Hacking

Ultimate Hacking Bundle: 2

Manuscripts: Hacking For Beginners,
Tor Browser
 This Book Includes:

Hacking For Beginners: Learn Practical Hacking
Skills! All About Computer Hacking, Ethical
Hacking, Black Hat, Penetration Testing, And Much
More!

Tor Browser: Secrets of the Deep Web, How to Stay
Anonymous Online, and Surf the Web Like a Hacker
 Hacking for Beginners
Learn Practical Hacking Skills! All About Computer
Hacking, Ethical Hacking, Black Hat, Penetration
Testing, And Much More!
 Copyright 2017 - All rights reserved.
The contents of this book may not be reproduced, duplicated or transmitted
without direct written permission from the author.

Under no circumstances will any legal responsibility or blame be held against
the publisher for any reparation, damages, or monetary loss due to the
information herein, either directly or indirectly.

Legal Notice:
You cannot amend, distribute, sell, use, quote or paraphrase any part or the
content within this book without the consent of the author.

Disclaimer Notice:
Please note the information contained in this document is for educational and
entertainment purposes only. No warranties of any kind are expressed or implied.
Readers acknowledge that the author is not engaging in the rendering of legal,
financial, medical or professional advice. Please consult a licensed professional
before attempting any techniques outlined in this book.

By reading this document, the reader agrees that under no circumstances are is
the author responsible for any losses, direct or indirect, which are incurred as a
result of the use of information contained within this document, including, but
not limited to, errors, omissions, or inaccuracies.
Table of Contents

Introduction
Chapter 1 What is Hacking
Chapter 2 Why do Hackers Hack?
Chapter 3 Types of Hacking
Chapter 4 White Hat Hacking or Ethical Hacking
Chapter 5 Skills youll need to become an Ethical Hacker
Chapter 6 Password Cracking
Chapter 7 - Understanding Computer Viruses
Chapter 8 Hacking Wireless (Wi-Fi) Networks
Chapter 9 Denial of Service Attacks
Chapter 10 Hacking Web Servers
Chapter 11 Penetration Testing
Chapter 12 Cyber crime
Conclusion
 Introduction

Hacking is a word that one often finds in the tabloids, newspapers, the Internet
and countless other places. There is a lot of news about hackers doing this or that
on a daily basis. The severity of these activities can range from accessing a
simple household computer system to stealing confidential data from secure
government facilities.
As such, it piques the interest of a curious mind to know about hacking. Many of
you might be wondering about the basics of hacking, while others among you
might actually want to try it out for yourself.
However, with the amount of complexity involved, be it legal or technical, it
becomes essential to have a foundational knowledge on the matter before trying
anything out without planning.
This book will serve as a guiding tool for you to understand the basics of the
subject and slowly build up a base of the knowledge that you need to gain. You
will be made aware of several aspects of hacking, and you will find the
knowledge in here fascinating. Therefore, put on your curious glasses and dive
into the world of hacking with us now.
We will discuss everything from the basics of ethical hacking to all you need to
know about WiFi password cracking. It should be kept in mind that to
understand the concept of ethical hacking, you should be able to know all about
black hat hacking and how it is done. Only then is it imperative to understand
what steps you could take to stop it.
Therefore, the study of white hat hacking and black hat hacking goes hand in
hand. The only difference between the two is: being granted written permission
by the system owner before you start hacking his system.
Lastly, I want to emphasize that how you use this book is solely up to you, and
you will bear the consequences. I cannot stress this enough that any attempt at
hacking should only be made with the complete authorization and permission of
the owner of the system. Therefore, make sure that you have the consent of the
owner before you go ahead and shoot your canons in all directions.
Hacking into any computer, without authorization, or accessing personal data
without permission and sharing it with third parties can put you behind bars.
 Chapter 1 What is Hacking

Before starting out with actually learning to hack, let us first get the hang of
what hacking means in the most basic sense?
The term hacking and hacker have various interpretations according to
various sources. In an ideal sense, the term hacker was used to define a person
who was very skilled in the art of computer programming. This was a person
who would use his programming knowledge to solve complex computer
problems.
However, with the advent of computer technology, the term hacker began to
adopt a more negative sense. Nowadays, hacker is a term that is commonly
used for a person who uses his deep knowledge and understanding of computers
to exploit the weakness of various systems and gain access to them.
This act of exploiting the bugs and weaknesses of various computer systems is
termed as hacking.' As you might have guessed, if you are gaining access to a
system without the authorization of the owner of that system, it is illegal no
matter where you are. Therefore, in the common eyes of people who are
unaware of the different types of hacking, the term is seen in a very negative
manner and is always assumed to be illegal.
These hackers who exploit the vulnerabilities of systems through bugs are also
termed as security hackers,' to create a demarcation between the original
meaning of the term hacker that was used to denote good computer
programmers. In the general discussion of this book, we will refer to all security
hackers as hackers for the sake of brevity and understanding.
However, as you will learn by browsing through the pages of this book, this is
most often not the case. There are different types of hacking, and while some
might lead to you being behind bars for an eternity, there are others which might
lead you to have a big mansion to yourself and being on the payroll of some big
IT brand.
It all depends on why the hacker wants to hack a system. Therefore, it is
important to understand the reasons for which hackers hack the system, and
therefore classify the hacking based on that criterion.
When you are starting out with hacking, you should first of all, ask yourself why
you wish to learn it, and whether you will be using it for good or for bad reasons.
Remember that if you will be using it for illegal purposes, remember the
consequences of that. You could be behind bars for a long time (some actions
even give out life sentences in some countries if you harm the countrys
government confidential data).
Therefore, when it comes to hacking, make smart decisions. It is indeed cool to
know it all and try it all. However, who you try it on should know about it, and
you should have the written consent of that person. They might even pay you for
trying it, so it would still end up being pretty awesome for you.
 Chapter 2 Why do Hackers Hack?

If you have read about various hacking incidents that come up in the newspapers
or on the Internet, you will realize that all those incidents are somewhat
unrelated and generally carried out by varying intentions. Therefore, the reason
as to why do hackers hack depends upon the particular hacker and what is he
looking for.
As you might already know, the major reason for hacking is generally money.
However, there are other reasons present which can be quite important as well.
In general, the major reasons for which hackers hack include the following:

1. Profit: This is one of the most prominent reasons as to why hackers hack.
The hacking might profit them in one way or another.
Some of the hackers who work for their profit might not fall in the illegal
zone. For example, a hacker might be on the payroll of an IT company to
exploit the weaknesses in their OWN systems. Hackers get paid very well
through opportunities like these. However, it doesnt mean that the hacker
would be doing anything unethical.
However, there are many hackers who focus on personal profits so much
that they do not mind resorting to illegal methods for that; for example,
hacking someone without authorization to retrieve personal information
about the user, which can help the hacker in stealing the funds of the user.
This is quite unethical and frowned upon. Needless to say, something like
this can get the hacker behind bars.

2. Accessing data:
Accessing someones private data is another purpose of hacking. Hackers
access the systems without authorization to find files and data in that
system and use it for their own motives.
These files may be used for purposes such as pirating, or for the personal
knowledge of the hacker alone. Some hackers tend to make profits by
selling this data to other customers interested in it.
Note that this type of hacking is totally legal, as the hacker is accessing the
 owners system without his permission.

3. Passion:
Some hackers simply operate out of a passion for technical knowledge.
They have a deep love of computer science and networks and find it
amusing to perform activities such as these.
If done out of passion, a hacker can also find reputable jobs in the IT
industry and earn a living doing it. However, even if a hacker is hacking
out of passion, hacking into a system without the authorization of the
owner is still considered illegal.

4. Political and Religious Views:
Hackers also operate on the payroll of various governments, trying to
access information and data vital to that countrys government. This type
of hacking, although it is not punishable by the government, is still
frowned upon on a global level.
Even if not employed by a government, sometimes the hackers operate due
to their own political or nationalist sentiments. Various hackers find
hacking a good way (a good way for themselves) to spread their religious
propaganda. They accomplish this by targeting the websites that speak
against their religion. Or sometimes they keep spreading their word
through popular websites with weak security.
You should realize that even if you are spreading a positive message
through hacking and you do not have the permission of the owners of the
computer system, it is still considered illegal and will put you behind bars.

5. Vandalism:
Some hackers practice hacking to break down websites or slow down the
network. Such activities include DDoS attacks or putting down servers,
thereby affecting the normal functioning of websites or the Internet.
This type of hacking is highly illegal as well and can get you a long jail
sentence as well.

6. Security:
 Hacking is also done to improve the security of systems. In such types of
hacking, the hacker has the permission of the owner of the system, be it a
company or an individual owner. The hacker exploits bugs and
vulnerabilities in the system and works to remove them, thereby improving
the security of the system.
Some companies like Google even host competitions where hackers find
ways to breach their system or products, and if they are able to do so or
find bugs in the system, they are given prizes by the company.

Based on these types, hackers can be easily put in various categories. We will
study the types of hacking in the next section.
 Chapter 3 Types of Hacking

Now that we have studied the various purposes due to which hackers hack, we
can easily classify the hackers into different types. We will summarize these
types in this chapter, and study them in detail in the chapters to come.

The various types of hacking are:

1. White Hat Hacking:
This type of hacking is also called ethical hacking. As the name suggests,
this type of hacking is completely legal and done with the consent of the
owner of the system.
In white hat hacking, the hackers aim to fix the weakness of the system by
finding the bugs and vulnerabilities in the system.
These hackers might be on the payroll of the company or be participating
in some competition employed by the company.

2. Black Hat Hacking:
This type of hacking is also known as cracking. As the name suggests, this
type of hacking happens when the hacker cracks into a system without the
permission or authorization of the owner.
It is a highly illegal activity. The intention of such hackers might be to
steal the important data of the system, infringement of private rights of the
user, using the bank information on the system to transfer money for
personal gains, etc.

3. Grey Hat Hacking:
This type of hacking is in between white hat hacking and black hat
hacking. In this hacking, the hacker gains access to the system without the
permission of the owner. However, all the weaknesses that are found by
the hacker are reported to the owner by the hacker so the owner can
 improve his systems.
Though these are the major types of hacking, there are other minor sub branches
as well that you might want to know about.

4. Script Kiddies: Script kiddies are people who do not have deep knowledge
of computer systems and networks like most hackers do. However, they
tend to use the already made programs and scripts to gain access to
systems or do unauthorized activities in computers and networks. Even
though they did not create the programs, using them without authorization
for hacking activities can still land them behind bars.


5. Hacktivists: Made by combining the terms hackers and activists,'
Hacktivists are the people who turn to hacking to propagate social or
political messages. This is commonly done by gaining access to websites
and altering their content, either putting something that propagates their
agenda or removing something that voices against it.


