Вы находитесь на странице: 1из 90

Hacking

UltimateHackingBundle:2

Manuscripts:HackingForBeginners,

TorBrowser

ThisBookIncludes:

HackingForBeginners:LearnPracticalHacking

Skills!AllAboutComputerHacking,Ethical

Hacking,BlackHat,PenetrationTesting,AndMuch

More!

TorBrowser:SecretsoftheDeepWeb,HowtoStay

AnonymousOnline,andSurftheWebLikeaHacker

HackingforBeginner’s

LearnPracticalHackingSkills!AllAboutComputer

Hacking,EthicalHacking,BlackHat,Penetration

Testing,AndMuchMore!

©Copyright2017-Allrightsreserved.

The contents of this book may not be reproduced, duplicated or transmitted withoutdirectwrittenpermissionfromtheauthor.

Undernocircumstanceswillanylegalresponsibilityorblamebeheldagainst the publisher for any reparation, damages, or monetary loss due to the informationherein,eitherdirectlyorindirectly.

LegalNotice:

Youcannotamend, distribute,sell,use, quoteorparaphrase anypartor the contentwithinthisbookwithouttheconsentoftheauthor.

DisclaimerNotice:

Pleasenotetheinformationcontainedinthisdocumentisforeducationaland

entertainmentpurposesonly.Nowarrantiesofanykindareexpressedorimplied.

Readersacknowledgethattheauthorisnotengagingintherenderingoflegal,

financial,medicalorprofessionaladvice.Pleaseconsultalicensedprofessional

beforeattemptinganytechniquesoutlinedinthisbook.

Byreadingthisdocument,thereaderagreesthatundernocircumstancesareis

theauthorresponsibleforanylosses,directorindirect,whichareincurredasa

resultoftheuseofinformationcontainedwithinthisdocument,including,but

notlimitedto,—errors,omissions,orinaccuracies.

TableofContents

Introduction

Chapter1–WhatisHacking

Chapter2–WhydoHackersHack?

Chapter3–TypesofHacking

Chapter4–WhiteHatHackingorEthicalHacking

Chapter5–Skillsyou’llneedtobecomeanEthicalHacker

Chapter6–PasswordCracking

Chapter7-UnderstandingComputerViruses

Chapter8–HackingWireless(Wi-Fi)Networks

Chapter9–DenialofServiceAttacks

Chapter10–HackingWebServers

Chapter11–PenetrationTesting

Chapter12–Cybercrime

Conclusion

Introduction

Hackingisawordthatoneoftenfindsinthetabloids,newspapers,theInternet

andcountlessotherplaces.Thereisalotofnewsabouthackersdoingthisorthat

onadailybasis.Theseverityoftheseactivitiescanrangefromaccessinga

simplehouseholdcomputersystemtostealingconfidentialdatafromsecure

governmentfacilities.

Assuch,itpiquestheinterestofacuriousmindtoknowabouthacking.Manyof

youmightbewonderingaboutthebasicsofhacking,whileothersamongyou

mightactuallywanttotryitoutforyourself.

However,withtheamountofcomplexityinvolved,beitlegalortechnical,it

becomesessentialtohaveafoundationalknowledgeonthematterbeforetrying

anythingoutwithoutplanning.

Thisbookwillserveasaguidingtoolforyoutounderstandthebasicsofthe

subjectandslowlybuildupabaseoftheknowledgethatyouneedtogain.You

willbemadeawareofseveralaspectsofhacking,andyouwillfindthe

knowledgeinherefascinating.Therefore,putonyourcuriousglassesanddive

intotheworldofhackingwithusnow.

Wewilldiscusseverythingfromthebasicsofethicalhackingtoallyouneedto

knowaboutWiFipasswordcracking.Itshouldbekeptinmindthatto

understandtheconceptofethicalhacking,youshouldbeabletoknowallabout

blackhathackingandhowitisdone.Onlythenisitimperativetounderstand

whatstepsyoucouldtaketostopit.

Therefore,thestudyofwhitehathackingandblackhathackinggoeshandin

hand.Theonlydifferencebetweenthetwois:beinggrantedwrittenpermission

bythesystemownerbeforeyoustarthackinghissystem.

Lastly,Iwanttoemphasizethathowyouusethisbookissolelyuptoyou,and

youwillbeartheconsequences.Icannotstressthisenoughthatanyattemptat

hackingshouldonlybemadewiththecompleteauthorizationandpermissionof

theownerofthesystem.Therefore,makesurethatyouhavetheconsentofthe

ownerbeforeyougoaheadandshootyourcanonsinalldirections.

Hackingintoanycomputer,withoutauthorization,oraccessingpersonaldata

withoutpermissionandsharingitwiththirdpartiescanputyoubehindbars.

Chapter1–WhatisHacking

Beforestartingoutwithactuallylearningtohack,letusfirstgetthehangof

whathackingmeansinthemostbasicsense?

Theterm‘hacking’and‘hacker’havevariousinterpretationsaccordingto

varioussources.Inanidealsense,theterm‘hacker’wasusedtodefineaperson

whowasveryskilledintheartofcomputerprogramming.Thiswasaperson

whowouldusehisprogrammingknowledgetosolvecomplexcomputer

problems.

However,withtheadventofcomputertechnology,theterm‘hacker’beganto

adoptamorenegativesense.Nowadays,‘hacker’isatermthatiscommonly

usedforapersonwhouseshisdeepknowledgeandunderstandingofcomputers

toexploittheweaknessofvarioussystemsandgainaccesstothem.

Thisactofexploitingthebugsandweaknessesofvariouscomputersystemsis

termedas‘hacking.'Asyoumighthaveguessed,ifyouaregainingaccesstoa

systemwithouttheauthorizationoftheownerofthatsystem,itisillegalno

matterwhereyouare.Therefore,inthecommoneyesofpeoplewhoare

unawareofthedifferenttypesofhacking,thetermisseeninaverynegative

mannerandisalwaysassumedtobeillegal.

Thesehackerswhoexploitthevulnerabilitiesofsystemsthroughbugsarealso

termedas‘securityhackers,'tocreateademarcationbetweentheoriginal

meaningofthetermhackerthatwasusedtodenotegoodcomputer

programmers.Inthegeneraldiscussionofthisbook,wewillrefertoallsecurity

hackersas‘hackers’forthesakeofbrevityandunderstanding.

However,asyouwilllearnbybrowsingthroughthepagesofthisbook,thisis mostoftennotthecase. Therearedifferenttypesofhacking,andwhilesome mightleadtoyoubeingbehindbarsforaneternity,thereareotherswhichmight leadyoutohaveabigmansiontoyourselfandbeingonthepayrollofsomebig ITbrand.

Italldependsonwhythehackerwantstohackasystem.Therefore,itis

importanttounderstandthereasonsforwhichhackershackthesystem,and

thereforeclassifythehackingbasedonthatcriterion.

Whenyouarestartingoutwithhacking,youshouldfirstofall,askyourselfwhy

youwishtolearnit,andwhetheryouwillbeusingitforgoodorforbadreasons.

Rememberthatifyouwillbeusingitforillegalpurposes,rememberthe

consequencesofthat.Youcouldbebehindbarsforalongtime(someactions

evengiveoutlifesentencesinsomecountriesifyouharmthecountry’s

governmentconfidentialdata).

Therefore,whenitcomestohacking,makesmartdecisions.Itisindeedcoolto

knowitallandtryitall.However,whoyoutryitonshouldknowaboutit,and

youshouldhavethewrittenconsentofthatperson.Theymightevenpayyoufor

tryingit,soitwouldstillendupbeingprettyawesomeforyou.

Chapter2–WhydoHackersHack?

Ifyouhavereadaboutvarioushackingincidentsthatcomeupinthenewspapers

orontheInternet,youwillrealizethatallthoseincidentsaresomewhat

unrelatedandgenerallycarriedoutbyvaryingintentions.Therefore,thereason

astowhydohackershackdependsupontheparticularhackerandwhatishe

lookingfor.

Asyoumightalreadyknow,themajorreasonforhackingisgenerallymoney.

However,thereareotherreasonspresentwhichcanbequiteimportantaswell.

Ingeneral,themajorreasonsforwhichhacker’shackincludethefollowing:

1. Profit:Thisisoneofthemostprominentreasonsastowhyhackers’hack.

Thehackingmightprofittheminonewayoranother.

Someofthehackerswhoworkfortheirprofitmightnotfallintheillegal

zone.Forexample,ahackermightbeonthepayrollofanITcompanyto

exploittheweaknessesintheirOWNsystems.Hackersgetpaidverywell

throughopportunitieslikethese.However,itdoesn’tmeanthatthehacker

wouldbedoinganythingunethical.

However,therearemanyhackerswhofocusonpersonalprofitssomuch

thattheydonotmindresortingtoillegalmethodsforthat;forexample,

hackingsomeonewithoutauthorizationtoretrievepersonalinformation

abouttheuser,whichcanhelpthehackerinstealingthefundsoftheuser.

Thisisquiteunethicalandfrownedupon.Needlesstosay,somethinglike

thiscangetthehackerbehindbars.

2. Accessingdata:

Accessingsomeone’sprivatedataisanotherpurposeofhacking.Hackers

accessthesystemswithoutauthorizationtofindfilesanddatainthat

systemanduseitfortheirownmotives.

Thesefilesmaybeusedforpurposessuchaspirating,orforthepersonal

knowledgeofthehackeralone.Somehackerstendtomakeprofitsby

sellingthisdatatoothercustomersinterestedinit.

Notethatthistypeofhackingistotallylegal,asthehackerisaccessingthe

owner’ssystemwithouthispermission.

3. Passion:

Somehackerssimplyoperateoutofapassionfortechnicalknowledge.

Theyhaveadeeploveofcomputerscienceandnetworksandfindit

amusingtoperformactivitiessuchasthese.

Ifdoneoutofpassion,ahackercanalsofindreputablejobsintheIT

industryandearnalivingdoingit.However,evenifahackerishacking

outofpassion,hackingintoasystemwithouttheauthorizationofthe

ownerisstillconsideredillegal.

4. PoliticalandReligiousViews:

Hackersalsooperateonthepayrollofvariousgovernments,tryingto accessinformationanddatavitaltothatcountry’sgovernment.Thistype ofhacking,althoughitisnotpunishablebythegovernment,isstill frownedupononagloballevel. Evenifnotemployedbyagovernment,sometimesthehackersoperatedue totheirownpoliticalornationalistsentiments. Varioushackersfind hackingagoodway(agoodwayforthemselves)tospreadtheirreligious propaganda.Theyaccomplishthisbytargetingthewebsitesthatspeak againsttheirreligion.Orsometimestheykeepspreadingtheirword throughpopularwebsiteswithweaksecurity. Youshouldrealizethatevenifyouarespreadingapositivemessage throughhackingandyoudonothavethepermissionoftheownersofthe computersystem,itisstillconsideredillegalandwillputyoubehindbars.

5. Vandalism:

Somehackerspracticehackingtobreakdownwebsitesorslowdownthe

network.SuchactivitiesincludeDDoSattacksorputtingdownservers,

therebyaffectingthenormalfunctioningofwebsitesortheInternet.

Thistypeofhackingishighlyillegalaswellandcangetyoualongjail

sentenceaswell.

Hackingisalsodonetoimprovethesecurityofsystems.Insuchtypesof

hacking,thehackerhasthepermissionoftheownerofthesystem,beita

companyoranindividualowner.Thehackerexploitsbugsand

vulnerabilitiesinthesystemandworkstoremovethem,therebyimproving

thesecurityofthesystem.

SomecompanieslikeGoogleevenhostcompetitionswherehackersfind

waystobreachtheirsystemorproducts,andiftheyareabletodosoor

findbugsinthesystem,theyaregivenprizesbythecompany.

Basedonthesetypes,hackerscanbeeasilyputinvariouscategories.Wewill

studythetypesofhackinginthenextsection.

Chapter3–TypesofHacking

Nowthatwehavestudiedthevariouspurposesduetowhichhackers’hack,we

caneasilyclassifythehackersintodifferenttypes.Wewillsummarizethese

typesinthischapter,andstudythemindetailinthechapterstocome.

Thevarioustypesofhackingare:

1. WhiteHatHacking:

Thistypeofhackingisalsocalledethicalhacking.Asthenamesuggests,

thistypeofhackingiscompletelylegalanddonewiththeconsentofthe

ownerofthesystem.

Inwhitehathacking,thehackersaimtofixtheweaknessofthesystemby

findingthebugsandvulnerabilitiesinthesystem.

Thesehackersmightbeonthepayrollofthecompanyorbeparticipating

insomecompetitionemployedbythecompany.

2. BlackHatHacking:

Thistypeofhackingisalsoknownascracking.Asthenamesuggests,this

typeofhackinghappenswhenthehackercracksintoasystemwithoutthe

permissionorauthorizationoftheowner.

Itisahighlyillegalactivity.Theintentionofsuchhackersmightbeto

stealtheimportantdataofthesystem,infringementofprivaterightsofthe

user,usingthebankinformationonthesystemtotransfermoneyfor

personalgains,etc.

3. GreyHatHacking:

Thistypeofhackingisinbetweenwhitehathackingandblackhat

hacking.Inthishacking,thehackergainsaccesstothesystemwithoutthe

permissionoftheowner.However,alltheweaknessesthatarefoundby

thehackerarereportedtotheownerbythehackersotheownercan

improvehissystems.

Thoughthesearethemajortypesofhacking,thereareotherminorsubbranches

aswellthatyoumightwanttoknowabout.

4. ScriptKiddies:Scriptkiddiesarepeoplewhodonothavedeepknowledge

ofcomputersystemsandnetworkslikemosthackersdo.However,they

tendtousethealreadymadeprogramsandscriptstogainaccessto

systemsordounauthorizedactivitiesincomputersandnetworks.Even

thoughtheydidnotcreatetheprograms,usingthemwithoutauthorization

forhackingactivitiescanstilllandthembehindbars.

5. Hacktivists:Madebycombiningtheterms‘hackers’and‘activists,'

Hacktivistsarethepeoplewhoturntohackingtopropagatesocialor

politicalmessages.Thisiscommonlydonebygainingaccesstowebsites

andalteringtheircontent,eitherputtingsomethingthatpropagatestheir

agendaorremovingsomethingthatvoicesagainstit.

6. Phreaker:Thoughnotexactlyaboutcomputersystems,phreakingisstill

consideredatypeofhacking.Phreakersarepeoplewhoexploitthebugs

andvulnerabilitiesintelephonelinesandtakeadvantageofthat.Theactis

calledasPhreaking.

Asitisevident,thewhitehathackersarethemostrespectedpeopleinthe

technicalcommunity.Eventhoughtheyhavethepowertoexploitsystemsand

usethevulnerabilitiesfortheirownselfishgains,theydothatwiththe

permissionoftheownerandlettheownerknowabouttheweakpoints.

Thisenablestheownertofixtheweakspotsbeforeanyhackercanhitthem.

Therefore,theypayethicalhackersquitewell.

Hence,beinganethicalhackerismakingthebestuseofyourskills.Itis

completelylegal(ifyoufulfilltherequirementsmentionedintheethicalhacking

section),anditdefinitelygivesyoudecentpay.

Alltheothertypesofhackingthatarelistedabovecangetyoubehindbars.Even

hacktivismisnotanexception.Itwouldstillbeillegaltohacksomeoneto

spreadapositivemessageifyouarehackingsomeonewithouthisorher

permission.

Chapter4–WhiteHatHackingorEthicalHacking

Asmentionedearlier,WhiteHathackingisthetypeofhackingwherebyhackers

areemployedbythecompanytoenhancethesecurityofsystemsbyremoving

bugsandvulnerabilities.Sincethistypeofhackinghastotalauthorization,itis

knownasethicalhackingaswell.Thehackerswhoparticipateinthistypeof

hackingarecalledwhitehatsorethicalhackers.

Notonlyitisacompletelylegalpracticebut,infact,thesewhitehatsgetpaid

quitewellbythecompaniesfortestingtheirsystems.Thisisduetothedeep

knowledgethehackershaveaboutnetworksandcomputersystems.

Also,thistypeofhackingmakessurethatotherhackerswithunethicalmotives

cannotattackthesystemofthecompany.

Theterm‘whitehat’and‘blackhat’comesfromtheHollywoodfilmsthatwere

basedonCowboyswherethegoodcowboysusedtowear‘whitehats,'whereas

theeviloneswouldfightwearinga‘blackhat.’

Theterm‘ethicalhacking’wascreatedbyIBM,todiversifyitfromthegeneral

opinionofhackingasviewedbythepublicinanegativesense.

Whileamajorpartofethicalhackingfocusesonpenetrationtesting(about

whichwearegoingtolearnlater),thereisawidevarietyofotherthingsthatare

includedaswell.

Tounderstandwhitehathacking,letusfirstunderstandtheconceptofsecurity

threatsthatarepresentinacomputer.

Tobeanethicalhacker,youmustcomplywiththefollowingmandatesforan

ethicalhacker:

1. Youshouldhavepermissioninwrittenformfromtheownerofthe

corporationorthecomputersystemthatyouaretryingtopenetrateortest

beforeyouactuallycarryouttheactivity.

2. Youneedtoalwaysprotecttheprivacyofthecorporationthatyouare

hacking.Thismeansthatanydatathatyouattainthroughyourhacking

activitiescannotbegivenouttoanythirdpartyorthegeneralpublic.

vulnerabilities,andexploitsthatyoufindinthesystemwithcomplete

transparency.

4. Ifthereareanyweaknessesthatyoufindoutinthehardwarecomponents,

youneedtoreportthemtothemanufacturerofthathardwarecomponent.

5. Ifthereareanyweaknessesthatyoufindoutinthesoftwarecomponents

ofthecomputersystems,youneedtoreportthoseweaknessestothe

softwarevendors.

NeedforEthicalHacking

EthicalHackingisnotacomfort,butadireneedforcompanies.Thisis

especiallytrueforcompaniesthatdealwithmoneyorconfidentialinformation,

likePayPal,governmentwebsites,defensewebsites,etc.

Themajorreasonswhycompaniesneedethicalhackingare:

1. Protecttheirinformation:

Ethicalhackingisrequiredforthecompaniestoprotecttheinformationon

theircomputersystemsornetworks.Thisinformationcouldbethe

informationofthecompanyoruserinformation.Hackerscouldexploitthe

websitesorcomputersystemofthecompanyandmakeuseofthe

informationfortheirowngain.

Therefore,companiesneedtohireethicalhackerssotheycanfightagainst

theseissuesandprotectthecompanyfromanyfrivolousactivities.

