Hacking into Cyber Security
Computer security, also known as cyber security, is security applied to computers, computer networks, and the data stored and transmitted over them. The field is of growing importance due to the increasing reliance of computer systems in most societies. Computer systems now can include the smallest pieces of technology. There are many different items that can be hacked into and many different ways to hack.
Computer security covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction and the process of applying security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest.
A vulnerability is a system susceptibility or flaw. A large number of vulnerabilities are documented in the Common Vulnerabilities and Exposures database. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. An exploitable vulnerability is one for which at least one working attack exists.
It is important to first understand the various types of "attacks" that can be made against it.
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. Unlike other exploits, denial of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. Simple firewall blocks are possible against an attacker coming from a single IP address, but many forms of Distributed denial of service attacks are possible, where the attack comes from a large number of points, and defending is much more difficult.
An exploit is a software tool designed to take advantage of a flaw in a computer system. This frequently includes gaining control of a computer system, allowing privilege escalation, or creating a denial of service attack. The code from exploits is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in certain programs' processing of a specific file type, such as a non-executable media file. Some security web sites maintain lists of currently known unpatched vulnerabilities found in common programs.
A computer system is no more secure than the persons responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords.
In the world of information technology there are different types of cyber attack, like code injection to a website or utilising malware such as virus, trojans, or similar. Attacks of these kinds are counteracted managing or improving the damaged product. But there is one last type, social engineering, which does not directly affect the computers but instead their users, which are also known as "the weakest link". This type of attack is capable of achieving similar results to other class of cyber attacks, by going around the infrastructure established to resist malicious software; since being more difficult to calculate or prevent, it is many times a more efficient attack vector.
Web sites that accept or store credit card numbers and bank account information are prominent hacking targets, because of the potential for immediate financial gain from transferring money, making purchases, or selling the information on the black market. In-store payment systems and ATMs have also been tampered with in order to gather customer account data and PINs.
Computers control functions at many utilities, including coordination of telecommunications, the power grid, nuclear power plants, and valve opening and closing in water and gas networks. The Internet is a potential attack vector for such machines if connected, but the Stuxnet worm demonstrated that even equipment controlled by computers not connected to the Internet can be vulnerable to physical damage caused by malicious commands sent to industrial equipment which are infected via removable media. In 2014, the Computer Emergency Readiness Team, a division of the Department of Homeland Security, investigated 79 hacking incidents at energy companies.
The consequences of a successful attack range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as exfiltration of data, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life, damages on the ground and to transportation infrastructure. A successful attack on a military aviation system that controls munitions could have even more serious consequences.
Many smartphones have cameras, microphones, GPS receivers, compasses, and accelerometers. Many Quantified Self devices, such as activity trackers, and mobile apps collect personal information, such as heartbeat, diet, notes on activities, and performance of bodily functions. Wifi, Bluetooth, and cell phone network devices can be used as attack vectors, and sensors might be remotely activated after a successful attack. Many mobile applications do not use encryption to transmit this data, nor to protect usernames and passwords, leaving the devices and the web sites where data is stored vulnerable to monitoring and break-ins.
Hacking techniques have also been demonstrated against home automation devices such as the Nest thermostat. Staples, and Target Corporation, aimed at financial gain through identity theft. By contrast, the 2014 Sony Pictures Entertainment hack was unusual in that the hackers appear to have taken data mainly to embarrass the company, but also attempted to cripple the company by wiping workstations and servers.
Even automobiles can be hacked with today’s resources and advancement in technology With physical access to a car's internal controller area network, hackers have demonstrated the ability to disable the brakes and turn the steering wheel. Computerized engine timing, cruise control, anti-lock brakes, seat belt tensioners, door locks, airbags and advanced driver assistance systems make these disruptions possible, and self-driving cars go even further. Connected cars may use wifi and bluetooth to communicate with onboard consumer devices, and the cell phone network to contact concierge and emergency assistance services or get navigational or entertainment information; each of these networks is a potential entry point for malware or an attacker. and cars with built-in voice recognition or remote assistance features have onboard microphones which could be used for eavesdropping.
Hackers in general have been stepping up their game and finding new ways to mess with people, businesses, and the government. Technology will need to keep up with the advancement of the hacking business.