 So this week, we're going to be talking about hacking. The term hacking covers many different activities. It's kind of gained a wide, I guess, definition. But the definition I'm going to go with now, hacking generally describes deliberate unauthorized access to spaces over which rights of ownership or access have already been established. What we basically mean by this is trust pass. Whenever you think of hacking, there's usually some trust pass involved. Or basically, for criminal purposes, it mostly deals with trust pass. Hacking itself has a lot of political connotations. Some groups have adopted it for activities that they do that may even have nothing to do with computers. But for this case, when we're talking about cybercrime and hacking, we're very generally talking about actions of trust pass or gaining access to unauthorized resources. Usually, some type of trust pass and trust pass has the goal of or access used to commit or further crime. So basically, accessing a resource, either for fun, essentially, to gain access to that resource, or once I have access to that resource, installing tools or stealing information or doing something else that is also a different type of crime. So hacking is generally getting access to things or getting control over something in some way. We'll talk about more what that is. So hacking itself as a concept is difficult to talk about because of the various motivations of groups that identify as hackers. There could be very generally, we split them up into ethical hackers and unethical hackers where here the definition is ethical hackers have a high level of specialized knowledge and a belief in the ethics of freedom of access to public information. And this is kind of a more traditional definition of hackers who are just attempting to make basically private information publicly accessible. Freedom of information is the idea behind this. Ethical hackers do a lot of different things. They're commonly called penetration testers today. I'll talk a little bit about penetration testing in a second. Unethical hackers, however, usually create some sort of disruption through unauthorized presence or enter systems undetected and steal restricted information. So you have two versions of unethical hackers. The people who want to disrupt the confidentiality, integrity, or availability of a system or data in the system and do it quite loudly, potentially as a form of protest or just because they don't necessarily care if they're loud or not. And then you have groups that are usually organized groups. And this is kind of borderline cyber espionage or cyberterrorism that are trying to gain access to systems, do some sort of trespass without being detected to steal information or gain access to information over the long term, usually over the long term. So ethical hackers have the knowledge and skills and resources to be able to access systems and potentially make profit off of it or say something political about it, but usually don't. Even though they could, they don't. Unethical hackers use this power, this knowledge to steal information, make money, cause damage, or otherwise disrupt systems. So I specifically pointed out penetration testers because they're kind of a special case. Penetration testers are hackers with the skills and knowledge and they are usually hired by companies to search the company for vulnerabilities. They specifically look for vulnerabilities in companies that way some random hacker with a malicious intent doesn't come in and find it. Penetration testers, you also have ethical and unethical penetration testers where ethical penetration testers will usually not go looking for vulnerabilities in a company and then go to the company and say, hey, look at what I found, pay me so I can fix it. Penetration testers that are ethical normally just provide consulting services and only actually do their job whenever they're asked to do the job. But there's a lot of gray area there. Some people believe that scanning systems and making sure they are secure and pointing out vulnerabilities is a service to the community. Organizations that normally get scanned don't necessarily agree with that statement. But yeah, so there are penetration testers out there that specifically work for corporations or consult for corporations to find vulnerabilities in networks that way other cyber criminals can't. Hackers must be very careful, penetration testers I should say must be very careful about the permission from the company to actually do a penetration test on the company and local legislation. In some cases, some types of attacks may not be legal even if you have permission. Now, that's relatively rare, but it could happen. Penetration testers have to be quite aware about what they're doing. So don't just offer yourself as a penetration tester unless you understand the legal implications of doing so. Penetration testers can potentially find flaws in the security of networks before malicious hackers do. The idea is to have a hacker find all of the vulnerabilities that way you can secure them before anyone that has a malicious intent actually goes through and does it too. And that's essentially a big part of information security today is having penetration testers come in and look for vulnerabilities. Most hacking methods simply abuse the trust or confusion of users. A lot of what's penetration testers or even hackers are doing is targeting not only the technical system. Sometimes it's completely technical, but a lot of times it involves at least some user interaction or some users are part of their attack somehow. This is described as social engineering. Whenever I'm going after a specific person to gain access to information that will give me access to the network or to information, we can use social engineering and it is extremely effective method of getting information about a network, about an organization, about other people. And if you can do it well without even having any technical skills at all, you can potentially get all of the information you need or access to entire organizations in some cases. So we can think of social engineering as people hacking. Here people are the weakest link. I talked before about education, educating users about, for example, clicking on emails or downloading attachments and opening attachments from people you don't know. If we can attack the user and we can get the user to do some action for us, then that can potentially give us a lot of information, give us access to restricted networks, restricted accounts, things like that. It's a technique to obtain access codes and information. Again, social engineering, I'm attacking the user. So for example, I could just ask somebody, what's your password? And they probably won't tell me, but they might tell me. Now, if I just walked into a building and said, what's your password? They would say, who are you? Get out of here. But if I go into the building and I say that I'm from IT and I'm here to fix your computer, I see you've had trouble logging in. Can you give me your password real quick? Then maybe I'm more likely to trust my IT department and I would give somebody the password. So it's basically just lying to people to get the information you need, but lying to people in a way so they don't suspect that they're being tricked. There's a lot of books on social engineering and what they found is that most people are willing to help by default. So if they think that you're not a threat, they're more likely, if