Presented by:

MEHAK ZAIB SUDDLE

FAIZA IRFAN

AYESHA SHAHEEN

NARGIS JAHANGIR

TO P I C

HACKING:Good hackers go to heaven, bad hackers go everywhere. But who are these hackers and what is so bad or so good about them? What do they do? Where do they go? Trying to answer these questions raises even more. 

?

??

HACKERS: Hacker is a term that has been used to mean a variety of different things in computing. Depending on the context although, the term could refer to a person in any one of several distinct (but not completely disjointed) communities and subcultures:

Black hat hackers

White hat hackers

Gray hat hackers

Generally we can categorize hackers in three different types these are:-•WHITE HATS (ethical hackers)•GREY HATS •BLACK HATS(crackers)

WHITE HATS:-•Although white hat hacking can be considered similar to a black hacker, there is an important difference.

*A white hacker does it with no criminal intention in mind.

*Companies around the world, who want to test their systems, contract white hackers. They will test how secure are their systems, and point any faults that they may found.

* If you want to become a hacker with a white hat, Linux, a PC and an internet connection is all you need.

CASE STUDY (Nato urges military to recruit white hat hacker army to boost defenses) Nato has called for military and private industry to recruit more ethical hackers, listing their skills as an essential weapon in its ongoing anti-black hat war. Nato deputy assistant secretary general Jamie Shea issued the statement in a video review exploring the ethical hacking community. He said: "In order to have a defense you need to have a much wider group of people with a much broader set of skills working for you than as in the old days when we were talking about the man from the ministry with a set identity.That's not the case anymore."Traditionally ethical hackers, known as white hats, have disclosed security bugs for free and many continue to do so just for the prestige. But with industry and governments around the world looking to beef up their cyber defences, ethical hackers can now have the pick of jobs in a booming industry.The Cyber Strategy was announced in 2011, when the UK government pledged to invest £650m to train the next generation of security experts. The initiative has had a heavy focus on education, setting up numerous higher education centres and apprenticeship schemes for young people looking to enter the security industry. In May the UK government pledged to invest £7.5m to create new cyber security research centres at Oxford University and Royal Holloway University London

HOW TO BECOME AN ETHICAL HACKER:-In order for hacking to be deemed ethical, the hacker must obey the below rules.

•You have permission to probe the network and attempt to identify potential security risks. It's recommended that if you are the person performing the tests that you get written consent.

•You respect the individual's or company's privacy and only go looking for security issues.

•You report all security vulnerabilities you detect to the company, not leaving anything open for you or someone else to come in at a later time.

•You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware if not already known by the company.

SERVICES PROVIDED BY ETHICAL HACKERS:-

Random Hacks of KindnessRandom Hacks of Kindness is a community that focuses on developing practical and open-source solutions to global challenges. These challenges can range from disaster risk management to climate change adaptation.

Solutions so far have included apps such as I'm OK, an SMS app that lets people in disaster-afflicted areas notify family members of their status, and CHASM, an app for landslide risk visualization.

These apps are made by thousands of software experts, volunteer devs and designers from 26 cities around the world. Currently, 120 distinct projects make up RHoK's opus.

Projects continue year-round, but events can be organized to create sprint scenarios. Random Hacks of Kindness was founded in 2009 as a partnership between Google, Microsoft, Yahoo!, NASA and the World Bank.

Code for America Code for America is still seeking fellows for its 2012 cycle.

This organization assembles teams of crack developers to build open-source apps for governments.

Each year, many cities and states apply for the CfA program, and many more developers vie for a spot as a CfA fellow.

The chosen hackers are sent to the cities where the apps will be built and used.

Each dev is given a stipend, as well as mentorship and post-program recommendations. CfA Fellowship applications are due July 31, 2011 for the 2012 fellowships.

Hack for ChangeFrom Change.org comes Hack for Change, a weekend-long event to be held in San Francisco on June 18 and 19, 2011.

(Disclosure: Mashable is a sponsor of this event. At the hackathon, 50 devs and designers will split into teams and spend 24 hours creating web or mobile apps they believe will affect positive change.

Devs can use any publicly available APIs in their apps, and several companies with APIs popular in this arena will be presenting before the hacking begins.

