THE HACKER,

HACKING
TACTICS AND
THE VICTIM
Who is the hacker?
may refer to anyone with technical
skills, but it often refers to person
who uses his or her abilities to gain
unauthorized access to systems or
networks in order to commit crimes.
Types of Hackers

1. White hat- also known as ethical hackers, strive to operate in the public's best interest, rather
than to 'create turmoil.

2. Black hat- intentionally gain unauthorized access to networks and system with malicious
intent, whether to steal data, spread malware or profit from ransomware, vandalize or otherwise
damage systems or for any other reason including gaining notoriety.

3. Gray hat- fall somewhere between white hat hackers and black hat hackers, While their
motives may be similar to white hat hackers, gray hats are more likely than white hat hacker to
access without authorization; at the same time, they are more likely than black hat hackers to
avoid doing unnecessary damage to the systems they hack.
 HACKING TECHNIQUES
1. BAIT AND SWITCH

• an attacker can buy advertising spaces

on the websites. Later, when a user
clicks on the ad, he might get directed to
a page that's infected with malware. This
way, they can further install malware or
adware on your computer. The ads and
download links shown in this technique
are very attractive and users are
expected to end up clicking on the same.
2. COOKIE THEFT

• Once the hacker gets the access to your

cookie, he can even authenticate himself
as you on a browser.
• Also known as SideJacking or Session
Hijacking, this attack is easy to carry out
if the user is not using SSL (https) for the
complete session. On the websites
where you enter your password and
banking details, it's of utmost
importance for them to make their
connections encrypted.
3. Click Jacking Attacks

• also known by a different name,

UI Redress.
• the hacker hides the actual UI
where the victim is supposed to
click. This behavior is very
common in app download, movie
streaming, and torrent websites.
While they mostly employ this
technique to earn advertising
dollars, others can use it to steal
your personal information.
4. Virus, Trojan etc.

• malicious software programs

which get installed into the
victim's system and keeps
sending the victims data to the
hacker. They can also lock your
files, serve fraud
advertisement, divert traffic,
sniff your data, or spread on ail
the computer connected to
your network.
5. Phishing

• a hacking technique using which a

hacker replicates the most-
accessed sites and traps the victim
by sending that spoofed link.
Combined with social engineering,
it becomes one of the most
commonly used and deadliest
attack vectors. Once the victim tries
to login or enters some data, the
hacker gets that private information
of the target victim using the trojan
running on the fake site.
6. Eavesdropping (Passive Attacks)

• The motive behind eavesdropping

is not to harm the system but to
get some information without
being identified. These types of
hackers can target email, instant
messaging services, phone calls,
web browsing, and other methods
of communication. Those who
indulge in such activities are
generally black hat hackers,
government agencies, etc.
7. Fake WAP

• Even just for fun, a hacker can use

software to fake a wireless access point.
This WAP connects to the official public
place WAR Once you get connected the
fake WAP, a hacker can access your
data, just like in the above. It's one of
the easier hacks to accomplish and one
just needs a simple software and
wireless network

• Anyone can name their WAP as some

legit name like "Heathrow Airport WiFi'
or "Starbucks WiFi" and start spying on
you.
8. Waterhole attacks

• If you are a big fan of Discovery or

National Geographic channels, you
could relate easily with the waterhole
attacks. To poison a place, in this case,
the hacker hits the most accessible
physical point of the victim.
• For example, if the source of a river is
poisoned, it will hit the entire stretch
of animals during summer. In the
same way, hackers target the most
accessed physical location to attack
the victim. That point could be a
coffee shop, a cafeteria, etc.
9. Denial of Service (DoS\DD0S)

• a hacking technique down a site or

server by flooding that site or server
with a lot of traffic that the server -is
unable to process all the requests in
the real time and finally crashes
down.
• This popular technique, the attacker
floods the targeted machine with tons
of requests to overwhelm the
resources; which, in turn, restrict the
actual requests from being fulfilled.
10. Keylogger

• a simple software that records

the key sequence and strokes
of your keyboard into a log file
on your machine: These log
files might even contain your:
personal email IDs and
passwords.

