Assignment description for grey hat hackers is “the people

Assignment 2INFO-6072By: James Rudell | Student Number: 0703914Due: January 3rd                                There are three different types ofhackers; white hat, grey hat, and black hat.

White hats are considered the”good guys.” (White Hat Hacker) Grey hats are the guys who “may violateethical standards or principles, but they have no malicious intent.” (Gray Hat Hacker) Black hats are consideredthe “bad guys.” (Black Hat Hacker) For a lot ofbusinesses “the security of their information, systems, and networks might notbe a high priority” (Kissel, 2009); this is at least not a high priorityuntil it’s too late.             White hat hackers are the ones youdon’t need to be worried about since they give off no real warning flag to society.”White hat hackers are usually seen as the hackers who use their skills tobenefit society and businesses.” (White Hat Hacker) White hat hackers havea positive impact on businesses because they are “learning new things,protecting the network they are in charge of from intrusion or damage,maintaining status quo.” (Budden, Lesson 5 Ethics_ Legal Info 6072, 2017)White hat hackers are the hackers who also “work with official sanction fromofficial organizations.

Don't use plagiarized sources.
Get Your Custom Essay on "Assignment description for grey hat hackers is “the people..."
For You For Only $13.90/page!

Get custom paper

” (Budden, Lesson 5 Ethics_ Legal Info 6072, 2017) Though for some itmay have started off as a hobby, white hat hackers are the good guys.             Grey hat hackers may do somequestionable things, but they have no real malicious intent. A great descriptionfor grey hat hackers is “the people who exploit securityvulnerabilities in order to spread public awareness that the vulnerabilityexists.” (Gray Hat Hacker) Some people maythink a great example of “a grey hat hacker group is Anonymous” (Knafo, 2011), but in my opinion,that’s pretty debatable. Another example of grey hat cases is when “in April2000, a group of hackers known as ‘{}’ and ‘Hardbeat’ gained unauthorizedaccess to They chose to inform the Apache crew of the problemsrather than try to damage the servers” (Grey Hat – Examples) these groups couldhave used malicious power on Apache but chose not to.

Why hack if it’s not toget paid for work or a bad reason? Grey hat hackers usually hack for “Fame,credit for solving challenging network puzzles, more interested in damage than pillage,hacktivists who deface websites and networks of ‘evil-doers’ (e.g., corporationinvolved in fur trade, tobacco sales, abortion) are part of this group.” (Budden, Lesson 5 Ethics_ Legal Info 6072, 2017) Grey hats may bequestionable but they aren’t really the big threat.

            Black hathackers are the hackers who only have malicious intent with no thought afterthe fact; in fact, most keep hacking after their first attack. “A black hathacker is a person who attempts to find computer security vulnerabilities andexploit them for personal financial gain or other malicious reasons.” (Black Hat Hacker)Black hats hack for “Cash payments, injury to others, may steal trade secrets, creditcard numbers, customer lists, employee lists. They want whatever informationthey can find that will generate a profit. They work with unofficial sanctionfrom official and unofficial organizations.

” (Budden, Lesson 5 Ethics_ Legal Info 6072, 2017) A group that standsout here is “LulzSec.” (LulzSec) The LulzSec group isa black hat hacker group that’s members were “once apart of Internet Feds, therivalry group of Anonymous.” (LulzSec) One of LulzSec’smost notable attacks was the “Sony attack on the PlayStation Network, whichtargeted credit card information on the network” (Hackers Attack Another Sony Network).

But, LulzSec didn’tjust steal credit card information, as LulzSec explains it “every bit of datawe took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customersin plaintext, which means it’s just a matter of taking it” (Hackers Attack Another Sony Network). Though LulzSec maynot have stolen money directly from Sony to have financial gain; Sony lost alot of money with this network outage.             All of thesetypes of hackers impact businesses, just not all in a good way. White hathackers have a positive impact on businesses because they protect the networksof the business.

Grey hats have both a positive and negative impact on abusiness because yes they report the vulnerability, but they also know of itsexistence and could abuse that. Black hats have a negative impact on a businessbecause they simply have malicious intent with their knowledge of the existing vulnerabilities.            Why would an attacker want to attacka social media site? Social media is one of the most used tool and platform outthere to date. The more data the attack has access to or can restrict beingaccessed the more value it may have to the attacker. Most social media attacksalso may require the ability to be persuasive and use some form of social engineering.Social engineering is “the practice of learning and obtaining valuableinformation by exploiting human vulnerabilities. People are always the weakestlink.” (Budden, INFO-6072 – Lesson 6 – Reconnaissance and SE , 2017) One of the morerecent attacks was called “The Curious Case of Mia Ash” (Threat, 2017).