Anyone can apply to attend and hack in this event, and invitations will be confirmed at the beginning of June.

GRAY HAT HACKER

GREY HATS:- A grey hat hacker is someone who is in between the concept of black hat and white hat. He may use his skills for legal or illegal acts, but not for personal gains.

*Grey hackers use their skills in order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it.

*The moment they cross that boundary, they become black hackers.

Type of gray hat hackers:- Pranksters:  These hackers are the mischief-makers of the bunch whose intention is merely to be a nuisance. They are the equivalent of individuals who pull fire alarms or make phony bomb threats. Copycat hackers would also fall into this category.Fame seekers:  This group hacks seeking attention or notoriety. Using a code name, these individuals target high-profile sites such as Yahoo!, eBay, or NASA to achieve bragging rights among their peers.Educational:  Students justify hacking into systems by saying that they are honing their programming skills.

CASE STUDY (NEW YORK (Main Street)) *In recent weeks one group in particular, LulzSec, has been causing mayhem across the Internet, but its attacks have been motivated more by a penchant for mischief than a desire to steal your money or identity.

*The group targeted PBS after it viewed an episode of Frontline on WikiLeaks as biased and carried out a bit of "hacktivism" by posting a fake news story on the PBS website suggesting rapper Tupac Shakur was still alive.

*This was followed by an attack on Sony(SNE), in which LulzSec stole the personal data of thousands of customers while the gaming company was still reeling from the PlayStation Network breach.

*But rather than sell the data or use it for phishing attacks, LulzSec simply posted the data online for all to download and use as they see fit. It also breached the security of Nintendo, but did not leak any customer data -- citing its love for the Nintendo 64 console, it simply informed the company of its security holes and urged it to improve its security.

*Such varied actions have led many to describe the group as "gray hat" 

BLACK HAT HACKER:*Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent.

*Unlike a white hat hacker, the black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose.

•The black hat hacker may also make the exploit known to other hackers and/or the public without notifying the victim.

* This gives others the opportunity to exploit the vulnerability before the organization is able to secure it.

*Six Romanians and Two Moroccans have been arrested in Spain for Allegedly  participating in the massive global ATM cyber heist that stole $45 million from two banks. *The eight people are said to have stolen $392,000 in 446 withdrawls using the faked cards at ATMs in Madrid in February.  *The Spanish authorities seized around $34,470(€25,000), jewelry, 1000 new cards and computers.  *In February, the criminals managed to steal more than $45 million from a number of countries in just a few hours. An individual said to be the leader of the network was arrested in Germany. *He is allegedly the one who hacked into the Credit card processing companies' database server and disabled security features such as the withdrawal limits. *Eight People were arrested and charged in New York in May and Six further people were arrested in New York last month. Barry University’s Laptop infected with malware, patients info at risk .

LATEST CASE STUDY & NEWS ABOUT

BLACK HAT HACKERS

*Russian Hacker attempts to A Russian hacker has managed to gain the access to the BBC server and then attempted to sell the access to other cyber criminals in the underground Russian forums. *In an exclusive report, Reuters said that the cyber attack was first identified by a cyber security firm "Hold Security" while monitoring the underground cyber crime forums. *The firm told Reuters that its researchers observed a Russian hacker goes by Online handle "Hash" and "Rev0lver" attempt to sell access to the BBC server on Christmas day(Dec 25th). *The researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC. Eight more arrested in Spain for role in the $45 million global ATM cyber heist.

*Patients of Foot and Ankle Institute at Barry University are being notified about a security breach that their personal information and medical records may have been compromised. *The Security breach was detected around May 14, according to the Miami Herald. The school laptop was infected with a piece of malware. *The university hired a computer forensics company to investigate the incident. *They removed the malware from University's network and restored the affected files to their original state. After several months, the *University determined the some sensitive information of patients may have been compromised in the breach. *They university hasn't released the number of affected patients. The sensitive information at risk includes the patients' name, Social *Security Number, date of birth, bank account number, credit and debit card numbers, Driver license numbers, medical records. *The University offers a complementary 12 month credit monitoring service to those who affected by this security breach.