International J. Technology. January – June, 2020; Vol.

10: Issue 1

ISSN 2231-3907 (Print) www.enggresearch.net

ISSN 2231-3915 (Online) www.ijtonline.com

REVIEW ARTICLE

Ethical Hacking and Cyber Security against Cyber Attacks

Prashant Kumar Gavel, Ramakant Prasad, Nainsy Rathore, Deepshikha Yadav
SoS in CS and IT, Pt. Ravishankar Shukla Univeristy, Raipur, India
*Corresponding Author E-mail: [email protected], [email protected],
[email protected], [email protected]

ABSTRACT:
Basically, hacking is the expertise in any field that can be used for both ethical and unethical purposes. Those who
perform hacking are known as Hackers. Therefore, hackers are classified as per their working and as per their
knowledge. The ethical hackers are also known as white hat hackers. Ethical hackers use their hacking techniques
for providing security legally. Generally white hat hackers are legally authorized hackers that work for
Government. This paper explores the cyber world and cyber-crimes and its components over the internet. The fast-
growing internet technology has benefited the e-commerce, e-mail, online banking or system, advertising, vast
stores of reference material etc. But there is also a dark side internet becomes a common and easy tool for the
criminal activity using the weak link and vulnerability of internet, the objective of this study is to understand the
several hacking activities that come under the cyber-crime. Its focus is on the role of ethical hacker to remove it
from the offender, cyber-crime and illustrate on proactive approach to decrease the threat of hacking and Cyber-
crimes.

KEYWORDS: Ethical Hacking, Cyber Crimes, White Hat Hacking, Cyber Security.
1. INTRODUCTION:
The protection of information and infrastructure is that security in which the chance of successful yet undetected theft,
modification and disturbance of information and services are kept to low endurable[9].
Network Security: Protecting a network and data, computer program, other computer system assets from unwanted
intruders, and unauthorized user[9].

Fig.1. Information Security

83
 International J. Technology. January – June, 2020; Vol. 10: Issue 1

Information Security: Protecting information and information systems from interdicted access, use, declaration,
interference, modification or destruction [7-9].

There are following security services issues as given below [8-9]

• Confidentiality
• Authentication
• Integrity
• No repudiation
• Access control
• Availability
• Authorization

Hacking and challenges:

A hacker is an individual who uses his technical skills with the help of computer and network to process the task.
Hacker is a person who uses his efforts to gain unauthorized access to systems and networks in order to commit cyber-
crime. He may steal all the important information like all bank accounts, all personal data and use it to exploit the
victim and ask for ransom wares to give data back [13].

Types of hackers in the present world[11]:

(i) White Hat Hackers:
Hacking for finding out the loop holes in the security system [11]. White hat hackers, sometimes referred to as ethical
hackers, assist system owners in detecting and fixing security systems vulnerabilities. They are referred to as ethical
hackers because they do not violate laws, even though they use many of the same tools used by Black Hat hackers [1].

Table.1. White Hat Hackers [1][11]

White Hat Hackers
Mission Personality Trait Purpose
To protect organization Ethical White Hat Hackers are hired to find security holes or vulnerabilities in existing cyber
systems, so they can be patched and security test.

(ii) Black Hat Hackers:

Hacking for illegal or malicious purposes[11]. Black Hat hackers, sometimes called crackers, are typically motivated
by the personal gain they receive from illegally breaching computer systems, though they might also be social
mischief-makers that are in it for the thrill of the attack, for revenge or to seek notoriety [1].

Table.3. Black Hat Hackers [1]

Black Hat Hackers
Mission Personality Trait Purpose
To profit from Malicious Black Hat Hackers conduct unauthorized and illegal cyber-attacks for stealing personal or
data breaches organization information or data to sell for profit or personal use.

(iii) Grey Hat Hackers:

Hacking sometimes legally and sometimes not but has no malicious intentions [11]. Grey Hats can have ideological
motivations that translate to hacking attacks against an adversarial political position, a company policy that they do
not agree with or even a nation-state. They are often referred to as activists. Grey Hat hackers can be White Hats by
day and work for organizations and system owners to detect flaws in systems and mitigate them, but they sometimes
engage in ideological hacking activities to correct a perceived wrong [1].

Table.4. Gray Hat Hackers [1]

Gray Hat Hackers
Mission Personality Trait Purpose
To challenge themselves Ambitious Gray Hat Hackers search for and exploit security vulnerabilities without
profit and without authorization.

Ethical hacking:
Ethical Hacking has been used for software and network security [5]. Ethical hacking is performed with the target’s
permission. Such type of hacking is intended to discover vulnerabilities from various types of future malicious attacks
for betterment of secured system. It is the part of security enhancement program that cover risks and allowing cyber

84
 International J. Technology. January – June, 2020; Vol. 10: Issue 1

security improvement penetrations legally. Ethical hacking can also used for testing the security by vendors. Ethical
hacking is performed in controlled environment by performing ethical attacks. This helps better to understand the
working of malicious codes and their range dangerous area. Generally, the ethical hacking term is used for security
professionals for using their skills for defensive purpose to identify future security attacks in the system with good
intension.