2. Keepthesystemsrunning:

WiththeDDoSandDoSquitecommonnowadays,itispossiblefor

hackerstoslowdownthecompanywebsitesorcrashthemcompletely.

Evenafewminutescrashinacompany’swebsitecanmakethemlosea

hugechunkofmoney.

Therefore,ethicalhackersputupproperpreventivemeasuresontheweb

serversandoperatingsystemsocompaniescanfighttheseattacksreally

well.

3. Keepingthemoneysafe:

Therearevariouswebsiteslikemoneytransferservicesandeshopping

websitesthatdealwiththebankinformationandcreditcarddetailsofthe

users.Ifahackergetsaholdofthisinformation,theycouldstealthe

moneyoftheusersandputthemupintheiraccounts.

Therefore,companiesneedtohireethicalhackerstocreatewallsaround

theiruserinformationthathackerscannotclimb.

Securitythreats

Firstly,letusputadefinitiontotheterm‘securitythreat’thatcanclearour

understandingonthetopic.Whatisasecuritythreat?

Asecuritythreatisbasicallyavulnerabilitythatcanendangerthecomputer

systemortheorganizationthatownsit.Itcouldbetangibleorintangible.A

tangiblesecuritythreatwouldinvolvephysicallystealingthecomputerorany

datadrivewithvitalinformation.Anintangibleattackwouldbesomeoneusinga

virusoramaliciousprogramtoaccessthedataofthesystemoradriveremotely.

Letussummarizethesetwothreatsindetail.

1. TangibleComputerThreats:

Tangiblecomputerthreatsinvolvethethreatswherethecomputersystem

isphysicallyaffected,resultinginthelossortheftofdata.Thesetangible

threatscanbedividedintothreecategories:

1. Internaltangiblethreats:

Theinternaltangiblethreatsarethethreatsthatarecausedbyahazardin

theimmediateenvironmentofacomputersystem.Theseincludeafire

hazard,electricshortcircuit,damageduetohumidity,etc.

2. ExternalTangiblethreats:

External,tangiblethreatsinvolvethesecuritythreatsthatcomefrom

outsidetheimmediateenvironmentofacomputersystem.Thesethreats

couldbeflooding,lightning,quakes,volcaniceruptionsoranysuch

naturaldisasters.

3. HumanTangibleThreats:

Thehuman,tangiblethreatsincludetheftofacomputersystem,

destructionofcomputerpropertyduetovandalism,accidents(likespilling

coffeeoverthesystem),etc.

Thetangiblesecuritythreatsareeasytoavoid.However,theycannotbe

completelyeliminated(youcannotstopanearthquakefromhappening,butyou

canminimizethedamage).Herearethestepsthatcanbetakentoavoidtangible

securitythreats:

1.

Internaltangiblethreatscanbeavoidedbytakingprecautionarymeasures.

Threatssuchasfirecouldbeconfrontedbyinstallingfireextinguishersin

allenvironmentsthatcontainthecomputersystems.Short-circuitingcan

becounteredbyusingvoltagestabilizersandpowerbackups.Tocontrol

themoistureintheair,airconditionerscanbeemployed.

2. Externalthreatscanbecounteredtoreducethedamageincaseofnatural

disasters.Lightningprotectorscanbeusedtominimizethedamagecaused

incaseoflightning.Toprotectthecomputersystemsagainstflooding,

locationscanbechosenwherethechancesoffloodsarenegligible.

3. Human,tangiblethreatscanbeeliminatedbyusingphysicalsecurity

measureslikeCCTVcameras,restrictedaccessdoors,surveillance,etc.

NowletusstudyaboutIntangiblesecuritythreats,whichwillbethefocusofthe

hackingsection.

2. IntangibleSecurityThreats:

Intangiblesecuritythreatsarealsocalledlogicalthreats,asthesearethe

threatsthatemploylogicaloperationsandknowledgeofcomputer

systems.Thesetheftsmightnotgenerallycauseanyphysicaldamageto

thecomputersystem,buttheycancausethelossortheftofdata,which

canbeevenmoredangerousthananyphysicaldamage.

Theintangiblesecuritythreatscanleadto:

1. Theftofdata

2. Lossofdata

3. Disablingofcomputersystems

4. Disruptioninthenormaloperationofbusinesses

5. Completebreakdownofwebsites

6. Unauthorizedsurveillanceofcomputersystems

7. Unauthorizedaccess

8. Manyotherillegalactivities

Commonly,tangiblesecuritythreatsaremadewiththehelpofscripts,software,

andprogramsthatpenetratethesecuritylevelsofthesystemsbyexploiting

variousbugsandvulnerabilities.Thesethreatscommonlyinclude:

● Trojans

● Malware

● Viruses

● DDoS

● Phishing

● Worms

● KeyLoggers

● Accessingcomputersystemswithoutauthorization

● Andmuchmore

Generally,thestepstakentocountertheseintangiblethreatsarebyemploying

thefollowingsecuritymeasures:

1. Programssuchasmalware,Trojans,virusesarecounteredbyusinganti-

virussoftware.Further,inadditiontothissoftware,organizations

minimizetheriskoftheseattacksbyregulatingtheexternaldrivesthatare

connectedtothesystemsbytheusers.Thesedrivesareacommonwayof

spreadingtheseattacks.Therefore,byminimizingoravoidingthe

connectionofexternaldrivesorthedownloadingofsuspiciousdatafrom

theInternet,thesethreatscanbeeasilycountered.Sometimesthesethreats

canbeautomaticallydownloadedbyvisitingwebsitesthatloadharmful

dataintothecomputersystem.Hence,accesstosuchmaliciouswebsites

shouldbeblockedaswell.

2. Torestricttheaccesstocomputersystemswithoutproperauthorization,it

isimportanttouseaccesscodesthatallowonlycertainuserstoaccessthe

system.Theseaccesssystemsconsistofusernamesandpasswordsthat

enableausertoaccessthesystemonaleveltheorganizationwantshimto

use.Otheraccesscodescouldincludebiometricscanners,accesscards,

etc.

3. Therearemanyothersecuritymeasuresthatdetectanintrusionor

presenceofathreatinasystemthatcanbeemployedbythecompanyto

increasetheirsecurity.

Chapter5–Skillsyou’llneedtobecomeanEthical

Hacker

Afterreadingaboutethicalhacking,youmighthavelearnedhowinterestingit

canbetoremovetheseintangiblesecuritythreatsfromasystem.However,if

youwanttoaccomplishthis,therearesomeskillsthatyoumightrequire.Of

course,itisnotachild’splaytobreakintoasystem.Andprohibitingsomeoneto

breakintoasystemisevenharder.

However,therearenotmanythingsyouneedtolearntobecomeanethical

hacker.Whatyouneedtolearndependsonwhichfieldofethicalhackingyou

areinterestedin(yestherearemanyfieldsinethicalhackingitself).

ThemostimportanttoolrequiredofanEthicalhackerisknowledgeof

ProgrammingLanguages.

ProgrammingLanguages

Sinceacomputerisamachinethatdoesn’tunderstandthelanguagethatwe

speak,weneedtogivecommandstoacomputerinalanguagethatitspeaks.

Theselanguagesunderstoodbythecomputerarecalledprogramminglanguages

andareusedtodesignprograms,scripts,websites,operatingsystems,andevery

aspectofthecomputerthatweuseorsee.

Hackersneedtohaveastronggraspoftheseprogramminglanguages.Hereis

why:

● Hackersneedtosolvetheproblemsthatareencounteredbycomputer

systems.Theseproblemsaresolvedbyemployingprogramsthatfind

errorsandtroubleshootthem.Thedevelopmentoftheseprogramsrequires

theknowledgeofprogramminglanguages.

● Programminglanguageshelpspeedupoperationsthatwouldgenerally

requirealotoftimeifdonemanually.Forexample,ifyouarefillingdata

inanexcelfilethatisathousandcolumnslong,itcantakeyoumany

hoursorevendays.However,ifyoucreateaprogramtodoso,itwillonly

takeafewminutes.

● Ifyouaretestinganapplicationforitsworkingandbugs,everyaspect

oftheapplicationcannotbetestedmanuallysincethereareinfinitelinesof

codinginit.However,programscanbecreatedwhichcandetecttheerrors

automaticallyandpresentitinfrontofahacker.

● Programssaveprecioustimeforthehackerbyavoidingtheneedto

startfromscratch.Thehackercanpickupanexistingprogramandjust

tweakitalittletosuithisneeds.Thatwayalotofprecioustimeand

resourcesaresaved.

WhichProgramminglanguagesdoesthehackerneed?

Therearecountlessprogramminglanguagesthatareinusetoday.Tonameafew

areC,C++,HTML,JAVA,Python,Android,etc.Eachlanguagehasitsown

studyandstructure.Asitisnotfeasibletolearnallthelanguages,itisobvious

thatonewouldaskhimselfwhichlanguageheshouldlearn.

Thechoiceofthelanguagedependsonthetypeofsystemandplatformthe

hackerisgoingtouse.Forexample,whilemanyprogramminglanguagesare

usedtowritewindowsbasedprograms,itwouldbefutiletouseonesuch

languagewhenyouaregoingtobeworkingonLinuxbasedsystems.

Thefollowingprogramminglanguagescanbeveryusefulforhackers.

1. HTML:

HTMLisalsocalled‘HyperTextMarkupLanguage.'HTMLisalanguage

thatisusedtodesignwebpages.Basically,mostoftheinformationseen

overtheInternetisthebrainchildofHTML.Itcanbeusedonany

platform,beitWindows,Linux,orMac.

HTMLiscrucialtoInternethacking.Therearemanywebsitesthatemploy

theuseof‘forms’thatcollectthedataoftheuser.Ifsomeoneisableto

fullyunderstandHTMLandexploititsweaknesses,onecaneasilyget

crucialinformationfromtheInternet.Therefore,anethicalhackerneedsto

haveastronggraspofHTML.

2. JavaScript:

JavaScriptisascriptexecutedinthewebbrowserwindowofaclient.Itis

employedtodisplaythesavedcookiesaswellasperformscriptedactions

onthewebpage.Itisacrossplatformlanguageandworksonany

operatingsystem.Hackersuseitforthepurposeofwebhacking.

3. PHP:

PHPisaserversidescriptinglanguageanddiffersfromJavaScript,which

isaclient-sidescriptinglanguage.ItisthemostcommonInternet

programminglanguage.ItcanbeusedfortheprocessingofHTMLdataas

wellasmanagingothercustomizedcommands.Hackerscanusethis

languagetomodifythesettingsofawebserver,andtherebymakeitprone

towebattacks.Itisacrossplatformlanguageaswell.

4. SQL:

SQLisalanguagethatisusedforthecommunicationbetweenawebpage

andadatabase.Itiscommonlyusedforwebhacking,ashackersemploya

toolcalledSQLinjectionsthatcanbypasstheweakerloginalgorithmsof

variouswebpages,therebygainingunauthorizedaccess.Theycanbeused

byahackertodeletedatafromthedatabase.Itisacrossplatform

languageaswell.

5. High-LevelProgrammingLanguages:

TheselanguagesincludePython,Perl,BashandRuby.Theselanguages

areusedforbuildingvarioushigh-levelscriptsaswellasautomationtools

fortheservers.Ahackerskilledintheselanguagescanusethisknowledge

toalterthefunctioningofthesetoolsaswell.Allofthemarecross

platformprogramminglanguages.

6. CandC++:

CandC++areusedtowritecodesforthesystemsthatcanhelpin

exploitingthevulnerablepartsofthesystem.Theselanguagesareusedto

developcommonsystemcodes,andhencetheknowledgeofthesecan

helpinalteringtheexistingcodes.Theyareacrossplatformlanguageas

well.

OtherlanguagesincludeJava,VisualBasic,VBScript,etc.These

languagesarecommonlyusedtodevelopsystemprograms,andhencecan

beusedbyhackerstocreateprogramsthatcompromisethesecurityofa

system.

AdditionalSkills:

Besidesthesebasicprogrammingskills,acomputerhackerrequiresmanyother

skillstohaveadeepunderstandingofthematter.Afewoftheseare:

Internetandsearchengines: Acomputerhackershouldhaveagoodgraspof howtheInternetandsearchengineswork.Heshouldbeabletosearchoutwhat hewantssothathecancollecttheinformationhewantseffectively.

Linux:Linuxisanimportantoperatingsystemthatahackershouldbefamiliar

with.Itisacommandbasedsystem,andagoodhackershouldbefamiliarwith

basicLinuxcommands.

Patience: Agoodhackershouldbepatient.Hackingisnotamagictrickand involvedlotofhardwork,andalotoftimeisconsumedaswell.Therefore, patienceisthekey.

Practice:Likemostthingsinlife,ittakespracticetomastertheartofhacking.A

goodhackerisalwaysonscreen,tryingtocrackhiswayintothedigitalworld.

Heisalwaysinsearchofknowledgeandkeepsontryingnewtipsandtricksas

hefindsthem.

Chapter6–PasswordCracking

PasswordCracking,asthenamesuggests,isatrickusedtocrackthepassword

ofausertogainaccesstohissystemwithouthisauthorization.Whilethereare

somehackingtricksthatenablethehackertobypassthepasswordalgorithm

altogether,thepasswordcrackingaimsatthehackerfindingoutthecorrect

passwordforthesystem.

Thereareanumberofmethodsthatcanbedonetoaccomplishthis.Someof

thesemethodswillbediscussedinthecomingsection.Butletusfirstunderstand

thestrengthofapassword.

PasswordStrength

Passwordstrengthisanindicatorthattellstheefficiencyofapasswordin

resistingpasswordcrackingattempts.Youmusthaveseenthisindicatorseveral

timeswhilecreatingaccountsonvariousInternetwebsites.

Thepasswordstrengthindicatordependsupon:

1. Thelengthofthepassword:Thismeansthenumberofcharactersthatare

presentinapassword.Thelongerthelength,theharderitistobreakthe

password.

2. Complexity:Thevariouscombinationsofletters,numbers,andspecial

charactersthatthepasswordhas.Morecomplexpasswordsareharderto

break.

3. Predictability:Itmeanshoweasilythepasswordcanbeguessed.

Passwordswithcommondictionarywordscanbeeasilyguessed.

Therefore,uncommonpasswordsarebetter.Thelesserthepredictability,

thestrongerthepassword.

Forexample:

‘user’isapoorpassword.

‘user1234’isaweakpassword

‘user2415’isagoodpassword

‘@user2516’isastrongpassword

VariousCrackingTechniques

Nowletusdiscussthevariouscrackingtechniquesthathackersusetocrack

theirpasswords.Thesetechniquesareeasierthanyoumighthavethoughtonthe

firstattempt.

1. Dictionaryattack:

Dictionaryattackcomprisesoftryingoutthecommondictionarywords

(orpasswordsfromaspecifiedlist).Eachpasswordisenteredonebyone

astheuserpassword.Thismethodislessefficient,asmostuserpasswords

aren’tthatcommon.

2. BruteForceAttack:

Bruteforceattackinvolvessystematicallycombiningvariousalphabets,

numbers,andcharacterstofindthepasswordforthesystem.Ituses

variousalgorithmstotryputtinginvariouscombinationsofthe

alphanumericcharactersonebyoneuntileverypossiblecombinationis

exhaustedorthepasswordiscracked.

Thismethodcantakealongtimetocrackthepasswords.However,itcan

surelycrackapasswordifauserhasthetime.Itisbecauseitwilltryevery

possiblepasswordthatispossible.

3. Guessingthepassword:

Itisanothercommonmethodusedforcrackingpasswords.Inthismethod, thehackertriesthepasswordsthataremostcommonlyused.Ifthehacker knowstheownerpersonally,apasswordcanbeguessedbasedonthe

knowledgeabouttheuser.Passwordslike‘user,'‘admin,'‘12345678’,

‘password,'etc.areverycommonpasswordsandeasilyguessable.Hence,

allusersarestronglydiscouragedfromusingthese.

4. Spidering:

Manyorganizationsoftenkeeppasswordsthatarerelatedtothe

organizationitself.Thesepasswordsarenotverycomplexandcanbe

foundbyusingtheorganization’sinformation.Hackerscangatherthis

informationfromthewebsitesofthecompany,theirsocialmediapages,

etc.andcreatealonglistofpossiblepasswords.Thenthesepasswordscan

betriedonebyonetopenetratethesystem.

SoftwareUsedforCrackingPurpose

Thereareseveralsoftwareprogramsonthemarketthatassistuserswith

crackinganypasswordsautomatically.Thesesoftwareemploydictionaryattack

tacticsandthebruteforceattacktacticstopenetrateintothesystemwithout

authorization.Thesespeeduptheprocessofcrackingasthehackerdoesnot

havetomanuallytypeinthepasswordforthesystem.

Somecommonpasswordcrackingtoolsinclude:

● JacktheRipper:JacktheRipperisacommandpromptbasedsoftware

usedtocrackthepasswords.Youcanusethissoftwareonlyifyouare

familiarwithcommandsandcommandprompt.Thesoftwaremakesthe

useofawordlisttoaccessthepassword.

programfreeofcost.However,thewordlistcommonlycomesataprice.

Therearealternativewordliststhatcanbedownloadedfreeofcost.

● Cain&Abel:CainandAbelisaMicrosoftwindowsbasedsoftware.It

iscommonlyusedtoaccessuseraccountsandcracktheirpasswords.

ContraryfromJacktheRipper,Cain&AbelusesaGUI(GraphicalUser

Interface).Nocommandsareneededwhatsoever.Therefore,someone

withoutmuchknowledgeofhackingcanusethesoftwareaswell.

Youcanusethe

HowtoavoidPasswordCracking

Inordertosaveyourselffrompasswordcracking,therearesomesimple

measuresthatcanbetakenbyanindividualoranorganization.Someofthese

measuresinclude:

1. Itisneveragoodideatokeepsimpledictionarywordsaspasswords.

2. Thepasswordshouldnotbeagenericwordsuchas‘user,'‘password,'etc.

3. Passwordswhichcanbepredictedorwhosepatternisguessableshould

notbeused.Forexample,passwordslike‘11223344’or‘12345678’are

badpasswords.

4. Thedatabasewherethepasswordsarestoredshouldbeproperly

encrypted.

5. Nowadays,thepasswordstrengthindicatorsarequitepopular.Makeuseof

theseindicatorstocreatethepassword.

specialcharacterstogetherinapasswordforcreatingastrongpassword.

Chapter7-UnderstandingComputerViruses

Youmighthaveheardofmaliciousprogramsattackingcomputersystemsacross

theworldandcompromisingtheirdatasecurity.Well,theseprogramsare

basicallydesignedbyhackerstoaccessremotesystemsorstealtheirdata,or

maybejustforkeepinganeyeonthem.

