WHITE HAT HACKING VS. BLACK HAT HACKING VS. GRAY HAT HACKING

Hackers aren’t inherently bad — the word “hacker” doesn’t mean “criminal” or “bad guy.” The terms “white hat”, “black hat” and “gray hat” define different groups of hackers based on their behavior. The definition of the word “hacker” is controversial, and could mean either someone who compromises computer security or a skilled developer in the free software or open-source movements.

WHITE HAT HACKING

White hat hackers choose to use their powers for good rather than evil. Also known as “ethical hackers,” white hat hackers can sometimes be paid employees or contractors working for companies as security specialists that attempt to find security holes via hacking. They’re experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.

White hat hackers employ the same methods of hacking as black hats, with one exception- they do it with permission from the owner of the system first, which makes the process completely legal. White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies. A white-hat hacker who finds security vulnerability would disclose it to the developer, allowing them to patch their product and improve its security before it’s compromised. Various organizations pay “bounties” or award prizes for revealing such discovered vulnerabilities, compensating white-hats for their work.

BLACK HAT HACKING

Black hats are criminals. They use their prowess to find or develop software holes and attack methods (aka zero day vulnerabilities and exploits) or other malicious tools to break into machines and steal data, such as passwords, email, intellectual property, credit card numbers or bank account credentials. They also sell information about the security holes to other criminals for them to use. Black hats are, obviously, considered the bad guys.

Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. They are also responsible for writing malware, which is a method used to gain access to these systems. A black-hat hacker who finds a new, “zero-day” security vulnerability would sell it to criminal organizations on the black market or use it to compromise computer systems.

Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime. Black hat hackers can range from amateurs getting their feet wet by spreading malware, to experienced hackers that aim to steal data, specifically financial information, personal information and login credentials. Not only do black hat hackers seek to steal data, they also seek to modify or destroy data as well.

GRAY HAT HACKING

Gray hats fall into the middle ground between these two other hacker categories. Gray hats sell or disclose their zero-day vulnerabilities not to criminals, but to governments—law enforcement agencies, intelligence agencies or militaries. The governments then use those security holes to hack into the systems of adversaries or criminal suspects. Gray hats can be individual hackers or researchers who uncover flaws on their own, defense contractors who have hacking divisions tasked specifically with uncovering flaws for a government to use, or boutique broker firms.

All of these kinds of hackers are considered gray hats because they’re selling to parties that will presumably use the vulnerabilities responsibly for the public good, although that is not necessarily the case. There are governments that use zero days to spy on dissidents, political rivals and others.

If a gray-hat hacker discovers a security flaw in a piece of software or on a website, they may disclose the flaw publically instead of privately disclosing the flaw to the organization and giving them time to fix it. They wouldn’t take advantage of the flaw for their own personal gain — that would be black-hat behavior — but the public disclosure could cause carnage as black-hat hackers tried to take advantage of the flaw before it was fixed.

As in life, there are gray areas that are neither black nor white. Gray hat hackers are a blend of both black hat and white hat activities. Often, gray hat hackers will look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers will post the newly found exploit online for the world to see.

These types of hackers are not inherently malicious with their intentions; they’re just looking to get something out of their discoveries for themselves. Usually, grey hat hackers will not exploit the found vulnerabilities. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner prior to attempting to attack the system.

                   "MALICIOUS CODES" 



MALICIOUS CODES is the kind of harmful computer or web script designed to create system vulnerabilities leading to back doors, security breaches, information and data theft, and other potential damages to files and computing systems. It's a type of threat that may not be blocked by antivirus software on its own. According to Kaspersky Lab, not all antivirus protection can treat certain infections caused by malicious code, which is different from malware. Malware specifically refers to malicious software, but malicious code includes website that can exploit vulnerabilities in order to upload malware.


Types of Malicious Code and Virus: 

Computer Virus: A computer virus is a self replicating computer program which can be attach itself to other files/programs, and can execute secretly when the host program/file is activated. When the virus is executed, it can perform a number of tasks, such as erasing your files/hard disk, displaying nuisance information, attaching to other files.

Worms: A worm is a self-replicating program that does not need to attach to a host/program/file. Unlike viruses, worms can execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in a short period of time.