The term ‘hacker’ originated at MIT in the 1960’s to describe someone who had the ability to understand and
manipulate technology. Although this is still true of hackers, their skills have evolved outside of just technical
capabilities to include the ability to manipulate people. Additionally, hackers are now categorized into three distinct
categories that identify their motives[7].

Process of ethical hacking:

The preplanning is arranged in various steps for performing ethical attack to the system security testing legally. All
technical, management and strategic issues must be considered. Proper planning is very crucial for security testing
from simple password security test to all high level network penetration tests. Back up of data and information should
be kept before committing ethical hacking. So, a well defined scope involves the following information[5][7-11]:
1. Specific systems to be tested.
2. Risks that are involved.
3. A proper test schedule is prepared over time.
4. Use knowledge or experiences to explore security threats.
5. What is done and when vulnerability are discovered?
6. Assessment report of security for high level counter measures and start with most crucial cyber tests.

The hacking methodology has some steps that are followed by hackers. These are listed below:
Step-1: Reconnaissance
Step-2: Scanning the system
Step-3: Enumeration
Step-4: Gaining Access or penetrating the system
Step-5: Maintaining Access for long time attack
Step-6: Creating Tracks

During this phase, an ethical hacker can collect the following information

Fig.5. List of information collected by Hackers

WHAT IS CYBER ?
The term cyber and cyberspace are modernized due to spread of computer and internet connectivity. Anything related
to the internet also falls under the cyber category [2]. Some popular words that use the cyber prefix include the
following: Cyber-crime, Cyberspace, Cyber forensics, Cyber bully, Cyber buck, Cyber security and Cyber punk [3-
4].

CYBER ATTACKS AND CYBER SECURITY:

Cyber-attacks cause unauthorized access or manipulation, destruction, interruption in software in terms of malware
intentionally to cause loss through electronic information or other physical infrastructure. There is a way to protect
from these attacks is social awareness about cyber-crimes. It can be described as a process of applying information
85
 International J. Technology. January – June, 2020; Vol. 10: Issue 1

security measures or techniques to protect the confidentiality, integrity, and availability (CIA) of information. Hackers
can compromise the confidentiality, integrity, and availability (CIA) of information by using social engineering attacks
to naïve users. Information security management is concerned with countermeasures to protect the CIA of information
assets from various threats, using principles, best practices, and technologies. Once hackers access a system, they can
steal, delete or alter the information stored on it, or corrupt its operations [4] [12-14].
B. TRENDS CHANGING CYBER SECURITY:
The various impact of cyber security attacks on the communication infrastructures:
• Web servers:
Web applications are used to extract data or information by using malicious code on servers. Such cyber criminals
distribute their malicious code via their compromised web servers. Now we have to focus on the protection of web
servers and web applications because web server contains the valuable information and data.
We should also use the safe web browser for financial transactions [10].

Cloud computing and its services:

The world is slowly moving towards the cloud. This latest trend presents a big challenge for cyber security against
cyber attacks, as traffic can go around traditional points of inspection. Additionally, as the number of applications
available in the cloud grows, policy controls for web applications and cloud services will also need to progress in
order to prevent the loss of important information. however cloud services are developing their own models still a lot
of issues are being brought up about their security. Loud may provide immense opportunities but it should always be
noted that as the cloud evolves so as its security concerns increase [10].
• APT’s and targeted attacks :
APT (Advanced Persistent Threat) is a whole new level of cyber-attack war. For years network security capabilities
such as web filtering or IPS (intrusion prevention system) have played a key part in identifying such targeted attacks
(mostly after the initial compromise). As attackers grow bolder and employ more vague techniques, network security
must integrate with other security services in order to detect cyber-attacks. Hence one must improve our security
techniques in order to prevent more threats coming in the future [10].

• Mobile Networks:
Today we are able to connect to anyone, anytime in any part of the world with the help of mobile networks. But for
these communication networks security is a very big concern. These days firewalls and other security measures are
becoming porous as people are using devices such as tablets, mobile, laptops etc all of which again require extra
securities apart from those present in the applications used. We must always think about the security issues of these
networks. Further mobile networks are highly prone to these cyber-crimes a lot of care must be taken in case of their
security issues [10].
INITIAL CYBERCRIME LEGISLATION:
Criminal laws have been enacted by the U.S. Congress that outlaws uncertified access to protected computers by
individuals. Protected computers are defined under. S.Code Title 18, Section 1030 and there is a number of state and
federal statutes that focus on unauthorized computer access which are related to computer crimes. One example is the
Computer system Fraud and Abuse Act (CFAA) that was originally passed in 1986 and has been amended numerous
times since then to simplify and increase the scope of an existing computer fraud law. According to Alexander in
2007, the CFAA was designed to protect government classified information and financial institution information that
was stored on computers. If the computer was connected to the internet, this Act makes it a criminal offense for an
individual to access it without proper authority or in an attempt to obtain financial information illegally. However,
according to Taylor et al. in 2015, this Act appears very vague, and has been amended to include computer hacking
offenses and the transmission of classified information in or outside the United States. The CFFA was originally
designed by Congress to criminalize unauthorized access to computers [12].
D. COMMAN CYBER ATTACK:
• Un-targeted Attacks[14]
• In un-targeted attacks, attackers randomly target as many devices, services or users as possible. They do not care
about who the victim is as there will be a number of machines or services with weakness. To do this security issue,
they use techniques that take advantage of the openness of the Internet, which include:
• Phishing - sending emails to large numbers of people asking for sensitive information(such as bank details) or
encouraging them to visit a fake website.
• Water holding-setting up a fake website or compromising a legitimate one in order to exploit visiting users.