• Also known as keyboard

capturing
 Famous Hackers
1.Anonymous

• is a group of hackers from around the

world who meet on online message
boards and social networking forums.
• They mainly focus their efforts on
encouraging civil disobedience and/or
unrest via denial-of-service attacks,
publishing victims) personal information
online, as well as defacing and defaming
websites.
2. Jonathan James

• gained notoriety for hacking into

multiple websites, including those
of the U.S. Department of Defense
and NASA, as well as for stealing
software code when he was a
teenager. In 2000, James became
the first juvenile, he was just 16
years old to be incarcerated for
computer hacking. He committed
suicide in 2008 when he was 25
years old.
3. Adrian Lamo

• hacked into the systems of several

organizations, including The New
York Times, Microsoft and Yahoo to
exploit their security flaws.
• Lamo was arrested in 2003,
convicted in 2004 and sentenced to
six months of home detention at his
parents' home, two years probation
and ordered to pay about $65,000 in
restitution.
4. Kevin Mitnick

• was convicted of a number of criminal

computer crimes after evading
authorities for two and a half years.
• Once one of the FBI's Most Wanted for
hacking into networks of 40 high-profile
corporations, Mitnick was arrested in
1993 and served five years in a federal
prison.
• After his release, Mitnick founded a
cyber security firm to help organizations
keep their networks safe
 How to Protect Yourself from Cybercrime
1. Use a full-service Internet security suite such as Norton against Security viruses,
Premium as to well ensure as that other you emerging are protecting threats
yourself on the Internet.

2. Use strong passwords, don’t repeat your passwords on different sites and make
sure to change your passwords regularly. A password management application can
help you to keep your passwords locked down.

3. Keep all your software updated.

4. Manage your social media settings to keep most of your personal and private
information locked down. Social engineering cybercriminals can often get your
personal Information with just a few data points, so the less you share with the
broader world, the better.
5. Secure your home network with a strong encryption password as well as a VPN. A VPN will
encrypt all traffic leaving your devices until it arrives at its destination. Even if a hacker manages to
get in your communication line, they intercept anything but encrypted traffic.

6. Talk to your children about acceptable use of the Internet without shutting down communication
channels. Make sure they know that they can come to you in the event that they're experiencing
any kind of online harassment, bullying or stalking.

7. Keep up to date on major security breaches. If you have an account on a site that’s been
impacted by a security breach, find out what the hackers know and change your password
immediately.

8. If you believe that you've become a victim of a cybercrime, you need to alert the local police and
other law enforcement agencies who are also involved in the investigation of cybercrimes. Even if
the crime seems minor this is Important, as you are helping to prevent criminals from taking
advantage of other people in the future.
Risk management typically falls into 7 areas:

1. Avoidance - Take a close look at what information you store and what you
need to store. For example, 1-2 years after a purchase maybe you don't
need the credit card number anymore and can blank it out with a
permanent marker but still keep the receipt in case of a tax audit.

2. Prevention - prevent access to data, prevent the removal of data from the
business, etc.

3.Reduction - Reduce a loss -if it does occur, Take measure like placing limits on
the amount that can be withdrawn from a bank account at any time.
4. Separation - Separate names from credit card numbers whenever possible. Separate
user names from Passwords (store them in separate databases). Separate Customer
data from the internet by only accessing it on a computer that doesn't have an
internet connection or email account.

5. Duplication - You actually want to reduce the duplication of customer data as the less
duplicates the less chances of theft but you may want to duplicate firewalls, etc.

6. Transfer - This is the biggest one, transfer the risk of storing credit card data to a third
party processor like PayPal or your bank. Let them take the risk of storing credit cards.
Also, insurance is a form of transfer as you are transferring your risk to the insurer.

7. Retention -As a last resort, be aware of the risk but if you cannot effectively manage it
you must retain it or avoid it (by not engaging in business).
Determinant Factors for Preventing Cyber Crime

1.Law Enforcement- The law enforcement is very weak and in order to strengthen the law, the
maximum fine should be increased as well as imprisonment so that the guilty will be charged.

2.Attitude awareness- In order to prevent cyber-crimes, creating attitude awareness during online
business is important. Business entrepreneurs from the survey are unaware cyber-crime, thus,
awareness programs on preventing cyber-crime should educate them in order to ensure
entrepreneurs feel safe during online business transaction.

3.Ethics- A good ethics while doing online business transaction should be addressed by
entrepreneurs and they should respect potential buyers and seller by giving detail information and
respect each other during online business.

