The Ultimate Hacking Guide

There is a hacker attack in the world every 39 seconds, by 2020 the average cost of a data breach will cost $150 million and approximately $6 trillion will be spent in cybersecurity.

Today, according to Ginni Rometty, IBM’s chairman and CEO: “Cybercrime is the greatest threat to every company in the world.” Whatsmore is not just about big companies and celebrities, every person with access to the Internet is a potential victim.

In 2018, the cost of global cybersecurity breaching reached $1 trillion. Cybersecurity Venture reports that every second, 44 records are stolen, making a total of over 3 million files every day. On the other hand, by 2020 there will be roughly 200 billion IoT devices.

According to Microsoft, currently, a cyber attack can cost a company $3.8 million and on a global scale, cybercrime costs $500.

So if these stats alone aren’t as shocking as they are interested enough, let’s break this huge topic down: first, let’s talk about the types of hackers and hacking techniques that there are. Then at the bottom, you can find a list of tools to hack your daily life.

Types of hackers

Think like a hacker, act like a hacker. You don’t need to (and shouldn’t, duh) engage in any illegal activities. Still, thinking out of the box can save you from being hacked. Let’s talk about the main three groups of hackers and what they do.

• White hat hackers or also known as ethical hackers. Some officially work as network security specialists and perform ‘bug bounties’, either by selling hardware or software to protect computers against malware or working as full-time technicians.
  Take for example Linux, by Linus Torvalds, a secure open-source operating system.
• Black hat hackers, who focus on creating software and bugs to damage, from stealing data to corrupt files.
  Kevin Mitnick, during the 90s, went on a hacking spree for almost three years, during which time he breached data worth millions of dollars, from telecom services and the US National Defence warning system.
• Gray hat hackers. These are the hackers that try both sides of hacking. Thanks to their ability to staying anonymous online, they are ‘free’ to be either among the ‘good’ or ‘bad’ guys side.
  Marcus Hutchins was labeled a gray hat hacker after he was arrested for being suspected of creating the Kronos banking malware, while his full-time job was at the Kryptos Logic cybersecurity firm.

Types of unethical hacking practices

Malicious types of hacking have been going around and only gotten stronger with time. It is estimated that 230 thousand samples of malware are made every day, and four thousand ransomware attacks occur daily.

There is a common pattern in which hackers find a way to gain unauthorized access to a computer’s software, a website or an online personal account. Here are the most common ones:

• Vulnerability scanning — a hacker scans a system or website to find any vulnerabilities.
• Cracking a password — similarly to the case above, hackers scan and identify vulnerabilities to crack the password or a person’s personal account.
• Spooking — hackers create malicious websites that would seem as legit and trustworthy ones so that when users enter and navigate across them, hackers gain access to the visitor’s computer network.
• Rookit — hackers create a program in order to be able to control a computer’s operating system.
• Trojan horse — the hacker creates a ‘backdoor’ that will allow the hacker to access the computer system and gain access to its information.
• Virus — the most common on a daily basis, a virus ‘infects’ a file and then replicate to keep on spreading around.
• Keyloggers — a hacker creates a malicious backdoor to record every keystroke.
• Clickjacking — or also known as UI Redress, where the actual UI element is hidden and so when clicking in the fake one, so spam messages that are usually pay-by-click popup. However, the users run under the risk of also having their personal information breached.
• Bait and switch — a hacker buys advertising space on a page, with the purpose of directing users to malicious and infected sites. Same goes for apps and software.

With all these types of hacking, you may think, how can I know what sites are safe? Well, when searching the Internet and using your computer, smartphone, smartwatch… you can apply the saying ‘play it safe’. It may sound boring, we all like streaming and downloading movies, playing online games or do some online shopping.

So it is mainly about knowing “your sites”, and knowing how to protect your devices from hacking attacks, which take us to the next point.

How do hackers actually operate?

As we have mentioned above, there are many types of actions that hackers can take to breach personal information and spread bugs on private computers from the distance.

It takes almost 200 days for companies to realize they are victims of a security breach, as 90% of hackers encrypt their steps to stay in the dark. These can easily be possible by using a good VPN.

But how can a human defeat a machine? Hackers learn their programming languages well and then create loopholes.