you're asked for help, to be willing to help you, especially if you throw in information that is confusing to them and they don't wanna seem like they don't know. So what social engineers or hackers tend to do is throw in a lot of technical jargon, technical information that the users don't know, but it makes the hacker seem like they know what they're talking about, then they're more likely to get information from that user to, for example, log into their computer, log into the system, and potentially even install software in the computer. Once the hacker's done that, they have potentially full access to the network. This also allows us to gather information from people or documents in the organization. Another big source of information is an organization's trash or a person's trash. Think about all of the things that you've thrown away. It could be credit card applications with names and numbers and things like that, birthdays. Organizations throw away a lot more information and all of that goes into the trash and the trash is usually not guarded. If you can get access to that information, you can potentially get a lot of interesting information about that organization that you can use in either other social engineering attacks or potentially even passwords and things that would allow you to log in directly. For example, a relatively common occurrence is that people throw away phone records or organizational phone lists that list all of the people's names, their department and their phone number. If I have that list, then now I can start to call around to each department and say, hey, this is Jack from a certain department. Is your computer not working well, right? And because I've already said the department and I've said a name that that person probably recognizes, they're more likely to trust me and they may give me more information. They may even give me their account to log in. So even things as, let's say, innocuous as a telephone directory for an organization can potentially be a major hole that an attacker can use to take advantage of the system. Other hacking methods include spyware and surveillance software. So installing spyware on somebody's computer and installing surveillance software to monitor basically everything they're doing. A lot of that basically just focuses on stealing information from the system. And it is considered malicious software, but it's kind of a little bit separate in that it's focusing only on stealing information. It is software that collects information like passwords, documents, contents of emails, contents of chats, et cetera, and sends it to a server or the original attacker. Malicious software we'll talk about in lesson four two. So I won't talk much about that, but malicious software is software that allows access or information theft, either access to a computer, access to some system, or the ability to steal information from that system. Another commonly used, very commonly used attack now is denial of service, which is DOD, or distributed denial of service, DDOS. And this greatly degrades or prevents access to a system and its services. So the idea is that I can attack a system and prevent legitimate users from accessing that system. So if I can overload basically some computer, then anyone else who tries to connect to that computer or service can't because I've already overloaded the connection. DDOS is often used along with other methods to attempt to gain access to systems. If I can overload the system, I may be able to hack into the system at the same time. And it's also very often used for political reasons. So for hacktivism, for example, large groups of people that are activists protesting something may join their computing power together to overload a specific target. Whoever they're protesting, they may try to take their server offline by using their collective computing power to overload that computer so nobody else can connect to their website or service. It's also been used quite a bit in several different countries for election fraud. So during election days, if they're using electronic voting system, using DDOS attacks to shut down voting system in specific areas to basically try to sway votes one way or the other. So how to investigate hackers? First off, we need to understand how they work. So you do need to know a little bit about how hacking works, at least how easy hacking is and how kind of the common methods that hackers go through. Once we understand how they work, then we can investigate a little bit easier. We'll talk about investigation in the forensic section. The thing about hackers is that there's many different motivations. A lot of hackers are in it for the money, but some are in it for political reasons, some are in it for fun. I mean, there's lots of different reasons why people try to get into systems, access information, steal information. There are many different tools and approaches for hacking. Within the last few years, a lot of hacking tool kits have come out that make it extremely easy to do different types of relatively sophisticated attacks. The result is that more people with a lower level of knowledge are able to do relatively sophisticated attacks against real systems and cause potentially a lot of damage. So you really need to learn information security basics outside. I know I talked about it in the last lecture, but information security basics is one thing that you need to study on your own if you wanna be a cyber crime investigator or a digital forensic investigator and also get at least some introductory books on basics of hacking. Understand what tools they use, what approaches they use, and some of those tools and approaches can help you during your cyber crime investigations as well. Obviously not the trespassing things. And one thing that I want to make very clear is that basic hacking is extremely, extremely easy. It's far too easy, actually. We should be beyond how easy it is now, but basic hacking is surprisingly easy. Investigation of beginning hackers is also very easy. So if you get into, if you start learning about hacking, really don't try to hack systems that you don't have permission to access because it's usually very easy to investigate beginning hackers. They make a lot of mistakes, they don't hide their tracks and they don't know how to cover themselves up so they're relatively easy to find. Hacking is easy, but making money with hacking is very, very difficult. By the time that you start to try to make money off of hacking, you will probably be caught by police. That is whenever hackers attempt to make money or attempt to transfer something of value, that's whenever the police usually get involved and that's when we catch most people. Like I said, if you put a computer online, it will be attacked within a matter of minutes, if not seconds. People are trying to hack computers all the time and we don't really, we don't report most of them and we don't care about most of them because most of them are unsuccessful. It's whenever you're actually getting access and stealing something of value that you really get caught. So don't get the idea, even though hacking is easy, don't think that you can do it and get away with it basically. That's what this course is all about. So once money gets involved, the stakes increase dramatically basically. Investigators will be on you once that happens. So that's it for hacking. Next we'll talk about specific types of malware and how malware is used along with hacking. Thank you.