Incident Response: Research on Software/Hardware Tools Used in Hacking and GDPR Implications

Verified

Added on  2023/06/12

|14
|2704
|205
AI Summary
The report analyzes various hardware and software tools utilized in hacking and highlights various General Data Protection Regulation or GDPR applications. The aim of the report is to investigate the areas of danger on behalf of the users to make it easier for hackers to continue their business after January 2016. The primary objective of this paper is to know the variety of applications and specially designed tools to assist hacking.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: INCIDENT RESPONSE
Incident Response
Name of the student:
Name of the university:
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1INCIDENT RESPONSE
Executive summary
The following report has analyzed research various software and hardware tools used in hacking
considering the Cases took place after January 2016. An improper assessment would make it unable
to prevent hacking attacks from taking place. A demonstration is done on aims and objectives of the
research in considering different hardware and software tools for hacking. Apart from this, the study
also highlights various General Data Protection Regulation or GDPR applications.
Document Page
2INCIDENT RESPONSE
Table of Contents
Introduction:..........................................................................................................................................3
a. Aims and objectives of the research:.................................................................................................3
b. Research on software/hardware tools used in hacking:.....................................................................5
c. GDPR implications:...........................................................................................................................7
Conclusion:............................................................................................................................................7
Future work:...........................................................................................................................................8
References:............................................................................................................................................9
Appendix:............................................................................................................................................11
Appendix 1:.....................................................................................................................................11
Appendix 2:.....................................................................................................................................12
Appendix 3:.....................................................................................................................................13
Document Page
3INCIDENT RESPONSE
Introduction:
Hacking is the identification of weakness within computer networks to systems for exploiting
different inadequacies to retrieve access. The following report analyzes various hardware and
software tools utilized in hacking. This is because information is the most expensive resource for any
business. Its security protects the image of the organization and helps in saving lots of money.
However, the main the objective of the research is to inform people regarding danger in
hacking considering the Case Studies of the incidents that took place after January 2016. The
incidents includes the cases of “Adult Friend Finder”, Under Armour/MyFitnessPal”, “WannaCry
ransomware attack” and “Cybercriminals penetrating Equifax (EFX)” are demonstrated below. Here,
in this study, a discussion is made on aims and objectives of the research on the usage of different
hardware and software tools. Lastly, various General Data Protection Regulation or GDPR
applications are investigated in this report.
a. Aims and objectives of the research:
As it pertains to hardware, the term hacking is commonly misused. There is a growing
necessity in the today’s digital space after January 2016 to know how the existing electronics are
modified to use it. This also includes understanding the enclosure and behaviour of the hardware.
While looking to develop any device, some it is complicated to be aware of where to start. The angle
of attack is also needed to be known and to know the areas for which it has not been designed.
Discussion on chosen Case studies:
Under
Armour/MyFitnessPal
Here about 1500 million people owning MyFitnessPal
applications as owned by “United Armour” witness leakage of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4INCIDENT RESPONSE
personal data. This included passwords, email addresses and
usernames.
WannaCry
ransomware attack
This took place worldwide on May2017 by a cryptoworm. It targeted
computers that were running Microsoft Windows through encrypting
various data. Moreover, it demanded ransom payments in Bitcoins.
Equifax This took place on July 29, 2017 where personal data of 143 million
consumers has got their credit card exposed.
Adult Friend Finder It took place on October 2016 where more than 410 million accounts
were damaged.
As one looks into the hardware section, one needs to approach the area where the hacking
has been depending on and what it tries to do. It is required to know whether someone has been
trying to make that wireless, and what the displays have been and what is needed to be done to get
that to trigger on another device. Every hacker needs a separate viewpoint of attack and it hard to
determine what process is required to proceed as one has never hacked previously. Lastly, it is
necessary to determine the various conventional procedures of hardware hacking and
implementations in which they are utilized.
The internet possesses various downsides and upsides. Hackings are used for malicious
reasons and means to find problems in systems and notify authorities for helping them to fortify
multiple defences better. Hence the aim of the report is to investigate the following.
To find out the areas of danger on behalf of the users to make that easier for hackers to
continue their business after January 2016.
Tools and scripts used in hacking used by the intruders for their purpose.
Document Page
5INCIDENT RESPONSE
To find the methods to stop hacking
Notify the authorities for fortifying defenses better.
