UNIT V.

BASICS OF
HACKING

MR. S. P. KHOLAMBE
LECTURER IN CO DEPTT., MET BKC IOTP NASHIK
Ethical Hacking

 Ethical hacking and ethical hacker are terms used to describe

hacking performed by a company or individual to help identify
potential threats on a computer or network.
 An ethical hacker attempts to bypass system security and search for
any weak points that could be exploited by malicious hackers.
 This information is then used by the organization to improve the
system security, to minimize or eliminate any potential attacks.
 Types of Hackers:
1. White Hat Hackers
2. Black Hat Hackers
3. Gray Hat Hackers
2
Ethical Hacking
1. White Hat: A White Hat is a Hacker paid and working for a
Government Agency to deliberately Hack into a Computers
Mainframe to find any potential Weak Points in a Computer's
Mainframe, and then figure out how to fix them. Report
hacks/vulnerabilities to appropriate people.
2. Black Hat : A Black Hat is a Hacker who is Aggressive in Nature.
Black Hat's are known to create Zombie Computers by use of a
Computer Virus, which the Black Hat will then use to crash a
website. Black Hats are generally very intelligent in nature and will
work in Groups. Only interested in personal goals.
3. Gray Hat: A gray-hat hacker falls somewhere between a black hat
and a white hat. A gray hat doesn’t work for their own personal gain
or to cause carnage, but they may technically commit crimes and
do arguably unethical things. 3
How Hackers Beget Ethical Hackers

 All heard of hackers. Many of us have even suffered the

consequences of hacker actions.
1. Who are these hackers?
2. Why is it important to know about them?

4
Defining Hacker, Malicious Users

 Hacker is a word that has two meanings:

 Traditionally, a hacker is someone who likes to tinker with software
or electronic systems. Hackers enjoy exploring and learning how
computer systems operate. They love discovering new ways to work
electronically.
 Recently, hacker has taken on a new meaning — someone who
maliciously breaks into systems for personal gain. Technically, these
criminals are crackers(criminal hackers). Crackers break into (crack)
systems with malicious intent. They are out for personal gain: fame,
profit, and even revenge. They modify, delete, and steal critical
information, often making other people miserable.

5
Defining Hacker, Malicious Users

 The good-guy (white-hat) hackers don’t like being in the same

category as the bad-guy (black-hat) hackers. (These terms come from
Western movies where the good guys wore white cowboy hats and the
bad guys wore black cowboy hats.) Whatever the case, most people give
hacker a negative connotation.
 Many malicious hackers claim that they don’t cause damage but
instead are altruistically helping others. Many malicious hackers are
electronic thieves.

6
Understanding The Need To Hack Your Own
Systems
 The law of averages works against security. With the increased
numbers and expanding knowledge of hackers combined with the
growing number of system vulnerabilities and other unknowns, the
time will come when all computer systems are hacked or compromised
in some way.
 Protecting your systems from the bad guys and not just the generic
vulnerabilities that everyone knows about is absolutely critical.
When you know hacker tricks, you can see how vulnerable your
systems are.
 Hacking preys on weak security practices and undisclosed
vulnerabilities. Firewalls, encryption, and virtual private networks
(VPNs) can create a false feeling of safety.
7
Understanding The Need To Hack Your Own
Systems
 These security systems often focus on high-level vulnerabilities, such
as viruses and traffic through a firewall, without affecting how
hackers work. Attacking your own systems to discover
vulnerabilities is a step to making them more secure.
 This is the only proven method of greatly hardening your systems
from attack. If you don’t identify weaknesses, it’s a matter of time
before the vulnerabilities are exploited.
 As hackers expand their knowledge, so should you. You must think like
them to protect your systems from them. You, as the ethical hacker,
must know activities hackers carry out and how to stop their
efforts. You should know what to look for and how to use that
information to thwart hackers’ efforts.
8
Understanding The Need To Hack Your Own
Systems
 You don’t have to protect your systems from everything. You can’t. The
only protection against everything is to unplug your computer
systems and lock them away so no one can touch them not even
you. That’s not the best approach to information security. What’s
important is to protect your systems from known vulnerabilities and
common hacker attacks.
 It’s impossible to buttress all possible vulnerabilities on all your
systems. You can’t plan for all possible attacks especially the ones that
are currently unknown. However, the more combinations you try the
more you test whole systems instead of individual units the better your
chances of discovering vulnerabilities that affect everything as a whole.

