Security Aspects

Threats and Prevention, Malware - virus, Worms, Ransomware, Trojan, Spyware, adware, key loggers, Modes of Malware distribution, Antivirus, HTTP vs HTTPS, Firewall, Cookies, Hackers and Crackers.

Threats and Prevention

What Is Threat Prevention?

In network security, threat prevention refers to policies and tools that protect your corporate network.

In the past, threat prevention primarily focused on the perimeter. With an increasing array of threats such as malware and ransomware arriving via email spam and phishing attacks, advanced threat prevention requires an integrated, multilayered approach to security. This may include tools for intrusion threat detection and prevention, advanced malware protection, and additional endpoint security threat prevention.

Four steps for threat prevention

Providing sufficient threat prevention can be overwhelming. In our network security checklist, we identify five simple steps for cyberthreat prevention. Below we outline the main components.

Secure the perimeter

The first component to consider is the perimeter. Traditional firewalls and antivirus solutions are no longer sufficient. However, next-generation firewalls (NGFWs) integrate Advanced Malware Protection (AMP), Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), and URL filtering to provide a multilayered approach.

An NGFW is a crucial first step to securing the perimeter and adopting an integrated solution.

Protect users wherever they work

Today, over 50 percent of employees are mobile. As employees change the way they work, IT must adapt. IT security solutions should focus on protecting employees wherever they work. Employees may work at the central office, a branch office, or at any location with a mobile device.

For most IT departments, mobile device security has been the biggest challenge. Despite being difficult, it is important to address mobile device security because businesses will continue to increase the number of mobile devices. Technologies such as virtual private networks (VPNs) and user verification and device trust can immediately improve mobile device security.

Smart network segmentation

Software-defined segmentation divides your network so threats can be easily isolated. With an increase in business applications and users, codependencies can be difficult to identify. For sufficient threat prevention, businesses must have advanced network security analytics and visibility to identify all of the interdependencies of a network.

Overly segmenting the network can slow things down. Not segmenting enough can allow attacks to spread. Businesses must be smart and efficient when segmenting.

Find and control problems fast

Security breaches will happen. A crucial element of threat prevention is identifying and removing problems. This requires extensive visibility and control. It also requires well-prepared IT staff. To help prepare, we often recommend that businesses develop an incident response plan and test current network solutions with penetration testing.

Types of threat prevention and detection solutions

NGFW

As mentioned above, an NGFW is a crucial first step to threat prevention. Traditional firewalls simply grant or deny access. While this seems intuitive, its efficacy relies on the accuracy of the policies and restrictions that have been programmed. For example, if a threat is new and unknown, IT has likely not yet set policies to deny it access.

NGFWs, however, integrate with additional software solutions such as NGIPS and AMP. If an unknown threat evades automatically enforced policies, these additional solutions provide detection and remediation tools to protect your network. With all of these extra tools, an NGFW provides enhanced visibility, automation, and control over your network.

NGIPS

NGIPS provides superior threat prevention in intrusion detection, internal network segmentation, public cloud, and vulnerability and patch management.

Intrusion detection requires technology that keeps pace with evolving threats. NGIPS provides consistent protection and insights into users, applications, devices, and vulnerabilities in your network. With conduct file-based inspection and integrated sandboxing, NGIPS can detect threats quickly. If a threat evades defenses, NGIPS provides retrospective analysis to remove and remediate threats late in their lifespan.

Internal network segmentation allows for enterprise organizations to provide a consistent enforcement mechanism that spans the requirements of multiple internal organizations. Segmentation can accommodate the different demands of the network and various workloads with ease.

NGIPS provides consistent security efficacy enforced across both public and private clouds. Your NGIPS should support multiple hypervisors including Azure, AWS, and VMWare. These applications are independent of the virtual switches underneath. NGIPS allows policy enforcement across the network on premise devices, public cloud infrastructure and common hypervisors conducting deep packet inspection between containerized environments.