The primary objective of this paper is to know the variety of applications and specially designed
tools to assist hacking. Hacking tool is generally for gaining unauthorized access to PC for inserting
worming, suffers, Trojan horses and viruses. It is also needed to know how the hacking program or
tool is designed for helping the hacker. Further, the self-taught prodigy or specialized programmers
who can modify the computer software or hardware external to the architectural design of the
developers.
b. Research on software/hardware tools used in hacking:
As seen from the above sections, that there has been rising concern to identify the hardware,
software and wireless attacks used in piracy since 2016. For example, in the instance of
Cybercriminals penetrating Equifax (EFX) hackers are unable to endorse any particularly. However,
various vendors are selling wireless adapters or external wireless adapters and use real tech chipsets
(Collins, 2018). AirPcap, for instance, is the best as one cracks within Windows since the drivers and
devices have been stable under Windows as in the. Again Real Tech works very smartly on Linux
and Windows through the drivers regarding promiscuous mode within Windows for actual tech
chipsets has been slight flaky. For example, the Appendix 1 section illustrates the working principle
of Hardsploit, which is a Metasploit-like tool used for hardware hacking.
However, individual antennas are not needed. Many smart hackers have chosen that has
come up with stocked with real tech or AirPcap external and often buying one or two directional
antennas for using point straight at an access point. Hence, one can receive better signal strength
Document Page
6INCIDENT RESPONSE
from a vast distance away. However, this not necessarily needed by others. It is seen that faster the
attack gets, less time is required to spend on wireless.
Hackers have been keeping two operating systems handy, For example in the case of hacking
Adult Friend Finder, Windows is chosen since running Wire Shark over Windows is more stable and
usable than on Linux (Whittaker, 2018). For software, Network Monitor works on Windows. This is
a great packet analysis tool and a stable and fast. However, it possesses some challenges regarding
some parsers (Vetter et al., 2017). As per as hardware is concerned, a classic instance in security
audits is using Raspberry Pi with proper battery pack, distribution platform such as Kali Linux and
apps such as Kali Linux together is helpful for pen testing.
Again regarding software, Nikto is a smart choice which is an Open Source or GPL scanner
of a web server. It performs comprehensive tests against various web servers for multiple items
(Jackson, 2016). This includes over 3200 potentially harmful CGIs or Files, version specific issues
on over 250 servers and versions over 620 servers. It was helpful for ransomware called WannaCry
that spread around the world in 2017. Moreover, python programming is useful to develop own
hacking tools. This is demonstrated in Appendix 2 section. The next one is the Nessus remote
Security Scanner when closed and essentially free as identified from the data breach incident at
Under Armour/MyFitnessPal. It works with a framework of client-server. Further, it the most
popular vulnerability scanner utilized on over 75,000 agencies across the globe ("Under Armour
says 150 million MyFitnessPal accounts breached", 2018). The last one that is a useful tool in this
case, is LAN turtle. These type of systems admin and pen-test tools delivers distant access as it is
connected covertly to USB ports. Apart from this, it has been allowing users in harvesting
information from a network and possesses a capacity for executing any middle-man attack. Lastly,
the SDN or Software-Defined Networking is an effective paradigm to create future Internet

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7INCIDENT RESPONSE
architecture (DiMase et al., 2015). DELTA is regarded as the initial security evaluation framework
for SDN. To understand the framework more effectively, Appendix 3 can be seen.
c. GDPR implications:
GDPR or General Data Protection Regulation has been able to replace “UK Data Protection
Act” and has been impacting business that processes various personal customer data. As per as
GDPR directive, personal data denotes to the info formation related to a person like upgrades on
social networking websites, computer IP address, location details and so on (Macenaite, 2017). This
latest protection law puts consumers in driver’s seat and the task to comply with regulation falling on
organizations and business. GDPR, in short, applies to every business established at UK instead of
whether the data processing has been taking place in EU or not. As the company provides services
and goods to citizens in the UK as it is subjected to GDPR.
Every type of agencies working with personal data must be appointed to data protection
officer or data controller who has been in charge of the GDPR compliance (Spindler & Schmechel,
2016). There has been a severe penalty for the business who never complies with GDPR fines that
are up to 4% of yearly worldwide revenue. Various companies have been thinking that GDPR is
only a problem with IT. However, it is very much away from reality. This comprises of a wide-
sweeping implication for the overall company. This includes the process the companies has been
handle marketing and performing sales activities (Bieker et al. 2016).
Conclusion:
Thus to continue the research from the perspective of a consultant or security researcher and
social engineering and various other tools various aspects are to be considered. Of this importance
must be given to understand attackers who have been penetrating into the targeted system. The
Document Page
8INCIDENT RESPONSE
research has shown that data is a valuable currency in this world. However, for further progress it
must be kept in mind that GDPR has been creating challenges and problems for business apart from
creating opportunity. In future, organizations that have been showing that they have been valuing the
privacy of people alone from being legal compliance should build more profound trust and have
more loyal customers. This must also include the business that has been transparent regarding how
data is utilized, designing and implementing improved and new ways and controlling customer data
across the entire life-cycle.
