Question

Research any case that pertains to a white hat and black hat hacker or a white hat and gray hat hacker. Then, from a white hat hacker standpoint, address the following:

1. Summarize the case briefly.
2. Describe what tools and technologies were used to support confidentiality, integrity, and intellectual property.
3. Describe the threat vectors, motivations, and ideologies used by the black or gray hat hacker.
4. Explain how the white hat hacker provided security solutions.
5. provide the website or the title of the documents with proper citation

Answer 1

WHITE HAT VS BLACK HAT HACKERS

The term "white hat" refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems," it also had "... vulnerabilities in hardware security, software security and procedural security" that could be uncovered with "a relatively low level of effort." The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results.

An unethical hacker who misuses the knowledge of networks and computers for an illegal purpose is basically known as a black hat hacker. Such hackers do not care about the government or the privacy and enters the networks through the loop holes. Black Hat Hacker are those hackers who violates computer security for little reason beyond maliciousness or for personal gain. They are considered for cyber attack held all around the world. These are the people who target rich people and victimize them by accessing their data or by controlling their devices and demands for their needs, which is completely violation of the rules and regulations.

Tools and technologies used to support confidentiality, integrity, and intellectual property.

In order to ensure the confidentiality, integrity, and intellectual property, organizations can choose from a variety of tools. Each of these tools can be utilized as part of an overall information-security policy.

1. Authentication:

The most common way to identify someone is through their physical appearance, but how do we identify someone sitting behind a computer screen or at the ATM? Tools for authentication are used to ensure that the person accessing the information is, indeed, who they present themselves to be. Authentication can be accomplished by identifying someone through one or more of three factors: something they know, something they have, or something they are. For example, the most common form of authentication today is the user ID and password. In this case, the authentication is done by confirming something that the user knows (their ID and password). But this form of authentication is easy to compromise (see sidebar) and stronger forms of authentication are sometimes needed. Identifying someone only by something they have, such as a key or a card, can also be problematic. When that identifying token is lost or stolen, the identity can be easily stolen. The final factor, something you are, is much harder to compromise. This factor identifies a user through the use of a physical characteristic, such as an eye-scan or fingerprint. Identifying someone through their physical characteristics is called biometrics.

2. Access Control:

Once a user has been authenticated, the next step is to ensure that they can only access the information resources that are appropriate. This is done through the use of access control. Access control determines which users are authorized to read, modify, add, and/or delete information. Several different access control models exist. Here we will discuss two: the access control list (ACL) and role-based access control (RBAC). For each information resource that an organization wishes to manage, a list of users who have the ability to take specific actions can be created. This is an access control list, or ACL. For each user, specific capabilities are assigned, such as read, write, delete, or add. Only users with those capabilities are allowed to perform those functions. If a user is not on the list, they have no ability to even know that the information resource exists.

3. Encryption:

Many times, an organization needs to transmit information over the Internet or transfer it on external media such as a CD or flash drive. In these cases, even with proper authentication and access control, it is possible for an unauthorized person to get access to the data. Encryption is a process of encoding data upon its transmission or storage so that only authorized individuals can read it. This encoding is accomplished by a computer program, which encodes the plain text that needs to be transmitted; then the recipient receives the cipher text and decodes it (decryption). In order for this to work, the sender and receiver need to agree on the method of encoding so that both parties can communicate properly. Both parties share the encryption key, enabling them to encode and decode each other’s messages. This is called symmetric key encryption. This type of encryption is problematic because the key is available in two different places. An alternative to symmetric key encryption is public key encryption. In public key encryption, two keys are used: a public key and a private key. To send an encrypted message, you obtain the public key, encode the message, and send it. The recipient then uses the private key to decode it. The public key can be given to anyone who wishes to send the recipient a message. Each user simply needs one private key and one public key in order to secure messages. The private key is necessary in order to decrypt something sent with the public key.

Threat vectors, motivations, and ideologies used by the black or gray hat hacker.

Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. They are also responsible for writing malware, which is a method used to gain access to these systems.

Their primary motivation is usually for personal or financial gain, but they can also be involved in cyber espionage, protest or perhaps are just addicted to the thrill of cybercrime. Black hat hackers can range from amateurs getting their feet wet by spreading malware, to experienced hackers that aim to steal data, specifically financial information, personal information and login credentials. Not only do black hat hackers seek to steal data, they also seek to modify or destroy data as well.

Identifying an attacker as a blackhat often implies that they possess a certain level of skill at attacking and exploiting systems and networks, at least in excess of the average script kiddie. Blackhats may attack a system or network with a variety of motivations in mind. They may be doing so just for the thrill of exploiting a system, may be after specific information on the system, may be using the system as a “pivot” to attack other systems on the same network, or any of a number of other reasons. Black hats lack ethics, sometimes violate laws, and break into computer systems with malicious intent, and they may violate the confidentiality, integrity, or availability of an organization's systems and data.

Black-hat hackers use automation to increase their chances of success and seldom spend time looking for a specific organisation to target. Rather than industry or company size, the common denominator in attacks is usually a vulnerability that affects a large number of websites. A popular black-hat hacker strategy is checking security patch notes for different technologies. Patch notes contain details about vulnerabilities that have been remediated in the latest update. Hackers know that many users update their platforms and services sporadically and could still be vulnerable. Once they have selected a suitable vulnerability in a popular technology, the attacker can write a script that scans the web for affected sites and exploits the vulnerability.

Security changes every day and nothing can ever be 100% secure. Vulnerabilities are often discovered in technologies that have been in use for many years and might seem stable and secure. It is not unusual for security issues to go unnoticed for a long time, like a recently discovered vulnerability in the Linux kernel that was first patched after 11 years. Black-hat hackers know this and are always on the hunt for new vulnerabilities. Even if an ethical security researcher discovers an issue first, malicious hackers will eventually find out about it and try to exploit it in systems that haven’t been updated.

Hence, black hat hackers have the advantage because they do not have to follow any rules of engagement and can perform any type of attack, even those that are disruptive.

Explain how the white hat hacker provided security solutions.

To protect common services or special interests against attack, white hat hackers are often behind the scenes, thwarting attacks in real time, or proactively exposing weakness to try to help keep services running and data protected. Additionally, white hat hackers are often employed by businesses to help assess and improve security.

White hat hackers use the same tools and techniques as real attackers. This can range from simple public “root kits” with proven tools, to complex and sophisticated campaigns involving social engineering, endpoint vulnerabilities, protocol spoofing, attack decoys and more. Where true black hat attackers and white hat hackers differ is primarily in a single way: Time. White hat hackers hired to test security might have anywhere between 8 hours and a few weeks to get all the findings they can. Black hat attackers, however, have been known to take months, or even years to successfully execute campaigns. This gives attackers a major advantage: they can try dozens, or hundreds of different attack techniques to successfully breach networks.

Using real attack techniques to proactively find weakness is the best and only way to truly prove the effectiveness of security defenses. But attackers are relentless, and have increasingly more and more time to successfully execute their attacks, while traditional white hat pen test are limited by cost, time, and staffing concerns.

Hope I answered the questions.

If you have any doubts/queries, feel free to ask by commenting down below. I will respond within 24 hours

And if you like my answer, then please do upvote for it, your feedback really matters alot to me.

STAY HOME STAY SAFE