With vulnerabilities and patch management, you have ability to be more selective based on insights from NGIPS. Often an organization’s test process and/or environment can delay patching high priority vulnerabilities. Implement these changes in a shorter period of time with fewer resources. Never have to roll back a patch; changing the IPS settings is far easier.

AMP

Advanced Malware Protection is a crucial component of next-generation solutions. Malware continues to evolve and adapt. For this reason, malware can be extremely difficult to detect at the perimeter of the network. By combining an NGFW with AMP and threat intelligence, networks can identify many more previously unknown malware threats.

While threat intelligence can identify more threats, your network will still be challenged with new, never-seen-before malware. Some of this malware can have timers and other stealthy attributes that disguise malicious behavior until it has entered the network. There are, however, AMP solutions that continuously analyze files throughout their lifespan. This is crucial. With these capabilities, AMP will immediately flag malware that begins exhibiting malicious behavior down the road.

AVC

Businesses are using more applications than ever before. With Application Visibility and Control (AVC) technology, organizations can create a true application-aware network. Deep packet inspection (DPI) can classify applications, and combined with statistical classification, socket caching, service discovery, auto learning, and DNS-AS, AVC can give visibility and control to network applications.

With enhanced visibility, organizations can address threats much quicker. Sometimes, applications can be network vulnerabilities. If an organization cannot fully see all of their applications, then they cannot protect them. Application analytics and monitoring gives immediate insight into application performance. Lackluster performance can be a sign to investigate for threats.

Threat intelligence

Threat intelligence raises the strength of all of these solutions. World-class threat intelligence transforms these technologies from good to great. Network protection and visibility increases an organization’s ability to stop threats. All of this, however, assumes an organization can determine if a file is malicious or safe. This is unlikely. Most threats are unknown to the network.

Threat intelligence can alert your network if an unknown threat has been deemed malicious somewhere else on the globe. Suddenly, a significant amount of unknown threats become completely known and understood with threat intelligence!

User verification and device trust

Network access control is imperative to security. With user verification and device trust solutions, networks can establish trust with user identities and devices and enforce access policies for applications. Two-factor authentication can verify user access right before accessing corporate information and resources. In addition to verifying the user, device trust solutions can inspect devices at the time of access to determine their security posture and trustworthiness.

Malware

"Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a stand-alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan.

 Virus

Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates it without making changes to your files/data.

Examples of virus are:

W32.Sfc!mod
ABAP.Rivpas.A
Accept.3773

 Viruses can enter to your computer as an attachment of images, greeting, or audio / video files. Viruses also enters through downloads on the Internet. They can be hidden in a free/trial software’s or other files that you download.

 So before you download anything from the internet, be sure about it first. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, such as running an infected program to keep it going.

Worms, Ransomware, Trojan, Spyware, adware

Worms

Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems

Examples of worm are:

W32.SillyFDC.BBY
Packed.Generic.236 
W32.Troresba

Due to its replication nature it takes a lot of space in the hard drive and consumes more CPU uses which in turn makes the pc too slow also consumes more network bandwidth.

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.

Trojans

A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.

Example: - JS.Debeski.Trojan

Trojan horses are broken down in classification based on how they infect the systems and the damage caused by them. The seven main types of Trojan horses are:

• Remote Access Trojans 
• Data Sending Trojans 
• Destructive Trojans 
• Proxy Trojans 
• FTP Trojans 
• Security software disabler Trojans 
• Denial-of-service attack Trojans

Spyware

Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to remote user. It also can download other malicious programs from internet and install it on the computer. Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware type program or application.

 

Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. Some advertisements also act as spyware, collecting and reporting data about the user, to be sold or used for targeted advertising or user profiling. The software may implement advertisements in a variety of ways, including a static box display, a banner display, full screen, a video, pop-up ad or in some other form. All forms of advertising carry health, ethical, privacy and security risks for users.

