Techniques Of Hacking And Identity Theft

The advent of technology in the recent past has facilitated the flow of information between entities such as individuals, businesses, governments, and information systems. However, this rapid growth in Information Technology has had some unprecedented risks such as a continued invasion into people’s privacy. This takes place when malicious attackers called hackers collect personal information without authorization from unsuspecting users of technology. Whenever people provide their credit card details online when making purchases, their crucial financial details are exposed. Consequently, sign in pages, free software, social media sites (where people disclose information voluntarily), gaming platforms, and general internet browsing patterns are all points of vulnerability that hackers exploit to obtain critical information about people. Hackers themselves do that for numerous reasons including prestige, fun and glory, or for monetary gain by selling acquired information to marketers, organizations, and political parties. In just the past decade, numerous accounts of hacking have been documented, most of which involve identity theft. Identity theft happens when an individual “acquires”, “transfers”, “possesses”, or “uses” another person’s personal information without their permission and with an intent to conduct illegal acts like fraud. It could range from petty crimes like using someone’s name to access a building, to far more serious cases like using their social security number toillegally purchase firearms. Common forms of identity theft include financial, medical, criminal driver’s license, social security, synthetic, and child identity theft. Hacking is one of the ways through which a person’s identity can be stolen. This paper therefore discusses five techniques of hacking and how they can be used toward the commission of identity theft. The methods that will be discussed include social engineering, DoS attacks, use of malware, SQL injection, and finally methods of covering up tracks or cleanup after a hack.

Social Engineering

Following the rapid increase in the number of hackers, as well as their unparalleled advancement of hacker skills, companies are employing robust and complex programs and computer systems to put the toughest of hackers at bay. Similarly, hackers are being forced to better their techniques or find a workaround for the seemingly impregnable systems. Having no luck at bypassing the tight security, hackers therefore opt to find different exploits, which are the human operators. This is done through social engineering. A perfectly executed social engineering attack renders any security hardware or software penetrable regardless of the quality. Social engineering can be carried out in different forms, but the principle remains the same. The hacker disguises themselves as a persona they are not and uses that to trick the person in charge of the system into revealing crucial information such as login credentials, procedures, or passwords.

Application of Social Engineering

The first option involves assuming the persona of a new employee who is having trouble finding his way around the system. The hacker can then ask a “colleague” or the systems operator for some information that will enable them to have access to the system. This method is often used when the hacker has very little information about the targeted company. It may not be effective because the “helpers” will most likely be inclined to offer guest account login credentials, which might not reveal much. It may however give them an opportunity to gather more information from the inside, such as identities of higher-ranking managers for a more potent social engineering attack.

The second method involves the attacker posing as a helper, a systems expert, or a handy person such as a penetration tester. He might also steal the identity of a person holding such positions in the organization and use it to gain access. Here, many use the first method to launch a virus in the guest account and then avail themselves as the expert to correct the situation. This raises less suspicion should they start asking for sensitive information from the targeted operator.

The third method, and the most effective, is reverse social engineering. In this technique, the hacker poses as a higher ranking legitimate user with more security clearance than the target operator. He advertises himself as maybe the security consultant, creates a problem within the system, and uses convenient prompts that suggest they be called in the event of emergencies. The hacker must, therefore, have enough knowledge about the targeted institution or organization and be able to answer all the questions that the operator might ask. Social engineering as a technique of hacking remains effective until an organization takes fundamental steps toward educating the employees about it.

Denial of Service

Denial of Service or Do Shacking technique offers the attacker a means of blocking access to a network or system by loading it with corrupted files or more data than it can handle, causing the system to become unstable. In other words, they overload the access switches with fake traffic, which could be delivered via email, transmission control protocol (TCP), and parcels.

Another way of deploying this form of attack is through the interruption of the connection between two dependent systems or machines, thereby blocking the transfer of and access to information. They can be tailored to target the entire systems or to just block a particular user. The DoS tools deployed not only seek to use the system resources appropriately but also autonomously create new attack packets to mess the connections within the system. Such tools may utilize precious resources or those that are non-renewable in nature by deploying countless ICMP echo packets, cutting off network connectivity through SYN flooding, changing the configuration of networks, replacing the routing data, and even causing physical harm to the components of the network.

Applying a DoS Attack

One way to launch a DoS attack would be to target an instant messenger client of a particular institution or organization. A hacker can flood the instant messaging clients in a particular department with millions of messages that echo each other repeatedly. If the clients are equipped with anti-flooding measures, the hacker can explore other tools to create multiple accounts within the server of this messenger to still effect the flood-attack. These attack are very difficult to detect and the clients will only know it when their machines become unresponsive. Even then, they will not have time to list the attacker under the spam or ignore list. This allows the hacker to take down the entire server or even disrupt the services of the routers serving the network.