‘Viruses’isageneraltermusedbythemediaaswellasthelaymenforthese

maliciousprograms.Whilevirusesareamajorpartofthem,thewholesegment

oftheseprogramscomprisesofothermaliciousprogramsaswell.Letustakea

lookatthemonebyone:

Trojans

ATrojan,oraTrojanhorse,isaprogramthatgainsentryintoacomputersystem

andallowsthehackertotakecontrolofthatsystemremotely.

Formostofthepeoplewhodonotknow,thenameTrojanHorsecomesfromthe

ancientTrojanWarwheretheGreeksusedawoodenhorsetogainentryintothe

walledcityofTroy.ThishorsewascalledTrojanHorseandledtothe

destructionoftheentirecityfromtheinside.

Similarly,aTrojanhorseissomethingthatyoushouldbescaredof.Themost

dangerousthingaboutTrojanhorseisthatitishardtodetectwhenitisentering

asystem.TheTrojanhorseusuallyappearsassomethingthatisvitalforthe

computersystem,likeanimportantprogramoradriver.

However,onceaTrojanhorseisinstalled,yoursystemiscompromised.A

hackercandoanythingwiththehelpofaTrojanhorse.Itcouldbeinstalling

backdoorsintoyoursystem,ordownloadanydataormaliciousprogramsthat

thehackerwantstodownloadinyoursystem.

Someofthemajortasksthatcanbeaccomplished(andarecommonly

accomplished)usingTrojanhorseare:

● Damagingthecomputersystem.Theeffectsofthiscouldberepeated

crashesofthesystem,blankdisplaywithjustabluescreen,freezing,etc.

● StealingofconfidentialdatacanalsobeaccomplishedusingTrojan

horse.Thisdatacouldbepasswords,bankinformation,creditcarddetails,

etc.

● Trojanhorsecanalsomodifyorerasethefilesthatarepresentinthe

system,resultinginlossofimportantdata.

● UsingtheTrojanhorse,ahackercanmakethesystemapartofaDDoS

attackonawebserver.

● Trojanhorsecanalsohelpthehackerinstealingthemoneyofthe

ownerbymakingbanktransfersthroughhissystem.

● Usingthismaliciousprogram,ahackercanmakeanoteofallthekeys

thattheuserispressing.Thisdatacanenablehimtoattainuserids,

passwords,andotherpersonaldetailsoftheuserthatarenotmeanttobe

shared.

● Thehackercanviewthescreenoftheuser,aswellasscreenshothis

screentokeepaneyeonhim.

● Ahackercandownloadthehistoryofthewebbrowseroftheuser,

therebyknowingthewebsitestheuserhasvisited.

Worms

WormsareveryharmfulprogramsliketheTrojanhorses.However,they

functiondifferently.Theypropagatethroughthesystemandtrytoreplicate

themselvesasmuchastheycan.Theyevenfindwaystogetcopiedfromone

systemtoanothersysteminanetwork.

Byusingworms,ahackercanaccomplishthefollowingtasks:

● Theprimarypurposeofwormsistoinstallbackdoorsonthetarget

systems. Thesebackdoorsarelikeanentrywayintothecomputersystem.

Theycanbeusedtododistributeddenialofserviceattacksontheservers.

Thesecanalsobeusedtosendspamemailsfromthecomputersystemand

allthesystemsthatitaffects.

● Wormskeeponpropagatingbycopyingthemselves.Bydoingthis,they

tendtoslowdowntheentirenetworkbytakingalotofthebandwidthfor

themselves.

● Wormscanalsoinstallvariousmaliciousprogramsintothecomputer,

likeotherworms,Trojanhorses,etc.

Viruses

Virusesaremaliciousprogramsthatgetattachedtothevariousprogramsand

filesthatareusedbythetargetsystem.Theykeeponrunningallthetimeand

henceconsumealotofmemoryofthecomputer,aswellasitsCPUusage.The

programsorfilesthatthevirusattachesittoaretermedas‘infected.'

Itworksinasimilarfashionasthebiologicalviruses,whichtendtogetattached

tothenormalcellsofthehumanbodyandeventuallyalterthebody’sfunction.

Asaresult,peopletendtofallsick.Similarly,acomputerviruscancausethe

sicknessofacomputer.

Thevirusesnotonlyhidewell,buttheywouldappearsoalluringthatyou,asa

user,wouldbetemptedtoopenthem.Itmightbeadocumentinyourmailbox

thatseemsimportantoressentialdataonyourflashdrive.Oncetheinfected

programisrun,theviruscodestartsup.

Withavirus,ahackercanaccomplishthefollowingtasks:

● Gettingaccesstotheconfidentialuserdatasuchashisuseridsand

passwords.

● Destroyingthedatapresentinthesystem

● Corruptingthesystemdataanddrives

● Sendmessagesoradvertisementstotheuser

● Keepalogofthekeysthattheuserpresses

HowtoCombatTheseMaliciousPrograms

Asanethicalhacker,notonlyisitimportanttounderstandabouttheseprograms,

butyoushouldalsoknowhowtotacklethem.Thefollowingmeasuresare

essentialindealingwiththeseprograms:

Theprimarysteptofollowistoinstallagoodanti-virussoftwareonthe

computersystem.Anti-viruschecksallthepotentialthreatsautomaticallyand

protectsthecomputersystemfrommostvulnerabilities.

Organizationsoftencreatepoliciesthatdisallowtheuserstodownloadorvisit

websitesthatmightdownloadanyunneededfilesfromtheInternet.Thesecould

beanygames,toolbars,emailattachments,oranyprogramsthatarenot

required.

Anyflashdrivesorsecondarystoragedevicethatiseverattachedtothe

computersystemshouldbescannednicely.Externalstoragedevicesarea

commonwayofpropagatingthemaliciousprograms.Hence,itshouldbemade

suretheydon’thaveavirusbeforeyouopenthem.

Itisagoodideatobackupimportantdata.Evenifthereisanattackofa

maliciousprogramthatcorruptsthefilesystem,thebackupwillensurethatdata

isnotlost.Thisbackupshouldbedoneonread-onlydevices,suchasaCDora

DVD,sothatviruscannotaffectthesedrives.

Itisalwaysagoodideatokeepyoursystemupdatedtothelatestversion.Most

maliciousprogramstendtoexploitthesystemvulnerabilities,thereforekeeping

yoursystemupdatesmakessurethatthevulnerabilitiesarenotpresent.

Companiesrolloutupdateswiththesamemotive.

Allemailattachmentsshouldbecheckedbeforeopeningordownloading.Itisa

goodideatodownloadattachmentsfromknownsourcesonly.Andifsomething

seemsimportantenoughtodownload,remembertoscanitwithyouranti-virus

software.

Chapter8–HackingWireless(Wi-Fi)Networks

Withwirelesstechnologyowningthemarkets,Wi-Finetworksareacommon

trendtoday.Evenifyouaresittinginyourroom,youmightseealistofalotof

Wi-Finetworksthatareavailableonyourdevice(andmostofthemare

passwordprotected).

Therefore,asWi-Finetworksareavailabletoeveryoneintheproximitytothe

router,thismakesthemopenforhackerstohack.Hence,learningabouthacking

wirelessnetworksisimportantaswell.

LetusfirstunderstandthebasicofaWi-Finetwork.

WirelessNetworks

Wirelessnetworksarethenetworkswheredevicesandcomputersareconnected

togetherwiththehelporradiowaves.Thesewavesaretransmittedandreceived

bythephysicalcomponentsofthesystem.

TojoinintoanyWi-Finetwork,youwouldneedtwothings:

1. YouwouldneedadevicethatisenabledwithWi-Fi.Itcouldbeyour

laptop,smartphone,etc.Generally,desktopsdonotcomewithWi-Fi

enabled,sotheycannotbeusedforthispurpose.

2. Theuserwouldneedtobeneartherouterthatistransmittingthesignals.If

youareincloseproximitytotherouter,itwillautomaticallyshowupin

yourlistofavailabledevices.

3. Generally,mostWi-Finetworksarepasswordprotected.Iftheyarenot,

youcansimplyconnecttothenetworkwhenyouareclosetoit.Ifthereis

apasswordrequired,youwillneedthepasswordbeforeyoucanaccessthe

network.

WirelessNetworkAuthentication

Asthewirelessnetworkscanbeaccessedbyanotherpersonnearby,andno

wiresarerequired,usuallyWi-FiusersputapasswordontheWi-Finetwork.

HerearesomeofthemostcommontechniquesusedtoauthenticatetheWi-Fi:

WiredEquivalentPrivacy(WEP)

WEPwascreatedkeepingtheIEEE802.11WLANstandardsinmind.Theaim

ofWEPwastohelpthewirelessnetworkskeepingupwiththewirednetworks

regardingprivacy.

WEPencryptsallthedatathatistransmittedoverthenetwork.Bydoingthis,it

makessurethatthedataissafebetweenthesenderandthereceiverandanythird

unauthorizeddevicecannotinterceptit.

Wi-FiProtectedAccess(WPA)

WEPwasfoundtohavemanytechnicalweaknessesintermsofitssecurity, whichcouldbeeasilyexploitedbyhackers.UnauthorizedaccesstotheWEP wasveryeasy,soWPAwasdevelopedbytheWIFIalliancekeepingthewireless

securityinmind.Itisalsobasedonthe802.11WLANstandards.

Themajorchangeitboughtwasusing48-bitinitialvaluesratherthan24-bitin

WEPtoencryptdata.Further,temporalkeyswereusedtoencryptthedata

packets.

HowtocrackWi-FiNetworks

ThemethodofcrackingWi-Finetworksdiffersfromnetworktonetworkand

dependsonwhetherthenetworkisWEPencryptedorWPAencrypted.

WEPcracking

WEPcrackingmeansbypassingthesecuritymeasuresofaWPAnetworkand

accessingthenetworkwithoutanyauthorization.Therearetwowaysto

accomplishthis:

PassiveWEPCracking:Thisisahardtodetectcrackingmethod.Itcausesno

effectonthetrafficofthenetworkuntilthehackercracksWEPsecurity.

ActiveWEPCracking:Thisiseasytodetectcrackingmethod.Itcausesalotof

loadonthenetworktraffic.Theeffectivenessofthistypeofcrackingismoreas

comparedtothepassiveone.

ToolsusedforWEPCracking

ThefollowingtoolsareusedforcrackingWEPnetworks:

AirCrack:AirCrackisanetwork-sniffingtool.ItcaneasilycrackWEP

networks.

WEPCrack:Asthenamesuggests,WEPCrackissolelyfocusedoncracking

WEPnetworks.

Kismet:Thisisapopularsoftware.Itcandetecthiddenaswellasvisible

wirelessnetworks,itcanactasanetworksniffer,anditcandetectanyunwanted

intrusionsinyournetworkaswell.

WebDecrypt:thissoftwareusestheoldschooldictionaryattackthatwelearned

beforetocrackWEPpasswords.Thissoftwarehasaninbuiltkeygenerator.

WPACracking

WPAcrackingistheprocessofbypassingthesecuritymeasuresofaWPA

networkandtherebyaccessingthenetworkwithoutauthentication.Thisisdone

withthehelpofthebelowtools:

Cowpatty:Cowpattyisatoolthatusesbruteforceattacktocrackthepassword

ofaWPAnetworkusingpre-sharedkeys.

Cain&Abel:Thissoftwareisusedincombinationwithanetworksniffer.It

decodesthepacketsthatarecapturedbyanetworksniffer,andcanautomatically

deducethepasswordofasystem.

TypesofNetworkAttacks

NetworkSniffing:Networksniffingisaboutinterceptingthedata

packetsastheyarecommunicatedthroughthenetwork.Aftercapturing

thesedatapackets,theimportantinformationcanbeeasilydecoded

throughtoolslikeCainandAbel.

ManintheMiddleAttack(MITM):Thisattackmakestheuseof

eavesdroppingontheinformationbeingsentacrossthenetwork.Any

informationthatmayappeartobesensitiveiscaptured.

DenialofServiceAttack(DOS):Thisattackprohibitstheusersofa

networktoaccessthenetwork’sresources.Theintentofthisattackismore

towardsdisruptingthenetworkthanusingitorstealinginformation.

Howtomakesureyourwirelessnetworkissecure

Whilenosystemisfreeofanyvulnerability,youcanmakesurethatyoursystem

hasaminimumnumberofvulnerabilitiesthattherecanbe.Keepingaweak

passwordorhavinganopennetworkisaninvitationtonegativeelementsof

society.Therefore,alwayskeepyourwallsuphigh.

Herearefewmeasurestotaketokeepyoursystemssecure:

1. Itisalwaysagoodideatokeepyournetworkpasswordprotected.Open

networkscanbeaccessedbyanyoneintheirproximity.Andthese

unauthorizeduserscanperformanyactionovertheInternetunderthe

disguiseofyournetwork.Therefore,alwayskeepapasswordtomakesure

noneofthiscanhappen.

2. Remembertochangethedefaultpasswordthatyourrouteroranydevice

camewith.Defaultpasswordsarenotonlyeasytoguess,buttheyarealso

generictothemodelorthebrandname.Therefore,keepapersonalized

password.

3. Makesureyouhaveauthenticationmethodenabled.

4. YoucanrestrictwhocanuseyournetworkbyenablingMACfiltering.

MACfilteringmakessurethatonlytheMACaddressesthatyouhave

permittedareallowedentryoverthenetwork.

5. Makesureyouuseastrongpassword.Yourpasswordshouldbea

combinationofalphabets,numbers,andcharacterssothatitcannotbe

easilyguessedbybruteforceordictionaryattack.

6. Thereislotsoffirewallsoftwareavailableonthemarket.Eventhough

windowscomewithaninbuiltfirewall,itisagoodideatousethese

softwareprogramsforadditionalandimprovedsecurity.

Chapter9–DenialofServiceAttacks

Ifyouareatechfreakorevenslightlyinterestedintechnologyandkeepupwith

thenewsintheindustry,youmostprobablywouldhaveheardofDenialof

Serviceattacks(DoS).Inthissection,wewilllearnallaboutDoSattacks.

WhatisaDoSattack?

Adenialofservice,asthenamesuggests,isanattackthatprohibitstheuser

fromaccessingtheresourcesofawebsiteoraserver.Duetothisattack,an

individualmightnotbeabletoaccessawebsite,visithisemailsormaybethe

Internetspeedmightseemtobeverysloweddown.

Thisattackiscausedwhenahackerhitsthetargetserverwithalotofrequests

simultaneously.Therefore,theserverseemstobeunabletocatchupwithall

theserequestsandbeginstolagorcrash.Theseserverscanappeartobeeither

sloweddowndramaticallyorcompletelyshutdown.

DoScanhavemanyconsequencesforthewebsitesorthecorporations.Shutting

offwebsitesorcrashingthemevenifforfewminutescancausethelossofa

hugechunkofmoneyforthebusiness.Therearealotofbusinessesthatdepend

solelyupontheInternet,andDoSattacksarelikeadoomtothem.

TypesofDoSAttacks:

TherearebasicallytwotypesofDoSattacks

DenialofService(DoS)Attack:Thisattackemploysasinglehost

DistributedDenialofService(DDoS)Attack:Thisattackemploysalotof

machinesthatareaffectedbythehacker,tohitthesametargetandflooditwitha

lotofrequestsordatapackets.

CommonTypesofDDoSattacks

TherearemanywaysinwhichhackersimplementtheDoSattacksonaserver.

Themostcommonwaysarelistedbelow.

1. PingofDeath:

Ifyouknowthebasicsofcomputersystems,youmightbefamiliarwiththe conceptof‘ping.'Pingisacommandthatisusedtotestifanetworkis availableornot.Pingcommandsendsoutasmalldatapackettoaspecified networkresource,andtheresponsemakessurethatthenetworkisworking.

ThelimitofdatapacketsallowedoverTCP/IPis65,536bytes.

Inthepingofdeathattack,thedatapacketsthataresenttothenetwork

resourceexceedthislimit.Sincetheyareoverthelimit,theserverfailsto

handlethem.Thisresultsintheservercrashingdown,freezing,orlagging.

Theservermayalsoreboot.

2. Smurf:

Smurfattackssignificantlyreducethespeedofthenetwork,renderingit unusable.TheyaccomplishthisbyusingtheICMP.ICMPistheInternet ControlMessageProtocol.Alargeamountofpingtrafficisgenerated,and thereplyIPisalteredtotheIPaddressofthetargetcomputer.Thereby,allthe repliesgoovertothetargetIPaddress.Eachpingisamplifiedbyafactorof

255,andtheserverissloweddownconsiderably.

3. Teardrop:

Thisattackiscausedbylargedatapackets.Thehackermanipulatesthedata

packetssothattheyaremadeofoverlappingfragments.Sincethereisalimit

tothedatapacketsthatcanbeheldbytheTCP/IP,itbreaksthemintosmaller

pieces.Theyattempttoassemblethesepiecesatthetargetaddress.However,

duetotheoverlapping,thetargetaddressfailstoreassemblethesepiecesand

asaresult,itcrashes.

4. SYNAttacks:

SYNisatermusedforSynchronize.InanSYNattack,communicationis

establishedusingTCPviaa3-wayhandshake.Thevictimisfloodedwith

SYNmessagesthatareincomplete.Therefore,thetargetmachineallocates

memoryresourcestothesemessages,whicharenevermadeuseof.This

deniesthelegitimateuserstoaccessthesystem.

ToolsusedforDoSAttacks:

ThefollowingtoolsareusedforDoSattacks:

Nemesy:thissoftwareisusedforcreatingrandomdatapackets.Itisbasedon

thewindowsplatform.

LandandLatierra:thissoftwareisusedforopeningTCPconnectionsaswell

asIPspoofing.

Panther:thissoftwarefloodsthevictim’snetworkwithdatapackets.

HowtoprotectagainstDoSattacks

AsmuchasitisimportanttounderstandthebasicsofDoSattacks,itiseven

morecrucialtounderstandhowtoprotectyourselfagainsttheseattacks.

Thesestepscanbeundertakentomakesurethatyouaresafelyprotected

againstDoSattacks:

1. Firewallsareimportantsecuritymeasuresthatshouldbeimplemented.

Firewallsmakesurethatanyunwanteddatapacketsfromanysuspicious

IPdonotreachyoursystem,therebyprotectingyou.

2. Routershavesettingsintheiraccesscontrolcenterthatprohibitunwanted

trafficfromaccessingtheInternet.Thishelpsincontrollingthesuspicious

andillegaltraffic.

3. Theseattacksexploitthevulnerabilitiespresentintheoperatingsystems.

Therefore,keepingyoursystemupdatedandinstallingsecuritypatches

canfixthevulnerabilitiestosomeoftheseattacks.