The 2003 Microsoft Encyclopedia of Security and some other sources use the term "adware" differently: "any software that installs itself on your system without your knowledge and displays advertisements when the user browses the Internet", i.e., a form of malware.

Some software developers offer their software free of charge, and rely on revenue from advertising to recoup their expenses and generate income. Some also offer a version of the software at a fee without advertising.

key loggers, Modes of Malware distribution, Antivirus,

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

While the programs themselves are legal, with many designed to allow employers to oversee the use of their computers, keyloggers are most often used for stealing passwords and other confidential information.

Keylogging can also be used to study keystroke dynamicsor human-computer interaction. Numerous keylogging methods exist, ranging from hardware and software-based approaches to acoustic cryptanalysis.

What does a key logger do?

 

Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit – all by logging your keyboard strokes. The software is installed on your computer, and records everything you type.

Modes of Malware distribution

Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive users access to information or which unknowingly interferes with the user's computer security and privacy. By contrast, software that causes harm due to some deficiency is typically described as a software bug. Malware poses serious problems to individuals and businesses.According to Symantec’s 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 669,947,865 in 2017, which is twice as many malware variants as in 2016. Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy 6 trillion dollars in 2021, and is increasing at a rate of 15% per year.

Many types of malware exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper, and scareware. The defense strategies against malware differs according to the type of malware but most can be thwarted by installing antivirus software, firewalls, applying regular patches to reduce zero-day attacks, securing networks from intrusion, having regular backups and isolating infected systems. Malware is now being designed to evade antivirus software detection algorithms.

Typically, malware is distributed in one of three methods: by e-mail, either through a virus-laden attachment or code embedded in the message body; in an infected application; or through infected code on a Web site.

Antivirus

Antivirus software, or antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect from other computer threats. In particular, modern antivirus software can protect users from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware, and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT), and botnet DDoS attacks. 

Identification methods

One of the few solid theoretical results in the study of computer viruses is Frederick B. Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses. However, using different layers of defense, a good detection rate may be achieved.

There are several methods which antivirus engines can use to identify malware:

Sandbox detection: a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged, the antivirus engine can determine if the program is malicious or not. If not, then, the program is executed in the real environment. Albeit this technique has shown to be quite effective, given its heaviness and slowness, it is rarely used in end-user antivirus solutions.

Data mining techniques: one of the latest approaches applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features, that are extracted from the file itself.

Signature-based detection

Traditional antivirus software relies heavily upon signatures to identify malware.

Substantially, when a malware sample arrives in the hands of an antivirus firm, it is analysed by malware researchers or by dynamic analysis systems. Then, once it is determined to be a malware, a proper signature of the file is extracted and added to the signatures database of the antivirus software.

Although the signature-based approach can effectively contain malware outbreaks, malware authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of them or otherwise modify them as a method of disguise, so as to not match virus signatures in the dictionary.

Heuristics

Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition.

For example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct categories, Trojan. Vundo and Trojan. Vundo.B.

While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code. A detection that uses this method is said to be "heuristic detection."

Rootkit detection

Anti-virus software can attempt to scan for rootkits. A rootkit is a type of malware designed to gain administrative-level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases can tamper with the anti-virus program and render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-installation of the operating system.

Real-time protection

Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, anti-spyware, and other anti-malware programs. This monitors computer systems for suspicious activity such as computer viruses, spyware, adware, and other malicious objects. Real-time protection detects threats in opened files and scans apps in real-time as they are installed on the device. When inserting a CD, opening an email, or browsing the web, or when a file already on the computer is opened or executed.

HTTP vs HTTPS, Firewall, Cookies, Hackers and Crackers.

HTTP vs HTTPS,

The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989 and summarized in a simple document describing the behavior of a client and a server using the first HTTP protocol version that was named 0.9.

That first version of HTTP protocol soon evolved into a more elaborated version that was the first draft toward a far future version 1.0.

Development of early HTTP Requests for Comments (RFCs) started a few years later and it was a coordinated effort by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), with work later moving to the IETF.