            The Mia Ash case happened in early 2017.This attack was brought forward through an email phishing technique. “The emails used various themes,but they all contained shortened URLs leading to a macro-enabled Word document.The macro ran a PowerShell command that attempted to download additionalPowerShell loader scripts for PupyRAT, a research and penetration-testing toolthat has been used in attacks. If you installed PupyRAT, it gave the attackerfull access to the victim’s system.” (Threat, 2017) A PupyRAT is an “open-sourcecross-platform remote access Trojan” (Threat, 2017) that’s what theattack was, but how did it happen?”On January 13, 2017, the purportedLondon-based photographer ‘Mia Ash’ used a LinkedIn profile to contact anemployee at one of the organizations that were targeted, stating that they wereinquiring as part of an exercise to reach out to people around the world. Overthe next several days, the individuals exchanged messages about theirprofessions, photography, and travels.

Sometime before January 21, Miaencouraged the employee to add her as a friend on Facebook and continue theirconversation there, noting that it was her preferred communication method. Thecorrespondence continued via email, WhatsApp, and likely Facebook untilFebruary 12, when Mia sent a Microsoft Excel document, ‘Copy of PhotographySurvey.xlsm,’ to the employee’s personal email account. Mia encouraged thevictim to open the email at work using their corporate email account so thesurvey would function properly.” (Threat, 2017) This worked because mostemployees didn’t notice until it was too late, that by opening the link “thesurvey contained macros that, once enabled, downloaded PupyRAT.” (Threat, 2017) There are severalways this could have been avoided but they apparently were not implemented atthe time. This attack could have been prevented byserver-side filtering for the incoming emails. Email addresses and domains canbe restricted to only receive from specified domains.

“Messages sent from unauthorized domains—or messages fromlisted domains that can’t be verified using Domain Keys Identified Mail (DKIM)or Sender Policy Framework (SPF) records—are returned to the sender with amessage about the restriction policy” (Restrict Messages to Authorized Addresses or Domains); the same goes for sending. You can force emails to show inplain text thus removing clickable links; though you are still able to copy andpaste these. “Microsoft Office Outlook 2003 and later versions provide anoption named the Read all standard mail in plain text option. This option letsyou view all e-mail messages in plain text format” (How to View All E-mail Messages in Plain Text Format); though this is forMS Outlook most mail services should have a method that’s similar. You can evenremove attachments from the emails. One of the ways to achieve this is to”enable Exchange Server to remove Internet e-mail attachments that have thefollowing extensions (at which you would specify extensions)” (Remove E-mail Attachments)To achieve this “select this check box to remove specified e-mail attachmentsfrom SMTP-based e-mail (e-mail that is received by Exchange server) from theInternet. This includes POP3 e-mail delivered by the Microsoft Connector forPOP3 Mailboxes.

It does not include e-mail attachments sent between two clientcomputers on the local network.” (Remove E-mail Attachments) This can once againbe achieved similarly with different services. If worst comes to worst abusiness could implement something similar to Content Keeper to restrict siteand application access but this should be a last resort. Sincesocial media is the most used platform on the internet in this day and age youneed to be extra secure in everything you do.

If you receive an email at workeven if it’s by someone you know don’t click it unless you know for sure it isreal. A good technique I use to validate legitimacy is view source; sometimesthe link you see isn’t the link you are clicking on. The other, betteralternative though is to directly ask the sender. With today’s internet, no oneis truly safe.”Networkscanning refers to the method of using a computer network to gather informationregarding computing systems.

” (Network Scanning) Network scanners areused by administrators, but if administrators or information security analystshave access to these tools hackers do as well. One of these tools, which letyou scan for various things on the network, is called “SoftPerfect NetworkScanner” (Top 10 Network Scanning Tools) SoftPerfect’stool lets you scan for listening TCP/UDP ports. “Port scanning is the processin which you send client requests to a range of server port addresses on ahost, with the goal of finding an active port. The majority of people using aport scanner are not attacking, but rather simply trying to determine service availabilityon a remote machine.” (Port Scanning)Transmission Control Protocol or TCP “isa connection-oriented protocol, which means the connection is established andmaintained until the applications at each end have finished exchangingmessages.

