Cyber-attacks detection and prevention

The term hacking is currently perceived by the public pejoratively as any activity of a person aimed at gaining illegal access to another’s system or personal computer. [1] Especially in the media, this term is generally referred to as all attackers whose actions are directed against information technologies or whose activities are based on the use of such technologies. In this context, however, there is a fundamental difference between the public's perception of the content of the concept of hacking and those of themselves who call themselves hackers or are labelled as such by their own community.

The terms “hacker” ^[2] and “hacking” originated in the USA, in the 1950s, and referred to a technically gifted person (and his/her activities) who was able to find new, often unorthodox, solutions to a problem.

To understand how attackers, which we used to refer to as hackers, perceive society and its rules, it is useful to know their opinion. In 1984, Levy defined the following principles of hacking ethics:

1.     Access to computers and anything else that can teach you something about how the world works should be unlimited and absolute. Always respect the rule of personal experience.

2.     All information should be free of charge.

3.     Do not trust the authorities, support decentralisation.

4.     Hackers should be judged by their actions and not by misguided criteria such as age, race or status.

5.     You can create “beauty” on a computer.

6.     Computers can change your life for the better. [3]

Although these rules are not always respected or acknowledged, they represent the basic framework for the perception of the virtual world by attackers, whom we call hackers.

Another important insight into the perception of the world through the eyes of a hacker is the document The Hacker Manifesto:

The following was written shortly after my arrest...

The Conscience of a Hacker

Another one got caught today, it's all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn't show my work. I did it in my head...”

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me...

Or feels threatened by me...

Or thinks I'm a smart ass...

Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.

“This is it... this is where I belong...”

I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kids. Tying up the phone line again. They're all alike.

You bet your ass we're all alike!

we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

“This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals.We seek after knowledge... and you call us criminals.We exist without skin color, without nationality, without religious bias... and you call us criminals.You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

Mentor

Hacker's Manifesto

8 January 1986

Currently, hackers themselves use the term hacker for people who have excellent knowledge of information and communication systems, computer systems, their operating systems and other programs, their networking principles and mechanisms, and are also excellent programmers capable of creating their own software, namely in a very short time. It is the effort to know how information technology, applications or technical means work, and to make this information available to other users, what is the driving force and philosophy of many people. The ability of a hacker to gain access to computer systems through his/her own designed and written computer programs even outside the usual methods of access (which does not necessarily mean that gaining such access must be motivated by trying to cause harm, other harm or otherwise get rich) is one, not the only skill. 

Division of hackers

It is the motivation to obtain atypical (not necessarily illegal) access, the method of performing such an intrusion, their motivation and possible handling of the obtained data, what are the key factors for distinguishing these persons into the following three basic groups:

White hats – these are hackers who infiltrate a system using security vulnerabilities of the system precisely in order to detect these gaps in security and create such mechanisms and barriers that should prevent such attacks. They are often employees or external collaborators of renowned companies doing business in the field of information technology. Their intrusion into a system does not cause damage or other harm to users, on the contrary, in many cases they alert the administrator of such an infected system to security flaws. Their activity is fundamentally non-destructive in nature.

Black hats – basically the opposite of the white hat hackers. Their motivation is an attempt to cause damage or other harm to a user of an infected system, or to obtain property or other benefit. In addition to the actual achieved breach of a hacked system, another, criminal element is evident in their actions.

Grey hats – this is a grey zone of hackers, i.e. people who have not profiled towards the two groups. Occasionally, they may violate some rights of others or moral principles, but their activities are not primarily driven by the desire to cause harm, as is the case with black hats.

In addition to the above, i.e. the most commonly used division, it is possible to divide hackers into other groups based on their motives. These are: Script kiddies, hactivists, state-sponsored hackers, spy hackers, cyber terrorists, beginners (n00b), blue hat hackers, etc. [4]

A key factor in assessing hacking as a potential security threat is to determine the reason for the hacker's activities (see the division of hackers). In some cases, hacking can pose a real security threat, as it is a breach of computer system security, or a breach of protection or exploitation of system vulnerabilities. On the contrary, in other cases, it may be a suitable complement to increase the security of a system as a whole or to find weak spots and vulnerabilities.

In general, hacking can be really described as any unauthorised intrusion into a computer system from the outside, most often within the Internet. However, not every hacker attack is necessarily a crime.

The danger of hacking activities lies, among other things, in the fact that in addition to gaining unauthorised access to an attacked system (regardless of the hacker's motivation), these people create and use highly effective software tools, the source code of which is often subsequently published by hackers themselves, e.g. within the darknet markets. This can lead to further mass abuse of these programs by users who do not have the control to create such programs themselves, but due to the existence of tools made available in this way, they can potentially cause relatively significant damage to users of infected systems. Through the Internet, it is thus possible to obtain often complete sets of hacker software programs containing basic software and information necessary for its use, practically without in-depth knowledge of the operation of these programs.