Chapter10–HackingWebServers

Websites,eventheonesthatmightseemsimpleandunimportant,area

storehouseofessentialuserdata.Thisdatacouldbeemailaddressespasswords,

andevencreditcardnumbersaswellasbankinformation.

Assuch,thewebsitesontheInternethavealwaysbeenagoldmineforhackers.

Therefore,itisimportanttounderstandhowthesewebserversarehackedand

howtheirsecuritycanbebeefeduptoprotectagainstanypossiblethreats.

Therefore,itisimportantfortheseonlinebusinessestomaintainsecurity

throughtheirsystems.Manycompanieshireethicalhackerstoaccomplishthis.

WeaknessesinWebServers

Nomatterhowmuchsecurityisbeefedupinasystem,therearealwaysgoingto

bevulnerabilities.Awebserveristypicallyonesuchsystemwhere

vulnerabilitiescanmeanlossestothebusinesses.Webserversarebasically

programsthatcontaindataandfilescommonlycalledwebpages,andweb

serverscommunicatethesepagesthroughtheInternettovarioussystems.

Webserversneedphysicalhardwareresourcesaswellassoftwareresources.As

thehardwareresourcesarespreadgeographically,thehackerstendtohackthese

systemsbygainingentryinthesoftwareinterface,exploitingitsvulnerabilities.

Thecommoncauseofvulnerabilitiesinthiswebserveris:

1. InsecureConfigurations:Itisimportanttokeepthewebserverwell

configured.Ifawebserverallowsanystrangeusertoaccessitscontent

andexecutecommandsonit,theintegrityofthewebserveris

compromised.Therefore,itisimportantthatawebserveronlypermitsthe

usersthathaveausernameandpasswordforaccessingtheserver.

2. Usingpreconfiguredsettings:Manywebserveradministratorsdon’tfeel

theneedtochangetheusernameandpasswordofthewebserverthanwhat

itfirstcamewith.Thisisamajorerrorandputsthesecurityoftheweb

serveratrisk.

systemrunningthewebserver,orthesoftwareofthewebserveritself.

Thesebugsallowthehackeraccesstotheserverandmodifyitscontents.

4. Lackofmaintenance:Securitymaintenanceofwebserversandthe

operatingsystemsrunningitneedstobedoneregularly.Otherwise,it

createsexploitsthatthehackerscanuse.Thesemaintenancemeasures

includeupdatingthesystemandinstallingsecuritypatches.

DifferentTypesofattacksonwebservers

Therearedifferentwaysinwhichthehackersexploitthesecurityofaweb

server.Someoftheseattacksare:

1. DenialofServiceattacks:Theseattackshavebeendiscussedinthe

previoussection.Serverownersfeartheseattacksastheycancausealot

ofdamagetotheservers.Thisdamageincludescrashingofservers,

slowingitsspeed,causingtheservertoreboot,andmakingtheserver

freezedown.

2. DomainNameSystemHijacking:Inthistypeofattack,allthetrafficthat

issenttotheserverisredirectedtoawrongaddress.Thisisdoneby

alteringtheDNSsettingsoftheserver.Thenewsettingscanpointoutto

theattacker’swebsite.

3. NetworkSniffing:insecureorunencrypteddatathattravelsovertheserver

andcanbeinterceptedbythehacker.Theinterceptedinformationcanbe

usedtodecodetheserverkeyandgainunauthorizedaccesstotheserver.

4. Phishing:thisisanothercommonwebserverattack.Inthisattack,theuser

mimicsthetargetwebsiteandcreatesareplicaofitwithasimilarweb

address.Theusersareencouragedtoclickonthelinktothefakewebsite

andentertheirlogincredentialsorbankinformation.Thisdatacanbethen

usedbythehackerinappropriatelybyaccessingtheserverusingtheuser’s

credentialsorusehisbankinformationtostealmoney.

5. Defacement:Thisattackinvolveschangingtheattributesofthe

organization’swebsite,inawaythatitdisplaystheimagesandcontent

thatisuploadedbythehijacker.

TheDangersofasuccessfulhackingattempt

Ifahackerissuccessfulinhackingthewebsiteandaccessingthecontent,itcan

causeimmeasurabledamagetothewebsiteparentcompanyortheuserswhoare

usingthewebsite.Someofthesedamagesarelistedbelow:

1. Lossofintegrityofawebsite:

Userswouldavoidusingawebsitethathasbeenhackedbyahacker.They

wouldfinditunsafetoentertheirbankinformationorimportantprivate

credentialsonthewebsite,ontheriskthatitmightbehackedagain.

2. Lossofreputation:

Sincethehackerscanchangethecontentofthewebsiteandputupany

typeofimagesandlinksonthere,itcantotallyruinthereputationofthe

website.Thehackersmightputuppornographiclinksorcontentthat

supportssomepoliticalorreligiousfactionswhilemockingtheothers.All

thisharmsthereputationofthewebsite.

3. Propagationofviruses:

Thehackercanforcethewebsitetodownloadvirusesandothermalicious

programsintotheuser’scomputers.Thisisaverydangerousactivityasit

putstodangerthesecurityofanunsuspectinguser.

4. Theftofinformation:

Thehackercanstealuserinformationfromthewebsite,andusethat

informationforillegalpurposes.Ifanysuchthingshappen,thewebsite

companymightevenfacelawsuitchargesfromtheuserswhosesecurity

wasputatrisk.

5. Piracy

Thehackerscanevenstealcontentsuchasmusic,videos,TVshows,

movies,etc.Fromthewebserversthatwasotherwisesupposedtobe

copyrighted.ThehackerscandistributeitforfreeovertheInternet

resultinginpiracy.Thisisamajorcauseoflossesforthecompany.Itcan

alsoleadtolaunchingcontentthatwassupposedtobelaunchedlater.

Toolsusedtoattackwebservers

Thesearethetoolsthatarecommonlyusedtoattackwebservers:

● Metasploit

● Mpack

● Zeus

● Neosplit

Howtomakesureawebserverisprotectedagainstattacks

Nowthatwehavereadtheimplicationsofasuccessfulwebserverhacking

attempt,itiseasilyunderstoodthatprotectingthesecurityofthewebserveris

veryimportant.However,withthedifferenttypesofattackspresent,howisit

possible?

Hereishow:

1. Managingsecuritypatches:Thewebserversoftwareandtheoperating

systemskeeponexploringbugsintheirproductsandrolloutupdatesto

effectivelycounterthosebugs.Thesesoftwareupdatesthatfixthebugs

andvulnerabilitiesinasystemarecalledpatches.Therefore,tokeepthe

webserversecure,itisimportanttoinstallallthelatestpatchesintothe

system.

2. Securityoftheoperatingsystem:Itisimportanttoinstalltheoperating

systemsecurely.Further,afterinstallation,theconfigurationneedstobe

secureaswell.Allusernameandpasswordsshouldbechangedfrom

defaultvalues,andpreventivesecuritymeasuresneedtobeimplemented

(antivirus,firewalls,etc.)

3. Securityofthewebserversoftware:Thewebserversoftwareneedstobe

installedsecurelyaswell.Theconfigurationshouldbedonesuchthatthe

defaultattributesarechangedtosecureones.Further,openaccesssettings

shouldbechangedtorestrictedonesothatonlyauthorizeduserscanmake

changesandruncommandsonthewebserver.

4. Firewalls:Firewallsareimportantandeffectivesecuritymeasures.Ifa

DoSattackiscomingfromsomespecificIPaddress,theFirewallcan

blockallthetrafficthatiscomingfromthatIPaddresstothewebserver.

Therefore,DoSattacksareprevented.

viruses,Trojansormaliciousprograms.Further,ifanymaliciousprogram

stillmanagedtogetthrough,theantivirusprogramshelpintheir

eliminationaswell.Therefore,theyareimportantinkeepingthesystem

secure.

6. RemoteAdministration:Remoteadministrationmeanstheabilityto

administerthewebserverremotelywithoutphysicalaccess.Thissetting

shouldbedisabledsothatanyhackercannotpenetratethesystemsecurity

behackingtheremotekey.

7. Unusedaccounts:Theremightbemanyunusedaccountsordefault

accountspresentonyourwebserver.Itisimportanttoremovethese

accounts.Theseaccountscanbehackedbythehackertoaccesstheweb

serverfilesystemorruncommandsontheserver.

8. Ports:Webservershavedefaultportsettingsthataregenericforthemost

part.Forexample,theFTPportisbydefaultatport21.Thisportisusedto

transferthefiles.Therefore,theportnumbershouldbecustomizedand

changedtoadifferentvaluesohackerscannotaccessit.

Chapter11–PenetrationTesting

PenetrationTestingisacoolthingtolearnforahacker,andgethimonthe

payrollofthelargestcompaniesintheworld.So,letustalkaboutthebasicsand

methodsofpenetrationtesting.

WhatisPenetrationTesting?

Penetrationtestingistheactivityofidentifyingthebugsandsecurity

vulnerabilitiesinacomputersystemoranapplicationbymakingthesystemgo

throughvarioushackingexploitationtechniques.Thisexploitationisdone

throughhackingmethodssimilartothoseahackerwoulduse.However,itis

donewiththecompleteauthorizationofthecompany.

Themotivebehindpenetrationtestingistounderstandtheweaknessesina

systemandremovingthembeforeahackercouldexploitthose.Thiscanprotect

confidentialdatalikeusercredentials,passwords,financialinformation,etc.

fromhackers.Further,itcanalsorestrictanyunauthorizedpersonfrom

accessingthesystem.

Thepersonwhocarriesoutthepenetrationtestingiscalledanethicalhacker.

Penetrationtestingisalsocalledpentest.

Alltheweaknesses,bugs,andvulnerabilitiesfoundthroughpenetrationtesting

arereportedbytheethicalhackertotheemployer(ownerofthecomputer

system).

Ifnovulnerabilitiesarefoundoutthroughpenetrationtesting,itmeansthatthe

systemissecureenough.Allthesecuritymeasuresareworking,andnonew

measuresareneeded.

TheReasonsforvulnerabilities

Therecanbemanyreasonspresentforvulnerabilitiesthatmightcallfortheneed

ofpenetrationtesting.Someofthesereasonsare:

1. Errorsindesign:Theremightbeerrorsinthedesignofthesoftware systemthatmighthaveleftsomeopeningsforhackerstoexploit,ormaybe putanydataatriskbyexposingittotheuser.

2.

Configuration:sometimes,theconfigurationsofthesystemneedtobe

alteredtoreducethechancesofanyoutsiderattackingit.Common

mistakesincludekeepingdefaultvaluestothelogincredentialsor

allowingpublicaccesstothedatabase.

3. Humanerrors:Sometimes,humancarelessnesscanalsocompromisethe

securityofacomputersystem,networkorsoftware.Theremightbe

criticaldocumentsthatweremeanttobedisposedofbutwereleftoutin

theopen.Theemployeemighthavesharedthelogindetailsonaphishing

site.Somepeoplesharetoomanydetailswithstrangers.Additionally,

therearealwaysinsiderthreatsthataimtobringintentionalruintothe

company.Allthesethreatsneedtobetakencareof.

4. Thecomplexityofthesystem:Generally,themorecomplexthesystem,

themorechancesofvulnerabilitiestherearepresent.Forexample,ifa

corporationemploysonecomputer,therewillbelittlevulnerabilitytotake

careof.However,whenalargenetworkofcomputersisemployed,and

therearealotofpeopleusingthem,thereareseveralvulnerabilitiesthat

needtobetestedandfixed.Similarly,ifweconsiderasoftware,themore

featuresinthesoftware,themorepotentialvulnerabilitiesithas.

5. Connectivity:Ifanorganizationisconnectingtoaninsecurenetworkorto

theInternet,thereisalwaysthechanceofhackershackingintothe

systems.Therefore,thesevulnerabilitiesneedtobefixedaswell.

6. UserInput:thedatareceivedbythecompanyfromtheuserscanalsobe

manipulatedbyhackerstohackthesystemofthecompany.

7. Lackoftraining:Iftheemployeesrunningthesystemsdonothaveproper

training,theywillalwaysmakemistakesthatcompromisetheintegrityof

theentiresystem.

8. Communicationchannels:Hackersgenerallytargetcommunication

channelsforretrievalofinformationthatcanenablethemtohackthe

system.Therefore,thecommunicationoftheemployeesoverthe

telephone,theInternet,socialmediachannels,etc.canbeusedtogain

confidentialdataaboutthecompany.

TheRansomWareAttack:Anexampleofwhypenetrationtestingisneeded

TheRansomWareattackisarecentattackinwhichhundredsofthousandsof

computersaroundtheglobeweretargetedbyRansomWare.RansomWareisa

maliciousprogramlikethevirus,wormsandTrojans.Inthisattack,the

confidentialinformationwasstolenfromthevictim’scomputer,ortheirsystems werelocked,andaccesswasprohibiteduntilaransomwaspaidtothehacker. ThisransomwassupposedtobeintheformofBitcoins.Thisattackwascalled

theWannaCryRansomWareattack,anditinfected230,000computersinover

150countries.

Theattacktargetedthebiggestcompaniesintheworldandeventhedefense

agencies.Thescaleofthisattackhasneverbeenseenbefore.

Thiscallsfortheneedofpenetrationtestingandethicalhackers,toputastopto

this.Withthehackingactivitiesontheriseonadailybasis,itisanessential

requirementforcompaniestoemploytheskillsofethicalhackerstosecuretheir

systems.

TypesofPenetrationTesting

Therearevarioustypesofpenetrationtesting:

1. SocialEngineeringtest:

Thistestinvolvestargetingtheemployeesofthecompanybytheethical

hacker.Itaimsatconvincingtheemployeesorluringthemtorevealsensitive

dataaboutthecompany.Itmightbedatalikepasswordsormaybeanything

thatisconfidentialandcriticaltothesecurityofthecompany.

Sincehumanerrorscomprisethemajorportionofthevulnerabilitiespresent,

thisstepisanessentialstepandmakessurealltheemployeesknowhowto

handlesituationslikethese.

2. Webapplicationtesting:

Thewebapplicationsofthecompanyaretestedbymeansofvarioussoftware

designedforthispurpose.Thismakessurethatnovulnerabilitiesarepresent.

Ifanyvulnerabilityisdetected,theyareimmediatelyfixed.

3. PhysicalPenetrationTest:

Inmanyfacilities,physicalsecuritymeasuresarenecessarytoprotect

secretivedata.Thesesecuritymeasuresmightbesurveillance,securitydoors,

accesscodes,etc.

Additionally,thehardwareofthecomputersystemshouldalsoberesistantto

anyvulnerability.Hence,allthenetworkdrives,accesspoints,etc.aretested

tofindanybugs.

4. NetworkServiceTest:

Thistestaimsatfindingentrywaysintothenetworkofthesystem.Itcantell

aboutthevulnerabilitiespresentinthesystem.Thistestcanbedonewithin

theorganizationoroutsideit.

5. Client-Sidetest:

Thistestidentifiesandexploitsvulnerabilitiesinsoftwareprogramsonthe

sideoftheclient.Thismakessurethatthesecurityisnotcompromisedonthe

client’spart.

6. Remotedialupwardial:

Thisattackinvolvestestingallthemodemsinthesystemenvironment.The

ethicalhackertriestologinintothesystemsthroughthemodems,withthe

helpofpasswordcracking,byusingguessing,dictionaryattack,orbrute

forceattack.

7. Wirelesssecuritytest:

ThistestinvolvesatcheckingthesecuritythroughtheWi-Finetworksinthe

environmentthatareopen,unauthorizedorinsecure.Thesystemsecurityis

testedthroughthem.

Chapter12–Cybercrime

Afterdiscussinghackingindepth,itisimportanttounderstandthelegality

behinditandtheconceptofcybercrime.

Cybercrimeisthecollectionofcriminalactivitiesthataredoneinthevirtual

computerworldinsteadoftherealworld.WiththeadventoftheInternet,the

spreadofcybercrimeismorethanever.

Herearethemostcommontypesofcybercrimeactivitiesthatarecommon:

1. Violationofprivacy:Privacyviolationinvolvesrevealingtheprivate

informationofathirdpartyovertheInternetorsocialmediachannels.

Thisinformationcouldincludetheemailaddressoftheperson,their

phonenumber,address,accountinformation,etc.

2. IdentityTheft:Identitytheftinvolvesthetheftofpersonalidentification

informationoftheperson,includinghisname,address,creditcard

information,etc.andthenimpersonatingthatperson.

3. DistributionofCopyrightcontent:Distributingcopyrightedcontentsuch

asmusic,movies,eBooks,software,etc.

4. Unauthorizedtransferoffunds:hackingintobankaccountsand

transferringfundswithoutauthorization

5. ATMFraud:ItincludesstealingtheATMcredentialsoftheperson,like

theATMnumber,CVV,pin,etc.Ifapersonhasthepossessionofsuch

knowledge,hecanuseittowithdrawmoneyfromthevictim’saccount.

6. DoSattacks:Denialofserviceattackswhichattackwebserversandeither

slowthemdownorcompletelycrashthem.

7. Spams:Spaminvolvessendingemailswithouttheconsentofthereceptor.

Spamemailsgenerallycontainadvertisementsormighthaveviruses

attachedtoit.

Mostdevelopedanddevelopingcountrieshavetheirowncyber-crimecellsor

cyber-crimedepartments,wheretheytackletheexistingcyber-crimeorpotential

cyber-crime.

Itisnotedthatthesesecurityagencieskeepaneyeontheentireworld’straffic

thatismovingaroundtheInternet.Anyillicitsearches,actions,DDoSattacks,

etc.aretrackedbytheseagenciestotheplacesoforigin.Therefore,ifahacker

hasulteriormotivesinmind,heshouldkeeptheseagenciesinmind.

Eventhesmartesthackersareoftenoutsmartedbytheseagenciesthatemploy

thebrightestoftheminds.Therefore,makesurethatyoudonotuseyour

knowledgeandskillsofhackingtoharmanybodyinanyway.

Conclusion

Hackingisanactivitythatthemostcuriousmindstake.Thesemindshavea

passionfortheknowledgeofcomputerscience.Mixedwiththeskillforproblem

solving,hackingcancreateamajorcareerforahackerinthefieldofpenetration

testing.Asmentionedbefore,everyInformationTechnologyCompanyemploys

ethicalhackers.Further,allthecompanieswhodotheirbusinessesoverthe

Internetemployethicalhackersaswell.Therefore,itisaskillindireneed.