Future work:
As primary software and hardware gets developed under corporate environment and closed-
source negotiating power of marginalized social users and groups are diminished sufficiently.
Different forms of counter-mobilization and reactive efforts might appear in future. This might also
have a vital efefc6. However, these kinds of reactive efforts are been constrained through technical
codes. These are built to technologies through those in power. Fort the future open source world, the
actors would comprise of more degree of freedom. This has been allowing proactive modification
and shaping of technologies including use and design. The future engineers should look at the
products from the attacker’s perspective. Thus they need to consider benefits from cyberattacks and
understand how to make the attacks more costly.
Document Page
9INCIDENT RESPONSE
References:
Ateniese, G., Mancini, L. V., Spognardi, A., Villani, A., Vitali, D., & Felici, G. (2015). Hacking
smart machines with smarter ones: How to extract meaningful data from machine learning
classifiers. International Journal of Security and Networks, 10(3), 137-150.
Bieker, F., Friedewald, M., Hansen, M., Obersteller, H., & Rost, M. (2016, September). A process
for data protection impact assessment under the European general data protection regulation.
In Annual Privacy Forum (pp. 21-37). Springer, Cham.
Collins, K. (2018). Equifax stock is plummeting after it announced a massive hack affecting 143
million US consumers. Retrieved from https://qz.com/1072476/equifax-efx-stock-is-
plummeting-after-the-company-announced-a-hack-affecting-143-million-us-consumers/
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for
cyber physical security and resilience. Environment Systems and Decisions, 35(2), 291-300.
Hacking Tools with Python: Part 1. (2018). InfoSec Resources. Retrieved 18 April 2018, from
http://resources.infosecinstitute.com/writing-hacking-tools-with-python-part-1/#gref
HardSploit.io | Hackaday.io. Retrieved 2018, from https://hackaday.io/project/4837-hardsploitio
Jackson, D. (2016). HACKING: Ultimate Beginner's Guide to Computer Hacking in 2016 Hacking
for Beginners, Hacking University, Hacking Made Easy, Hacking Exposed, Hacking Basics,
How To Hack, Penetration Testing.
Macenaite, M. (2017). From universal towards child-specific protection of the right to privacy
online: Dilemmas in the EU General Data Protection Regulation. New Media &
Society, 19(5), 765-779.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10INCIDENT RESPONSE
Peerlyst. (2018). Peerlyst.com. Retrieved 18 April 2018, from https://www.peerlyst.com/posts/sdn-
security-evaluation-framework-delta-cyberpunk
Spindler, G., & Schmechel, P. (2016). Personal Data and Encryption in the European General Data
Protection Regulation. J. Intell. Prop. Info. Tech. & Elec. Com. L., 7, 163.
Under Armour says 150 million MyFitnessPal accounts breached. (2018). Retrieved from
https://www.reuters.com/article/us-under-armour-databreach/under-armour-says-150-
million-myfitnesspal-accounts-breached-idUSKBN1H532W
Vetter, J., Almgren, A., DeMar, P., Riley, K., Antypas, K., Bard, D., ... & Hack, J. (2017). Advanced
Scientific Computing Research Exascale Requirements Review. An Office of Science review
sponsored by Advanced Scientific Computing Research, September 27-29, 2016, Rockville,
Maryland. Argonne National Lab.(ANL), Argonne, IL (United States). Argonne Leadership
Computing Facility.
Whittaker, Z. (2018). AdultFriendFinder network hack exposes 412 million accounts. Retrieved
from https://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-
million-users/
Document Page
11INCIDENT RESPONSE
Software:
To secure that:
Security Products ( Firewall, Antivirus, IDS)
Security tools (Audit, Pentest)
Tools (Uncountable number of them)
Hardware:
To secure it:
Few or unimplemented solutions
User
Appendix:
Appendix 1:
Figure 1:“Hardsploit answering the question is hardware the new software?”
Source: (HardSploit.io | Hackaday.io", n.d.)
Document Page
12INCIDENT RESPONSE
Appendix 2:
Figure 2: “Building Own Hacking Tool in Python, (Getting a Shell)”
Source: ("Hacking Tools with Python: Part 1", 2018)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13INCIDENT RESPONSE
Appendix 3:
Figure 3: “DELTA - SDN Security Evaluation Framework”
Source: ("Peerlyst", 2018)
1 out of 14
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]