9
Understanding The Need To Hack Your Own
Systems
 Don’t take ethical hacking too far, though. It makes little sense to
harden your systems from unlikely attacks. For instance, if you don’t
have a lot of foot traffic in your office and no internal Web server
running, you may not have as much to worry about as an Internet
hosting provider would have. However, don’t forget about insider
threats from malicious employees!
 Your overall goals as an ethical hacker should be as follows:
1. Hack your systems in a non destructive fashion.
2. Enumerate vulnerabilities and, if necessary, prove to upper
management that vulnerabilities exist.
3. Apply results to remove vulnerabilities and better secure your
systems.
10
Understanding The Dangers Your Systems Face

 It’s one thing to know that your systems generally are under fire from
hackers around the world. It’s another to understand specific
attacks against your systems that are possible. This section offers
some well-known attacks but is by no means a comprehensive listing.
 Many information security vulnerabilities aren’t critical by
themselves. However, exploiting several vulnerabilities at the same
time can take its toll.
 For example, a default Windows OS configuration, a weak SQL Server
administrator password, and a server hosted on a wireless network
may not be major security concerns separately.
 But exploiting all three of these vulnerabilities at the same time can be
a serious issue.
11
Nontechnical Attacks

 Exploits that involve manipulating people end users and even yourself
are the greatest vulnerability within any computer or network
infrastructure.
 Humans are trusting by nature, which can lead to social engineering
exploits. Social engineering is defined as the exploitation of the trusting
nature of human beings to gain information for malicious purposes.
 Other common and effective attacks against information systems are
physical. Hackers break into buildings, computer rooms, or other areas
containing critical information or property.
 Physical attacks can include dumpster diving(rummaging through trash
cans and dumpsters for intellectual property, passwords, network
diagrams, and other information).
12
Network Infrastructure Attacks

 Hacker attacks against network infrastructures can be easy, because

many networks can be reached from anywhere in the world via the
Internet. Here are some examples of network-infrastructure attacks:
1. Connecting into a network through a rogue modem attached to a computer
behind a firewall.
2. Exploiting weaknesses in network transport mechanisms, such as
TCP/IPand NetBIOS.
3. Flooding a network with too many requests, creating a denial of
service(DoS) for legitimate requests.
4. Installing a network analyzer on a network and capturing every packet
that travels across it, revealing confidential information in clear text.
5. Piggybacking onto a network through an insecure 802.11b wireless
configuration. 13
Operating System Attacks

 Hacking operating systems (OSs) is a preferred method of the bad guys.

 Oss comprise a large portion of hacker attacks simply because every
computer has one and so many well-known exploits can be used against
them.
 Occasionally, some operating systems that are more secure out of the box
such as Novell NetWare and the flavors of BSD UNIX are attacked, and
vulnerabilities turn up.
 But hackers prefer attacking operating systems like Windows and Linux
because they are widely used and better known for their vulnerabilities.
 Here are some examples of attacks on operating systems:
 Exploiting specific protocol implementations
 Attacking built-in authentication systems
 Breaking file-system security
14
 Cracking passwords and encryption mechanisms
Application and Other Specialized Attacks

 Applications take a lot of hits by hackers. Programs such as e-mail server

software and Web applications often are beaten down:
 Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer
Protocol(SMTP) applications are frequently attacked because most
firewalls and other security mechanisms are configured to allow
full access to these programs from the Internet.
 Malicious software (malware) includes viruses, worms, Trojan
horses, and spyware. Malware clogs networks and takes down systems.
 Spam (junk e-mail) is wreaking havoc on system availability and
storage space. And it can carry malware.
 Ethical hacking helps reveal such attacks against your computer systems.

15
Obeying the Ethical hacking Principles

 Every ethical hacker must abide by a few basic commandments. If

not, bad things can happen. I’ve seen these commandments
ignored or forgotten when planning or executing ethical hacking
tests. The results weren’t positive

16
Working ethically

 The word ethical in this context can be defined as working with

high professional morals and principles. Whether you’re
performing ethical hacking tests against your own systems or for
someone who has hired you, everything you do as an ethical
hacker must be aboveboard and must support the company’s
goals. No hidden agendas are allowed.
 Trust worthiness is the ultimate tenet. The misuse of information
is absolutely forbidden. That’s what the bad guys do.