• SQL Injection Attack — This is a ‘sequel’, a language used to communicate with databases. Usually, this program helps companies and organizations sort out their massive amounts of data, but in the wrong hands, can become the Google of private information that can be corrupted or sold.
• Cross-Site Scripting (XSS) — Similar to a SQL injection, a hacker can inject malicious code directly into a website to reach the users’ credentials and data, by embedding a malicious JavaScript link in the form of a blog comment or ad.
• Denial-of-Service (DoS) — this occurs when a programmer creates a website that receives way more traffic than it was designed to handle. Leaving it exposed to anyone with the means to access it. So any hacker interested in a website may try to overload it with a higher number of data and traffic than it was meant to.
• Hijacking — every session a user makes online, has a unique ID. A hacker can interfere between a requesting computer and a remote server and pretend to be the user requesting access.
• Credential Reuse — there is a big black market that sells data breached by hackers, for them to even further the damage. Hackers rely on the fact that users tend to keep unique passwords for all their different accounts. So once they have managed to hijack the details of a server, they can very well corrupt the same user’s accounts in different platforms.

How to prevent hacking attempts

Nowadays is not only your computer that can be affected, but any IoT can also be a victim of unethical hacking.

• Automatic security updates — when installing software security systems, make sure you to select that your antivirus and other security software update and run virus scans automatically.
• Two-factor authentification — nowadays you can register and set up your phone number or email, to your personal software and online accounts. So even in the case that a password expires or is forgotten, the account can be recovered through a code sent to your phone number or email.
• Regularly uninstall unused software or apps — also, update your security patches on a regular basis, to avoid malicious hackers finding loopholes or installing viruses.
• Don’t open or engage with emails — even if it sounds legit, don’t open or engage with emails that you don’t recall signing up for or recognize the sender.
• Stay real on social media — same goes for social media. When you accept a friendship request, you open the door for that person to access your data. It is so easy for unethical users to take screenshots of your photos and use these to create fake content on your behalf. Or accessing your contacts.
• Create strong passwords — when you create a new account or username, you are not just asked to submit a password with alphabetic, numerical and special characters just to annoy you. Passwords like 123, your name or similar only make it easy for hackers to breach your data.
• Use a trustworthy, official security system — for your computer’s safety, install an antivirus purchased from a specialized store, and for your other devices like smartphones or smart watches, download apps from authorized app stores.
• Never save your accounts and passwords’ data — sure this one sounds like the most obvious one, but is no joke. Better safe than sorry. One in every 130 emails contains malware. So please, never save your bank, passwords and log in details on any device that is not just for your personal use.

To sum up

Hacking sounds like an appealing career. However, this article, of course, is not to encourage anybody to get into the ‘dark side’ of this field. We want to first help identify all the different types of hacking, for a safer experience online. Secondly, by listing out all the facts, we hope this topic is better understood.

In the past three years, 95% of breached records came from three industries: the governments, retail and technology. They are the favorite targets of hackers because of the high amount of personal data they accumulate.

By next year, one of the most demanded jobs will fall within the cybersecurity industry. Are you going to be part of it?

Source: Giphy

Tools

As we described in our Facebook group ‘Hack4Egypt’, “the term hacking historically referred to constructive, clever technical work that was not necessarily related to computer systems! We view “hacking” as something that can help us to become smarter and more tech-savvy!

Hack4Egypt and HackaMENA, were created out of our past events and the purpose is to keep a community of tech-savvy people, where we can share with each other tips, news, events and altogether tech updates within Egypt, the MENA or even around the world.”

Here we offer you a list of sources to hack your daily life and turn the facts and knowledge we just shared with you into practical actions.

Online courses:

Skillshare — Top hacking courses

• WiFi hacking course (Arabic)

Udemy — Top ethical hacking courses

• Learn website hacking from scratch
• Ethical hacking for beginners’ level
• The complete Nmap: network security

Coursera

• Cyber Threats and Attack Vectors
• Systems and Application Vectors

Cybrary

• Ethical Hacking course

TED sessions we liked:

• How Quantum Physics can make encryption stronger
• Your smartphone is a civil rights issue

Reads that we loved this month:

• The best front-end hacking cheatsheets
• Productivity for developers: hacks, productivity tools
• Attention, hacking is the epidemic of our generation
• Tools and resources that landed me a front-end dev job
• How to write code you will love in the future
• 13 Noteworthy points from Google’s JavaScript Style Guide
• Every feature added to JS since 2015