Ethical Considerations and Warnings
A book about hacking would be irresponsibly incomplete without a chapter giving you a fair warning on the consequences of misusing these techniques as well as the ethical considerations of hacking. To begin this discussion, you need to be familiar with two different terminologies that describe different types of hackers: black hat and white hat. I like the imagery these terms bring to mind because they always seem to remind me of Spy vs Spy. Black hat hackers are what most people typically think of when they hear the word “hacker.” A black hat hacker is the type of nefarious Internet user who exploits weaknesses in computing systems for personal gain or in order to disrupt an organization’s information systems to cause them harm. He’s the guy wearing a high-collared shirt, sunglasses, and a fedora behind an array of 20 or so computer monitors or the nerd in the movies who can break into a top-secret system illegally. There really isn’t any good that can come out of adopting a black hat approach to hacking, either. When you hear in the media that a financial institution just lost thousands of usernames and passwords or that a social media database was compromised that causing vast amounts of people to lose sensitive personal information, the attack was carried out by a black hat hacker. Recently, there was even a module of code contained in a WordPress plugin that was susceptible to an XSS vulnerability (a type of security flaw in websites with caching plugins) that was being exploited worldwide by the extremist group ISIS. If you are reading this book because you have dreams of causing mass disruption and chaos, I would highly advise you to reconsider. However, understand that security and penetration tools aren’t inherently good or evil. One could argue that they are much like firearms in the sense that a weapon is an inanimate object, and it is only as good or evil as the person wielding it White hat hackers, on the other hand, are the complete opposite. They’re the good guys who do everything in their power to find potential security flaws and correct the errors so the black hat hackers can’t break a system. As you read this book, you need to consider all of the tools and techniques I show you from the perspective of a white hat hacker and use them responsibly. If you pursue white hat hacking professionally, you can add tremendous value to the organization you work for and make big money doing so. Some white hat hackers that have the CEH (Certified Ethical Hacker) certification make salaries well into the six-figure range. Internet security is only becoming more important with each passing year, and a talented white hat hacker can use penetration testing tools and footprinting methods to identify disastrous security flaws on the organization’s network and information infrastructure and patch them before they become a problem that would cost the organization obscene amounts of money. Furthermore, you need to be aware of the consequences of misusing the knowledge you learn in this book. Though you likely won’t get caught snooping around a network attached to an unsecured SOHO (Small Office/Home Office) wireless network in your neighborhood or at your favorite local coffee shop, you need to respect other people’s rights to privacy. Think about it – how would you feel if you were sitting down for a cup of coffee while reading a book only to find out later that someone had attacked your Kindle over the coffee shop’s network and stolen your data? You would feel enraged, irritated, and violated. So, remember the golden rule as you grow into a white hat hacker. Also, consider that using penetration tools on networks where you don’t have any authority to do so could lead to some extremely negative consequences. Let’s face it, you don’t have the right to steal other people’s personal information –it’s illegal. Not only could you provoke civil lawsuits, but you could even face jail or prison time depending on the nature of your offense. If you choose to do it on your employer’s network and you get caught, the best-case scenario is that you would have some extremely uncomfortable questions to answer, and the Worst-case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward. Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section, I will show you how to run ping sweeps and other utilities to perform reconnaissance and information-gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN). By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today, however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats. With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started networking fundamentals Worst case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward. Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section, I will show you how to run ping sweeps and other utilities to perform reconnaissance and information-gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN). By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today, however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats. With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started with networking fundamentals!