17
Working ethically

 The word ethical in this context can be defined as working with

high professional morals and principles. Whether you’re
performing ethical hacking tests against your own systems or for
someone who has hired you, everything you do as an ethical
hacker must be aboveboard and must support the company’s
goals. No hidden agendas are allowed.
 Trust worthiness is the ultimate tenet. The misuse of information
is absolutely forbidden. That’s what the bad guys do.

18
Respecting Privacy

 Treat the information you gather with the utmost respect. All
information you obtain during your testing from Web-application log
files to clear-text passwords must be kept private.
 Don’t use this information to snoop into confidential corporate
information or private lives.
 If you sense that some one should know there’s a problem, consider
sharing that information with the appropriate manager.
 Involve others in your process. This is a “watch the watcher” system
that can build trust and support your ethical hacking projects.

19
Not Crashing Your Systems

 One of the biggest mistakes I’ve seen when people try to hack their own
systems is in advertently crashing their systems.
 The main reason for this is poor planning. These testers have not read
the documentation or misunderstand the usage and power of the
security tools and techniques.
 You can easily create DOS conditions on your systems when testing.
Running too many tests too quickly on a system causes many system
lockups.
 I know because I’ve done this! Don’t rush things and assume that a
network or specific host can handle the beating that network scanners
and vulnerability-assessment tools can dish out.
20
Not Crashing Your Systems

 Many security-assessment tools can control how many tests are

performed on a system at the same time. These tools are especially
handy if you need to run the tests on production systems during regular
business hours.
 You can even create an account or system lockout condition by social
engineering someone into changing a password, not realizing that
doing so might create a system lockout condition

21
The Ethical Hacking Process

 Like practically any IT or security project, ethical hacking needs

to be planned in advance. Strategic and tactical issues in the
ethical hacking process should be determined and agreed upon.
 Planning is important for any amount of testing from a simple
password cracking test to an all-out penetration test on a Web
application

22
Formulating Your Plan

 Approval for ethical hacking is essential. Make what you’re doing

known and visible at least to the decision makers. Obtaining
sponsorship of the project is the first step.
 This could be your manager, an executive, a customer, or even
yourself if you’re the boss.
 You need someone to back you up and signoff on your plan.
Otherwise, your testing may be called off unexpectedly if someone
claims they never authorized you to perform the tests.
 The authorization can be as simple as an internal memo from your
boss if you’re performing these tests on your own systems.
 If you’re testing for a customer, have a signed contract in place, stating the
customer’s support and authorization.
23
Formulating Your Plan

 Get written approval on this sponsorship as soon as possible to ensure

that none of your time or effort is wasted.
 This documentation is your Get Out of Jail Free card if anyone questions what
you’re doing.
 You need a detailed plan, but that doesn’t mean you have to have volumes of
testing procedures. One slip can crash your systems not necessarily what
anyone wants. A well-defined scope includes the following information:
 Specific systems to be tested
 Risks that are involved
 When the tests are performed and your overall timeline
 How the tests are performed
 How much knowledge of the systems you have before you start testing
 What is done when a major vulnerability is discovered
24
Formulating Your Plan

 The specific deliverables this includes security assessment reports

and a higher-level report outlining the general vulnerabilities to be
addressed, along with countermeasures that should be implemented.
 When selecting systems to test, start with the most critical or
vulnerable systems.
 For instance, you can test computer passwords or attempt social
engineering attacks before drilling down into more detailed systems.
 It pays to have a contingency plan for your ethical hacking process.

25
Selecting Tools

 As with any project, if you don’t have the right tools for ethical hacking,
accomplishing the task effectively is difficult.
 Having said that, just because you use the right tools doesn’t mean that
you will discover all vulnerabilities.
 Know the personal and technical limitations. Many security-assessment
tools generate false positives and negatives (incorrectly identifying
vulnerabilities).Others may miss vulnerabilities.
 If you’re performing tests such as social-engineering or physical-
security assessments, you may miss weaknesses.
 Many tools focus on specific tests, but no one tool can test for
everything.
26
Selecting Tools

 Make sure you that you’re using the right tool for the task:
 To crack passwords, you need a cracking tool such as LC4, John the
Ripper, or pwdump. A general port scanner, such as Super Scan, may
not crack passwords.
 For an in-depth analysis of a Web application, a Web-application
assessment tool (such as Whisker or Web Inspect) is more
appropriate than a network analyzer (such as Ethereal).