6. Phreaker: Though not exactly about computer systems, phreaking is still
considered a type of hacking. Phreakers are people who exploit the bugs
and vulnerabilities in telephone lines and take advantage of that. The act is
called as Phreaking.

As it is evident, the white hat hackers are the most respected people in the
technical community. Even though they have the power to exploit systems and
use the vulnerabilities for their own selfish gains, they do that with the
permission of the owner and let the owner know about the weak points.
This enables the owner to fix the weak spots before any hacker can hit them.
Therefore, they pay ethical hackers quite well.
Hence, being an ethical hacker is making the best use of your skills. It is
completely legal (if you fulfill the requirements mentioned in the ethical hacking
section), and it definitely gives you decent pay.
All the other types of hacking that are listed above can get you behind bars. Even
hacktivism is not an exception. It would still be illegal to hack someone to
spread a positive message if you are hacking someone without his or her
permission.
 Chapter 4 White Hat Hacking or Ethical Hacking

As mentioned earlier, White Hat hacking is the type of hacking whereby hackers
are employed by the company to enhance the security of systems by removing
bugs and vulnerabilities. Since this type of hacking has total authorization, it is
known as ethical hacking as well. The hackers who participate in this type of
hacking are called white hats or ethical hackers.
Not only it is a completely legal practice but, in fact, these white hats get paid
quite well by the companies for testing their systems. This is due to the deep
knowledge the hackers have about networks and computer systems.
Also, this type of hacking makes sure that other hackers with unethical motives
cannot attack the system of the company.
The term white hat and black hat comes from the Hollywood films that were
based on Cowboys where the good cowboys used to wear white hats,' whereas
the evil ones would fight wearing a black hat.
The term ethical hacking was created by IBM, to diversify it from the general
opinion of hacking as viewed by the public in a negative sense.
While a major part of ethical hacking focuses on penetration testing (about
which we are going to learn later), there is a wide variety of other things that are
included as well.
To understand white hat hacking, let us first understand the concept of security
threats that are present in a computer.
To be an ethical hacker, you must comply with the following mandates for an
ethical hacker:
1. You should have permission in written form from the owner of the
corporation or the computer system that you are trying to penetrate or test
before you actually carry out the activity.
2. You need to always protect the privacy of the corporation that you are
hacking. This means that any data that you attain through your hacking
activities cannot be given out to any third party or the general public.
3. You need to tell the owner of the computer system about all the bugs,
 vulnerabilities, and exploits that you find in the system with complete
transparency.
4. If there are any weaknesses that you find out in the hardware components,
you need to report them to the manufacturer of that hardware component.
5. If there are any weaknesses that you find out in the software components
of the computer systems, you need to report those weaknesses to the
software vendors.

Need for Ethical Hacking
Ethical Hacking is not a comfort, but a dire need for companies. This is
especially true for companies that deal with money or confidential information,
like PayPal, government websites, defense websites, etc.
The major reasons why companies need ethical hacking are:
1. Protect their information:
Ethical hacking is required for the companies to protect the information on
their computer systems or networks. This information could be the
information of the company or user information. Hackers could exploit the
web sites or computer system of the company and make use of the
information for their own gain.
Therefore, companies need to hire ethical hackers so they can fight against
these issues and protect the company from any frivolous activities.

2. Keep the systems running:
With the DDoS and DoS quite common nowadays, it is possible for
hackers to slow down the company websites or crash them completely.
Even a few minutes crash in a companys website can make them lose a
huge chunk of money.
Therefore, ethical hackers put up proper preventive measures on the web
servers and operating system so companies can fight these attacks really
well.

3. Keeping the money safe:
There are various websites like money transfer services and e shopping
websites that deal with the bank information and credit card details of the
 users. If a hacker gets a hold of this information, they could steal the
money of the users and put them up in their accounts.
Therefore, companies need to hire ethical hackers to create walls around
their user information that hackers cannot climb.
Security threats
Firstly, let us put a definition to the term security threat that can clear our
understanding on the topic. What is a security threat?
A security threat is basically a vulnerability that can endanger the computer
system or the organization that owns it. It could be tangible or intangible. A
tangible security threat would involve physically stealing the computer or any
data drive with vital information. An intangible attack would be someone using a
virus or a malicious program to access the data of the system or a drive remotely.
Let us summarize these two threats in detail.
1. Tangible Computer Threats:
Tangible computer threats involve the threats where the computer system
is physically affected, resulting in the loss or theft of data. These tangible
threats can be divided into three categories:
1. Internal tangible threats:
The internal tangible threats are the threats that are caused by a hazard in
the immediate environment of a computer system. These include a fire
hazard, electric short circuit, damage due to humidity, etc.
2. External Tangible threats:
External, tangible threats involve the security threats that come from
outside the immediate environment of a computer system. These threats
could be flooding, lightning, quakes, volcanic eruptions or any such
natural disasters.
3. Human Tangible Threats:
The human, tangible threats include theft of a computer system,
destruction of computer property due to vandalism, accidents (like spilling
coffee over the system), etc.
The tangible security threats are easy to avoid. However, they cannot be
completely eliminated (you cannot stop an earthquake from happening, but you
can minimize the damage). Here are the steps that can be taken to avoid tangible
security threats:

1. Internal tangible threats can be avoided by taking precautionary measures.
Threats such as fire could be confronted by installing fire extinguishers in
all environments that contain the computer systems. Short-circuiting can
be countered by using voltage stabilizers and power backups. To control
the moisture in the air, air conditioners can be employed.
2. External threats can be countered to reduce the damage in case of natural
disasters. Lightning protectors can be used to minimize the damage caused
in case of lightning. To protect the computer systems against flooding,
locations can be chosen where the chances of floods are negligible.
3. Human, tangible threats can be eliminated by using physical security
measures like CCTV cameras, restricted access doors, surveillance, etc.

Now let us study about Intangible security threats, which will be the focus of the
hacking section.
2. Intangible Security Threats:
Intangible security threats are also called logical threats, as these are the
threats that employ logical operations and knowledge of computer
systems. These thefts might not generally cause any physical damage to
the computer system, but they can cause the loss or theft of data, which
can be even more dangerous than any physical damage.
The intangible security threats can lead to:
1. Theft of data
2. Loss of data
3. Disabling of computer systems
4. Disruption in the normal operation of businesses
5. Complete breakdown of websites
6. Unauthorized surveillance of computer systems
7. Unauthorized access
8. Many other illegal activities
Commonly, tangible security threats are made with the help of scripts, software,
and programs that penetrate the security levels of the systems by exploiting
various bugs and vulnerabilities. These threats commonly include:
Trojans
Malware
 Viruses
DDoS
Phishing
Worms
Key Loggers
Accessing computer systems without authorization
And much more

Generally, the steps taken to counter these intangible threats are by employing
the following security measures:
1. Programs such as malware, Trojans, viruses are countered by using anti-
virus software. Further, in addition to this software, organizations
minimize the risk of these attacks by regulating the external drives that are
connected to the systems by the users. These drives are a common way of
spreading these attacks. Therefore, by minimizing or avoiding the
connection of external drives or the downloading of suspicious data from
the Internet, these threats can be easily countered. Sometimes these threats
can be automatically downloaded by visiting websites that load harmful
data into the computer system. Hence, access to such malicious websites
should be blocked as well.
2. To restrict the access to computer systems without proper authorization, it
is important to use access codes that allow only certain users to access the
system. These access systems consist of usernames and passwords that
enable a user to access the system on a level the organization wants him to
use. Other access codes could include biometric scanners, access cards,
etc.
3. There are many other security measures that detect an intrusion or
presence of a threat in a system that can be employed by the company to
increase their security.
 Chapter 5 Skills youll need to become an Ethical
Hacker

After reading about ethical hacking, you might have learned how interesting it
can be to remove these intangible security threats from a system. However, if
you want to accomplish this, there are some skills that you might require. Of
course, it is not a childs play to break into a system. And prohibiting someone to
break into a system is even harder.
However, there are not many things you need to learn to become an ethical
hacker. What you need to learn depends on which field of ethical hacking you
are interested in (yes there are many fields in ethical hacking itself).
The most important tool required of an Ethical hacker is knowledge of
Programming Languages.

Programming Languages
Since a computer is a machine that doesnt understand the language that we
speak, we need to give commands to a computer in a language that it speaks.
These languages understood by the computer are called programming languages
and are used to design programs, scripts, websites, operating systems, and every
aspect of the computer that we use or see.
Hackers need to have a strong grasp of these programming languages. Here is
why:
Hackers need to solve the problems that are encountered by computer
systems. These problems are solved by employing programs that find
errors and troubleshoot them. The development of these programs requires
the knowledge of programming languages.
Programming languages help speed up operations that would generally
require a lot of time if done manually. For example, if you are filling data
in an excel file that is a thousand columns long, it can take you many
hours or even days. However, if you create a program to do so, it will only
take a few minutes.
 If you are testing an application for its working and bugs, every aspect
of the application cannot be tested manually since there are infinite lines of
coding in it. However, programs can be created which can detect the errors
automatically and present it in front of a hacker.
Programs save precious time for the hacker by avoiding the need to
start from scratch. The hacker can pick up an existing program and just
tweak it a little to suit his needs. That way a lot of precious time and
resources are saved.
Which Programming languages does the hacker need?
There are countless programming languages that are in use today. To name a few
are C, C++, HTML, JAVA, Python, Android, etc. Each language has its own
study and structure. As it is not feasible to learn all the languages, it is obvious
that one would ask himself which language he should learn.
The choice of the language depends on the type of system and platform the
hacker is going to use. For example, while many programming languages are
used to write windows based programs, it would be futile to use one such
language when you are going to be working on Linux based systems.
The following programming languages can be very useful for hackers.

1. HTML:
HTML is also called Hyper Text Markup Language.' HTML is a language
that is used to design web pages. Basically, most of the information seen
over the Internet is the brainchild of HTML. It can be used on any
platform, be it Windows, Linux, or Mac.
HTML is crucial to Internet hacking. There are many websites that employ
the use of forms that collect the data of the user. If someone is able to
fully understand HTML and exploit its weaknesses, one can easily get
crucial information from the Internet. Therefore, an ethical hacker needs to
have a strong grasp of HTML.

2. JavaScript:
JavaScript is a script executed in the web browser window of a client. It is
employed to display the saved cookies as well as perform scripted actions
on the web page. It is a cross platform language and works on any
 operating system. Hackers use it for the purpose of web hacking.