It determines how to break application data into packets” (TCP). User DatagramProtocol or UDP “is an alternative communications protocol to TCP usedprimarily for establishing low-latency and loss tolerating connections betweenapplications on the Internet.” (UDP) TCP limits packetsizes, and also needs to retransmit lost packets which could slow the speed ofthe network down depending on the frequency. UDP, on the other hand, doesn’tretransmit; you will likely see the dropped packed in the scanner and see whyit was dropped.

  “Most networks that useTCP packets don’t get lost” (UDP) SoftPerfectalso will allow you to “retrieve information from WMI, SNMP, HTTP, NetBIOS,etc.” (Top 10 Network Scanning Tools) Windows ManagementInstrumentation or WMI “is a set of specifications from Microsoft forconsolidating the management of devices and applications in a network fromWindows computing systems, WMI has been initially installed on all computersfrom Windows Millennium Edition (Me) and later.” (WMI) Being able to scanthis will allow you to collect the user’s names, as well as operating systemdetails, and “security setting details.

” (WMI)Simple Network Management Protocol or SNMP “is the protocol leading networkmanagement and the monitoring of network devices and their functions. SNMP usesUDP and is not necessarily limited to TCP/IP networks.” (SNMP)Being able to scan this means you will be able to see the name of the deviceson your network as well as some other details such as IP and MAC. “NetworkBasic Input/Output System or NetBIOS “is a program that allows applications ondifferent computers to communicate within a LAN. It was created by IBM for itsearly PC Network but was then adopted by Microsoft, and has since been ineffect in industry standards.” (NetBIOS) Though scanning thismay not seem very useful, it may allow you to monitor something life if a deviceis attached to something such as “printer sharing” (Do I Need NetBIOS). Hypertext Transfer Protocol or HTTP”is the set of rules for transferring files (text, graphic images, sound,video, and other multimedia files) on the World Wide Web.” (HTTP) If you are scanningthis it will be unencrypted because it is not secure whereas data is encryptedwhen HTTPS is used.

            SoftPerfect’s even lets you “identify internal and external IP address ranges.” (Top 10 Network Scanning Tools) Detecting hidden folders may come inhandy as you may have unauthorized IP ranges using your network. Let’s say youare running on a 172.

x.x.x network, but an ex-admin or employee wants revengefor losing a job. If they had the IP address saved somewhere (for whateverreason) they could find a way to remote in from a different network and hide avirus. If that computer was running on a 192.x.

x.x network, that should standcompletely out as an unwanted device in the 172.x.x.x IP range.             Network scanners can come in handybut can also be malicious. Network scanners are used to look for issues in thenetwork whether it is connection related, or vulnerability related. If anetwork administrator catches an issue or finds out what is causing a reportedissue they will fix it as quick as possible.

The only problem is hackers canuse these tools too. For example, if they notice they can send huge packetsizes they may attempt the ping of death; in which if they have enough peoplehelping they can crash the server. These tools are really handy when usedproperly.            Internet Control Message Protocol orICMP “is the most used protocol in networking technology. As a protocol thatrequires no connection, ICMP does not use a port number and works in thenetwork layer.

ICMP is commonly used for diagnosing problems or reportingerrors and right now attackers are abusing the power of ICMP.” (ICMP Attacks) The most common ICMPattack is “attacking the systems with huge packet sizes, these attacks are ranon ICMP type 8, required a high bandwidth, can consume enough of its CPU powerfor a user to notice a significant slowdown, and these attacks started as aproblem in the 90s. Attacks such as ‘The ping of Death’ and ‘Ping Flooding’ butfirewalls helped prevent ICMP type 8 attacks” (It can Bring You Down) But there’s a newtype of attack out there now; it’s called the BlackNurse Attack.

This attackwas different; this attack “didn’t require a high bandwidth, sent normal sizepackets, ran on ICMP type 3, resulted in high CPU power, users from LAN-sidecan’t surf the internet, and was discovered in 2016.” (It can Bring You Down).            “Originally the attack was named ‘BlackNurse’as a joke because two of its principal researchers were a former blacksmith anda former nurse.