However,mixthispassionforcomputersciencewithadestructivemind,anda

personcaneasilyendupbehindbars.Ihavestressedonitenough(andwillsay

itonemoretime)thataccessinganydatawithoutproperpermissionoftheowner

isanillegalactivity.Further,DDoSattacksonwebsitesorserversareillegalas

well.Therefore,atanypointinyouradventuresorwhenyouaretryingthe

knowledgepresentedinthisbook,makesurethatyouattainthepermissionof

theserveradministratorfirstbeforeyougoaheadandmakeyourfirstattempt.

Further,alwaysrespecttheprivacyoftheindividualonwhomyouaretrying

yourskills(withpermission).Ifyouhappentocomeacrossanydataorifyou

managetofindanyexploits,itisnotlegaltosharethatinformationwithathird

party.Therefore,don’tgoaroundpostingprivateinformationovertheInternetor

yoursocialmediachannels.

Withthatsaid,hackingisoneofthecoolestthingsinthishi-techworld.Ifyou

areahacker,rememberthatmostpeoplewanttobeyou.Also,alotofpeopleare

lookinguptoyou.

Soalwayskeeplearningandacquiringnewskills.However,alwaysmakesure

thatyoureffortsandknowledgeareaimedatthecommondevelopmentof

technologyasawholeandimprovementofsecurity.

TorBrowser

SecretsoftheDeepWeb,HowtoStay

AnonymousOnline,andSurftheWeb

LikeaHacker

Copyright2017by

Thisdocumentisgearedtowardsprovidingexactandreliableinformationin regardtothetopicandissuecovered.Thepublicationissoldwiththeideathat the publisher is not required to render accounting, officially permitted, or otherwise, qualified services. If advice is necessary, legal or professional, a practicedindividualintheprofessionshouldbeordered.

-FromaDeclarationofPrincipleswhichwasacceptedandapprovedequallyby

aCommitteeoftheAmericanBarAssociationandaCommitteeofPublishers

andAssociations.

In no way is it legal to reproduce, duplicate, or transmit any part of this document in either electronic means or in printed format. Recording of this publicationisstrictlyprohibitedandanystorageofthisdocumentisnotallowed unlesswithwrittenpermissionfromthepublisher.Allrightsreserved.

Theinformationprovidedhereinisstatedtobetruthfulandconsistent,inthat anyliability,intermsofinattentionorotherwise,byanyusageorabuseofany policies, processes, or directions contained within is the solitary and utter responsibility of the recipient reader. Under no circumstances will any legal responsibility or blame be held against the publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly.

Respectiveauthorsownallcopyrightsnotheldbythepublisher.

The information herein is offered for informational purposes solely, and is universalasso.Thepresentationoftheinformationiswithoutcontractorany typeofguaranteeassurance.

Thetrademarksthatareusedarewithoutanyconsent,andthepublicationofthe trademark is without permission or backing by the trademark owner. All trademarksandbrandswithinthisbookareforclarifyingpurposesonlyandare theownedbytheownersthemselves,notaffiliatedwiththisdocument.

-Allrightsreserved.

TableofContents Introduction Background

Chapter1:Protocols

Chapter2:AreyouBeingTrackedOnline?

Chapter3:HowtoStayAnonymousOnline

Chapter4:TheTorBrowser

Chapter5:SecretsoftheDarkWeb

Chapter6:HowtoSurftheWebLikeaHacker

Conclusion

Introduction

Afewwordsaboutthebook,“TorBrowser.”

ThisbookcontainsinformationvitalforthosewhowishtosurftheInternet

anonymously.

Beforeyoureadthisbook,youmustaskyourselfthefollowingquestions:

● HowmuchdoyouknowabouttheTorBrowser?

● HowmuchdoyouknowabouttheDarkWebandtheDeepWeb?

● Areyoucurrentlyanonymousonline?

Thisbooksetsaboutinformingyouoftheseaspectsinassimpleafashionas

possible.

Thisbookdoesnotconfusethereaderwithjargonandacronymsfromcomputer

science.Itexplainswhateachacronymis,andwhatitisabout.

It is authored for an intelligent layperson. You will learn a lot from it. Its contentsshouldmakeyouabitworried.

Itwilltellyouaboutcomputerbasics,generalonlinesafety,theTorBrowser,the

DarkWebandtheDeepWeb.

Ittellsyouwhattodoifyouwanttosurftheweblikeahacker.

Therearesomanythingsthisbookcando,ifyouonlytakethechancetoread

throughit.

Nowstartreading!

Background

Whatisacomputer?

Iamnotgoingtodelvetoodeeplyintothistopicasitisverycomplexandhas

manylayers.Itisenoughforyoutoknowacomputerisanelectronicdevice,

whichdoesintricatethingswithdata(information).Whilstasimpledefinition

maygiveyouabasicknowledgeofwhatacomputerdoes,itdoesnotevenhint

attheextenttowhichcomputersandelectronicdevicesaffectoureveryday

lives.Theyareeverywhereweturn,evenattheATMwherewedelveintoyour

bankaccount.Toacertaindegree,wetendtobelievethatallthesedifferent

interactionsarecarriedoutsafelyandwithourbestinterestsatheart.

Oneofthelargestandeasiesttoidentifywaysinwhichcomputershavebrought changeintoourlives,isbyexaminingtheimpactontheworkplace.Priorto computerization paperwork and information sharing, were the task of many differentindividualsconstantlytrackinginformation.Itisusedtocheckfigures andfilingallthepaperworkthiswouldgenerate.Now,ofcourse,acomputercan storevastamountsofinformationthatisreadilyavailabletovirtuallyanyoneat theclickofamouse.Itisthateasytoaccess.Filecabinetsandlibrariesarea thingofthepast.Jobsthatwouldpreviouslytakemanypeopleanumberofwork hourstocomplete,canbecompletedinamatterofseconds.

Similarly,withcomputersinformationandfilescanbesharedworldwidewitha

clickofabuttonleadingtoagreatermarketplaceandalessstructuredworking

day.

Factoriesareanothergoodexampleoftheeffectsthatcomputershavehadonthe workplace with computers replacing employees to do most aspects of the assemblyline.Therearemanypeoplethatdonotbelieveacomputercando workbetterthanacomputer,butinthisdayandage,acomputercanprocess moredataquickerthanapersoncan.Itisanadvantagemost,ifnotall,factories haveconvertedto.

Computerlanguages

Likecomputers,computerlanguagesareahugeandcomplexfield,whichyou reallydon'thavetoknowtoomuchabout,exceptknowingacomputerlanguage called JavaScript. With this language, many of the things you do with keystrokes,mouseclicks,etc.IfthiswereallthatJavaScriptdidtherewouldbe

noproblem.However,likesomanythingsthatpeoplecreate,thereisadark

side.Adarksidemanydonotknowistheretobeginwith.

ByusingJavaScript,hackers,businesses,andothersareabletogetaccessto thingsyouwouldpreferthatstayedhidden.Insomecases,youmaythinkthey arehiddenawayfromtheworld.However,thatisnotthecase.Everyonecanget any type of information that is posted online, even your most private of information. I will occasionally be talking about JavaScript, so do not be surprisedwhenIdo.Iwillrefrainfromanydiscussionaboutprogrammingin thisbookormentionanyotherlanguageasitcaneasilyconfusethosethatsonot haveitintheirrepertoire.

WhatisthedefinitionofServer?

Astrictdefinitionofaserver,isthatitisacomputerprogramthatdeliversstuff toothercomputers.Itcanrangefromthesimplestofforms,toyourentirelife story.Oftenthecomputerthattheserverprogramworksiniscalledaserver.Itis basicallyspeakingofhowcomputersjointogethersotheytalktooneanother.In otherwords,thiscanbecallednetworkingthecomputersaswell.Anetworkisa family of interconnected computers all striving for the same output as the original. Servers can provide various services, which include sharing data amongstmultipleclients.Serverslikethisonecansendvariedcontenttoward eachclient.Clientscanalsoutilizemultipleserversatthesametime.Typical servers are mail servers, print servers, app servers, database servers, game serversandfileservers. Whatthatappropriatelymeans,isthatacomputerora computerprogramcanmanagetoaccessacentralizedresourceorserviceinany particularnetworkthatitdeemsfit.

WhatisthedefinitionoftheInternet?

Theinternetarosefromanadvancedresearchprojectestablishedinthe1960’s

by the US department of defense. In order to do this, they collaborated in researchbetweenmilitaryandgovernmentlaboratories.Itiscalled,Arpanet,and atthetimeitgraduallyledtootherconnectionswithUSuniversitiesandother USinstitutionsforitsextendeduse.Indoingso,thisresultedinagrowththat wassobeyondexpectationitwasmindcripplingeventoponderabout.This systemalsoledtothedevelopmentofwhatweknowtodayastheInternet.Itis thesystemwescoureveryminute,withouttrulyknowingwhatwentintoits creation.Fewpeopleknowtheadvancedcodingittookforanyonepersonto makethisdreamareality.

Theexplosiveworldgrowththatwenowknowtodaywasfacilitatedbythe

developmentofthehypertext-basedtechnology,that’scalledtheWorldWide

Web,

Youmayseeonthenavigationpanel,WWW,whichisotherwiseknownasthe

WorldWideWebtomostofus,providesuswithandeasierwaytosearchand

navigatetools.Itisameanstodisplaytextandgraphicswithageneraleaseof

accessandusethatmeansofyournewcapableknowledgesothatyoucanall

makethemostofyourtimespentonline.

Thetermisoftenmistakenasareferencetotheinternetitself,buttheinternet predatestheWWWsignificantly.Intheearlydays,thefirstwebpagecreatedis nowlost,however,ifyousearchfarenoughthereisacopyofapagesent.In

1991bytheinventoroftheWWW,TimBerners-LeetoaPaulJonesinNorth

Carolina,youcansearchitandfindthatitistheoldestwebpageinexistence.It

wastakenofflineforsometime,butsoonitwasputbackonlinein2014.Itgives

you helpful links that help people navigate what was then a very small worldwideweb.Youmaynotthinkthisisuseful,butitis.Toknowtheway,they navigatedthesystembeforeitgrewtobeashugeasitistoday,isphenomenal.

The Internet is a global system of interconnected computer networks. The networksintheInternetexchangedatathroughacomplexprocesscalledpacket switching.Thereareprotocols(rules)thatmakethishappen.Itmaybehardto divest the knowledge, but once you get the hang of it, you will be able to properlydecodehowtheinternetwasinventedandwhyitwasinvented.

Anotherinterestingfactabouttheinternet,isthatnobodyactuallyownsit.It mayhaveacreator;someonethattooktheirtimetoproperlyputthenetwork together.However,thereisnoonethattrulyownstheinternetandallitentails. Justletthatlittletidbitofinformationsinkin.Possiblythegreatestinfluenceon society,thatthisworldhaseverseeninrecentmemory,hasnoowner.Nooneto claimtheyareoverit.Severalvariousorganizationsworldwideareresponsible foritsdevelopmentandabilitytofunction,butnoneofthemareabletofully take credit for its discovery. The high-speed fiber optic cables that are responsibleforthebulkoftheinternet'sdatatransportationareownedbyphone companiesintheirrespectivecountries,butthatisasfarasitgoeswhensaying someoneownstheinternet.Theydonot,theysimplyownthethingsittakesto keeptheinternetupandrunning.

Insummary,theInternetisasystemofnetworkscontainingmillionsofallsorts

of smaller domestic, commercial, governmental, etc. networks with all the servicesandinformationsuchasSMS,email,filetransferandallotherpartsof theWorldWideWeb(WWW).

Howdoestheinternetimpactourlivesonadailybasisevenwithoutusknowing

it??

TheIOT,whichisasimpletermmeaningfortheInternetofthings;itmaybea

simpleterm,butitisaconceptthatmanypeoplefindhardtoembraceevenin

todaystime.Manydiscussionsarebasedonfutureimpactinyearstocome

whilstalmostignoringthemanywaystheInternetofthingsalreadyaffectsour

dailylives.

1. Healthandexercise

GymsofthefuturefilledwithIOTgadgetscarefullymonitoringeveryaspectof ourdailyhealthmayseemtobeawayoff,butaretheyreally?Don’twealready haveavastarrayofwearabletechnologyalreadymonitoringourhealthand fitness? From the smart watch that can track your every step, every calorie burnedandmonitoryourheartwhilstdoingso(FitBit).Wehaveallofthese devicesaroundus,butwedonotreallylookintowhatallitentails;whatallgoes intomakingthosegadgetspossiblytowork.

Itnotonlyhelpsyoutostayinshape,butitkeepsatrackonotheraspectsof

yourhealthasitisperformingitsjob.Withrevolutionarygadgets,itisnow

possibletomonitorglucoselevelswithasmartphoneapp,whichcanbeessential

fordiabetics.Thiswaytheydonothavetopokethemselvesasmanytimesaday

toknowtheirreadings.Theycansimplyglanceattheirwatch,seeingwhattheir

bloodsugarlevelsare.

ThesecondgenerationIwatchandSimbandsalsoincludeheartratemonitors andotherhealthtrackers.Indoingso,itallowsdoctorstomonitorpatientsand providetheoptimumcarethatthepatientrequiresfromafar.Justimaginethe benefitsthatcanbegainedfromyourdoctorhavingtheabilitytoviewyour

statisticsona24-hourbasis,andthisisalldowntoapieceoftechnologyno

biggerthanawatch.

Theywillbeabletohelpyouwhileyouarenotintheirpresence.Theywillbe

abletosee,asitishappening,yourhealthstatistics,whethertheyaredeclining

orrising.Youwillnothavetokeepaloganymore.Youwillnothavetobringall

ofthatinformationwithyouwhenyouappearbeforeyourdoctor.Theywill

alreadyhavethatinformationsavedinafolderontheircomputers.

2. Pollutionandwastemanagement

Smartwaysofdealingwiththeproblemofpollutionandwastemanagement

include:Waterbee.eu,whichisasystemusedbyfarmersandotherenterprises

thatusehugeamountsofwatertoconservewater.Theydothisbymonitoring

thesoilandiftheyfinditisgettingtoomuchmoisture,theycanadjustthewater

usageaccordingly.Itisveryscientificinthataspect,butitwillsaveonalotof

timeandresourcesonceitiscomplete.

Also,onamoredomesticlevel,isadevicecallAirQualityEgg.com,inwhich monitorstheairqualityaroundyourhome,office,andthenwhenitgathers enough information, it analyses the data to help understand how different policiesareaffectingurbanpollution.Pollutionisourbiggestdownfallasa society,andtoknowtherearewebsitesouttherethatwillbeabletoexplainhow muchpollutionisinasinglearea,isbig.Youwillbeabletodeterminefor yourselfifthatareaisworthexploring,andallofthatisproducedbythesingle clickofabutton.

3. Aroundthehome

A“smarthouse”isoftenthefirstthoughtthatoccurstopeoplewhendiscussing IOT, maybe because this is possibly the biggest personal impact that smart technologicalgadgetscanhaveonanindividual.Somemaythinkitisahouse, likeonthemovietheyshowontheDisneyChannel.However,thatisfurthest fromthetruth.Asmarthouseisactuallyasecuritysystemthatallowsyouto monitoryourhomewhilebeingonline.

Youmaynotbelieveit,butitisalreadythenormforagreatnumberofpeople.

Thatis,ifyoucanfititintoyourbudget.Societythrivesontechnologylikethis.

Withtheabilitytoturnoffyourheatingandcooling,oryourlightsforthat

matter,whenawayfromyourhouseandthenturnitonbeforeyouarriveisa

greattoolinenergyconservation.Youwillfindwiththislittlegadget,thatyou

havelowerelectricitybillsandyouaresavingonresourcesyoudidnoteven

knowyouwereusingbefore.NotonlyisIOTprovidinggreathelparoundthe

house,butitisalsoahelpfultooltomanagethemonitoringofpetsandchildren.

Thesensorsthecompanyplacesaroundyourhomecanalertyouwhencertain

doorshavebeenopenedinyourhomeandcanthusgreatlyaidcaregiverswho

havehadtoleavethehousebyalertingthemtopotentiallydangerousactivities.

Itisalsoaneffectivetooltohaveagainstburglaries.Itwillletyouknowwhen

anintruderhasbeenspottedinyourresidence.Youwillbeabletoeffectively,

andsafelycontacttheauthoritiesandtakecareoftheperpetrator.

Also,anotherplusofthis,isifyouhaveanewbornbaby.Youcansignificantly

benefitfromIOTwithwhattheycall,“smartbabysleepsuits.”Thisisasuitthe

motherorfathercanplaceontheinfantthatmonitortheirsleeppatternsand

heartrate.Itcanevenalertyouifanyproblemsarise.Ifyouhaveanewborn

baby,youknowhoweffectivethislittlesuitcanbe.Youwillnotbeableto

continuouslypacktheinfantaround,andthusthissuitwillgiveyouthespecsof

thenewbornthroughdigitaluses.

Thenextitemthatiseffectiveforyoutoobtain,isasmartrefrigerator.By

havingasmartrefrigeratorinyourhome,youcanensurethatyoudonothaveto

makeasecondtriptothestorebecauseyouforgotsomething.Yourrefrigerator

cansensewhenyouarerunninglowonstaplefoodssuchasbutter,milk,and

eggsandcanaddthemtoyouronlinegrocerylists.Onmostoftherefrigerators,

therewillbeascreenlocatedonthefront,tellingyouwhenyouarelowonthese

certainitems.Itisgreatwhenyouareonthegoandhavetobeoutofthehouse

inahurry.Youcansimplyglanceatthefrontoftherefrigerator,anditwilltell

youwhatyouneed.

Youmaynotbelieveit,buteventhegardencanbenefitfromIOT.Thereare many products that range from a gutter cleaning robot to a remote-control systemtowateryourlawn.Youwillbeabletoremoteactivateitwhileyouare insideyourhome.KnowingtheseIOT’shaveitundercontrolwillguaranteethat youwon’thavetoworryaboutdoingthesechoresyourself.Youwillbeableto freeupyourscheduleanddootherthingsmoreimportant,likespendtimewith yourfamily.

4. Transport

Nowcontentwithimpactingourhomesandwork,IOTisalsoheavilyfeatured

inthefutureofourdailycommute.Yes,itiseverywhereasfarastheeyecan

see.Alreadyoursat-navsystemsareworkingwithrealtimetrafficconditions,

andfindingalternativeroutestoavoidstressfuldrivingconditions.Haveyou

everheardofaGPS?ThisisthedevicethatusesthattypeofIOT,sowecan

efficientlyandsafelygettoourdestination.ThatisthereasonaGPSneedstobe

updatedeverysooften.Becauseiftherearenewroadsandstoppingmechanisms

inplace,itwillnotknowaboutthemunlessithasbeenupdated.