3. PHP:
PHP is a server side scripting language and differs from JavaScript, which
is a client-side scripting language. It is the most common Internet
programming language. It can be used for the processing of HTML data as
well as managing other customized commands. Hackers can use this
language to modify the settings of a web server, and thereby make it prone
to web attacks. It is a cross platform language as well.

4. SQL:
SQL is a language that is used for the communication between a web page
and a database. It is commonly used for web hacking, as hackers employ a
tool called SQL injections that can bypass the weaker login algorithms of
various web pages, thereby gaining unauthorized access. They can be used
by a hacker to delete data from the database. It is a cross platform
language as well.

5. High-Level Programming Languages:
These languages include Python, Perl, Bash and Ruby. These languages
are used for building various high-level scripts as well as automation tools
for the servers. A hacker skilled in these languages can use this knowledge
to alter the functioning of these tools as well. All of them are cross
platform programming languages.

6. C and C++:
C and C++ are used to write codes for the systems that can help in
exploiting the vulnerable parts of the system. These languages are used to
develop common system codes, and hence the knowledge of these can
help in altering the existing codes. They are a cross platform language as
well.

7. Other Languages:
 Other languages include Java, Visual Basic, VBScript, etc. These
languages are commonly used to develop system programs, and hence can
be used by hackers to create programs that compromise the security of a
system.

Additional Skills:
Besides these basic programming skills, a computer hacker requires many other
skills to have a deep understanding of the matter. A few of these are:
Internet and search engines: A computer hacker should have a good grasp of
how the Internet and search engines work. He should be able to search out what
he wants so that he can collect the information he wants effectively.
Linux: Linux is an important operating system that a hacker should be familiar
with. It is a command based system, and a good hacker should be familiar with
basic Linux commands.
Patience: A good hacker should be patient. Hacking is not a magic trick and
involved lot of hard work, and a lot of time is consumed as well. Therefore,
patience is the key.
Practice: Like most things in life, it takes practice to master the art of hacking. A
good hacker is always on screen, trying to crack his way into the digital world.
He is always in search of knowledge and keeps on trying new tips and tricks as
he finds them.
 Chapter 6 Password Cracking

Password Cracking, as the name suggests, is a trick used to crack the password
of a user to gain access to his system without his authorization. While there are
some hacking tricks that enable the hacker to bypass the password algorithm
altogether, the password cracking aims at the hacker finding out the correct
password for the system.
There are a number of methods that can be done to accomplish this. Some of
these methods will be discussed in the coming section. But let us first understand
the strength of a password.

Password Strength
Password strength is an indicator that tells the efficiency of a password in
resisting password cracking attempts. You must have seen this indicator several
times while creating accounts on various Internet websites.
The password strength indicator depends upon:
1. The length of the password: This means the number of characters that are
present in a password. The longer the length, the harder it is to break the
password.
2. Complexity: The various combinations of letters, numbers, and special
characters that the password has. More complex passwords are harder to
break.
3. Predictability: It means how easily the password can be guessed.
Passwords with common dictionary words can be easily guessed.
Therefore, uncommon passwords are better. The lesser the predictability,
the stronger the password.
For example:
user is a poor password.
user1234 is a weak password
user 2415 is a good password
@user2516 is a strong password

Various Cracking Techniques
Now let us discuss the various cracking techniques that hackers use to crack
their passwords. These techniques are easier than you might have thought on the
first attempt.

1. Dictionary attack:
Dictionary attack comprises of trying out the common dictionary words
(or passwords from a specified list). Each password is entered one by one
as the user password. This method is less efficient, as most user passwords
arent that common.
2. Brute Force Attack:
Brute force attack involves systematically combining various alphabets,
numbers, and characters to find the password for the system. It uses
various algorithms to try putting in various combinations of the
alphanumeric characters one by one until every possible combination is
exhausted or the password is cracked.
This method can take a long time to crack the passwords. However, it can
surely crack a password if a user has the time. It is because it will try every
possible password that is possible.
3. Guessing the password:
It is another common method used for cracking passwords. In this method,
the hacker tries the passwords that are most commonly used. If the hacker
knows the owner personally, a password can be guessed based on the
knowledge about the user. Passwords like user,' admin,' 12345678,
password,' etc. are very common passwords and easily guessable. Hence,
all users are strongly discouraged from using these.
4. Spidering:
Many organizations often keep passwords that are related to the
organization itself. These passwords are not very complex and can be
found by using the organizations information. Hackers can gather this
information from the websites of the company, their social media pages,
etc. and create a long list of possible passwords. Then these passwords can
be tried one by one to penetrate the system.

Software Used for Cracking Purpose
There are several software programs on the market that assist users with
cracking any passwords automatically. These software employ dictionary attack
tactics and the brute force attack tactics to penetrate into the system without
authorization. These speed up the process of cracking as the hacker does not
have to manually type in the password for the system.
Some common password cracking tools include:
Jack the Ripper: Jack the Ripper is a command prompt based software
used to crack the passwords. You can use this software only if you are
familiar with commands and command prompt. The software makes the
use of a word list to access the password. You can use the
program free of cost. However, the word list commonly comes at a price.
There are alternative word lists that can be downloaded free of cost.
Cain & Abel: Cain and Abel is a Microsoft windows based software. It
is commonly used to access user accounts and crack their passwords.
Contrary from Jack the Ripper, Cain & Abel uses a GUI (Graphical User
Interface). No commands are needed whatsoever. Therefore, someone
without much knowledge of hacking can use the software as well.

How to avoid Password Cracking
In order to save yourself from password cracking, there are some simple
measures that can be taken by an individual or an organization. Some of these
measures include:
1. It is never a good idea to keep simple dictionary words as passwords.
2. The password should not be a generic word such as user,' password,' etc.
3. Passwords which can be predicted or whose pattern is guessable should
not be used. For example, passwords like 11223344 or 12345678 are
bad passwords.
4. The database where the passwords are stored should be properly
encrypted.
5. Nowadays, the password strength indicators are quite popular. Make use of
these indicators to create the password.
6. It is a good idea to have upper and lower-case alphabets, numbers, and
special characters together in a password for creating a strong password.

 Chapter 7 - Understanding Computer Viruses

You might have heard of malicious programs attacking computer systems across
the world and compromising their data security. Well, these programs are
basically designed by hackers to access remote systems or steal their data, or
maybe just for keeping an eye on them.
Viruses is a general term used by the media as well as the laymen for these
malicious programs. While viruses are a major part of them, the whole segment
of these programs comprises of other malicious programs as well. Let us take a
look at them one by one:

Trojans
A Trojan, or a Trojan horse, is a program that gains entry into a computer system
and allows the hacker to take control of that system remotely.
For most of the people who do not know, the name Trojan Horse comes from the
ancient Trojan War where the Greeks used a wooden horse to gain entry into the
walled city of Troy. This horse was called Trojan Horse and led to the
destruction of the entire city from the inside.
Similarly, a Trojan horse is something that you should be scared of. The most
dangerous thing about Trojan horse is that it is hard to detect when it is entering
a system. The Trojan horse usually appears as something that is vital for the
computer system, like an important program or a driver.
However, once a Trojan horse is installed, your system is compromised. A
hacker can do anything with the help of a Trojan horse. It could be installing
backdoors into your system, or download any data or malicious programs that
the hacker wants to download in your system.
Some of the major tasks that can be accomplished (and are commonly
accomplished) using Trojan horse are:
Damaging the computer system. The effects of this could be repeated
crashes of the system, blank display with just a blue screen, freezing, etc.
Stealing of confidential data can also be accomplished using Trojan
 horse. This data could be passwords, bank information, credit card details,
etc.
Trojan horse can also modify or erase the files that are present in the
system, resulting in loss of important data.
Using the Trojan horse, a hacker can make the system a part of a DDoS
attack on a web server.
Trojan horse can also help the hacker in stealing the money of the
owner by making bank transfers through his system.
Using this malicious program, a hacker can make a note of all the keys
that the user is pressing. This data can enable him to attain user ids,
passwords, and other personal details of the user that are not meant to be
shared.
The hacker can view the screen of the user, as well as screenshot his
screen to keep an eye on him.
A hacker can download the history of the web browser of the user,
thereby knowing the websites the user has visited.

Worms
Worms are very harmful programs like the Trojan horses. However, they
function differently. They propagate through the system and try to replicate
themselves as much as they can. They even find ways to get copied from one
system to another system in a network.
By using worms, a hacker can accomplish the following tasks:
The primary purpose of worms is to install backdoors on the target
systems. These backdoors are like an entryway into the computer system.
They can be used to do distributed denial of service attacks on the servers.
These can also be used to send spam emails from the computer system and
all the systems that it affects.
Worms keep on propagating by copying themselves. By doing this, they
tend to slow down the entire network by taking a lot of the bandwidth for
themselves.
Worms can also install various malicious programs into the computer,
like other worms, Trojan horses, etc.

Viruses
Viruses are malicious programs that get attached to the various programs and
files that are used by the target system. They keep on running all the time and
hence consume a lot of memory of the computer, as well as its CPU usage. The
programs or files that the virus attaches it to are termed as infected.'
It works in a similar fashion as the biological viruses, which tend to get attached
to the normal cells of the human body and eventually alter the bodys function.
As a result, people tend to fall sick. Similarly, a computer virus can cause the
sickness of a computer.
The viruses not only hide well, but they would appear so alluring that you, as a
user, would be tempted to open them. It might be a document in your mailbox
that seems important or essential data on your flash drive. Once the infected
program is run, the virus code starts up.
With a virus, a hacker can accomplish the following tasks:
Getting access to the confidential user data such as his user ids and
passwords.
Destroying the data present in the system
Corrupting the system data and drives
Send messages or advertisements to the user
Keep a log of the keys that the user presses

How to Combat These Malicious Programs
As an ethical hacker, not only is it important to understand about these programs,
but you should also know how to tackle them. The following measures are
essential in dealing with these programs:
The primary step to follow is to install a good anti-virus software on the
computer system. Anti-virus checks all the potential threats automatically and
protects the computer system from most vulnerabilities.
Organizations often create policies that disallow the users to download or visit
websites that might download any unneeded files from the Internet. These could
be any games, toolbars, email attachments, or any programs that are not
required.
Any flash drives or secondary storage device that is ever attached to the
computer system should be scanned nicely. External storage devices are a
common way of propagating the malicious programs. Hence, it should be made
sure they dont have a virus before you open them.
It is a good idea to back up important data. Even if there is an attack of a
malicious program that corrupts the file system, the backup will ensure that data
is not lost. This backup should be done on read-only devices, such as a CD or a
DVD, so that virus cannot affect these drives.
It is always a good idea to keep your system updated to the latest version. Most
malicious programs tend to exploit the system vulnerabilities, therefore keeping
your system updates makes sure that the vulnerabilities are not present.
Companies roll out updates with the same motive.
All email attachments should be checked before opening or downloading. It is a
good idea to download attachments from known sources only. And if something
seems important enough to download, remember to scan it with your anti-virus
software.
 Chapter 8 Hacking Wireless (Wi-Fi) Networks

With wireless technology owning the markets, Wi-Fi networks are a common
trend today. Even if you are sitting in your room, you might see a list of a lot of
Wi-Fi networks that are available on your device (and most of them are
password protected).
Therefore, as Wi-Fi networks are available to everyone in the proximity to the
router, this makes them open for hackers to hack. Hence, learning about hacking
wireless networks is important as well.
Let us first understand the basic of a Wi-Fi network.