Trojan Horse: A trojan horse is a non-replicating program that appears legitimate, but actually performs malicious and illicit activities when executed. Attackers use trojan horses to steal a user's password information, or they may simply destroy programs or data on the hard disk. It is hard to detect as it is designed to conceal its presence by performing its functions properly.

Spyware & Adware: Spyware is a type of software that secretly forwards information about a user to third parties without user's knowledge ore consent. This information can include a user's online activities, files accessed on the computer, or even user's keystrokes.

Adware, on the other hand, is a type of software that displays advertising banners while a program is running. Some adware can also be spyware. They first spy on and gather information from a victim's computer, and then display an advertising banner related to the information collected.

Rootkit: A rootkit is a collection of lines that alter the standard functionality of an operating system on a computer in a malicious and stealthy manner. By altering the operating system, a rootkit allows an attacker to act as a system administer on the victim's system. Many rootkits are designed to hide their existence and the changes they made to a system. This makes it very difficult to determine whether a rootkit is present on a system, and identify what has been changed by the rootkit.

Active Content: Unlike the traditional methods of working with static data files using a software program, today's data objects, such as web pages, email and documents can inter ware data and code together, allowing dynamic execution of program code on the user's computer. The fact that these data objects are frequently transferred between users security concern.

Zombies and Botnets: A zombie computer, usually known in the short form zombie, is a computer attached to the internet that has been compromised and manipulated without the knowledge of the computer owner. A botnet refers to a network of zombie computers that have been taken over and put under the remote control of an attacker.

A botnet might consist of thousands of zombie computers, and even more. The zombie computers in the botnet can consist of computers at homes, schools, businesses, and governments scattered around the world.

Scareware: Scareware, or sometimes called rogueware, compromises several classes of ransomware or scam software with malicious payloads. While pretending as legitimate anti-virus software or the likes, scareware is in fact dummy software without functions, or sometimes even a malicious software which may, for example, steal the victim's personal information and credentials such as password or credit card details. Ransomeware makes your computer files in accessible. The victim is then requested to pay a fee ("ransom") to regain access to their files.

CRYPTOGRAPHY

CRYPTOGRAPHY is the science of providing security for information. It has been used historically as a means of providing secure communication between individuals, government agencies, and military forces. Today, cryptography is a cornerstone of the modern security technologies used to protect information and resources on both open and closed networks.

Traditionally, cryptography has been used to pass coded messages between parties to ensure communication secrecy. Cryptography systems have used processes, techniques, and mechanisms to provide for secure communications between authorized parties while preventing unauthorized parties from monitoring communications or counterfeiting messages.

In its simplest form, cryptography substitutes or transposes letters to create a coded message, traditionally called a cipher, which is used to transform a readable message called plaintext(also called cleartext) into an unreadable, scrambled, or hidden message called ciphertext. Only someone with a decoding key can convert the ciphertext back into its original plaintext. The originator of a coded message must share the decoding key in a secure manner with intended recipients who are authorized to know the contents of the coded message. If unauthorized parties can somehow intercept or figure out the decoding key, security is compromised because they can convert the ciphertext into plaintext and read the contents of the message.

Anyone who can intercept both the ciphertext of a coded message and the decoding key can read secret communications. Furthermore, anyone who knows the cipher and has the decoding key might be able to impersonate the originator and send false messages. Therefore, systems of cryptography must provide reliable methods for securely sharing decoding keys, while keeping them unavailable to unauthorized parties. Others might know the cipher used to code a message and might have access to the coded message, but only authorized recipients are able to decode the contents of the message with the shared decoding key. Systems of cryptography also include techniques and mechanisms for verifying that originators of coded messages are authentic as well as ways to ensure that messages have not been altered en route.

Cryptography offers the following basic functions:

1. Confidentiality:    Assurance that only authorized users can read or use confidential information. Without confidentiality, anyone with network access can use readily available tools to eavesdrop on network traffic and intercept valuable proprietary information. Intruders who gain illicit network rights and permissions can steal proprietary information that is transmitted or stored as plaintext. Therefore, cryptosystems use techniques and mechanisms to ensure information confidentiality. For example, unauthorized users might be able to intercept information, but the information is transmitted and stored as ciphertext and is useless without a decoding key that is known only to authorize users.