            Forms of hacking

The actual activity of hackers comprises a number of actions. Typical activities used by hackers include:

1.          Social engineering

2.          Password cracking [5]

3.          Port scanning [6]

4.          Using malware to infiltrate a computer system

5.          Phishing

6.          Cross Site Scripting [7]

7.          Eavesdropping on communication [8]

Well-known hacker groups and hackers

Probably the best known current hacker group is Anonymous, but there are or were other groups: [9]

The best-known hackers include Jonathan James, Vladimir Levin, Gary McKinnon, John McAfee, Astra, Stephen Wozniak, James Kosta, Kevin Mitnick, Adrian Lamo, David L. Smith.[10]

There is no doubt that not all hacker activity is legal. In relation to interference with the computer system, guaranteed fundamental human rights and freedoms will certainly be violated.

Possibilities of criminal sanctions in the Czech Republic

As mentioned above, there are a number of actions or attacks that can be classified as hacking (starting with password cracking and ending with a complicated phishing attack that is combined with social engineering and the use of malware).

Actions of a hacker, consisting only in the use of his abilities, due to which he overcomes security measures and gains access to a computer system or its part, can be punished according to Section 230(1) (Unauthorised access to computer system and information carrier) of the Criminal Code. 

In the case of combined forms of attacks, where, for example, malware is used to infect a computer, such action of an offender must also be punished under Section 230 (2) (Unauthorised access to the computer system and information carrier) of the Criminal Code.If the aim of an attack is to gain an unjustified benefit to oneself or to another, or to unjustifiably limit the functionality of a computer system or other technical device for data processing, it is also possible to apply the provisions of Section 230 (3) of the Criminal Code.

Possibilities of criminal sanctions in Poland

The offence of hacking is regulated in Art. 267§1 of the Penal Code.

Whoever without authorisation gains access to information not intended for him, by opening a closed letter, connecting to the telecommunications network or breaking or bypassing electronic, magnetic, IT or other special security thereof, shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.

Breaching electronic security is one of the statutory elements of a crime under Article 267 (1) of the Criminal Code. "Securing an account with a password (code) is an obstacle in gaining access to information by an unauthorised person. Overcoming this obstacle by using an access code by the perpetrator against the will of the authorised person should be treated as a breach of electronic security. The use of such a code (password) by an unauthorised person against the will of the account owner breaks the electronic obstacle protecting access to either a bank account or a user account on an internet portal" (judgment of the District Court in Świdnica of 10 April 2019, reference number: IV Ka 112/19). The hallmarks of this crime include, in addition to „breaking or bypassing electronic, magnetic, IT security, consisting in the removal of special structures, covers, which are used to prevent access to information stored in the system“ the provision also covers the breaking of specific information safeguards other than electronic, magnetic or IT, which means that it is about such safeguards, the removal of which requires the perpetrator to have specialised knowledge or have specialised tools. In any case, breaking the security should cause some difficulties – then it can be assumed that such security is of "special" nature. Breaking the security might be a direct interference with the security system, usually destroying it, or bypassing the security without making any interference in it. For the implementation of the features of Art. 267 §1, it is necessary to break such a security, the main function of which is to protect information against unauthorised access to it. According to the judgment of the District Court in Świdnica of April 10, 2019, reference number: IV Ka 112/19, "the essence of the offence under Art. 267 §1 of the Penal Code is that the perpetrator does not know the security method (e.g. access codes to specific information or the content  of passwords) after applying, taking certain actions (including e.g. deciphering the code or password to access information) or breaks such a special security or special security is avoided. It is not a crime under Art. 267 §1 of the Penal Code "obtaining information for which no protective measures have been taken, unless it consists in connecting to a telecommunications network".

Summarising the above considerations, it follows that according to the judgment of the Administrative Court in Szczecin of October 14, 2008, reference number: II AKa 120/08, "a person does not commit a crime under Art. 267 §1 of the Penal Code if they gained unauthorised access to information without breaking or bypassing a security feature, even if they do so by trickery”. According to the judgment of the District Court in Świdnica of April 10, 2019, reference number: IV Ka 112/19, it follows from the above that "gaining access, without authorisation, to the information referred to in art. 267 §1 of the Penal Code by e.g. using a password provided or previously shared by the aggrieved party, or e.g. a password remembered by a web browser, or leaving the computer with the password for a given account entered and after that logging into the system it cannot be considered a password breach, so the above does not constitute an offence under Art. 267 §1 of the Penal Code". The hacking offence is prosecuted at the request of the aggrieved party.

Possibilities of criminal sanctions in Portugal

In itself, the Illegal access to a computer system is punished (Art. 6(1) of the Cybercrime Law). Moreover, the overcoming of security measures and / or the gain of a non justified gain are not required as objective elements, being considered as aggravated offences (Art.6(3) and (4).

As stated previously, the illegal creation, distribution or dissemination of any computer programme, executable instruction, code or data intended to perform an illegal access to a computer system is penalised as being an Illegal access (Art. 6(2) of the Cybercrime Law.