Forthestreets,trafficlightsaresettobeabletomonitordifferentsituationsand

reactaccordingly.Forinstance,inthecaseofanemergencyvehicleapproaching.

Roadsensorswillbeabletocommunicatedirectlytoyourcardashboardand

informyourvehicleofanyhazardousconditionsahead,e.g.theturnonyourleft

inaquarterofamileisicysoslowdowntoavoiddanger.Youmaybelievethey

aretheretoharmourwayoflive,butinfact,itistheopposite.IOT’shelpusout

ofdifficultsituationseveryday.

Your commute to work can be altered by variables such as weather, road constructionandaccidentsonyournormalroute.So,byhavingyouralarmsetto detectthesevariablesitcanthenadjustyouralarmcalltoallowfortheextra timeneededforyourjourney.Ifthatisn’tenough,itcantheninteractwithyour dashboard and ensure that alternative routes are available. So, pretty much everythingissynchronizedtoanIOTinsomeformoranother.Justdon’tforget tosynchronizeyourcoffeemachinetomakesureyouhavethatmuch-needed cupofcoffeetokickstartyourmorning.

Smartphones are set to become everyone's portal to the Internet of Things ecosystem,andmoreimportantly,itisacompleteremotecontrolforourlives. Withtheultimatesmartphoneappsthatareavailabletoday,yoursmartphoneisa smartplatformwithwhichtooptimizetheappsthatarepertinenttoyourlife. Youshouldusethemtotheirfullcapacity.Justthinkofyoursmartphoneasthe ultimateUniversalRemoteControl.Anythingyouwouldeverneedisinthat phone.Youcandownloadtheapps,thenprogramthemwithwhatyouwantthem toaccomplish.Itiseasyandprettystraightforward.

WebServer?

Acomputerprogramwhichserveswebpagesiscalledawebserver. Aweb server,isaprogramthatusesHTTP(HypertextTransferProtocol)toservethe filesthatformwebpagesforusers.Adirectrequestcanleadtoaresponsethatis forwardedbytheircomputersHTTPclients. Considerationswhenchoosinga webservershouldincludethesecuritycharacteristicsinvolvedanditsabilityto workalongsideotherserversandoperatingprograms.Youdonotwanttochoose awebserverthatisknownforbeingglitchy,asthiscanleadtovirus’spreadon yourcomputer.Itcanalsoreachthefilesstoredonyourcomputerandcrash them.Thewebserverisreadbybrowsers,whichinclude,butarenotlimitedto, Firefox,InternetExplorerandChrome,theythenconvertthefilesintotextand imagesforyourinformation.Chooseyourbrowserwelltooptimizeyourinternet activityanditwillensurethatyouaregettingtheexactinformationyouare requesting.Asyouprobablyalreadyknow,eachbrowserisdifferent.Theyhave

differentcommandsthatdoamultitudeofthings.Themainfactoris,sincethey

socloselycorrelate,isthebecomeusedtothebrowsersbeforedoinganything

else.Youneedtomakesureyouhaveaccurateknowledgeofitandwhatitall

entails.

Aprogramwhichrequestswebpagesisalsocalledawebclient.Webclientis

anothertermforbrowsers.Otherexamplesofwell-knownbrowsersareApache,

Googlewebserver,andSafari.Yes,andeventhoughtheymaybewebbrowsers,

itdoesnotmeantheycandothesamethingastheothers.Thereareprograms—

websites—thatdonotworkforsomeofthewebbrowsers.Youmustbeableto

readthefineprintonthosewebsitestoseewhichbrowserworksbestforwhat

page.

WebPages

Thedefinitionofawebpageisverysimple.Allcomputerfileshaveaname whichfinisheswithasuffixsuchas.docx,.pdf,.jpeg,etc.Webpagesarefileson theInternetwiththesuffix.html,.com,.org,or.gov.Browsersarewhatyouuse toaccessthem.SuchfilesarethemostimportantpartoftheWorldWideWeb (WWW),whichisaveryimportantpartoftheInternet.Youusethesepages specifically to find what you are looking for. They are what bring your informationtoyou.

HTMLwasfirstusedin1989.ItwasfromthecreationofSirTimBerners-Lee,

whowasascientistandcomputerprogrammerattheEuropeanLaboratoryfor

ParticlePhysicsinSwitzerland.Everyonewastryingtofindouthowtomake

browsersworksystematicallywiththewebpages,andheistheonlypersonto

findoutthatyouneededanHTMLtobeabletogathertheinformationyouneed

tofind.

HTMLhasbeendevelopedalotsince1989,andatthemomentweuseHTML5,

which is the fifth version since its creation. Readers can expect further developmentofHTMLasnewusesforHTMLarediscovered.Rightnowthe

HTML5doeshavealotofperks,however,therearestilltimesthatyoucannot

findtheinformationyouarelookingfor,andthatisbecausethecodinggetslost

intranslation.Developersarehopingtogetthismattersolved,thatwaywhen

yousearchacertaintopic,youwillgetthedesiredresults.

TheJavaScriptComputerLanguage

Thetopicofcomputerlanguageswaspreviouslydiscussed,andJavaScriptwas

mentioned as being one of those computer languages. JavaScript is very importantfortheInternettoproducewhatitdoes.Youwillbetoldwhatyou needtoknowlater,butnoattemptwillbemadetoteachthispowerfullanguage toyou.Itissodiversethatitwouldtakeamillenniumtobeabletobreak throughtheoutsidebarrierofit.Itisthatcomplexofasystem.

JavaScriptandJava,Aretheythesame?

You may have heard about the Java programming language. This is a very powerfulcomputerlanguagewhichcanbeusedforaplethoranumberofthings. One of its most important current uses to date, is for creating apps for the AndroidOperatingSystem,whichrunsbillionsofnon-Appledevices.Whenyou turnonyourphoneandsearchtheinternet,Javaisoperatingthosesystems, makingitableforyoutodowhatyouwanttoonyourphone.

JavaandJavaScriptarecompletelydifferentcomputerlanguageswithonlya

similarityinname.Althoughbotharenottoodifficulttolearn,JavaScriptis

mucheasiertolearnandcanalsobeusedformakingappsbutwewillnotgo

intothis.

Chapter1:Protocols

Earlierinthisbook,referencesweremadeaboutprotocolsbeingthemeansof

whichcomputers'talk’toeachother.Humans,whentheyconverse,donothave

tobetoorigidintheuseoflanguage.Weallwillknowwhattheotherpersonis

sayingiftheysimplyconveytheirmessage.Thisisnotthecasewithcomputers.

Themeansbywhichcomputersconverseiselectronicallycontrolled.Theexact

natureofhowthisoccursisquitecomplicated.

Thefirststageinacomputerconversationis'handshaking.’Thisestablishesa connection between the computers. In simple terms, this means that the computersaregettingaconnectionbetweeneachother.TheirIPaddressesare synchronizing so they can make this happen. What happens after that is governedbyprotocols,whichapplytothedifferenttypesofInternetactions.In thiscase,suchasemail,SMSorwebsurfing.InformationsentovertheInternet usually involves the message being split into smaller packets, which are reassembled once their destination is reached. It makes it easier to get the messageacrosstotheotherside.Ifitdoesnotsplitupintomultiplepackets,then themessagecouldtakeyearstogetthroughtothecomputeritislinkedto.

TCP:TCPistheprotocolwhichsplitsthedataintopacketsfortransmission.It makesiteasierforthemtobesent.Uponbeingsent,itbreaksthemupintolittle packets.Andwhenitgetstotheotherside,beingdeliveredtotheclient,it reassembles them and ensures that no packets are lost in transmission. TCP standsforTransmissionControlProtocol.Itsacronymisprettyself-explanatory.

IP: IPstands for Internet Protocol, which directs information to the correct address.EverycomputerconnectedtotheInternethasitsownaddress.Thisisof greatimportancewhenwestartupdiscussionsonsafetyonline.IPdoesnot connecttocomputers.ThatisoneoftherolesofTCP.Itonlymanagestheroutes bywhichthepacketstravel.AnythingdonebythatIPaddresscanbeseenby othersiftheydigdeepenough.Theywillbeabletoseewhatyoudid,whenyou lookeditup,andhowyouwentaboutyourbusiness.Youcanwipethehard drive of your computer, but your IP address will continue to have that informationstoredonyourcomputer.

Pop3/IMAP:OneofthemostvaluedpartsoftheInternetisemail.Emailis

governedbyprotocols.TheprotocolforsendingemailisSMTP,whichstands forSimpleMailTransferProtocol.Theprotocolforreceivingemailiseither POP3, which stands for Post Office Protocol 3 or IMAP, which stands for InteractiveMailAccessProtocol.Youmaybelieveitisassimpleastheclickof abutton,buttherearemanyprotocolsthatgointosendingandreceivinga simplyemail.

HTTP/HTTPS:TheWorldWideWebisconstructedoffileswiththesuffix HTML. Web pages are governed by the protocol HTTP, which stands for HypertextTransferProtocol.Ifyoucopyandpastefromtheaddressbarofyour browser,thenyouwillinevitablyseeasentencewhichstartsHTTP://…Insome cases,moresothanothers,youmightseeHTTPSinsteadofHTTP.HTTPS standsforHypertextTransferProtocolOverSecureSocketLayer.Thismeans thatanytransmissionfromthispageisinanencryptedformandistheoretically unreadable.Wewillhavemoretosayaboutthislater.

FTP:ThisacronymstandsforFileTransferProtocol.Thiswillnotusuallyaffect you unless you upload material to websites using FTP programs such as FileZilla.

Thiscompletesaverybriefdiscussionoverthelistofprotocolsyoumightface

whenusingtheInternet.Thereisfarmorethancanbewrittenonthetopic.So

muchso,thatitwouldtakemorethansimplythischaptertoexplainthemall.

WhatIhaveprovidedyouwitharethemainfocalpointsthatsystematicallyhelp

theInternetdowhatitneedstodo.

Chapter2:AreYouBeingTrackedOnline?

Isyouronlineactivitybeingtracked?Coulditbeandyousimplydonot know?Itisacommonexperienceforsomeonetoclickonsomethingonaweb pagethatintereststhem:abook,apieceofclothing,amusicfile,etc.Oncethis is done, you will find ads starting to pop up in all sorts of places such as Facebook,email,Googleetc.

Youmayfindthisanabsolutenuisanceandputinanadblocker,whichcanhelp,

butitcanalsocreatesomeproblemsforyou.Thereasontheactofclickingon

thatitemproducedtheflurryofadswasthatyouronlineactivitywasbeing

trackedeventhoughyoudidnotrealizeit.Therearepeoplethatsetupblocks,so

whenaparticularitemisclicked,thentheywillknow.Alloftheirprocessed

information,suchaswebpageswillthenbegintoattackyourcomputer.

Oneofthethingsthathavebeenpredictedistheriseofindividualizedprices.

Thefactthatyoupaidalotforaclothingitemmaybetakenasasignthatyou

willpayalotforotherthings.Youmaydecidetobuysomemusicandtheprice

youarequotedwillbehigherthanthepricetosomeoneelsewhoisbelievedto

beworthless.

Brickandmortarcompaniesarealsogatheringinformationaboutyou.Ifyou

havealoyaltycard,theneverytimeyouuseitwhenyoumakeapurchaseyou

willfindinformationaboutthatpurchaseisbeingsecretlyrecorded.Youcan

expectemailsorothercommunicationwithinformationaboutotheritems,which

wouldpossiblyinterestyou.

Anotherfactpeopledon'tknowisthatsomeshopstrackpeople'sWi-Fisignals

andseewhataislestheymaybrowsethrough.Thisinformationispredominantly

usedwithintheshoptohelpdecideonthedisplayofmerchandise.Ifyoudonot

wanttohelptheshopfindoutwhereyougo,thenswitchyourdeviceoffbefore

yougointotheshop.

Thedatabeingcollectedmaybethingsyouhaveenteredyourselfsuchasname, address and credit card details. Other information is also available to be harvestedsuchasdetailsaboutyourdevice,thesitesyoufrequent,youronline activityandotherthings.

Thereareotherwaysinwhichtrackingisbeingpracticed.Adefensegiantcalled RaytheonhasdevelopedapieceofsoftwarecalledRIOT.IttargetsFacebook andbuildsapictureofapersonofinterest.Itfocusesonsuchthingsaslogins, longitudes, latitudes, other details from photographs, and a number of other thingswhichenableapatterntobebuiltup.

Inthepast,suchtrackingwasquitedifficultandsoonlytargetsofinterestwere tracked.Now,withthedevelopmentofbigdataandtheartificialintelligenceto enable patterns to be discerned in this big data, it is sensible for mass surveillancetooccur.

The idea behind this is that by finding the patterns of behavior of ordinary people,thebehaviorofthoseofinterest:thecriminals,childabusers,terrorists etc.willbemoreclearlyrevealed.Theargumentisputforwardthatifyouhave nothingtohidethenyouhavenothingtofearandthismightseemreasonable.

However,ifthedatatrawledbysoftwaresuchasRIOTfallsintothewrong

handsthenseriousproblemscouldariseforcompletelyinnocentpeople.

Thereisanothertechnologybeingusedbythosewhowishtotrackyouonline.It is totally different to the ideas of RIOT. The method is called canvas fingerprinting. It is based on a really clever idea, which is that individual computershavefingerprints,whichareunique.

Thecanvasfingerprintingprogramgetsyourcomputertosendapictureofsome

text.Eachcomputer'stextisuniquetothatcomputer.Thistechnologyisactually

atrackingofthedevice,ratherthanaperson.However,ifonlyonepersonuses

thedevicethenitis,inreality,acheckontheperson.

Sites ranging from YouPorn to the White House have used this technology. YouPorn claim they no longer use it. The existence of these two different technologiesandothersimplythatyouwillalwaysbetrackedwhenyougo

online.Itisbelievedthatatleast5%ofthetop100,000websitesusecanvas

fingerprintingincludingUSandCanadiangovernmentsites.

Allsortsoforganizationsdothetracking:socialmedia,cellphonecompanies,

emailservices,cellphoneapps,searchenginesetc.Alloftheseorganizationsare

compilingrecordsofyouronlineactivity.

Thiscompilationmayseemquiteinnocent,butifyourinformationfallsintothe wronghandssuchasagovernmentspyorganizations,themafiaorothercriminal group or even a snooper, there could be disastrous consequences such as

wrongfularrest,identitytheft,onlineransometc.

Therearewaystopreventthisinformationfrombeingavailable.Itisthepurpose of this book to discuss these. Various methods of online privacy will be discussedwithparticularattentionpaidtoonemethod,whichistheuseofthe

TORbrowser.WewilldiscussthisbrowserthoroughlyinChapter4.Inthenext

chapter,wewilldiscussonlineprivacyingeneral.

Chapter3:HowtoStayAnonymousOnline

IP Address: Earlier, reference was made to the unique address that your computerhaswhichiscalledtheIPaddress.Thisisauniqueidentifierforyour

computer.Therearetwoversionsofthis-theIPv4andtheIPv6.Thenumberof

numbers that were possible with IPv4 ran out and so the IPv6 came into

existenceduring2015.Youdon'thavetoknowthedetailsoftheseidentification

numbersunlessyou'reinterested.Justremembertheseaddressesexistandareof

greatinteresttopeopleandorganizationsthatwishtotrackyouwhileyouare

online.

Mac Address: Another series of numbers, which is associated with your computerandwhichshouldbehiddenordisguisedistheMacaddress.This identifiesthenetworkadapter,whichisonyourcomputer.Itiscomposedofa numberofpairsofnumbersseparatedbycolons.Ifyouareinterestedyoucan GooglethemeansbywhichyoucanfindyourMacaddress.

Inthiscontext,MacdoesnotrefertoaMacintoshcomputer.Itreferstothe

MediaAccessControladdressofyourcomputer.Allcomputers,whetherthey

useWindows,Macintosh,iOS,AndroidorLinuxoperatingsystems,willhave

theseiftheyconnecttotheInternet,whichnearlyallcomputersnowadaysdo.

LiketheIPaddress,theMacaddressisofgreatinteresttothosewhowishto

trackyouonline.

Thepreviouschapteridentifiedreasonsforpreventingothersfromsnoopingon

youronlineactivity.IfalargeorganizationwithvastresourcessuchastheCIA

wantstotrackyou,theywillandyouwillhavetobeincrediblyclevertoavoid

this.Despitethis,hereareafewtipsforbeingasanonymousaspossible:

1. UseprivatesessionswhenyousurftheInternet.Allcommonbrowsers

suchasFirefox,Chrome,andSafarihavethisability.Beawarethatsuch

privatebrowsingreallyisonlyofdomesticuse.Eveninaworkorschool

situation,thenetworkadministratorwillseewhatyouareuptoonthe

Internet.

2. Logins:Usedifferentpasswordsfordifferentsites.Thisisanuisancebutit

isfarpreferabletohavealotofpasswords,andpossiblyanotebookto

keeptheminthantohaveyourcreditcardusedbyahackerformakinga

$10,000purchaseinManila!

3. Deleteallcookiesanddeletethemoften.Cookiesaretinyfilesthatmany

websitesplaceonyourbrowserforavarietyofreasons,mostofwhichare

innocent.Again,thisisonlyofdomesticuse.Don'tthinkthatbecause

you'vedeletedcookiesthatyouaresafeonline.

4. Don'tletyourbrowsersendlocationdata.Ifyoudonotwantyourlocation

knownthenthisisano-brainer.Allmajorbrowsershavetheabilityto

preventthemsendingyourlocationdataforward.

5. Don'tletGoogletrackyou.Googleisaverygoodsearchengineandis

usedbythevastmajorityofInternetusers.However,itisbetterifyou

preventGooglefromtrackingyou.Ifyoudon'tdothis,youwillbeatthe

mercyofadvertisers.Lateron,wewilltellyouabouttheEpicbrowser

whichstopsGoogle'stricks.

6. Set social media, such as Facebook, Twitter and Linked In, privacy settingstogiveyoumaximumprivacy.Itisfrighteningtodiscoverthe amountofpersonaldataavailableonsocialmediasitessuchasFacebook and Twitter, this is the price you pay for using a free service, try on FacebooksettingsdownloadingacopyofyourFacebookdataandyouwill seeeveryactivityyouhaveeverdoneonFacebookrecordedinyourdata history.Therearesimilarlevelsofdataharvestingopportunitiesonall social media sites and the only way to prevent this happening is by deletingyouraccountscompletely.Evende-activatingwillnotclearthe informationmerelyputitintohibernationshouldyouwishtore-activate youraccount.