27
Selecting Tools
28
 The following list runs down  Here are some other popular
some of commercial, freeware, tools:
and open-source security tools:
 Internet
 Nmap
 Scanner
 EtherPeek
 SuperScan  Ethereal

 QualysGuard  Nessus
 WebInspect  Nikto
 LC4  Kismet
 LANguard Network Security
 THC-Scan
Scanner
 Network Stumbler
 ToneLoc
Selecting Tools

 Some of these tools are complex. Whichever tools you use, familiarize
yourself with them before you start using them. Here are ways to do that:
 Read the readme and/or online help files for your tools.

 Study the user’s guide for your commercial tools.

 Consider formal classroom training from the security-tool vendor or

another third-party training provider, if available.
 Look for these characteristics in tools for ethical hacking:
 Adequate documentation.

 Detailed reports on the discovered vulnerabilities, including how they may

be exploited and fixed.
 Updates and support when needed.

 High-level reports that can be presented to managers or nontechnical

types. 29
Executing The Plan

 Ethical hacking can take persistence. Time and patience are

important. Be careful when you’re performing your ethical hacking
tests.
 A hacker in your network or a seemingly benign employee looking over
your shoulder may watch what’s going on. This person could use this
information against you.
 It’s not practical to make sure that no hackers are on your systems
before you start. Just make sure you keep everything as quiet and
private as possible.
 This is especially critical when transmitting and storing your test
results. If possible, encrypt these e-mails and files using Pretty Good
Privacy (PGP). At a minimum, password-protect them.
30
Executing The Plan

 You’re now on a reconnaissance mission. Harness as much information

as possible about your organization and systems, which is what
malicious hackers do. Start with a broad view and narrow your focus:
1. Search the Internet for your organization’s name, your computer
and network system names, and your IP addresses. Google is a great
place to start for this.
2. Narrow your scope, targeting the specific systems you’re testing.
Whether physical-security structures or Web applications, a casual
assessment can turn up much information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual
scans and other detailed tests on your systems.
4. Perform the attacks, if that’s what you choose to do.
31
Evaluating Results

 Assess your results to see what you uncovered, assuming that the
vulnerabilities haven’t been made obvious before now. This is where
knowledge counts.
 Evaluating the results and correlating the specific vulnerabilities
discovered is a skill that gets better with experience.
 You’ll end up knowing your systems as well as anyone else. This makes
the evaluation process much simpler moving forward.
 Submit a formal report to upper management or to your customer,
outlining your results. Keep these other parties in the loop to show
that your efforts and their money are well spent.

32
Moving On

 When you’ve finished your ethical hacking tests, you still need to implement
your analysis and recommendations to make sure your systems are
secure.
 New security vulnerabilities continually appear. Information systems
constantly change and become more complex.
 New hacker exploits and security vulnerabilities are regularly
uncovered. You may discover new ones! Security tests are a snapshot of the
security posture of your systems.
 At any time, everything can change, especially after software upgrades,
adding computer systems, or applying patches. Plan to test regularly (for
example, once a week or once a month).

33
Cracking The Hacker Mindset

 Before you start assessing the security of your systems, you may
want to know something about the people you’re up against.
 Many information security product vendors and other
professionals claim that you should protect your systems
from the bad guys both internal and external. But what does
this mean? How do you know how these people think and work?
 Knowing what hackers and malicious users want helps you
understand how they work. Understanding how they work helps
you to look at your information systems in a whole new way.

34
What You're Up Against?

 Public perception of hacker has transformed from harmless tamperer

to malicious criminal.
 Hackers often state that the public misunderstands them, which is
mostly true. It's easy to prejudge what is not understood. Unfortunately,
many hacker stereotypes are based on misunderstanding rather
than fact, and that misunderstanding fuels a constant debate.
 Hackers can be classified by both their abilities and their underlying
motivations. Some are skilled, and their motivations are benign; they're
merely seeking more knowledge. At the other end of the spectrum,
hackers with malicious intent seek some form of personal gain.
 Unfortunately, the negative aspects of hacking usually overshadow
the positive aspects and promote the negative stereotypes.
35
What You're Up Against?