4.IT Technology- Information technology infrastructure is comprehensive, thus, cyber-crime

prevention strategies should remain a top concern as enterprise now must support more devices
such tablets and smartphones. The enterprise should equip them with knowledge and update
technology security devices so that can protect from cyber criminals.
I LOVE YOU VIRUS

• Sometimes referred to as Love Bug or Love Letter

for you, is a computer worm that infected over
ten million Windows personal computers on and
after 5 May 2000 when it started spreading as an
email message with the subject line "ILOVEYOU"
and the attachment "LOVE-LETTER-FOR-YOU.
Creation

• ILOVEYOU was created by Onel De Guzman, a college

student in Manila, Philippines, who was 24 years old at the
time.
• De Guzman, who was poor and struggling to pay for
Internet access at the time, created the computer worm
intending to steal other users' passwords, which he could
use to log in to their Internet accounts without needing to
pay for the service.
Description

• The worm used social engineering to entice users to open

the attachment (out of actual desire to connect or simple
curiosity) to ensure continued propagation. Systemic
weaknesses in the design of Microsoft Outlook and
Microsoft Windows were exploited to allow malicious code
capable of gaining complete access to the operating
system, secondary storage, and system and user data in,
simply through unwitting users clicking on an icon.
Spread

• Because the worm used mailing lists as its source of

targets, the messages often appeared to come from
acquaintances and were therefore often regarded as "safe"
by their victims, providing further incentive to open them.
• Only a few users at each site had to access the attachment
to generate millions more messages that crippled mail
systems and overwrote millions of files on computers in
each successive network.
Impact

• The worm originated in the Pandacan

neighborhood of Manila in the Philippines on May
4, 2000, thereafter following daybreak westward
across the world as employees began their
workday that Friday morning, moving first to
Hong Kong, then to Europe, and finally the United
States
• The outbreak was later estimated to have
caused US$5.5–8.7 billion in damages
worldwide, and estimated to cost US$10–15
billion to remove the worm.
• Within ten days, over 50 million infections had
been reported, and it is estimated that 10% of
Internet-connected computers in the world had
been affected.
• Damage cited was mostly the time and effort spent
getting rid of the infection and recovering files from
backups. To protect them, The Pentagon, CIA, the
British Parliament and most large corporations
decided to completely shut down their mail
systems.

• At the time, it was one of the world's most

destructive computer related disasters ever.
Cybercrime Investigation and Coordinating
Center (CICC)

• was created by virtue of Republic Act 10175

otherwise known as the Cybercrime Prevention
Act of 2012. It is one of the attached agencies
of the Department of Information and
Communications Technology (DICT).
• responsible for monitoring cybercrime cases
being handled by participating law enforcement
and prosecution agencies, the CICC shall
perform all other matters related to cybercrime
prevention and suppression, including capacity-
building and such other functions and duties as
may be necessary for the proper
implementation of the Cybercrime Prevention
Act.
• The CICC is headed by Executive Director Cezar
O. Mancao II who was appointed by
Malacanang last August 20, 2020. Malacanang
is optimistic that Executive Director Mancao’s
professional credentials would greatly
contribute to the prevention of cybercrime in
the country.
 Powers
and
Functions
 To formulate a national cyber security plan and
extend immediate assistance for the suppression
of real-time commission of cybercrime offenses
through a computer emergency response team
(CERT);
 To coordinate the preparation of appropriate and
effective measures to prevent and suppress
cybercrime activities as provided for in R.A.
10175;
 To monitor cybercrime cases being bandied by
participating law enforcement and prosecution
agencies;

 To facilitate international cooperation on

intelligence, investigations, training and
capacity building related to cybercrime
prevention, suppression and prosecution;
 To coordinate the support and participation of
the business sector, local government units and
nongovernment organizations in cybercrime
prevention programs and other related
projects;

 To recommend the enactment of appropriate

laws, issuances, measures and policies;
 To call upon any government agency to render
assistance in the accomplishment of the CICC’s
mandated tasks and functions; and

 To perform all other matters related to cybercrime

prevention and suppression, including capacity
building and such other functions and duties as may
be necessary for the proper implementation of R.A.
10175.
 END
OF
DISCUSSION