7. Useanadd-onsuchasPrivacyBadgertoblocktrackers.PrivacyBadgeris abrowseradd-ontoolthatdetectssitesthatmaybetryingtotrackyour activitiesinanobjectionableandnon-consensualmanner,yourcopyof PrivateBadgerwillkeepanoteofanythird-partydomainsthatareactive onthewebsitesyouvisitthatmaytrackyouwithoutpermissionbyusing cookiestocollectarecordofyouronlineactivities.PrivacyBanditwill disallowcontentfromallthird-partytrackerunlessthethird-partydomain playsanimportantpartinthemake-upofthewebsitesuchasembedded maps or images. In cases such as these Privacy Badger will allow connectionsbutwillremovepotentiallydangeroustrackingcookies.

Otheradd-ontoolsareavailablesuchasAdBlockPlus,AdBlockultimate

andTinfoilforFacebook,itmaypayofftocheckouttherightsoftware

thatfitsyourstyleofsurfing.

8. DisableJava,JavaScriptandallplug-insthatyoudonotuse.Because

JavaScriptissowidelyusedonwebpages,thismaybeimpossibletodoin

allcases.Ifyougototravelsites,whichoftenusealotofJavaScript,be

verycareful.

9. Use the Epic browser. This is a form of Chromium, very similar to Chrome,whichhasmanyofthefeaturesendorsedbeforebeingincludedin thebrowser.Italsorevealshowmanytrackerstriedtofollowyoueach day. This browser is quickly becoming one of the most popular web browsersandisincrediblypopularamongstthepopulationsofChinathe USandNigeria.

WhenusingEpicdataisautomaticallyencryptedandsoactivitiesarenottracked

andisagreattoolforanyonewishingtoaccessinformationthatmaynotbe

approvedby,forinstance,localgovernment.AlsobyusingtheEpicbrowser,

thoseannoyingadvertsthatarerifewhensearchingonlineareblockedandthis

meansthatyouarenotforevertryingtogetthemoffyourscreen.Onedownside

tosearchingusingEpicisthespeed,typicallywhensearchingforthepagesyou

arelookingforusingEpicyoumayseeaslightlyslowerresultandthepages

maytakelongertoload,asmallpricetopayfortheaddedsecurity.Considering

thisisafreedownloaditisagreattooltoaddtoyouronlinesecurityarsenal.

EpichasbeenhavingamassivebattlewithGoogle,whodependontheirability

toselladsforalargepartoftheirrevenue.Googlehasdoneitsbesttodestroy

Epic.TheirbehaviorinthismatterisveryreminiscentofotherITgiantswhen

anythingthreatenstheirgoldmine.

GiventhatGooglehasalmostlimitlessresources,thisisverymuchaDavid

versusGoliathsituation,soinadditiontoinstallingthisbrowser,Idohumbly

suggestthatyoucarryoutalltheothersuggestionsmentionedpreviouslyin

orderthatyoucanbeonlineanonymously.

InadditiontoitssterlingworkinpreventingyoufrombeingtrackedbyGoogle,

Epichasabuiltinamethodofstoppingcanvasfingerprinting,amethodof

trackingdiscussedinthelastchapter.

10. UseaVPN.ThisstandsforVirtualPrivateNetwork.Ifyoureallywant

privacy,bepreparedtopayfrom$5to$10amonthfortheuseofagood

VPN.

AVPNisaprivateserverthatdoestheworkontheInternetthatyouaskit toinsuchawaythatyourIPaddressishidden.Oneofthemostuseful features of VPNs is that normally if you go to a web page using the HTTP://protocolandyousubmitapasswordorcarryoutothersecret processes,thentheInternettrafficresultingfromthisisnotencrypted.If youuseaVPN,thenallsuchactivitythatyoumaydoonyourbrowseris automaticallyencrypted.Itisasthoughtheprotocolwashttps://

VPNsaretreatedwiththegreatestsuspicionbyUSauthorities.IfaVPN serverisbasedintheUSA,itisfarmorelikelytobecompromisedthan onebasedinothercountriessuchasSwedenorGermany.Despitethis,if yourwishforanonymityissothatyoucanviewchildpornographyor practice terrorism, then you will eventually get caught. The means by whichonlineactivityistrackedisforeverbecomingmoresophisticated.

11. MacSpoofer:MAC(Mediaaccesscontrol)addressesareuniquetoeach deviceandcaneasilybetracked.Inordertomitigateagainstthis,youcan useapieceofsoftwarecalledaMacSpoofer.Thereareanumberof reasonstochangeorspoofyourMACaddress,themostobviousbeingto avoidnetworkrestrictionsandgivingyouadditionalprivacy.

AnotherbonuswithaspoofedMACaddressisthatitcanpresentaviable solutiontoabrokenrouter,byusingaspoofedMACyoucanstillgain accesstotheinternet.InordertochangeyourMACaddress,youshould open your start menu, select your control panel, after launching your control panel then click on the network and internet option. Click on networkandsharingcenter,usuallythefirstoptionavailableandthenclick on it, this will lead you to your communication/network setup and connections,selectchangeadaptersettings.

Select local area connections and click on properties and then on the Configureoption,fromtheconfigurewindowlooktothetoprightofthe windowwhereyouwillfindtheAdvancedoption,clickonthis,underthe AdvancedoptionsyouwillseeasmallerwindowheadedSettings.Scroll downuntilyouhitLocallyAdministeredAddress,clickonit.Looktothe textthatwillbeinayellowbackgroundandsearchforthetextthatwill roughlymatchChangetheMACaddressusedbythenetworkadapter. RightnexttotheSettingswindowisaboxmarkedValue.Youwillbe

typinganewcombinationofcharacterstospoofyourMACaddress.

It is worth saying that before you change the MAC address it would benefityoutocheckthecombinationofyouroriginaladdress.Sonowgo backtotheStartmenuandclickonitandtherewillbeasearchbaratthe bottombelowAllPrograms.Inthissearchbartypecmdandthenlookto thetopofthesearchresultsandyouwillspotsomethinglabeledcmd.exe, clickonit.Anewwindowwithablackbackgroundwillappearandwill contain some text, there will also be a blank underscore that will be flashingonandoffthisiswhereyoushouldtypeingetmacandhitenter. ThiswillresultinalistofPhysicalAddressesappearing,thefirstofwhich isyourcurrentMACaddress.NowpulluptheAdvancedoptionswindow andindoingsoyoucanchangeyourMACaddresstoanewoneandby following the format of your original address which will have 12 charactersintotal.

YoucanuselettercombinationsfromA-Fandanynumbers,sounder Valueenteryournewaddressbutremembertomaintaintheformat,for

example,ifthefirst4charactersareA3-E2thenyoucanchangethemto

E1-D2,byrepeatingthiswithall12charactersyouensureyoukeeptothe

formatrequired.Okay,thefinalstepistopressOKonthebottomofthe window,theAdvancedoptionwindowwilldisappearfromyourscreen andtherewillbemovementintheLocalAreaConnectionandforashort whilearedcrosswillappearnexttoLocalAreaConnectionsandwill displaythewordDisabled,thismerelymeansthatthesystemisregistering achangeandafterafewsecondsthiswilldisappearandyourLocalArea Connections will be Enabled. Congratulations, you have successfully spoofedyourMACaddress.

12. GettheTORbrowser,youwillnotbedisappointed.Thisisthemaintopic ofthisbook,soIwillnotbesayingtoomuchaboutitnow.Thenext chaptercontainsinformationaboutit,howtoinstallitanduseit.Youwill begratefulthatyoudid,becausethenyouwillactuallybeabletobrowse theinternetandbesafeaboutit.

Inaddition,alwaysmakesureyourantivirusandanti-Malwareprogramsare

stronganduptodate.BelowIwilltrytoexplainthedifferencebetweenthetwo

andwhatstepsyoushouldtakewhenchoosingthebestproductforyouandyour

computer.

So,whatisavirusandwhatismalware??Well,malwarecoversawholerange

ofnastiesthatcanaffectyourdevice.Spyware,thatissoftwarethatisdesigned

togatherinformationwithoutyourknowledgeandalsopassonthisinformation

tootherparties.Adwareisanotherformofmaliciousmalwarethatisdesignedto

generateadsinordertocreaterevenueforitscreator.TheTrojan,assuggested

bythename,isaharmfulprogramthatwillaccessyoursoftwarebymisleading

theuserofitstrueintentandaregenerallyspreadbysocialinteractionmaybean

e-mailattachmentthatcontainsaroutineform.

Avirus,ontheotherhand,isapieceofcodethatcancopyitselfandcauseharm

toyourdevice,sowhilstallvirusesareclassedasmalware,notallmalwareare

viruses.

Themaindifferencebetweenantivirussoftwareandanti-malwareisthatananti-

virusprogramismorelikelytotargettheoldermoreestablishedthreatslike

Trojansandviruseswhilsttheanti-malwaresoftwarewillbeadaptedtofocuson

neweruptodatethreats.Whilstyouranti-virussoftwareisworkingawayto

combatthreatsfrommalwareyoumaycontractfromtraditionalsourcessuchas

emailoraUSB.

Whichshouldyouuse??Thesimpleansweristorunthetwoprogramssideby

sideaswhenyoutryandcombinethetwoelementsyoulosecertainaspects,and

sinceanti-malwareismostlylightweightandeasytorunitisalsodesignedto

workalongsideanti-virusprogramstogiveyoulayeredprotectionagainstboth

virusesandmalware.

Thebesthealthcareplanforyourcomputercouldincludeananti-virusproduct suchasBitdefender,NortonbySymantecorKasperskyAnti-viruswhicharethe

topthreelistedfor2017byPCMag.Foraneffectiveanti-malwareprogramtry

HitmanPro,Malwarebytes,ZemenaorEmsisoft.Afinalbitofadvicewhen

choosingyoursoftware,nevertrustunknownmalware/adwareorvirusremoval

toolsastheycanalsoinfectyourcomputerandleadtothetypeofproblemsyou

areseekingtoguardyourselfagainst.

Chapter4:TheTorBrowser

TORistheabbreviationforTheOnionRouter.Atfirst,itwasaglobalnetwork

ofservicesdevelopedbytheUSmilitarysothatInternetbrowsingandusecould

beperformedanonymously.TORsendsInternettrafficasrelaysthroughaglobal

networkofthousandsofserverstohidethelocationandactivityofaclientfrom

surveillanceandtrafficanalysis.

TORservers,whichprovidetherelays,arerunbyvolunteerskeentoprotect onlineprivacyandsecurity.Ratherthanadirectconnectionwiththesourceor destinationoftheircommunication,usershavetheirnetworktrafficpassthrough a large number of servers. The effect of this is to greatly confuse potential trackers.

AnyonewhowishestokeeptheirInternettrafficoutofthehandsofadvertisers,

journalistsandothers,willbenefitfromtheuseofTOR.Itisofgreatusefor

undercovercopsworkinginsidecriminalorganizations.Itmakesittowherethe

copsarecompletelyundetectableastheycontinuetheirresearch.

TORisaveryusefultoolforfightingcensorship.Itpermitsuserstoaccess

destinations,whichmightotherwisebeblocked.Thisisdonewhiletheprivacy

oftheuseriswellpreserved.Somefoolishlyregardthewishforonlineprivacy

asanindicationofinvolvementinchildpornographyorterrorism.

Nothingcouldbefurtherfromthetruth.Ajournalistlivinginadictatorship

wouldneedonlineanonymityinordertoprotecthisorherfreedomandpossibly

life.Theywouldneedthisanonymitytoprotecttheirsources.

TORisofgreatuseinthedevelopmentofanewmeansofcommunicationwith

inbuiltprivacy.Ontheregularweb,nothingisprivate.However,withTOR,you

willbeabletosurfthewebprivately,nothavingtoworryaboutanyonefinding

outwhatyouaredoing.

TORhaswhatarecalledhiddenservices.Thisallowsusersofthenetworktoset upchatrooms.Inthesechatrooms,frankdiscussionscantakeplaceonmatters such as rape, domestic abuse, all sorts of illnesses and whistleblowing. Information, freely exchanged, which could be of great use to insurance companies,bigbusiness,andthemedia.

IfsomeoneisusingTORandsomeonetriestotrackthem,thenallthatthe

trackercanseearerandompointsontheTORnetwork.Theuser'scomputer

cannotbeidentified.Itwillsaveyoufromgettinghacked,whichisaproblemin

today’ssociety.Youwillbeabletobrowsetheweb,withoutworryingabout

whetheryouwillbeattackedornot.

Inordertousethisnetwork,itisnecessarytodownloadtheTORbrowserandto

installitonyourcomputer.UsingtheTORsystemmakesforslowerbrowsing

thannormalduetoalargenumberofrelaysthatsignalspassthrough.

TheseservicesareonlyavailabletoTORuses.Sadly,theseservices,although possiblycreatedforthenoblestofreasons,havebeenhorriblyabused.Various sitessuchastheSilkRoadwhosepurposewasthesellingofillicitdrugsorthe sitewhichwasbustedbytheFBIinvolvingthelargestchildpornographyring thathasbeendiscoveredsetverybadexamples.Despitetheseproblems,TOR has been endorsed by such organizations as Indymedia for protecting their journalistsandtheElectronicFrontierFoundationforupholdingonlineprivacy.

SomelargecorporationsuseTORcommerciallyinordertoanalyzethebehavior

ofcompetitorsaswellastoshieldtheirownactivity.TORisbetterthanmost

VPNsasitisimpossibletodeterminethetimingorquantityofacommunication.

TORisstillusedbytheU.S.Navyanditisusedbylaw-enforcementagencies during many operations where it is important not to leave a government IP address.

ThemorepeoplewhouseTORthebetterandthemoresecureitbecomes.Any

user'snetworktrafficishiddenamongthetrafficofothersusingthenetwork.A

typeoftrackingtool,whichTORprotectsauserfrom,iscalledTrafficAnalysis.

Thiscunningmethodprovidesknowledgeofthesource,thedestination,thetime

andthequantityofacommunicationandallowsdeductionstobemadeasto

whoiscommunicatingwithwhom.

Trafficanalysisworksbyfocusingontheheaderofadatapacket.Datapackets

havepayloads,whichcouldbeanemail,avideofileoraPDFdocument.The

payloadisencryptedoftenbuttheheaderisnotandthereinliesavulnerability.

Cleveranalysisofheaderscanrevealawealthofinformationsuchasthesource,

destination,timeandsizeofthepayload.

Aproblemforthosewhowishforprivacyisthatitisessentialforthecomputer

ofthosewhoreceiveyourcommunicationtogettheinformationcontainedinthe

header.Thisinformationcanbeobtainedbyothersusingsophisticatedsoftware.

TheseothersincludeISPs,law-enforcementagenciesiftheyaretrackingyou,

andothertrackers.

TORreducestheriskofdetectionbyalltypesoftrafficanalysisthroughits distribution of communication through multiple servers, the idea being to deliberatelypreventtrackersfromknowingwherethecommunicationhascome fromorwhereitisgoing.

Themeansbywhichthispathofnodesorserversisconstructedisveryclever.It

isdoneserverbyserverwithencryptionasitgoesalong.Noserverorrelay

knowsthecompletepath.

CompletionofacircuitallowsallsortsofapplicationstobeusedontheTOR

network.TORonlyworksonTCPcommunication,whichhasSOCKSsupport.

SocksisanInternetprotocolwhichexchangesdatabetweenaclientandserver

throughaproxyserver.Thisisaserverthatisalinkbetweennetworks.

TORisbrilliantbutitisfoolishtothinkthatifyouuseityouarecompletely

anonymous.Ifyou,foranyreason,cometotheattentionofthelaw,thenthey

willeventuallygetyou.AllTORcandoisslowdownthisprocess.

OneofthewaysinwhichorganizationsliketheFBIusetheTORnetworkto

catchthebadguysistojoinTOR.TheservicesofFBIserversareusedaspartof

theTORnetworkunbeknownsttoTOR.

Despitethis,thebigarrestsofthechildpornographers,whichwasmentioned

before,wasnotdoneviathisroutebutbytheinjectionofmalwareintothe

browserofsomeabuserwhohadlethisguarddown.Thebrowseristheweak

pointasregardslawenforcementandothertracking.Attacksonthebrowserare

called“ManinTheMiddle”attacks.

Law-enforcementagencieshavetobeverycarefulhowtheyoperatebecausethe

usersofTORareamongthemostcomputersavvypeopleintheworldandifit

becameobviousthatlaw-enforcementwastargetingtoomanyofthemthenthey would take countermeasures which would make TOR users much safer and

consequentlythetargetsofthelaw-enforcementmoredifficulttocatch.Law-

enforcementisconsequentlyverycarefultocoveritstracksandonlygoafterthe

realcriminals.

Next,wediscusshowtoinstalltheTORbrowser.

The TOR browser is a version of the open-source Firefox browser. The installationofthisbrowserisquiteeasy.Google,'downloadTORbrowser.’You willcometothedownloadTORwebsite.Clickonthatandfollowinstructions. YouwillreceiveamenuofTORdownloadsforthevariousoperatingsystems thatare,ofcourse,Windows,Apple,Linux,smartphonesandonelabeledsource code.

Picktheoneyouwant.AssumingyoupickedWindows,youcanselectthefolder

thatyouwanttoplacethebrowserin.Onceyouhavedonethat,pressinstalland

theprocessofinstallationisautomatic.

Thereisonefinalwindowyouhavetoworkon.Presstheupperbuttonunless

yourInternetconnectioniscensored,filteredorproxied.Mostofusjustpress

theupperbuttonwhichsaysconnect.Thebottombuttonsaysconfigure.Besure

andreadthewarningsontheTORwindow.

If you press to connect, the connection is not instantaneous but when it is complete, you should have a green window with some safety warnings and informationabouttheTORproject.ToensurethatyouareconnectedtotheTor network,putwww.whatismyip.cominyouraddressbarandpressenter.

Youwillnoticetheslownessofthebrowserincomparisontotheusualspeedof

FirefoxorChrome.PayparticularheedtothewarningsthatTORurgesyouto

follow.OneofthemisthatyoushouldnotTorrentwhenyoudownloadfiles.If

youdothatwhendownloadingafile,itwillgiveavirus,orahacker,easier

accesstoyourcomputer.ThenextchapterwilldealwiththeDeepWebwhich

theTORbrowserisspecificallydesignedfor.

Chapter5:SecretsoftheDarkWeb

Darkweb:ManypeopleconfusetheDarkWebwiththeDeepWeb.Thedark

web,referstotheencryptednetworkbetweentheserversofTORandthose

usingthem,theclients.

Ontheotherhand,theDeepWebiscomposedofallthefilesontheInternet, whichcannotbeindexedbynormalsearchenginessuchasGoogleandBing.

TheDeepWebhasbeenestimatedtocomprise99%ofallInternetcontent.