HTTP/1 was finalized and fully documented (as version 1.0) in 1996. It evolved (as version 1.1) in 1997 and then its specifications were updated in 1999 and in 2014.

Its secure variant named HTTPS is used by more than 76% of websites.

HTTP/2 is a more efficient expression of HTTP's semantics "on the wire", and was published in 2015; it is used by more than 45% of websites; it is now supported by almost all web browsers (96% of users) and major web servers over Transport Layer Security (TLS) using an Application-Layer Protocol Negotiation (ALPN) extension where TLS 1.2 or newer is required.

HTTP/3 is the proposed successor to HTTP/2; it is used by more than 20% of websites; it is now supported by many web browsers (73% of users).  HTTP/3 uses QUIC instead of TCP for the underlying transport protocol. Like HTTP/2, it does not obsolete previous major versions of the protocol. Support for HTTP/3 was added to Cloudflare and Google Chrome first, and is also enabled in Firefox.

 

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering. The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates. This was historically an expensive operation, which meant fully authenticated HTTPS connections were usually found only on secured payment transaction services and other secured corporate information systems on the World Wide Web. In 2016, a campaign by the Electronic Frontier Foundation with the support of web browser developers led to the protocol becoming more prevalent. HTTPS is now used more often by web users than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and to keep user communications, identity, and web browsing private.

Firewall,

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.  A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

The term firewall originally referred to a wall intended to confine a fire within a line of adjacent buildings. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. The term was applied in the late 1980s to network technology that emerged when the Internet was fairly new in terms of its global use and connectivity. The predecessors to firewalls for network security were routers used in the late 1980s. Because they already segregated networks, routers could apply filtering to packets crossing them.

Before it was used in real-life computing, the term appeared in the 1983 computer-hacking movie WarGames, and possibly inspired its later use.

Types

Firewalls are categorized as a network-based or a host-based system. Network-based firewalls can be positioned anywhere within a LAN or WAN. They are either a software appliance running on general-purpose hardware, a hardware appliance running on special-purpose hardware, or a virtual appliance running on a virtual host controlled by a hypervisor. Firewall appliances may also offer non firewall functionality, such as DHCPor VPNservices. Host-based firewalls are deployed directly on the host itself to control network traffic or other computing resources. This can be a daemon or service as a part of the operating system or an agent application for protection.

An illustration of a network based firewall within a network

Packet filter

The first reported type of network firewall is called a packet filter, which inspect packets transferred between computers. The firewall maintains an access control list which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with Internet Control Message Protocol or TCP reset response to the sender, and forward to the next hop. Packets may be filtered by source and destination IP addresses, protocol, source and destination ports. The bulk of Internet communication in 20th and early 21st century used either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) in conjunction with well-known ports, enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers.

The first paper published on firewall technology was in 1987 when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture.

Connection tracking

Flow of network packets through Netfilter, a Linux kernel module

From 1989–1990, three colleagues from AT&T Bell Laboratories, Dave Presotto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them circuit-level gateways.

Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes.

Application layer

Marcus Ranum, Wei Xu, and Peter Churchyard released an application firewall known as Firewall Toolkit (FWTK) in October 1993. This became the basis for Gauntlet firewall at Trusted Information Systems.

The key benefit of application layer filtering is that it can understand certain applications and protocols such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP). This allows it to identify unwanted applications or services using a non standard port, or detect if an allowed protocol is being abused. It can also provide unified security management including enforced encrypted DNS and virtual private networking.

As of 2012, the next-generation firewall provides a wider range of inspection at the application layer, extending deep packet inspection functionality to include, but is not limited to:

Web filtering

Intrusion prevention systems

User identity management

Web application firewall

Endpoint specific

Endpoint based application firewalls function by determining whether a process should accept any given connection. Application firewalls filter connections by examining the process ID of data packets against a rule set for the local process involved in the data transmission. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers. Application firewalls that hook into socket calls are also referred to as socket filters.