Syntactic Attacks

These are attacks that involve the use of malware in the form of viruses, worms, and Trojan horses. The most common way of delivery of syntactic attacks is via email. They may also be picked by the victims unknowingly from the internet as they browse illegitimate websites, download from torrent sites, or transfer data via P2P. Trojan horse provides hackers with a back door into an unsuspecting user’s machine or system. Viruses are self-repeating programs that spread and attach themselves to executable code or files. Worms like viruses are self-duplicating but do not attack themselves to other code within the system. A more robust form of malware that has been exploited by serious hackers is the rootkit. When a rootkit enters a system, it corrupts the operating system by infecting the kernel and assuming all the core system processes. Here, even the toughest of antiviruses cannot reach it. A hacker can use the rootkit technique to gather information about the user of the computer through screen logging reports. Screen logging involves taking snapshots of the user’s activity especially when important functions are involved such as accessing of secure websites like banking platforms running.

Applying Malware Hacking Technique

A good example of how to apply am alware for a hack attack would be to design a rootkit and slip it via email into a computer belonging to a corporate member of an organization. Once the user opens he email he will involuntarily give the rootkit access into his system. The hacker can then use it with the help of screen logging and key logging to gradually track the user’s activity over time, while noting key information like login credentials for servers containing sensitive company information. They can then retrieve these details from the screen logging reports then use the victim’s account to gain access into the company’s server. Rootkits are very difficult to trace since they attach themselves to the kernel. So the organization might not be able to sniff the activities of the hacker until long after they have accomplished this objective.

SQL Injection

This hacking technique involves injecting SQL into the application fields of a system or a relatively unsecure website with the purpose of analyzing the responses in that system. Such application fields may include login forms and opt-in queries. The injected code will exploit a vulnerability created when the user is prompted to enter their passwords. It quickly finds a leeway into the code of the website from where it can launch further attacks. While it might not focus on the details of the website users, it can retrieve the details of all the active users in the website database. Based on the nature of this hacking technique, it is often deployed into databases that contain personal information such as credit card numbers from major financial companies.

Applying the SQL Injection Technique

A hacker targeting a financial company can use one of the subscribers of the company to gain access. Once they have their details such as email, they can go to the login portal and attempt to log in. When prompted to enter the password, they can paste the malicious SQL code into the password fields. The code will then continue to bind itself to the SQL scripts of that page and work its way toward the main server depending on how powerful the code is. The code can then retrieve the credit card details of whoever the hacker wishes to steal from.

Covering Tracks

Covering tracks is a crucial stage that a hacker whether ethical or unethical must perform. It involves clearing the changes that they made in the system and getting rid of any forensic evidence that might be used to trace the hack back to them. The first step to covering tracks is thorough manipulation of the log files. These usually are system generated files that document any activities within a system or an application. A hacker will need to either delete them fully thereby erasing all the evidence of there ever being an unauthorized access. However, this guarantees that the system’s administrator will detect an anomaly; they just will not know who did it. Manipulating the log files is the second option, which attempts to keep things the way they were before the attack. However, gaps in the logs might still capture the attention of an expert administrator. The third option is to hide the files. All files in a system contain a File Control Block, which stores file properties like the size of the file, its name, creation date, modifications, previous access details, and its status (whether hidden archived or read only). Therefore, a hacker needs to hide or the details in the FCB to hide the activities during and after the attack.

How the Hacking Techniques help in the Commission of Identity Theft

Through the hacking procedures described above, it is clear that the hackers can easily gain access to people’s personal information. In social engineering, all they need is little to no information since most information is already available online. Online users will post their personal data such as address, date of birth, zip code, pets name, favorite colors, banking details, and so much more voluntarily. These are enough for a hacker to execute the perfect identity theft.

And even if they do not find the details online, social engineering is powerful tool that enables them to actively manipulate victims into revealing all the crucial information needed. Tools such as malwares are almost untraceable and can siphon personal information passively as they feed to a recipient. Moreover, they provide backdoors for the attackers for smooth entry and exit without detection. Others like Denial of Service locks the users of a system out or disables connection between computers providing the hacker with ample time to learn about the individuals as possible. SQL injection attacks the application forms in order to tap all users’ data trying to log into specific sites.

All these considered, a hacker seeking to execute identity theft may simply use social engineering to gain the first few pieces of data, disrupt the systems with DoS to distract system administrators, use malware to siphon even more personal information about a person, and eventually get more sensitive information like financial detail through SQL injection. From there he will be able to perform financial identity theft with your ban details, medical theft by footing his medical bills with your insurance details, criminal identity theft by engaging in illegal activities in your name or even synthetic identity theft where he combines all your data together with that of your colleagues to create an entirely new identity. It therefore pays to be vigilant and to take data privacy issues very seriously. Education too goes a long way in mitigating social engineering.

14 May 2021
close
Your Email

By clicking “Send”, you agree to our Terms of service and  Privacy statement. We will occasionally send you account related emails.

close thanks-icon
Thanks!

Your essay sample has been sent.

Order now
exit-popup-close
exit-popup-image
Still can’t find what you need?

Order custom paper and save your time
for priority classes!

Order paper now