Wireless Networks
Wireless networks are the networks where devices and computers are connected
together with the help or radio waves. These waves are transmitted and received
by the physical components of the system.
To join into any Wi-Fi network, you would need two things:
1. You would need a device that is enabled with Wi-Fi. It could be your
laptop, smartphone, etc. Generally, desktops do not come with Wi-Fi
enabled, so they cannot be used for this purpose.
2. The user would need to be near the router that is transmitting the signals. If
you are in close proximity to the router, it will automatically show up in
your list of available devices.
3. Generally, most Wi-Fi networks are password protected. If they are not,
you can simply connect to the network when you are close to it. If there is
a password required, you will need the password before you can access the
network.

Wireless Network Authentication
As the wireless networks can be accessed by another person nearby, and no
wires are required, usually Wi-Fi users put a password on the Wi-Fi network.
Here are some of the most common techniques used to authenticate the Wi-Fi:

Wired Equivalent Privacy (WEP)
WEP was created keeping the IEEE 802.11 WLAN standards in mind. The aim
of WEP was to help the wireless networks keeping up with the wired networks
regarding privacy.
WEP encrypts all the data that is transmitted over the network. By doing this, it
makes sure that the data is safe between the sender and the receiver and any third
unauthorized device cannot intercept it.

Wi-Fi Protected Access (WPA)
WEP was found to have many technical weaknesses in terms of its security,
which could be easily exploited by hackers. Unauthorized access to the WEP
was very easy, so WPA was developed by the WIFI alliance keeping the wireless
security in mind. It is also based on the 802.11 WLAN standards.
The major change it bought was using 48-bit initial values rather than 24-bit in
WEP to encrypt data. Further, temporal keys were used to encrypt the data
packets.

How to crack Wi-Fi Networks
The method of cracking Wi-Fi networks differs from network to network and
depends on whether the network is WEP encrypted or WPA encrypted.
WEP cracking
WEP cracking means bypassing the security measures of a WPA network and
accessing the network without any authorization. There are two ways to
accomplish this:
Passive WEP Cracking: This is a hard to detect cracking method. It causes no
effect on the traffic of the network until the hacker cracks WEP security.
Active WEP Cracking: This is easy to detect cracking method. It causes a lot of
load on the network traffic. The effectiveness of this type of cracking is more as
compared to the passive one.

Tools used for WEP Cracking
The following tools are used for cracking WEP networks:
AirCrack: AirCrack is a network-sniffing tool. It can easily crack WEP
networks.
WEPCrack: As the name suggests, WEPCrack is solely focused on cracking
WEP networks.
Kismet: This is a popular software. It can detect hidden as well as visible
wireless networks, it can act as a network sniffer, and it can detect any unwanted
intrusions in your network as well.
WebDecrypt: this software uses the old school dictionary attack that we learned
before to crack WEP passwords. This software has an inbuilt key generator.

WPA Cracking
WPA cracking is the process of bypassing the security measures of a WPA
network and thereby accessing the network without authentication. This is done
with the help of the below tools:
Cowpatty: Cowpatty is a tool that uses brute force attack to crack the password
of a WPA network using pre-shared keys.
Cain & Abel: This software is used in combination with a network sniffer. It
decodes the packets that are captured by a network sniffer, and can automatically
deduce the password of a system.

Types of Network Attacks
Network Sniffing: Network sniffing is about intercepting the data
packets as they are communicated through the network. After capturing
these data packets, the important information can be easily decoded
through tools like Cain and Abel.
Man in the Middle Attack (MITM): This attack makes the use of
eavesdropping on the information being sent across the network. Any
information that may appear to be sensitive is captured.
Denial of Service Attack (DOS): This attack prohibits the users of a
network to access the networks resources. The intent of this attack is more
 towards disrupting the network than using it or stealing information.

How to make sure your wireless network is secure
While no system is free of any vulnerability, you can make sure that your system
has a minimum number of vulnerabilities that there can be. Keeping a weak
password or having an open network is an invitation to negative elements of
society. Therefore, always keep your walls up high.
Here are few measures to take to keep your systems secure:
1. It is always a good idea to keep your network password protected. Open
networks can be accessed by anyone in their proximity. And these
unauthorized users can perform any action over the Internet under the
disguise of your network. Therefore, always keep a password to make sure
none of this can happen.
2. Remember to change the default password that your router or any device
came with. Default passwords are not only easy to guess, but they are also
generic to the model or the brand name. Therefore, keep a personalized
password.
3. Make sure you have authentication method enabled.
4. You can restrict who can use your network by enabling MAC filtering.
MAC filtering makes sure that only the MAC addresses that you have
permitted are allowed entry over the network.
5. Make sure you use a strong password. Your password should be a
combination of alphabets, numbers, and characters so that it cannot be
easily guessed by brute force or dictionary attack.
6. There is lots of firewall software available on the market. Even though
windows come with an inbuilt firewall, it is a good idea to use these
software programs for additional and improved security.
 Chapter 9 Denial of Service Attacks

If you are a tech freak or even slightly interested in technology and keep up with
the news in the industry, you most probably would have heard of Denial of
Service attacks (DoS). In this section, we will learn all about DoS attacks.
What is a DoS attack?
A denial of service, as the name suggests, is an attack that prohibits the user
from accessing the resources of a website or a server. Due to this attack, an
individual might not be able to access a website, visit his emails or maybe the
Internet speed might seem to be very slowed down.
This attack is caused when a hacker hits the target server with a lot of requests
simultaneously. Therefore, the server seems to be unable to catch up with all
these requests and begins to lag or crash. These servers can appear to be either
slowed down dramatically or completely shut down.
DoS can have many consequences for the websites or the corporations. Shutting
off websites or crashing them even if for few minutes can cause the loss of a
huge chunk of money for the business. There are a lot of businesses that depend
solely upon the Internet, and DoS attacks are like a doom to them.

Types of DoS Attacks:
There are basically two types of DoS attacks
Denial of Service (DoS) Attack: This attack employs a single host
Distributed Denial of Service (DDoS) Attack: This attack employs a lot of
machines that are affected by the hacker, to hit the same target and flood it with a
lot of requests or data packets.

Common Types of DDoS attacks
There are many ways in which hackers implement the DoS attacks on a server.
The most common ways are listed below.
1. Ping of Death:
 If you know the basics of computer systems, you might be familiar with the
concept of ping.' Ping is a command that is used to test if a network is
available or not. Ping command sends out a small data packet to a specified
network resource, and the response makes sure that the network is working.
The limit of data packets allowed over TCP/IP is 65,536 bytes.
In the ping of death attack, the data packets that are sent to the network
resource exceed this limit. Since they are over the limit, the server fails to
handle them. This results in the server crashing down, freezing, or lagging.
The server may also reboot.

2. Smurf:
Smurf attacks significantly reduce the speed of the network, rendering it
unusable. They accomplish this by using the ICMP. ICMP is the Internet
Control Message Protocol. A large amount of ping traffic is generated, and
the reply IP is altered to the IP address of the target computer. Thereby, all the
replies go over to the target IP address. Each ping is amplified by a factor of
255, and the server is slowed down considerably.

3. Teardrop:
This attack is caused by large data packets. The hacker manipulates the data
packets so that they are made of overlapping fragments. Since there is a limit
to the data packets that can be held by the TCP/IP, it breaks them into smaller
pieces. They attempt to assemble these pieces at the target address. However,
due to the overlapping, the target address fails to reassemble these pieces and
as a result, it crashes.

4. SYN Attacks:
SYN is a term used for Synchronize. In an SYN attack, communication is
established using TCP via a 3-way handshake. The victim is flooded with
SYN messages that are incomplete. Therefore, the target machine allocates
memory resources to these messages, which are never made use of. This
denies the legitimate users to access the system.

 Tools used for DoS Attacks:
The following tools are used for DoS attacks:
Nemesy: this software is used for creating random data packets. It is based on
the windows platform.
Land and Latierra: this software is used for opening TCP connections as well
as IP spoofing.
Panther: this software floods the victims network with data packets.

How to protect against DoS attacks
As much as it is important to understand the basics of DoS attacks, it is even
more crucial to understand how to protect yourself against these attacks.
These steps can be undertaken to make sure that you are safely protected
against DoS attacks:
1. Firewalls are important security measures that should be implemented.
Firewalls make sure that any unwanted data packets from any suspicious
IP do not reach your system, thereby protecting you.
2. Routers have settings in their access control center that prohibit unwanted
traffic from accessing the Internet. This helps in controlling the suspicious
and illegal traffic.
3. These attacks exploit the vulnerabilities present in the operating systems.
Therefore, keeping your system updated and installing security patches
can fix the vulnerabilities to some of these attacks.
 Chapter 10 Hacking Web Servers

Websites, even the ones that might seem simple and unimportant, are a
storehouse of essential user data. This data could be email addresses passwords,
and even credit card numbers as well as bank information.
As such, the websites on the Internet have always been a goldmine for hackers.
Therefore, it is important to understand how these web servers are hacked and
how their security can be beefed up to protect against any possible threats.
Therefore, it is important for these online businesses to maintain security
through their systems. Many companies hire ethical hackers to accomplish this.

Weaknesses in Web Servers
No matter how much security is beefed up in a system, there are always going to
be vulnerabilities. A web server is typically one such system where
vulnerabilities can mean losses to the businesses. Web servers are basically
programs that contain data and files commonly called web pages, and web
servers communicate these pages through the Internet to various systems.
Web servers need physical hardware resources as well as software resources. As
the hardware resources are spread geographically, the hackers tend to hack these
systems by gaining entry in the software interface, exploiting its vulnerabilities.
The common cause of vulnerabilities in this web server is:
1. Insecure Configurations: It is important to keep the web server well
configured. If a web server allows any strange user to access its content
and execute commands on it, the integrity of the web server is
compromised. Therefore, it is important that a web server only permits the
users that have a username and password for accessing the server.
2. Using preconfigured settings: Many web server administrators dont feel
the need to change the username and password of the web server than what
it first came with. This is a major error and puts the security of the web
server at risk.
3. Bugs: Many times, hackers exploit the common bugs in the operating
 system running the web server, or the software of the web server itself.
These bugs allow the hacker access to the server and modify its contents.
4. Lack of maintenance: Security maintenance of web servers and the
operating systems running it needs to be done regularly. Otherwise, it
creates exploits that the hackers can use. These maintenance measures
include updating the system and installing security patches.