86
 International J. Technology. January – June, 2020; Vol. 10: Issue 1

• Ransomware - which could include disseminating disk encrypting extortion malware .

• Scanning - attacking wide swathes of the Internet at random
• Targeted Attacks[14]
In a targeted cyber-attack, your organization is singled out because the attacker has a specific interest in your business,
or has been paid to target you. The groundwork for the cyber-attack could take months so that they can find the best
route to deliver their exploit directly to your systems (or users). A targeted attack is often more damaging than an un-
targeted one because it has been specifically tailored to attack your systems, processes or personnel, in the office and
sometimes at home. Targeted attacks may include:
• Spear-phishing: sending emails to targeted individuals that could contain an attachment with malicious software,
or a link that downloads malicious software.
• deploying a botnet: to deliver a DDOS (Distributed Denial of Service) attack.
• subverting the supply chain: to attack equipment or software being delivered to the organisation.

CONCLUSION:
Ethical hacking is not a criminal activity but malicious unethical hacking is a computer crime or cyber-crime. The
main goal of ethical hacking is to provide data and information security from being stolen and fraudulent use by
malicious attackers. The concept of security and trust is very changeable because cyber threats can attack from any
level of your organization. The cyber-crime is growing day to day in a new innovation of crimes made by a class of
intellectual and experienced cyber criminals. The cyber-crime is a great danger to the human rights in the digital world.
Now-a-days the number of new security attacks being designed to steal personal information is increasing with
accelerating pace. The attackers are targeting personal information to make a profit out of their operation.

ACKNOWLEDGMENT:
We express our heartily thanks to SoS in Computer Science andIT, Pt. Ravishankar Shukla University, Raipur for
providing us the various resource to publish the work.

REFERENCES:
1. J. Gaia and G. L. Sanders, “Psychological Profiling of Hacking Potential 1,” vol. 3, pp. 2230–2239, 2020.
2. V. S. Padilla and F. F. Freire, “A Contingency Plan Framework for Cyber-Attacks,” J. Inf. Syst. Eng. Manag., vol. 4, no. 2, pp. 2–7, 2019.
3. M. G. Porcedda and D. S. Wall, “Cascade and Chain Effects in Big Data Cybercrime: Lessons from the TalkTalk hack,” Proc. - 4th IEEE Eur.
Symp. Secur. Priv. Work. EUROS PW 2019, pp. 443–452, 2019.
4. F. Kwadade-cudjoe, “Effect of Cyber Security on Networks Operations ( A case study of Vodafone Ghana ),” vol. 7, no. 6, pp. 16–32, 2019.
5. A. Y. Ding, G. L. De Jesus, and M. Janssen, “Ethical hacking for boosting IoT vulnerability management: A first look into bug bounty programs
and responsible disclosure,” ACM Int. Conf. Proceeding Ser., pp. 49–55, 2019.
6. P. K. Paul and S. Aithal, “Network security: threat and management,” no. November, 2019.
7. G. Thomas, O. Burmeister, and G. Low, “The Importance of Ethical Conduct by Penetration Testers in the Age of Breach Disclosure Laws.,”
Australas. J. Inf. Syst., vol. 23, pp. 1–14, 2019.
8. Ding, Aaron Yi, Gianluca Limon De Jesus, and Marijn Janssen. “Ethical Hacking for Boosting IoT Vulnerability Management.” Proceedings
of the Eighth International Conference on Telecommunications and Remote Sensing - ICTRS ’19 (2019).
9. N. Rathore, “Ethical Hacking and Security against Cyber Crime,” i-manager’s Journal on Information Technology, vol. 5, no. 1, pp. 7–11,
2016.
10. World Health Organizaton, “WHO Information Note on the Use of Dual HIV / Syphilis Rapid Diagnostic Tests ( RDT),” 2019
11. R. Nath, A. Mukhopadhyay, “Ethical Hacking: Scope and challenges in 21st century,” , vol. 1, pp. 2349-2163, 2019.
12. Pavlik, Kimberly, “Cybercrime, Hacking, And Legislation,”, , vol. 2, no. 1, pp. 13-16, 2019
13. Garg, N. kumar, D. khera,Y. Jain, and Prateek, “Towards the Impact of Hacking on Cyber Security,”, vol. 9, no. 1, pp. 61-77, 2019.
14. Attacks, cyberpaper, white,”Common cyber attacks : reducing the impact,” 2016.

Received on 24.05.2020 Accepted on 21.06.2020

© EnggResearch.net All Right Reserved
Int. J. Tech. 2020; 10(1):83-87.
DOI: 10.5958/2231-3915.2020.00016.4

87