 Hackers hacked for the pursuit of knowledge and the thrill of the
challenge. Hackers see what others often overlook. The wonder what would
happen if a cable was unplugged, a switch was flipped, or lines of code were
changed in a program.
 These old-school hackers think they can improve electronic and
mechanical devices by "rewiring them." More evidence shows that many
hackers may also hack for political, social, competitive, and even financial
purposes, so times are changing.
 Hackers who perform malicious acts don't really think about the fact that
human beings are ad the firewall, wireless networks, and web
applications they're attacking. They ignore their actions often affect the
human beings in negative ways, such as put in danger their job security and
putting their personal safety at risk.
36
What You're Up Against?

 As negative as breaking into computer systems often can be, hackers

and malicious users play key roles in the advancement of
technology.
 In a world without hackers, odds are good that the latest intrusion
prevention technology, data leakage protection, or vulnerability
scanning tools would not exist. Such a world may not be bad, but
technology does keep security professionals employed and keep the
field moving forward.
 Unfortunately, the technical security solutions can't ward off all
malicious attacks and unauthorized use because hackers and
(sometimes) malicious users are usually a few steps ahead of the
technology designed to protect against their disobedient actions.
37

What You're Up Against?

Thinking like the bad guys:

 Evading an intrusion prevention system by changing their MAC address or
IP address .
 Exploiting a physical security weakness.
 By passing web access controls by changing a malicious site URL to dotted
decimal IP address.
 Using unauthorized software that would otherwise be blocked at the
firewall by changing the default TCP port that it runs on.
 Setting up a wireless "evil twin" near a local Wi-Fi hotspot to entice
unsuspecting Internet surfers onto a rogue network.
 Using an overly trusting colleagues user ID and password to gain access
to sensitive information .
38
What You're Up Against?

Thinking like the bad guys:

 Unplugging the power cord or Ethernet connection to a network
security camera that monitors access to the computer room or other
sensitive areas and subsequently gaining unmonitored access.
 Performing SQL injection or password cracking against a website via a
neighbor's unprotected wireless network in order to hide the malicious
user's security

39
Who Breaks In To Computer Systems?

 Who Breaks into Computer Systems In a world of black and white,

describing the typical hacker is easy. Hacker skill levels fall into three
general categories:
 Script kiddies: These are computer beginners who take advantage of the
hacker tools, vulnerability scanners, and documentation available free
on the Internet but who don't have any real knowledge of what's really
going on behind the scenes. They know just enough to cause headaches but
typically are very sloppy in their actions, leaving all sorts of digital
fingerprints behind.
 Criminal hackers: These are skilled criminal experts and nation states
who write some of the hacking tools, including the scripts and other
programs that the script kiddies and ethical hackers use. These people
also write such malware as viruses and worms. They can break into
systems and cover their tracks. 40
Who Breaks In To Computer Systems?

 These hackers are possibly some of the worst enemies in information

security.
1. Security researchers: These uber-hackers are highly technical and
publicly known IT professionals who not only monitor and track
computer, network, and application vulnerabilities but also write the
tools and other code to exploit them. There are good-guy (white hat) and
bad-guy (black hat) hackers. Gray hat hackers little bit of both. There are
also blue-hat hackers who are invited by software vendors to find
security flaws in their systems.
2. Hacktivists try to distribute political or social messages through their
work. A hacktivist wants to raise public awareness of an issue. In many
situations, criminal hackers will try to take the person down if he/she
expresses a view that's contrary to theirs. Examples of hacktivism include
messages about legalizing drugs. 41
Who Breaks In To Computer Systems?

3. Cyber-terrorists (both organized and unorganized) attack government

computers or public utility infrastructures, such as power grids and air-
traffic control towers. They crash critical systems or steal classified
government information Countries take the threats these cyber-terrorists
pose so seriously that many mandate information security controls in
crucial industries, such as the power industry, to protect essential systems
against these attacks.
4. Hackers for hire are part of organized crime on the Internet. Many of
these hackers hire out themselves or their botnets for money & lots of it.
 These criminal hackers are in the minority. Like the spam kings of the world,
many of the wicked acts from members of collectives that prefer to remain
nameless are carried out by a small number of criminals. Many other hackers
just love to tinker and only seek knowledge of how computer systems work.
42
Why they do it?