Different Types of attacks on web servers
There are different ways in which the hackers exploit the security of a web
server. Some of these attacks are:
1. Denial of Service attacks: These attacks have been discussed in the
previous section. Server owners fear these attacks as they can cause a lot
of damage to the servers. This damage includes crashing of servers,
slowing its speed, causing the server to reboot, and making the server
freeze down.
2. Domain Name System Hijacking: In this type of attack, all the traffic that
is sent to the server is redirected to a wrong address. This is done by
altering the DNS settings of the server. The new settings can point out to
the attackers website.
3. Network Sniffing: insecure or unencrypted data that travels over the server
and can be intercepted by the hacker. The intercepted information can be
used to decode the server key and gain unauthorized access to the server.
4. Phishing: this is another common web server attack. In this attack, the user
mimics the target website and creates a replica of it with a similar web
address. The users are encouraged to click on the link to the fake website
and enter their login credentials or bank information. This data can be then
used by the hacker inappropriately by accessing the server using the users
credentials or use his bank information to steal money.
5. Defacement: This attack involves changing the attributes of the
organizations website, in a way that it displays the images and content
that is uploaded by the hijacker.

The Dangers of a successful hacking attempt
If a hacker is successful in hacking the website and accessing the content, it can
cause immeasurable damage to the website parent company or the users who are
using the website. Some of these damages are listed below:
1. Loss of integrity of a website:
Users would avoid using a website that has been hacked by a hacker. They
would find it unsafe to enter their bank information or important private
credentials on the website, on the risk that it might be hacked again.
2. Loss of reputation:
Since the hackers can change the content of the website and put up any
type of images and links on there, it can totally ruin the reputation of the
website. The hackers might put up pornographic links or content that
supports some political or religious factions while mocking the others. All
this harms the reputation of the website.

3. Propagation of viruses:
The hacker can force the website to download viruses and other malicious
programs into the users computers. This is a very dangerous activity as it
puts to danger the security of an unsuspecting user.
4. Theft of information:
The hacker can steal user information from the website, and use that
information for illegal purposes. If any such things happen, the website
company might even face lawsuit charges from the users whose security
was put at risk.
5. Piracy
The hackers can even steal content such as music, videos, TV shows,
movies, etc. From the web servers that was otherwise supposed to be
copyrighted. The hackers can distribute it for free over the Internet
resulting in piracy. This is a major cause of losses for the company. It can
also lead to launching content that was supposed to be launched later.

Tools used to attack web servers
These are the tools that are commonly used to attack web servers:
Metasploit
Mpack
Zeus
 Neosplit

How to make sure a web server is protected against attacks
Now that we have read the implications of a successful web server hacking
attempt, it is easily understood that protecting the security of the web server is
very important. However, with the different types of attacks present, how is it
possible?
Here is how:

1. Managing security patches: The web server software and the operating
systems keep on exploring bugs in their products and roll out updates to
effectively counter those bugs. These software updates that fix the bugs
and vulnerabilities in a system are called patches. Therefore, to keep the
web server secure, it is important to install all the latest patches into the
system.

2. Security of the operating system: It is important to install the operating
system securely. Further, after installation, the configuration needs to be
secure as well. All user name and passwords should be changed from
default values, and preventive security measures need to be implemented
(antivirus, firewalls, etc.)

3. Security of the web server software: The web server software needs to be
installed securely as well. The configuration should be done such that the
default attributes are changed to secure ones. Further, open access settings
should be changed to restricted one so that only authorized users can make
changes and run commands on the web server.

4. Firewalls: Firewalls are important and effective security measures. If a
DoS attack is coming from some specific IP address, the Firewall can
block all the traffic that is coming from that IP address to the web server.
Therefore, DoS attacks are prevented.

5. Antivirus: Antivirus software can be utilized for the protection against any
 viruses, Trojans or malicious programs. Further, if any malicious program
still managed to get through, the antivirus programs help in their
elimination as well. Therefore, they are important in keeping the system
secure.

6. Remote Administration: Remote administration means the ability to
administer the web server remotely without physical access. This setting
should be disabled so that any hacker cannot penetrate the system security
be hacking the remote key.

7. Unused accounts: There might be many unused accounts or default
accounts present on your web server. It is important to remove these
accounts. These accounts can be hacked by the hacker to access the web
server file system or run commands on the server.

8. Ports: Web servers have default port settings that are generic for the most
part. For example, the FTP port is by default at port 21. This port is used to
transfer the files. Therefore, the port number should be customized and
changed to a different value so hackers cannot access it.
 Chapter 11 Penetration Testing

Penetration Testing is a cool thing to learn for a hacker, and get him on the
payroll of the largest companies in the world. So, let us talk about the basics and
methods of penetration testing.
What is Penetration Testing?
Penetration testing is the activity of identifying the bugs and security
vulnerabilities in a computer system or an application by making the system go
through various hacking exploitation techniques. This exploitation is done
through hacking methods similar to those a hacker would use. However, it is
done with the complete authorization of the company.
The motive behind penetration testing is to understand the weaknesses in a
system and removing them before a hacker could exploit those. This can protect
confidential data like user credentials, passwords, financial information, etc.
from hackers. Further, it can also restrict any unauthorized person from
accessing the system.
The person who carries out the penetration testing is called an ethical hacker.
Penetration testing is also called pen test.
All the weaknesses, bugs, and vulnerabilities found through penetration testing
are reported by the ethical hacker to the employer (owner of the computer
system).
If no vulnerabilities are found out through penetration testing, it means that the
system is secure enough. All the security measures are working, and no new
measures are needed.

The Reasons for vulnerabilities
There can be many reasons present for vulnerabilities that might call for the need
of penetration testing. Some of these reasons are:
1. Errors in design: There might be errors in the design of the software
system that might have left some openings for hackers to exploit, or maybe
put any data at risk by exposing it to the user.
 2. Configuration: sometimes, the configurations of the system need to be
altered to reduce the chances of any outsider attacking it. Common
mistakes include keeping default values to the login credentials or
allowing public access to the database.
3. Human errors: Sometimes, human carelessness can also compromise the
security of a computer system, network or software. There might be
critical documents that were meant to be disposed of but were left out in
the open. The employee might have shared the login details on a phishing
site. Some people share too many details with strangers. Additionally,
there are always insider threats that aim to bring intentional ruin to the
company. All these threats need to be taken care of.
4. The complexity of the system: Generally, the more complex the system,
the more chances of vulnerabilities there are present. For example, if a
corporation employs one computer, there will be little vulnerability to take
care of. However, when a large network of computers is employed, and
there are a lot of people using them, there are several vulnerabilities that
need to be tested and fixed. Similarly, if we consider a software, the more
features in the software, the more potential vulnerabilities it has.
5. Connectivity: If an organization is connecting to an insecure network or to
the Internet, there is always the chance of hackers hacking into the
systems. Therefore, these vulnerabilities need to be fixed as well.
6. User Input: the data received by the company from the users can also be
manipulated by hackers to hack the system of the company.
7. Lack of training: If the employees running the systems do not have proper
training, they will always make mistakes that compromise the integrity of
the entire system.
8. Communication channels: Hackers generally target communication
channels for retrieval of information that can enable them to hack the
system. Therefore, the communication of the employees over the
telephone, the Internet, social media channels, etc. can be used to gain
confidential data about the company.

The RansomWare Attack: An example of why penetration testing is needed
The RansomWare attack is a recent attack in which hundreds of thousands of
computers around the globe were targeted by RansomWare. RansomWare is a
malicious program like the virus, worms and Trojans. In this attack, the
confidential information was stolen from the victims computer, or their systems
were locked, and access was prohibited until a ransom was paid to the hacker.
This ransom was supposed to be in the form of Bitcoins. This attack was called
the WannaCry RansomWare attack, and it infected 230,000 computers in over
150 countries.
The attack targeted the biggest companies in the world and even the defense
agencies. The scale of this attack has never been seen before.
This calls for the need of penetration testing and ethical hackers, to put a stop to
this. With the hacking activities on the rise on a daily basis, it is an essential
requirement for companies to employ the skills of ethical hackers to secure their
systems.

Types of Penetration Testing
There are various types of penetration testing:
1. Social Engineering test:
This test involves targeting the employees of the company by the ethical
hacker. It aims at convincing the employees or luring them to reveal sensitive
data about the company. It might be data like passwords or maybe anything
that is confidential and critical to the security of the company.
Since human errors comprise the major portion of the vulnerabilities present,
this step is an essential step and makes sure all the employees know how to
handle situations like these.
2. Web application testing:
The web applications of the company are tested by means of various software
designed for this purpose. This makes sure that no vulnerabilities are present.
If any vulnerability is detected, they are immediately fixed.

3. Physical Penetration Test:
In many facilities, physical security measures are necessary to protect
secretive data. These security measures might be surveillance, security doors,
access codes, etc.
Additionally, the hardware of the computer system should also be resistant to
 any vulnerability. Hence, all the network drives, access points, etc. are tested
to find any bugs.

4. Network Service Test:
This test aims at finding entryways into the network of the system. It can tell
about the vulnerabilities present in the system. This test can be done within
the organization or outside it.

5. Client-Side test:
This test identifies and exploits vulnerabilities in software programs on the
side of the client. This makes sure that the security is not compromised on the
clients part.

6. Remote dial up war dial:
This attack involves testing all the modems in the system environment. The
ethical hacker tries to login into the systems through the modems, with the
help of password cracking, by using guessing, dictionary attack, or brute
force attack.

7. Wireless security test:
This test involves at checking the security through the Wi-Fi networks in the
environment that are open, unauthorized or insecure. The system security is
tested through them.