Thereareestimatesthatitcomprises7500Terabyteofdata.

MostmaterialontheDeepWebisnotveryinteresting.Forexample,newspapers maintain Deep Web databases of stories that are not published. Much other equally boring data exists. For instance, the sales records of the billions of transactionscarriedoutbybusinesseswouldbeonDeepWebsites.TheDeep Webismainlybenignandboring.

TheDarkWebisfarmoreinteresting.Justaboutanythingyoucouldwantis

availableontheDarkWeb.Amongthethingsthatyoucanget:

1. Bannedbooks.

WhilstmostpeoplebelievetheDarkWebisfilledwithpornography,drugsand all things criminal it is a lesser known fact that there are an awful lot of

bibliophilesontheDarkWeb.In2011TheDreadPirateRobertswhofounded

theoriginalSilkRoadbeganhisdrugbazaarbookclubandisquotedassaying, “Knowledge is power, and reading is one of the best ways to expand your knowledge. Each week we will select a reading designed to expand our understandingsoftheissuesthatfacetheSilkRoadcommunityandhavea groupdiscussionofthismaterial.Myhopeisthatahighlevelofdiscoursewill befostered,andasacommunity,wecanbecomestronginourbeliefs,witha coherentmessageandvoiceastheworldbeginstotakenotice.”

Andofcourse,theworlddidtakenoticeandRobertswasarrested,notforhis

bookclub,butfordrugtraffickingandmoneylaunderingcharges.SilkRoadwas

closedanditsbookclubwasnomore.Buttheywerenottobesilenced,onlya

monthlaterandSilkRoadwasupandrunningagain,aswasthebookclubbeing

moderatedbyaSilkRoadseniormoderatorbythenameofInigo,untilInigo

himselfwasarrestedandthebookclubdecidedtocutitstieswithSilkRoadand

continueinaprivatechatroomwhilststillupholdingthelegacyofInigo,after

all.Knowledgeispower!!

2. Copiedcreditcards.

TheDarkWebislikeashoppingmallforcybercrime.Notonlycreditcardsbut

spammerlists,phishingkitsandallthetoolsneededtocarryoutallmannerof

cybercrimeareavailable.LargebatchesofcreditcardsfromUSretailersappear

onwhatisknownasacarderforum,itislikeCraig’sListforhackerswhere

cardsbackedupwithcustomersdetailsarebeingtradedforaslittleasadollara

card.

3. Fakepassports.

TherearemanyopportunitiesforobtainingfakepassportsontheDarkWeb,the

quality,however,isvaried.Manypeopleclaimtohavepurchasedandusedthese

copiesonmanyoccasions,seeminglyenabledbythesellersclaimthattheyhave

insidersinvariousdepartmentsthatenablethemtoenterthefalsedetailsinto

legitimatechannels.Mostofthetime,thesepeoplearehereillegallyandneeda

respectablewaytotravel,thusresultinginthemfindingthesepeoplethatsellthe

illegalsubstances.

4. Illicitdrugs.

Thoughonlyasmallpercentageofillegaldrugpurchasesaremadeonlinethe figureisgrowing,andgrowingfast,thuschangingthewholeprocessofdrug dealingintheprocess.Sellersarenowmorefocusedonsellingabetterquality ofproductatamorecompetitivepriceandthuscreatingareputablebrandname.

Estimatedturnoverin2012was$15m-$17myetby2015thishadrisento

$150m-$180m.

5. Hackers

Want to check out what your ex is up to?? Or maybe bring down a major companyandbringthemtoahalt,thereareawholebunchofsitesontheDark Webwhereyoucanfindpeoplewhowilldowhateveryouwantthemtodo.

6. Burglars

Notquitesoprevalent,buttherearereportsofsitesontheDarkWebwhereyou

canemploysomeonetostealanorder.Youplaceyourrequestwithasmuch

detailasyoucanandhewillthenstealsaiditemandsendyouapicturetoprove

it.Apparently,healsohasalistofitemsforsalethatoriginatedwhenpeople

orderedthetheftsandthenneverfollowedthroughwithpayment.

7. Illegalbettingandmatchfixing

Inthesedaysofhighlyregulatedbettingpractices,especiallysincethebirthof online betting that has grown since its conception in the late 1990s and according to Statista accounted for a volume of $46 billion in 2016 and is

predictedtogrowto$56billionby2018,itisgettingmoredifficulttoplace

illegalbets.OntheDarkWebhoweveryoucanplaceallmannerofillegalbets

andmatchfixingisrife.Withtheclickofamouse,youcanbasicallydoasyou

please.

8. Hitmen

Now,thisisdark.Theavailabilitytohireatrainedguniswidespread,andwhilst not cheap, it is not too highly priced to deter a serious buyer. One site is

purportingtoadvertiseanassassinationintheUSorCanadafor$10,000and

$12,000 in Europe, according to the Mail Online. Some of the slogans and marketingtechniquesaretrulychilling.Oneself-styledassassinclaims,“Idonot knowanythingaboutyou,youdonotknowanythingaboutme.Thedesired victimwillpassaway.Noonewilleverknowwhyorwhodidthis.Ontopof that,Ialwaysgivemybesttomakeitlooklikeanaccidentorsuicide”Itis completely terrifying to know that there are people out there that support somethinglikethis.However,youwillbesurprisedtofindthatapersonthatis closetoyoucanevenbeinonthistypeofactivity.

Almostallsalesarevia“cryptomarkets”theBlackWebsequivalenttoAmazon andE-bay,employingasimilarfeedbackmethodandallowingcustomerstorate sellers, products and allow other buyers to base their purchase choices on informed information. Administrators take a cut from each sale and pay moderators(inbitcoinofcourse)tohandleforumsandcomplaints.

9. Weapons.

ItisrumoredthatTheArmoryisthebiggestandmostknownonlinemarketplace

forweapons,requiringaminimumorderof$1050itpurportstostockaround

400itemsforsale,specializinginfirearmsthatareuntraceableorhaveafake

serialnumber.Alsoboastingamilitarysectiontheyappeartobeoneofthe

biggestweaponstradersonlineandhaveanactivecommunityfollowing.

ThesemustbepaidforwithBitcoin,whichistheonlinecurrency.Bitcoinisa peer to peer system created in 2008 and is used to pay online transactions withouttheuseofacentraltrustedauthority.Sinceitscreation,ithasevolved intosomethingfarbeyondasimplecurrency.Ithasitsowncommunityofusers anditisalsoaninvestmentvehicle.Whatmakesbitcoinworkisthemassive peertopeernetworkandtheconsensusinvolvedthatenablesapaymentsystem wherepaymentscannotbereversed,accountscannotbefrozenandthisleadsto muchlowertransactionfees.

Bitcoin, as with the Internet itself has no central owner or authority and is primarilygovernedbythedeveloperswhoputtheirtimeintoensurethatBitcoin worksasitisonlyintheirinteresttoensurethattherightdecisionsaretaken. Theamountofinfluencetheirinputcarriesisbasedontheamountofcomputing worktheydonatetothenetwork.

Similarly,someusersputinworktoaidthesmoothrunningofthepeertopeer network and are rewarded with Bitcoins that can be spent online. This is a simpleformofmining,thetermusedtodescribeobtainingbitcoins.Thebest waytounderstandbitcoinistogetsomeandexperiment,therearevariousways todosoandtheinformationisouttheretohelpyou.

Someidioticpeopleputsensitiveinformation,suchasnudephotographs,inthe

DeepWeb.Theythinkitissecure.Itisnot!

Aclassicexample istheAshley Madisonsite,which wascreatedfor bored

spouseswhowantedextramaritalaffairs.Ahackerbrokeintothatsiteand10GB

ofdatafromthesitewasplacedontheDarkWebandthusbecameavailableto usersofTOR.ThehackwasdiscoveredbyajournalistcalledBrianKrebswho hadwrittenforyearsaboutinternetsecurityandthetheftofdatafrommajor companiesintheformofapopularblog.Hehadinvestigatedvariousfirmslike DominosPizza,Tesco,andAdobeandhereceivedananonymouslinktocaches ofdatastolenfromaCanadianfirmcalledAvidLifeMedia(ALM)ofwhichhe

wasvaguelyaware.Since2008theyhadrunawell-publicizeddatingsitefor

marriedpeople.

Promising100%discretionatthetimeofthetip-offtheywerecurrentlyclaiming

tohaveamembershipof37.6millionmembersworldwide.However,simplyby

followingthelinks,hehadbeensentKrebsfoundhimselflookingatactual

creditcarddetailsforrealmembersofthewebsitethatwouldpreviouslyhave

promisedtotaldiscretion.Amongdocuments,hefoundnotonlyalistofsenior executivesbutthepersonalphonenumberoftheCEO.Asaconsequence,some usersoftheAshleyMadisonsitehavebeensubjecttoransomdemands,and even a small number of suicides have been reported. This was possibly the largestmostdestructiveexampleofhow,nomatterhowcarefulyouarewith your internet traffic, your online presence is something you should always mindfulofandbeawarethatoutsideinfluencescancomeintoplayandexpose personaldetails.

IfyouwishtoseesomeofthematerialontheDarkWebthenlogontoTORand

putthehiddenwiki.orgintotheaddressbarandpressenter.Alonglistofsites

youcanvisitisdisplayed.Iwon'truinyourexperiencebytellingyouwhatis

therebutdoadviseyoutotakeextremecautionandhaveverygoodmalware

protection.

Dependingonwhatyouintendtodoandyourstatewhenyouvisitanyofthese

sites,ithasbeenrecommendedthatyouputmaskingtapeoverthewebcamon

yourcomputer.Ifyoudon'tdothis,pryingeyesmaywitnessyouandyourhome.

Thisisdefinitelynotinyourbestinterests!

Chapter6:HowtoSurftheWebLikeaHacker

First,letmeexplainthevariousformsthathackingcantake.

Hackingcanbeaseriouscrime,anditcanaffectpeoplewhoarenotnecessarily

theintendedvictimofthecrime.Theeffectscanmanifestinanumberofways

andbedisastrous.

Thefirstwayahackercanharmyouisbyidentitytheft.Identitytheftcanbe devastating for its victims, hackers can steal both identifying and financial informationandwreakhavocontheirvictim'slives.Moreoftenthannot,the hackerisdoingthisforareason.Theycouldsimpleenjoythethrillofitbyusing thedetailstheyhavegarneredsotheycanmakeunauthorizedpurchases.They cancompletewreckyourcreditastheychargeitemsonanexistingcreditcard, evenorderingnewcreditcardsandsubsequentlynewaccountsandsometimes severelydamagingtheirvictim’sfinancialstatus.Inthebest-casescenario,when thecrimeisdiscoveredearly,itcanstillleadtomonths,orevenlonger,ofworry andworktorecoverthesituation.Sometimes,multiplefalseIDswillhavebeen generatedusingthevictim'sdataandallactivityinvolvingtheseIDswillneedto befollowedandinvestigated.

HackingofGovernmentandcorporatewebsitescanbedevastatingandattimes leadtoatotalshutdownofasiteuntilanysecuritybreachesanddamagetothe sitehasbeenassessedandcorrected.Thedamagethatcanbecausedbythese shutdowns can be long-lasting and lead to huge losses financially. The shutdowns can also occur if the website has been targeted by a “denial of service”attack,putinlayman’stermthewebsiteistargetedandbombardedwith falsetrafficthatleadstoitbeingunabletohandlerequestsfromgenuinetraffic.

Hackersmayalsoresorttoplacingmalwareandvirusesoncomputers.Often

theseprogramsaremaskedbyausefulprogramandthisleadstoinstallationof

theharmfulportionsimultaneously.Somesoftwarewillthengoonandcreate

theillusionofacomputervirusinordertoconvincetheusertopurchasefake

antivirusprotectionor,alternativelythemalwarewillbeprogrammedtorecord

keystrokesinordertostealpasswordsandotherfinancialinformation.These

harmfulprogramscanevenallowahackertotakeremotecontrolofacomputer

andthenperformnefariousactivitiessuchasadenialofserviceattackandmake

itappeartohavebeenperformedbytheinfectedcomputer.

A little-known fact about hackers is that not all hackers are malicious. Sometimes known as ‘Ethical hackers” or “white hat hackers” often assist governmentandotherpossibletargetstoimprovetheirsecurityandtakeall possiblemeasuresavailabletothemtopreventmajorsecurityholesfrombeing exploited.These“good”hackersareamajortoolintheoverallfightagainstall mattersofidentitytheftandarestrivingtoreducethenumberofinstances.

IfyouGoogle,'Surftheweblikeahacker,’youwillgetallsortsofinformation.

Somearticleswillgiveyoutipsaboutspeedingupyoursurfingwhileotherswill

tellyouhowtodefendyourselfagainsthackers.

Ahackerisusuallyaverycleverpersonwhotriestogetintothecomputersand computernetworks.Therearemanypeoplewhodonotwantthehackertodo this,butinsituationsyoucannotwardagainstthemunlessyouhaveaverygood blockeronyourcomputer.Hackerscraveanonymity.Theycravetheattention theygatherwhentheydoajobsuccessfully.Theiractivityisusuallyillegal,and iftheyarefoundout,itwillcausethemtoresultinpayingaheftyfineandprison sentence.However,therearesomehackersouttherethatdonotgetcaught— ever. They know the internet like the back of their hand, and they can successfullyfilterthroughthepageswithoutbeingdetected.

Manyhackersdowhattheydoasachallenge.Itisthesamewaythatsome

peopleenjoydoingcrosswordsorSudokus.Likefansofthesemorefamiliar

activities,moreandmorechallenginghacksarerequiredbyhackersdoingthat

activityforpleasure.Theyenjoythethrillofbeingabletogetintoplacesnormal

peoplecannot.

Unfortunately, some hackers have criminal motives and you need to protect yourselfagainstthembyinstallingmalwareandothervirusprotectionontoyour computer.Irrespectiveoftheirmotive,whetheritbefortheintellectualchallenge orformoresinisterreasons,onceahackerhasaccesstothedeviceornetwork, theycandoenormousdamage.

TheymayplantprogramscalledTrojansorbackdoorsintothecomputersofits

victims.Whentheyaccomplishthis,itwillrelayinformationbacktothehacker.

Theywillbeabletogetanytypeofinformationfromyourdevicewithaslittle

effortasclickingabutton.Hackerssometimesworkalone.Theyfeeltheneedto

workalone,astheywillonlyhavetorelyonthemselves.Occasionally,theywill

belongtocollectives,butyouwillnotfindthisoften.

One of the best-known hacker collectives is the one called Anonymous. WikipediahasaveryinterestingarticleaboutAnonymousandIsuggestthatyou read it. The Scientology organization suffered greatly at the hands of Anonymous,ashaveotherorganizationswhichhaveannoyedAnonymous.In

thewakeoftheCharlieHebdoshootingsinJanuary2015,Anonymousreleased

a statement on Twitter condemning the attack and declaring a war on the terrorists responsible. He vowed to shut down any associated social media accounts.Itisreportedthatonthe15 th ofJanuarytheydidindeedmanageto closedownawebsitebelongingtooneofthegroupsbelievedresponsibleforthe attack,butcriticshavepointedoutthatbyclosingdownextremist’swebsitesyou thenmakeithardertotracktheiractivities.

Earlierinthischapter,thedesireofhackersfortheiractivitytobeanonymous

wasmentioned.ByuseoftheTORbrowser,anyonecanachievetheanonymity

thathackerscrave.

Conclusion

So,nowyouarearmedwiththeknowledgeyouneedtoentertheworldofthe

DarkWeb.I’vegiveyouthestepstodothisassafelyaspossibleandtoconduct

yourselfinawaythatwillnotputyouoryourdeviceinperil.Also,herearea

fewmorekeytipstoremember,whicharelistedbelow.

1. ProvidingyouareusingtheTorbrowser,youcouldactuallybesaferon

theDarkWebthanyournormalinternetactivity.Itcomespreconfiguredto

provideprotectionagainstprivacythreatsthatarenotaddressedbynormal

browsers.

2. Ifyoudoregisteronasitedon’tuseyourreale-mailaddress,yourreal

nameorusername.Createathrowawayidentity,andwhateveryoudo

refrainfromusingacreditcard,youhaveabsolutelynorecourseandyou

mayhavesomeawkwardexplainingtodowhenyourchargesappear.

3. Ifyouareconcernedthatyouractivityonlinemayalertahigherauthority

thenrelax,thereissomuchactivityontheDarkWebthat,unlessyoulive

inaparticularlyauthoritariancountry,youarehighlyunlikelytoraisea

flagandattractunwantedattention.Ifthisisaconcernyoucanalways

connecttoaVPNbeforeconnectingtoTor.

4. Ifyoureallymustdownloadsomething,andpleasedon’tunlessyoureally must, then protect yourself with a really good anti-virus such as VirusTotal.Anythingthatyoudownloadcaneffectivelyhurtyourdevice. Youmustbetotallysurethatyouaregoingtobesafefromvirus.’Ifyou getawarningsign,turnback.Donotgoforwardwiththedownload.

5. Andfinally,exercisecommonsenseineverythingthatyoudo.Asinany otheractivityyouundertake,remember,ifitseemstoogoodtobetrue,it probablyis.Youdonotwanttoriskyourself,oryoursystem.Ifthereis somerandomstrangerbeingoverlyfriendly,ishenowyournextbest friend? Probably not, remember your own common sense and natural instinct.Itwillserveyouwellifusedcorrectlyandcanprovideagreater protection much more than any anti-virus or defensive software (but obviouslyyoustillneedtheseprotectivetools).

JustrememberthatonceyouareusingToranditshiddenservices,youare

equippedtonavigatethewebonadaytodaybasis,sobuildyourskills

andusethemwell.

TheabilitytosurftheInternetanonymouslyisofeverincreasingimportance.It

givesyoutheabilitytodothethingsyouwouldnotnormallyaccomplish,giving

youtheconfidenceboostyoudidnotknowyouneededinyourresearching

skills.

Whythissoimportantandhowtodoitistheessenceofthisbook.

Thisbookhasthoroughlycoveredthemeansbywhichthiscanbedone,andbe

accomplishedsuccessfully.

Ithasdemonstratedhowtostayanonymousasyouusethistechnology,which

playssuchadominantpartinourlives.Itishardtostayanonymousinthisday

andage,andTorBrowserhelpswiththat.

Ithasrepeatedwarningsaboutstepsyouneedtotakebeforeyouventureintothe

DarkWeb.TheDarkWebisadangerousplace,andifyoudonotknowhowto

ventureintoitcarefully,youcanfindyourselfinperil.Nowthatyouknowabout

thedangersyoucanface,youcanplanagainstthem.

HappySurfing!