2. Authentication:    Verification of the identity of the entities that communicate over the network. Without authentication, anyone with network access can use readily available tools to forge originating Internet Protocol (IP) addresses and impersonate others. Therefore, cryptosystems use various techniques and mechanisms to authenticate both the originators and recipients of information. For example, online entities can choose to trust communications with other online entities based on the other entities ownership of valid digital authentication credentials.

3. Nonrepudiation:   Assurance that a party in a communication cannot falsely deny that a part of the actual communication occurred. Without nonrepudiation, someone can communicate and then later either falsely deny the communications entirely or claim that it occurred at a different time. For example, without nonrepudiation, an originator of information might falsely deny being the originator of that information. Likewise, without nonrepudiation, the recipient of a communication might falsely deny having received the communication.

4. Integrity:    Verification that the original contents of information have not been altered or corrupted. Without integrity, someone might alter information or information might become corrupted, and the alteration could be undetected. Therefore, many cryptosystems use techniques and mechanisms to verify the integrity of information. For example, an intruder might covertly alter a file, but change the unique digital thumbprint for the file, causing other users to detect the tampering by comparing the changed digital thumbprint to the digital thumbprint for the original contents.

In recent times, cryptography has turned into a battleground of some of the world's best mathematicians and computer scientists. The ability to securely store and transfer sensitive information has proved a critical factor in success in war and business. 

Because governments do not wish certain entities in and out of their countries to have access to ways to receive and send hidden information that may be a threat to national interests, cryptography has been subject to various restrictions in many countries, ranging from limitations of the usage and export of software to the public dissemination of mathematical concepts that could be used to develop cryptosystems. However, the Internet has allowed the spread of powerful programs and, more importantly, the underlying techniques of cryptography, so that today many of the most advanced cryptosystems and ideas are now in the public domain.

THE CIA TRIAD

The CIA triad is a well-known model in information security development. It is applied to various situations to identify problems and weaknesses and to establish security solutions.

This model is also referred to as AIC triad (availability, integrity and confidentiality) to avoid misconception with the Central Intelligence Agency. The elements of the triad are composed of confidentiality, integrity and availability.

Elements of CIA triad

Confidentiality

Confidentiality ensures that the information is accessible only to those who authorized to have access. It includes individuals, processes or devices. In today’s world information has a great value. Everyone has their own information they want to keep as a secret. It includes personal information, credit card numbers, trade secrets, government documents and bank statements accounts. Protecting such information is a very major part of information security.

Cryptography and Encryption methods are an example of an attempt to ensure confidentiality of data transferred from one computer to another. Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Encryption is the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. These two methods contribute a lot to the effective monitoring of confidentiality in the organization.

Integrity

Integrity safeguards the accuracy and completeness of information and processing methods.  In the CIA triad, integrity is maintained when the information remains unchanged during storage, transmission, and usage not involving modification to the information. Integrity relates to information security because accurate and consistent information is a result of proper protection.

Database security professionals employ number of practices to assure data integrity, which includes:

• Data encryption, which locks data by cipher
• Data backup, which stores a copy of data in an alternate location
• Access controls, including assignment of read/write privileges
• Input validation, to prevent incorrect data entry
• Data validation, to certify uncorrupted transmission

Availability

The last element in the CIA triad is the availability of your data. It ensures that authorized users have access to information and associated assets when required. It means that the resources are available at a rate which is fast enough for the wider system to perform its task as intended. 

Almost every week you can find news about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods.

But how can one ensure data availability? The answer is back up. Regularly doing off-site backups can limit the damage caused by damage to hard drives or natural disasters. For information services that is highly critical, redundancy might be appropriate. Having an off-site location ready to restore services in case anything happens to your primary data centers will heavily reduce the downtime in case of anything happens.

Conclusion

It can be concluded that the fulfillment of the CIA principles and the compliance with the goal of the information security is not a goal with a clear end but an open goal that continually changes with time and within the changes in technology. The CIA triad guides information security efforts to ensure success. Thus, the CIA triad requires that organizations and individual users must always take caution in maintaining confidentiality, integrity and availability of information.