 Chapter 12 Cyber crime

After discussing hacking in depth, it is important to understand the legality
behind it and the concept of cyber crime.
Cybercrime is the collection of criminal activities that are done in the virtual
computer world instead of the real world. With the advent of the Internet, the
spread of cybercrime is more than ever.
Here are the most common types of cyber crime activities that are common:
1. Violation of privacy: Privacy violation involves revealing the private
information of a third party over the Internet or social media channels.
This information could include the email address of the person, their
phone number, address, account information, etc.
2. Identity Theft: Identity theft involves the theft of personal identification
information of the person, including his name, address, credit card
information, etc. and then impersonating that person.
3. Distribution of Copyright content: Distributing copyrighted content such
as music, movies, eBooks, software, etc.
4. Unauthorized transfer of funds: hacking into bank accounts and
transferring funds without authorization
5. ATM Fraud: It includes stealing the ATM credentials of the person, like
the ATM number, CVV, pin, etc. If a person has the possession of such
knowledge, he can use it to withdraw money from the victims account.
6. DoS attacks: Denial of service attacks which attack web servers and either
slow them down or completely crash them.
7. Spams: Spam involves sending emails without the consent of the receptor.
Spam emails generally contain advertisements or might have viruses
attached to it.
Most developed and developing countries have their own cyber-crime cells or
cyber-crime departments, where they tackle the existing cyber-crime or potential
cyber-crime.
It is noted that these security agencies keep an eye on the entire worlds traffic
that is moving around the Internet. Any illicit searches, actions, DDoS attacks,
etc. are tracked by these agencies to the places of origin. Therefore, if a hacker
has ulterior motives in mind, he should keep these agencies in mind.
Even the smartest hackers are often outsmarted by these agencies that employ
the brightest of the minds. Therefore, make sure that you do not use your
knowledge and skills of hacking to harm anybody in any way.
 Conclusion

Hacking is an activity that the most curious minds take. These minds have a
passion for the knowledge of computer science. Mixed with the skill for problem
solving, hacking can create a major career for a hacker in the field of penetration
testing. As mentioned before, every Information Technology Company employs
ethical hackers. Further, all the companies who do their businesses over the
Internet employ ethical hackers as well. Therefore, it is a skill in dire need.
However, mix this passion for computer science with a destructive mind, and a
person can easily end up behind bars. I have stressed on it enough (and will say
it one more time) that accessing any data without proper permission of the owner
is an illegal activity. Further, DDoS attacks on websites or servers are illegal as
well. Therefore, at any point in your adventures or when you are trying the
knowledge presented in this book, make sure that you attain the permission of
the server administrator first before you go ahead and make your first attempt.
Further, always respect the privacy of the individual on whom you are trying
your skills (with permission). If you happen to come across any data or if you
manage to find any exploits, it is not legal to share that information with a third
party. Therefore, dont go around posting private information over the Internet or
your social media channels.
With that said, hacking is one of the coolest things in this hi-tech world. If you
are a hacker, remember that most people want to be you. Also, a lot of people are
looking up to you.
So always keep learning and acquiring new skills. However, always make sure
that your efforts and knowledge are aimed at the common development of
technology as a whole and improvement of security.




Tor Browser

Secrets of the Deep Web, How to Stay

Anonymous Online, and Surf the Web
Like a Hacker

Copyright 2017 by ______________________ - All rights reserved.
This document is geared towards providing exact and reliable information in
regard to the topic and issue covered. The publication is sold with the idea that
the publisher is not required to render accounting, officially permitted, or
otherwise, qualified services. If advice is necessary, legal or professional, a
practiced individual in the profession should be ordered.
- From a Declaration of Principles which was accepted and approved equally by
a Committee of the American Bar Association and a Committee of Publishers
and Associations.
In no way is it legal to reproduce, duplicate, or transmit any part of this
document in either electronic means or in printed format. Recording of this
publication is strictly prohibited and any storage of this document is not allowed
unless with written permission from the publisher. All rights reserved.
The information provided herein is stated to be truthful and consistent, in that
any liability, in terms of inattention or otherwise, by any usage or abuse of any
policies, processes, or directions contained within is the solitary and utter
responsibility of the recipient reader. Under no circumstances will any legal
responsibility or blame be held against the publisher for any reparation,
damages, or monetary loss due to the information herein, either directly or
indirectly.
Respective authors own all copyrights not held by the publisher.
The information herein is offered for informational purposes solely, and is
universal as so. The presentation of the information is without contract or any
type of guarantee assurance.
The trademarks that are used are without any consent, and the publication of the
trademark is without permission or backing by the trademark owner. All
trademarks and brands within this book are for clarifying purposes only and are
the owned by the owners themselves, not affiliated with this document.

Table of Contents
Introduction
Background
Chapter 1: Protocols
Chapter 2: Are you Being Tracked Online?
Chapter 3: How to Stay Anonymous Online
Chapter 4: The Tor Browser
Chapter 5: Secrets of the Dark Web
Chapter 6: How to Surf the Web Like a Hacker
Conclusion


Introduction
A few words about the book, Tor Browser.
This book contains information vital for those who wish to surf the Internet
anonymously.
Before you read this book, you must ask yourself the following questions:
How much do you know about the Tor Browser?

How much do you know about the Dark Web and the Deep Web?

