SYSTEM HIJACKING

System Hijacking is a type of illegal security attack through which attacker/hacker gains unauthorized access to a system and its resources on a network. Anyone who is using a system with an internet connection can be a victim to system hijacking. The goal of system hacking is to gain access to the unclassified information like bank details-debit/credit card details, email details, and other confidential data, escalate privileges, execute applications, and hide/manipulate files leaving no trace behind.

There are different ways of hijacking system. The hacker can try to gain access to the system by cracking the password, exploitation of operating-system vulnerabilities, spyware installation, side jacking or by keylogging, etc.

Passwords protect confidential data and provide security. Password-compromisation gives data-access to people outside the owner domain. Often methods like brute-force and rainbow table are used for cracking passwords.

There are different types of password attacks, namely passive online attacks, active online attacks, offline attacks and non-technical attacks which are made into use to gain access.

Passive online attacks such as Wire sniffing, MITM are used to monitor and record data. Password guessing, spyware, keyloggers, hash injection, and phishing are some common active online attacks that are capable of giving unauthorized administrator-level access of the system to the third party.

A system can also be easily infringed using payloads. Payloads are malicious software programs that get installed into the victim’s system and keeps sending the victim’s data to the hacker. Often when you download any pirated software or movie from the internet, some extra files also get downloaded, some software, adware gets installed. These are nothing but the payloads itself. Therefore, one should avoid questionable websites and download the required software from trusted sites only. Sometimes these malicious software’s are nearly undetectable, in such cases if your firewall is up and you are using some good antivirus software that would protect you from the damage caused by it.

Key logger is another software that is used to record the key sequence and strokes of one’s system into a log file. It captures whatever the user is typing through the keyboard, thus also known as keyboard capturing. It gives the hacker the log files which might contain personal data and passwords to social accounts which could be used to steal the victim's identity and even bank-details which could be used to do fraud and illegal activities. To avoid data leak to keyloggers, certain online platforms like banking primer prefer the use of virtual keyboards.

Some hackers use Bait and Switch techniques. They bind malware with audio, video, text or any kind of files on which if the user clicks even once, malware gets installed into their system. Hackers trick users to believe that these infected files are authentic and thus acquire unprivileged access to their systems. Mails marked spam offering huge cashbacks and free services are often infected with these malwares. Check the authenticity of mails and if something still seems fishy, quick search on the Internet for the subject line.

Offline attacks are time-consuming and comprise of Pre-computed hashes, Distributed Network, and Rainbow. Non-electronic or non-technical attacks such as Social engineering, Shoulder surfing, and Dumpster diving can also be used.

Phishing technique, combined with social engineering, which is considered one of the deadliest attack vectors is often used to hijack someone’s machine. In this technique, the hacker replicates the most-visited sites and sends the victim a spoofed link which seems like the exact site. If the victim visits the spoofed link, the hacker gets the way to enter into the system.

A machine can be hijacked in numerous ways. It can be hijacked by exploiting the vulnerabilities of operating-system (os). Linux, which is considered the most secure operating system, can be hacked by using the shadow file, by bypassing the user password option or by detecting the bugs in it and exploiting them to take control of the system.

Windows system can be easily hacked by using tricks and techniques, by exploiting bugs in it or by social engineering the windows system, giving the hacker the opportunity to modify the login details. Windows 7 has a vulnerability called Eternal Blue, its exploitation can give the hacker complete access to the victim’s machine. That’s why it is advised to keep os updated.

Hackers can use waterhole attacks to target the victim by creating fake WAP (Wi-Fi Access Point). They can access the victim’s data directly or can modify the most-visited pages and redirect the victim to gain access to their system. That is why it is advised to never connect to open Wi-Fi(s). Also, using encrypted passwords for your home router/modem gives you an edge.

Side-jacking or cookie-theft is another common way used by cyber-criminals to penetrate into the system. Hacker steals cookies of the victim which contains browsing history and stored usernames and passwords of different sites and gets control over the victim’s identity by authenticating himself as the victim on the browser. It is easy to bring off if the user is not using SSL-encryption i.e. not using https for the complete session. Hence, one should always clear all cookies after using a third person’s system.

Learn more from CODEC NETWORKS https://www.codecnetworks.com/

Written By- Vachali Aggawal