administration
practice, and computer security awareness are all essential parts of an
organization's security efforts. A single failure in any of these areas could
very well expose an organization to cyber- vandalism, embarrassment, loss
of revenue or mind share, or worse. Any new technology has its benefits
and its risks. While ethical hackers can help clients better understand their
security needs, it is up to the clients to keep their guards in place.
 Reference
 http://www.bama.ua.edu/~wilso098/project
/hacking.html
 http://www.research.ibm.com/journal/sj/40
3/palmer.html
 http://scribd.com search for ‘hacking’
 http://google.com search for ‘computer
hacking’