Are you currently anonymous online?
This book sets about informing you of these aspects in as simple a fashion as
possible.
This book does not confuse the reader with jargon and acronyms from computer
science. It explains what each acronym is, and what it is about.
It is authored for an intelligent layperson. You will learn a lot from it. Its
contents should make you a bit worried.
It will tell you about computer basics, general online safety, the Tor Browser, the
Dark Web and the Deep Web.
It tells you what to do if you want to surf the web like a hacker.
There are so many things this book can do, if you only take the chance to read
through it.
Now start reading!
Background
What is a computer?
I am not going to delve too deeply into this topic as it is very complex and has
many layers. It is enough for you to know a computer is an electronic device,
which does intricate things with data (information). Whilst a simple definition
may give you a basic knowledge of what a computer does, it does not even hint
at the extent to which computers and electronic devices affect our everyday
lives. They are everywhere we turn, even at the ATM where we delve into your
bank account. To a certain degree, we tend to believe that all these different
interactions are carried out safely and with our best interests at heart.
One of the largest and easiest to identify ways in which computers have brought
change into our lives, is by examining the impact on the workplace. Prior to
computerization paperwork and information sharing, were the task of many
different individuals constantly tracking information. It is used to check figures
and filing all the paperwork this would generate. Now, of course, a computer can
store vast amounts of information that is readily available to virtually anyone at
the click of a mouse. It is that easy to access. File cabinets and libraries are a
thing of the past. Jobs that would previously take many people a number of work
hours to complete, can be completed in a matter of seconds.
Similarly, with computers information and files can be shared worldwide with a
click of a button leading to a greater marketplace and a less structured working
day.
Factories are another good example of the effects that computers have had on the
workplace with computers replacing employees to do most aspects of the
assembly line. There are many people that do not believe a computer can do
work better than a computer, but in this day and age, a computer can process
more data quicker than a person can. It is an advantage most, if not all, factories
have converted to.
Computer languages
Like computers, computer languages are a huge and complex field, which you
really don't have to know too much about, except knowing a computer language
called JavaScript. With this language, many of the things you do with
keystrokes, mouse clicks, etc. If this were all that JavaScript did there would be
no problem. However, like so many things that people create, there is a dark
side. A dark side many do not know is there to begin with.
By using JavaScript, hackers, businesses, and others are able to get access to
things you would prefer that stayed hidden. In some cases, you may think they
are hidden away from the world. However, that is not the case. Everyone can get
any type of information that is posted online, even your most private of
information. I will occasionally be talking about JavaScript, so do not be
surprised when I do. I will refrain from any discussion about programming in
this book or mention any other language as it can easily confuse those that so not
have it in their repertoire.
What is the definition of Server?
A strict definition of a server, is that it is a computer program that delivers stuff
to other computers. It can range from the simplest of forms, to your entire life
story. Often the computer that the server program works in is called a server. It is
basically speaking of how computers join together so they talk to one another. In
other words, this can be called networking the computers as well. A networkis a
family of interconnected computers all striving for the same output as the
original. Servers can provide various services, which include sharing data
amongst multiple clients. Servers like this one can send varied content toward
each client. Clients can also utilize multiple servers at the same time. Typical
servers are mail servers, print servers, app servers, database servers, game
servers and file servers. What that appropriately means, is that a computer or a
computer program can manage to access a centralized resource or service in any
particular network that it deems fit.
What is the definition of the Internet?
The internet arose from an advanced research project established in the 1960s
by the US department of defense. In order to do this, they collaborated in
research between military and government laboratories. It is called, Arpanet, and
at the time it gradually led to other connections with US universities and other
US institutions for its extended use. In doing so, this resulted in a growth that
was so beyond expectation it was mind crippling even to ponder about. This
system also led to the development of what we know today as the Internet. It is
the system we scour every minute, without truly knowing what went into its
creation. Few people know the advanced coding it took for any one person to
make this dream a reality.
The explosive world growth that we now know today was facilitated by the
development of the hypertext-based technology, thats called the World Wide
Web,
You may see on the navigation panel, WWW, which is otherwise known as the
World Wide Web to most of us, provides us with and easier way to search and
navigate tools. It is a means to display text and graphics with a general ease of
access and use that means of your new capable knowledge so that you can all
make the most of your time spent online.
The term is often mistaken as a reference to the internet itself, but the internet
predates the WWW significantly. In the early days, the first web page created is
now lost, however, if you search far enough there is a copy of a page sent. In
1991 by the inventor of the WWW, Tim Berners-Lee to a Paul Jones in North
Carolina, you can search it and find that it is the oldest web page in existence. It
was taken offline for some time, but soon it was put back online in 2014. It gives
you helpful links that help people navigate what was then a very small
worldwide web. You may not think this is useful, but it is. To know the way, they
navigated the system before it grew to be as huge as it is today, is phenomenal.
The Internet is a global system of interconnected computer networks. The
networks in the Internet exchange data through a complex process called packet
switching. There are protocols (rules) that make this happen. It may be hard to
divest the knowledge, but once you get the hang of it, you will be able to
properly decode how the internet was invented and why it was invented.
Another interesting fact about the internet, is that nobody actually owns it. It
may have a creator; someone that took their time to properly put the network
together. However, there is no one that truly owns the internet and all it entails.
Just let that little tidbit of information sink in. Possibly the greatest influence on
society, that this world has ever seen in recent memory, has no owner. No one to
claim they are over it. Several various organizations worldwide are responsible
for its development and ability to function, but none of them are able to fully
take credit for its discovery. The high-speed fiber optic cables that are
responsible for the bulk of the internet's data transportation are owned by phone
companies in their respective countries, but that is as far as it goes when saying
someone owns the internet. They do not, they simply own the things it takes to
keep the internet up and running.
In summary, the Internet is a system of networks containing millions of all sorts
of smaller domestic, commercial, governmental, etc. networks with all the
services and information such as SMS, email, file transfer and all other parts of
the World Wide Web (WWW).
How does the internet impact our lives on a daily basis even without us knowing
it??
The IOT, which is a simple term meaning for the Internet of things; it may be a
simple term, but it is a concept that many people find hard to embrace even in
todays time. Many discussions are based on future impact in years to come
whilst almost ignoring the many ways the Internet of things already affects our
daily lives.
1. Health and exercise
Gyms of the future filled with IOT gadgets carefully monitoring every aspect of
our daily health may seem to be a way off, but are they really? Dont we already
have a vast array of wearable technology already monitoring our health and
fitness? From the smart watch that can track your every step, every calorie
burned and monitor your heart whilst doing so (FitBit). We have all of these
devices around us, but we do not really look into what all it entails; what all goes
into making those gadgets possibly to work.
It not only helps you to stay in shape, but it keeps a track on other aspects of
your health as it is performing its job. With revolutionary gadgets, it is now
possible to monitor glucose levels with a smartphone app, which can be essential
for diabetics. This way they do not have to poke themselves as many times a day
to know their readings. They can simply glance at their watch, seeing what their
blood sugar levels are.
The second generation I watch and Simbands also include heart rate monitors
and other health trackers. In doing so, it allows doctors to monitor patients and
provide the optimum care that the patient requires from afar. Just imagine the
benefits that can be gained from your doctor having the ability to view your
statistics on a 24-hour basis, and this is all down to a piece of technology no
bigger than a watch.
They will be able to help you while you are not in their presence. They will be
able to see, as it is happening, your health statistics, whether they are declining
or rising. You will not have to keep a log anymore. You will not have to bring all
of that information with you when you appear before your doctor. They will
already have that information saved in a folder on their computers.
2. Pollution and waste management
Smart ways of dealing with the problem of pollution and waste management
include: Waterbee.eu, which is a system used by farmers and other enterprises
that use huge amounts of water to conserve water. They do this by monitoring
the soil and if they find it is getting too much moisture, they can adjust the water
usage accordingly. It is very scientific in that aspect, but it will save on a lot of
time and resources once it is complete.
Also, on a more domestic level, is a device call AirQualityEgg.com, in which
monitors the air quality around your home, office, and then when it gathers
enough information, it analyses the data to help understand how different
policies are affecting urban pollution. Pollution is our biggest downfall as a
society, and to know there are websites out there that will be able to explain how
much pollution is in a single area, is big. You will be able to determine for
yourself if that area is worth exploring, and all of that is produced by the single
click of a button.
3. Around the home
A smart house is often the first thought that occurs to people when discussing
IOT, maybe because this is possibly the biggest personal impact that smart
technological gadgets can have on an individual. Some may think it is a house,
like on the movie they show on the Disney Channel. However, that is furthest
from the truth. A smart house is actually a security system that allows you to
monitor your home while being online.
You may not believe it, but it is already the norm for a great number of people.
That is, if you can fit it into your budget. Society thrives on technology like this.
With the ability to turn off your heating and cooling, or your lights for that
matter, when away from your house and then turn it on before you arrive is a
great tool in energy conservation. You will find with this little gadget, that you
have lower electricity bills and you are saving on resources you did not even
know you were using before. Not only is IOT providing great help around the
house, but it is also a helpful tool to manage the monitoring of pets and children.
The sensors the company places around your home can alert you when certain
doors have been opened in your home and can thus greatly aid caregivers who
have had to leave the house by alerting them to potentially dangerous activities.
It is also an effective tool to have against burglaries. It will let you know when
an intruder has been spotted in your residence. You will be able to effectively,
and safely contact the authorities and take care of the perpetrator.
Also, another plus of this, is if you have a newborn baby. You can significantly
benefit from IOT with what they call, smart baby sleepsuits. This is a suit the
mother or father can place on the infant that monitor their sleep patterns and
heart rate. It can even alert you if any problems arise. If you have a newborn
baby, you know how effective this little suit can be. You will not be able to
continuously pack the infant around, and thus this suit will give you the specs of
the newborn through digital uses.
The next item that is effective for you to obtain, is a smart refrigerator. By
having a smart refrigerator in your home, you can ensure that you do not have to
make a second trip to the store because you forgot something. Your refrigerator
can sense when you are running low on staple foods such as butter, milk, and
eggs and can add them to your online grocery lists. On most of the refrigerators,
there will be a screen located on the front, telling you when you are low on these
certain items. It is great when you are on the go and have to be out of the house
in a hurry. You can simply glance at the front of the refrigerator, and it will tell
you what you need.
You may not believe it, but even the garden can benefit from IOT. There are
many products that range from a gutter cleaning robot to a remote-control
system to water your lawn. You will be able to remote activate it while you are
inside your home. Knowing these IOTs have it under control will guarantee that
you wont have to worry about doing these chores yourself. You will be able to
free up your schedule and do other things more important, like spend time with
your family.
4. Transport
Now content with impacting our homes and work, IOT is also heavily featured
in the future of our daily commute. Yes, it is everywhere as far as the eye can
see. Already our sat-nav systems are working with real time traffic conditions,
and finding alternative routes to avoid stressful driving conditions. Have you
ever heard of a GPS? This is the device that uses that type of IOT, so we can
efficiently and safely get to our destination. That is the reason a GPS needs to be
updated every so often. Because if there are new roads and stopping mechanisms
in place, it will not know about them unless it has been updated.
For the streets, traffic lights are set to be able to monitor different situations and
react accordingly. For instance, in the case of an emergency vehicle approaching.
Road sensors will be able to communicate directly to your car dashboard and
inform your vehicle of any hazardous conditions ahead, e.g. the turn on your left
in a quarter of a mile is icy so slow down to avoid danger. You may believe they
are there to harm our way of live, but in fact, it is the opposite. IOTs help us out
of difficult situations every day.
Your commute to work can be altered by variables such as weather, road
construction and accidents on your normal route. So, by having your alarm set to
detect these variables it can then adjust your alarm call to allow for the extra
time needed for your journey. If that isnt enough, it can then interact with your
dashboard and ensure that alternative routes are available. So, pretty much
everything is synchronized to an IOT in some form or another. Just dont forget
to synchronize your coffee machine to make sure you have that much-needed
cup of coffee to kick start your morning.
Smartphones are set to become everyone's portal to the Internet of Things
ecosystem, and more importantly, it is a complete remote control for our lives.
With the ultimate smartphone apps that are available today, your smartphone is a
smart platform with which to optimize the apps that are pertinent to your life.
You should use them to their full capacity. Just think of your smartphone as the
ultimate Universal Remote Control. Anything you would ever need is in that
phone. You can download the apps, then program them with what you want them
to accomplish. It is easy and pretty straightforward.
Web Server?
A computer program which serves web pages is called a web server. A web
server, is a program that uses HTTP (Hypertext Transfer Protocol) to serve the
files that form web pages for users. A direct request can lead to a response that is
forwarded by their computers HTTP clients. Considerations when choosing a
web server should include the security characteristics involved and its ability to
work alongside other servers and operating programs. You do not want to choose
a web server that is known for being glitchy, as this can lead to virus spread on
your computer. It can also reach the files stored on your computer and crash
them. The web server is read by browsers, which include, but are not limited to,
Firefox, Internet Explorer and Chrome, they then convert the files into text and
images for your information. Choose your browser well to optimize your internet
activity and it will ensure that you are getting the exact information you are
requesting. As you probably already know, each browser is different. They have
different commands that do a multitude of things. The main factor is, since they
so closely correlate, is the become used to the browsers before doing anything
else. You need to make sure you have accurate knowledge of it and what it all
entails.
A program which requests web pages is also called a web client. Web client is
another term for browsers. Other examples of well-known browsers are Apache,