 Reasons:
 Hacking is a casual hobby for some hackers. They and can't break into,
usually testing only their own systems.
 Many hackers get a kick out of outsmarting corporate and government IT
and security administrators. They thrive on making headlines and being
notorious cyber outlaws.
 Hackers often promote individualism or at least the decentralization of
information because many believe that all information should be free.
 They think cyber-attacks are different from attacks in the real world. Hackers
may easily ignore or misunderstand their victims and the consequences
of hacking.
 They don't think long-term about the choices they're making today. Many
hackers say they don't intend to harm or profit through their bad deeds, 43
Why they do it?

 Reasons:
 Some common motives are revenge, basic bragging rights, curiosity,
boredom, challenge, vandalism, theft for financial gain, sabotage, blackmail,
extortion corporate intelligence, and just generally speaking out against the
man.
 Many business owners and managers administrators believe that they
don't have anything that a hacker wants or that hackers can't do much
damage if they break in.
 Hackers can compromise a seemingly unimportant system to access the
network and use it as a launching pad for attacks on other systems, and
many people don't have the proper controls to prevent and
detect malicious use.
 Hackers often hack just because they can. Some hackers go for high-profile
44
systems.
Why they do it?

 Computer openings continue to get easier to execute yet harder to prevent

for several reasons:
1. Widespread use of networks and Internet connectivity.
2. Anonymity provided by computer systems working over the Internet
and often on the internal network.
3. Greater number and availability of hacking tools.
4. Large number of open wireless networks that help hackers cover their
tracks.
5. Greater complexity and size of the codebase in the applications and
databases being developed today.
6. Computer-savvy children.
7. Unlikelihood that attackers will be investigated or prosecuted if caught
45
Why they do it?

Hacking in the name of liberty?

 Many hackers exhibit behaviors that contradict their stated purposes.
 Many hackers call themselves civil libertarians and claim to support the
principles of personal privacy and freedom. However, they contradict their
words by intruding on the privacy and property of others.
 They often steal the property and violate the rights of others, but are willing
to go to great lengths to get their own rights back from anyone who threatens
them.
 This applies to external hacks, internal breaches, and even something as
seemingly gentle as a lost mobile device or backup tapes.

46
Planning and Performing Attacks

 Attack styles vary widely:

 Some hackers prepare far in advance of an attack. They gather small bits
of information and methodically carry out their hacks. These hackers are the
most difficult to track.
 Other hackers usually the inexperienced script kiddies act before they
think through the consequences. Such hackers may try, for example, to
telnet directly into an organization's router without hiding their identities.
Other hackers may try to launch a DoS attack against a Microsoft Exchange
server without first determining the version of Exchange or the patches that
are installed. These hackers usually are caught.
 Malicious users are all over the map. Some can be quite savvy based on
their knowledge of the network and of how IT operates inside the
organization. Many of the hackers, especially advanced hackers don't share
information with the crowd. 47
Planning and Performing Attacks

 Following are the aspects of real-world security:

 The majority of computer systems aren't managed properly. The
computer systems aren't properly patched, hardened, or monitored.
Attackers can often fly below the radar of the average firewall, an Intrusion
prevention system (IPS), or an access control system. This is especially true
for malicious users whose actions are often not monitored at all while, at the
same time, they have full access to the very environment they can exploit.
 Most network and security administrators simply can't keep simply up
with the deluge of new vulnerabilities and attack methods. These people
often have too many tasks to stay Network and security administrators may
also fail to notice or res security events because of poor time management
and goal setting, bun that's for another discussion.

48
Planning and Performing Attacks

 Following are the aspects of real-world security:

 Information systems grow more complex every year. This is yet an reason
why overburdened administrators find it difficult to know happening across
the wire and on the hard drives of all their system Mobile devices such as
laptops, tablets, and phones are making things exponentially worse.
 Attacks can be carried out slowly, making them hard to detect.
 Attacks are frequently carried out after typical business hours, often in
the middle of the night, and from home, in the case of malicious users.

49
Maintaining Anonymity

 Smart attackers want to remain as low-key as possible. Covering their tracks

is a priority, & many time success.
 Hackers often remain anonymous by using one of the following resources:
1. Borrowed or stolen remote desktop and VPN accounts from friends or previous
employers
2. Public computers at libraries, schools, or kiosks at the local mall
3. Open wireless networks.
4. Internet proxy servers
5. Anonymous or disposable email accounts from free e-mail services
6. Open email relay
7. Infected computers also called zombies or bots at other organizations
8. Workstations or servers on the victim's own network
 If hackers use enough stepping stones for their attacks, they are hard to trace.
50