Cookies,

HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

Cookies serve useful and sometimes essential functions on the web. They enable web servers to store stateful information (such as items added in the shopping cart in an online store) on the user's device or to track the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to save for subsequent use information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers.

Authentication cookies are commonly used by web servers to authenticate that a user is logged in, and with which account they are logged in. Without the cookie, users would need to authenticate themselves by logging in on each page containing sensitive information that they wish to access. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by an attacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).

Tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories — a potential privacy concern that prompted European and U.S. lawmakers to take action in 2011. European law requires that all websites targeting European Union member states gain "informed consent" from users before storing non-essential cookies on their device.

Origin of the name

The term "cookie" was coined by web-browser programmer Lou Montulli. It was derived from the term "magic cookie", which is a packet of data a program receives and sends back unchanged, used by Unix programmers. The term magic cookie itself derives from the fortune cookie, which is a cookie with an embedded message.

Hackers and Crackers.

What are hacker and cracker?

Hackers are good people who hack devices and systems with good intentions. They might hack a system for a specified purpose or for obtaining more knowledge out of it. Crackers are people who hack a system by breaking into it and violating it with some bad intentions.

These are people who hack devices and systems with good intentions. They might hack a system for a specified purpose or for obtaining more knowledge out of it. Hackers work by finding loopholes in a given system and by covering these loopholes. They are basically programmers who gather extensive knowledge regarding programming languages and operating systems (OS). They never intend to harm, compromise, or damage any system data.

These are people who hack a system by breaking into it and violating it with some bad intentions. They may hack a system remotely for stealing the contained data or for harming it permanently. In simpler words, crackers destroy the data and information contained in a system by getting unauthorized access to its concerned network. They always keep their works hidden because what they do is illegal and mostly prohibited or forbidden. A cracker can easily bypass your device’s passwords, company websites, social media, personal bank details and can use those details for directly transferring money from your bank.

A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term hacker has become associated in popular culture with a security hacker – someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be unavailable to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques in order to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN, or the dark web) to mask their identities online, posing as criminals themselves. Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. Oppositely, hacking and cyber-attacks are used extra- and illegally by law enforcement and security agencies (conducting warrantless activities), and employed by State actors as a weapon of both legal and illegal warfare.

General definition

Reflecting the two types of hackers, there are two definitions of the word "hacker":

Originally, hacker simply meant advanced computer technology enthusiast (both hardware and software) and adherent of programming subculture; see hacker culture.

Someone who is able to subvert computer security. If doing so for malicious purposes, the person can also be called a cracker.

Today, mainstream usage of "hacker" mostly refers to computer criminals, due to the mass media usage of the word since the 1990s. This includes what hacker slang calls "script kiddies", people breaking into computers using programs written by others, with very little knowledge about the way they work. This usage has become so predominant that the general public is largely unaware that different meanings exist. While the self-designation of hobbyists as hackers is generally acknowledged and accepted by computer security hackers, people from the programming subculture consider the computer intrusion related usage incorrect, and emphasize the difference between the two by calling security breakers "crackers" (analogous to a safecracker).

The controversy is usually based on the assertion that the term originally meant someone messing about with something in a positive sense, that is, using playful cleverness to achieve a goal. But then, it is supposed, the meaning of the term shifted over the decades and came to refer to computer criminals.

As the security-related usage has spread more widely, the original meaning has become less known. In popular usage and in the media, "computer intruders" or "computer criminals" is the exclusive meaning of the word today. (For example, "An Internet 'hacker' broke through state government security systems in March.") In the computer enthusiast (Hacker Culture) community, the primary meaning is a complimentary description for a particularly brilliant programmer or technical expert. (For example, "Linus Torvalds, the creator of Linux, is considered by some to be a hacker.") A large segment of the technical community insist the latter is the "correct" usage of the word (see the Jargon File definition below).