The media picked up on this name before it could be changed.” (BlackNurse) The BlackNurseattack didn’t have any requirements because it “did not rely on a software bugbut on the normal functioning of the ICMP stack. This means any networkingdevice is vulnerable to be impacted by a flood of BlackNurse packets.” (BlackNurse ICMP DoS Attack) The first thing youshould do is “test your firewall if you can, or check if is on the vulnerablelist” (ICMP Unreachable DoS Attacks aka BlackNurse)Next you should “monitor incoming ICMP packets using a tool like Netflow” (ICMP Unreachable DoS Attacks aka BlackNurse) If need be “deny WANaccess to ICMP type 3; just be sure to allow ICMP type 3 Code 4 (fragmentationneeded) to be received by the firewall.” (BlackNurse Denial of Service Attack)             Since ICMP will likely always be aneed in network for stuff such as “sending error messages and operationalinformation indicating, for example, that a requested service is not availableor that a host or router could not be reached” (Internet Control Message Protocol) it will likely becompletely unpreventable as people will always find new ways but it can bereduced. The best upfront solution would be to disable its ICMP types and codesthat you as a person or business do not need or plan on using.                            Bibliography Black Hat Hacker.


Retrieved December 27, 2017, from Techopedia: BlackNurse. (n.d.). Retrieved December 29, 2017, from Wikipedia: https://en.wikipedia.

org/wiki/ BlackNurse Denial of Service Attack. (n.d.

). Retrieved December 29, 2017, from Netresec: BlackNurse ICMP DoS Attack. (n.d.).

Retrieved December 29, 2017, from Fortiguard: Budden, S. (2017). INFO-6072 – Lesson 6 – Reconnaissance and SE . Budden, S. (2017).

Lesson 5 Ethics_ Legal Info 6072. Do I Need NetBIOS. (n.d.). Retrieved December 29, 2017, from Mmsmvps: https://blogs.msmvps.

com/acefekay/2013/03/02/do-i-need-netbios/ Gray Hat Hacker. (n.d.). Retrieved December 26, 2017, from Techopedia: Grey Hat – Examples.

(n.d.). Retrieved December 27, 2017, from Wikipedia: https://en. Hackers Attack Another Sony Network. (n.d.). Retrieved December 27, 2017, from The Guardian: https://www. How to View All E-mail Messages in Plain Text Format. (n.d.).

Retrieved December 28, 2017, from Microsoft: HTTP. (n.d.). Retrieved December 29, 2017, from Techtarget: http://searchwindevelopment.techtarget.

com/definition/HTTP ICMP Attacks. (n.d.). Retrieved December 29, 2017, from Infosecinstitute: ICMP Unreachable DoS Attacks aka BlackNurse.

(n.d.). Retrieved December 29, 2017, from Sans: Internet Control Message Protocol.

(n.d.). Retrieved December 29, 2017, from Wikipedia: https://en. It can Bring You Down. (n.d.). Retrieved December 29, 2017, from Blacknurse: Kissel, R.

(2009, October). Small Business Information Security: the Fundamentals. Retrieved December 26, 2017, from CSRC NIST: Knafo, S. (2011, June 15). Giving A Face To ‘Anonymous’: A Meeting With A Member Of The Secret Society Of Hackers. Retrieved December 27, 2017, from Huffingtonpost: http://www. LulzSec. (n.d.). Retrieved December 27, 2017, from Wikipedia: NetBIOS.

(n.d.). Retrieved from Techtarget: Network Scanning.

(n.d.). Retrieved December 29, 2017, from Techopedia: Port Scanning.


Retrieved December 29, 2017, from Techopedia: Remove E-mail Attachments.

(n.d.). Retrieved December 28, 2017, from Microsoft: https://technet. Restrict Messages to Authorized Addresses or Domains. (n.

d.). Retrieved December 28, 2017, from Google: https://support. SNMP. (n.d.

). Retrieved December 29, 2017, from Techtarget: TCP. (n.

d.). Retrieved December 29, 2017, from Techtarget: http://searchnetworking. Threat, U. R. (2017, July 27). The Curious Case of Mia Ash. Retrieved December 28, 2017, from Secure Works: https://www.secureworks.

com/research/the-curious-case-of-mia-ash Top 10 Network Scanning Tools. (n.d.). Retrieved December 29, 2017, from Intenseschool: http://resources.intenseschool.

com/top-10-network-scanning-tools/ UDP. (n.d.). Retrieved December 29, 2017, from Techtarget: White Hat Hacker.

(n.d.). Retrieved December 26, 2017, from Techopedia: https://www. WMI. (n.d.). Retrieved December 29, 2017, from Techtarget:             

Choose your subject


I'm Jessica!

Don't know how to start your paper? Worry no more! Get professional writing assistance from me.

Click here