Google web server, and Safari. Yes, and even though they may be web browsers,
it does not mean they can do the same thing as the others. There are programs
websitesthat do not work for some of the web browsers. You must be able to
read the fine print on those websites to see which browser works best for what
page.
Web Pages
The definition of a web page is very simple. All computer files have a name
which finishes with a suffix such as .docx, .pdf, .jpeg, etc. Web pages are files on
the Internet with the suffix .html, .com, .org, or .gov. Browsers are what you use
to access them. Such files are the most important part of the World Wide Web
(WWW), which is a very important part of the Internet. You use these pages
specifically to find what you are looking for. They are what bring your
information to you.
HTML was first used in 1989. It was from the creation of Sir Tim Berners-Lee,
who was a scientist and computer programmer at the European Laboratory for
Particle Physics in Switzerland. Everyone was trying to find out how to make
browsers work systematically with the web pages, and he is the only person to
find out that you needed an HTML to be able to gather the information you need
to find.
HTML has been developed a lot since 1989, and at the moment we use HTML 5,
which is the fifth version since its creation. Readers can expect further
development of HTML as new uses for HTML are discovered. Right now the
HTML 5 does have a lot of perks, however, there are still times that you cannot
find the information you are looking for, and that is because the coding gets lost
in translation. Developers are hoping to get this matter solved, that way when
you search a certain topic, you will get the desired results.
The JavaScript Computer Language
The topic of computer languages was previously discussed, and JavaScript was
mentioned as being one of those computer languages. JavaScript is very
important for the Internet to produce what it does. You will be told what you
need to know later, but no attempt will be made to teach this powerful language
to you. It is so diverse that it would take a millennium to be able to break
through the outside barrier of it. It is that complex of a system.
JavaScript and Java, Are they the same?
You may have heard about the Java programming language. This is a very
powerful computer language which can be used for a plethora number of things.
One of its most important current uses to date, is for creating apps for the
Android Operating System, which runs billions of non-Apple devices. When you
turn on your phone and search the internet, Java is operating those systems,
making it able for you to do what you want to on your phone.
Java and JavaScript are completely different computer languages with only a
similarity in name. Although both are not too difficult to learn, JavaScript is
much easier to learn and can also be used for making apps but we will not go
into this.
Chapter 1: Protocols
Earlier in this book, references were made about protocols being the means of
which computers 'talk to each other. Humans, when they converse, do not have
to be too rigid in the use of language. We all will know what the other person is
saying if they simply convey their message. This is not the case with computers.
The means by which computers converse is electronically controlled. The exact
nature of how this occurs is quite complicated.
The first stage in a computer conversation is 'handshaking. This establishes a
connection between the computers. In simple terms, this means that the
computers are getting a connection between each other. Their IP addresses are
synchronizing so they can make this happen. What happens after that is
governed by protocols, which apply to the different types of Internet actions. In
this case, such as email, SMS or web surfing. Information sent over the Internet
usually involves the message being split into smaller packets, which are
reassembled once their destination is reached. It makes it easier to get the
message across to the other side. If it does not split up into multiple packets, then
the message could take years to get through to the computer it is linked to.
TCP: TCP is the protocol which splits the data into packets for transmission. It
makes it easier for them to be sent. Upon being sent, it breaks them up into little
packets. And when it gets to the other side, being delivered to the client, it
reassembles them and ensures that no packets are lost in transmission. TCP
stands for Transmission Control Protocol. Its acronym is pretty self-explanatory.
IP: IP stands for Internet Protocol, which directs information to the correct
address. Every computer connected to the Internet has its own address. This is of
great importance when we start up discussions on safety online. IP does not
connect to computers. That is one of the roles of TCP. It only manages the routes
by which the packets travel. Anything done by that IP address can be seen by
others if they dig deep enough. They will be able to see what you did, when you
looked it up, and how you went about your business. You can wipe the hard
drive of your computer, but your IP address will continue to have that
information stored on your computer.
Pop3/IMAP: One of the most valued parts of the Internet is email. Email is
governed by protocols. The protocol for sending email is SMTP, which stands
for Simple Mail Transfer Protocol. The protocol for receiving email is either
POP3, which stands for Post Office Protocol 3 or IMAP, which stands for
Interactive Mail Access Protocol. You may believe it is as simple as the click of
a button, but there are many protocols that go into sending and receiving a
simply email.
HTTP/ HTTPS: The World Wide Web is constructed of files with the suffix
HTML. Web pages are governed by the protocol HTTP, which stands for
Hypertext Transfer Protocol. If you copy and paste from the address bar of your
browser, then you will inevitably see a sentence which starts HTTP:// In some
cases, more so than others, you might see HTTPS instead of HTTP. HTTPS
stands for Hypertext Transfer Protocol Over Secure Socket Layer. This means
that any transmission from this page is in an encrypted form and is theoretically
unreadable. We will have more to say about this later.
FTP: This acronym stands for File Transfer Protocol. This will not usually affect
you unless you upload material to websites using FTP programs such as
FileZilla.
This completes a very brief discussion over the list of protocols you might face
when using the Internet. There is far more than can be written on the topic. So
much so, that it would take more than simply this chapter to explain them all.
What I have provided you with are the main focal points that systematically help
the Internet do what it needs to do.
Chapter 2: Are You Being Tracked Online?
Is your online activity being tracked? Could it be and you simply do not
know? It is a common experience for someone to click on something on a web
page that interests them: a book, a piece of clothing, a music file, etc. Once this
is done, you will find ads starting to pop up in all sorts of places such as
Facebook, email, Google etc.
You may find this an absolute nuisance and put in an ad blocker, which can help,
but it can also create some problems for you. The reason the act of clicking on
that item produced the flurry of ads was that your online activity was being
tracked even though you did not realize it. There are people that set up blocks, so
when a particular item is clicked, then they will know. All of their processed
information, such as web pages will then begin to attack your computer.
One of the things that have been predicted is the rise of individualized prices.
The fact that you paid a lot for a clothing item may be taken as a sign that you
will pay a lot for other things. You may decide to buy some music and the price
you are quoted will be higher than the price to someone else who is believed to
be worth less.
Brick and mortar companies are also gathering information about you. If you
have a loyalty card, then every time you use it when you make a purchase you
will find information about that purchase is being secretly recorded. You can
expect emails or other communication with information about other items, which
would possibly interest you.
Another fact people don't know is that some shops track people's Wi-Fi signals
and see what aisles they may browse through. This information is predominantly
used within the shop to help decide on the display of merchandise. If you do not
want to help the shop find out where you go, then switch your device off before
you go into the shop.
The data being collected may be things you have entered yourself such as name,
address and credit card details. Other information is also available to be
harvested such as details about your device, the sites you frequent, your online
activity and other things.
There are other ways in which tracking is being practiced. A defense giant called
Raytheon has developed a piece of software called RIOT. It targets Facebook
and builds a picture of a person of interest. It focuses on such things as logins,
longitudes, latitudes, other details from photographs, and a number of other
things which enable a pattern to be built up.
In the past, such tracking was quite difficult and so only targets of interest were
tracked. Now, with the development of big data and the artificial intelligence to
enable patterns to be discerned in this big data, it is sensible for mass
surveillance to occur.
The idea behind this is that by finding the patterns of behavior of ordinary
people, the behavior of those of interest: the criminals, child abusers, terrorists
etc. will be more clearly revealed. The argument is put forward that if you have
nothing to hide then you have nothing to fear and this might seem reasonable.
However, if the data trawled by software such as RIOT falls into the wrong
hands then serious problems could arise for completely innocent people.
There is another technology being used by those who wish to track you online. It
is totally different to the ideas of RIOT. The method is called canvas
fingerprinting. It is based on a really clever idea, which is that individual
computers have fingerprints, which are unique.
The canvas fingerprinting program gets your computer to send a picture of some
text. Each computer's text is unique to that computer. This technology is actually
a tracking of the device, rather than a person. However, if only one person uses
the device then it is, in reality, a check on the person.
Sites ranging from YouPorn to the White House have used this technology.
YouPorn claim they no longer use it. The existence of these two different
technologies and others imply that you will always be tracked when you go
online. It is believed that at least 5% of the top 100,000 websites use canvas
fingerprinting including US and Canadian government sites.
All sorts of organizations do the tracking: social media, cell phone companies,
email services, cell phone apps, search engines etc. All of these organizations are
compiling records of your online activity.
This compilation may seem quite innocent, but if your information falls into the
wrong hands such as a government spy organizations, the mafia or other criminal
group or even a snooper, there could be disastrous consequences such as
wrongful arrest, identity theft, online ransom etc.
There are ways to prevent this information from being available. It is the purpose
of this book to discuss these. Various methods of online privacy will be
discussed with particular attention paid to one method, which is the use of the
TOR browser. We will discuss this browser thoroughly in Chapter 4. In the next
chapter, we will discuss online privacy in general.
Chapter 3: How to Stay Anonymous Online
IP Address: Earlier, reference was made to the unique address that your
computer has which is called the IP address. This is a unique identifier for your
computer. There are two versions of this - the IPv4 and the IPv6. The number of
numbers that were possible with IPv4 ran out and so the IPv6 came into
existence during 2015. You don't have to know the details of these identification
numbers unless you're interested. Just remember these addresses exist and are of
great interest to people and organizations that wish to track you while you are
online.
Mac Address: Another series of numbers, which is associated with your
computer and which should be hidden or disguised is the Mac address. This
identifies the network adapter, which is on your computer. It is composed of a
number of pairs of numbers separated by colons. If you are interested you can
Google the means by which you can find your Mac address.
In this context, Mac does not refer to a Macintosh computer. It refers to the
Media Access Control address of your computer. All computers, whether they
use Windows, Macintosh, iOS, Android or Linux operating systems, will have
these if they connect to the Internet, which nearly all computers nowadays do.
Like the IP address, the Mac address is of great interest to those who wish to
track you online.
The previous chapter identified reasons for preventing others from snooping on
your online activity. If a large organization with vast resources such as the CIA
wants to track you, they will and you will have to be incredibly clever to avoid
this. Despite this, here are a few tips for being as anonymous as possible:
1. Use private sessions when you surf the Internet. All common browsers
such as Firefox, Chrome, and Safari have this ability. Be aware that such
private browsing really is only of domestic use. Even in a work or school
situation, the network administrator will see what you are up to on the
Internet.
2. Logins: Use different passwords for different sites. This is a nuisance but it
is far preferable to have a lot of passwords, and possibly a notebook to
keep them in than to have your credit card used by a hacker for making a
 $10,000 purchase in Manila!
3. Delete all cookies and delete them often. Cookies are tiny files that many
websites place on your browser for a variety of reasons, most of which are
innocent. Again, this is only of domestic use. Don't think that because
you've deleted cookies that you are safe online.
4. Don't let your browser send location data. If you do not want your location
known then this is a no-brainer. All major browsers have the ability to
prevent them sending your location data forward.
5. Don't let Google track you. Google is a very good search engine and is
used by the vast majority of Internet users. However, it is better if you
prevent Google from tracking you. If you don't do this, you will be at the
mercy of advertisers. Later on, we will tell you about the Epic browser
which stops Google's tricks.
6. Set social media, such as Facebook, Twitter and Linked In, privacy
settings to give you maximum privacy. It is frightening to discover the
amount of personal data available on social media sites such as Facebook
and Twitter, this is the price you pay for using a free service, try on
Facebook settings downloading a copy of your Facebook data and you will
see every activity you have ever done on Facebook recorded in your data
history. There are similar levels of data harvesting opportunities on all
social media sites and the only way to prevent this happening is by
deleting your accounts completely. Even de-activating will not clear the
information merely put it into hibernation should you wish to re-activate
your account.
7. Use an add-on such as Privacy Badger to block trackers. Privacy Badger is
a browser add-on tool that detects sites that may be trying to track your
activities in an objectionable and non-consensual manner, your copy of
Private Badger will keep a note of any third-party domains that are active
on the websites you visit that may track you without permission by using
cookies to collect a record of your online activities. Privacy Bandit will
disallow content from all third-party tracker unless the third-party domain
plays an important part in the make-up of the website such as embedded
maps or images. In cases such as these Privacy Badger will allow
connections but will remove potentially dangerous tracking cookies.
Other add-on tools are available such as AdBlock Plus, AdBlock ultimate
 and Tinfoil for Facebook, it may pay off to check out the right software
that fits your style of surfing.
8. Disable Java, JavaScript and all plug-ins that you do not use. Because
JavaScript is so widely used on web pages, this may be impossible to do in
all cases. If you go to travel sites, which often use a lot of JavaScript, be
very careful.
9. Use the Epic browser. This is a form of Chromium, very similar to
Chrome, which has many of the features endorsed before being included in
the browser. It also reveals how many trackers tried to follow you each
day. This browser is quickly becoming one of the most popular web
browsers and is incredibly popular amongst the populations of China the
US and Nigeria.
When using Epic data is automatically encrypted and so activities are not tracked
and is a great tool for anyone wishing to access information that may not be
approved by, for instance, local government. Also by using the Epic browser,
those annoying adverts that are rife when searching online are blocked and this
means that you are not forever trying to get them off your screen. One downside
to searching using Epic is the speed, typically when searching for the pages you
are looking for using Epic you may see a slightly slower result and the pages
may take longer to load, a small price to pay for the added security. Considering
this is a free download it is a great tool to add to your online security arsenal.
Epic has been having a massive battle with Google, who depend on their ability
to sell ads for a large part of their revenue. Google has done its best to destroy
Epic. Their behavior in this matter is very reminiscent of other IT giants when
anything threatens their gold mine.
Given that Google has almost limitless resources, this is very much a David
versus Goliath situation, so in addition to installing this browser, I do humbly
suggest that you carry out all the other suggestions mentioned previously in
order that you can be online anonymously.
In addition to its sterling work in preventing you from being tracked by Google,
Epic has a built in a method of stopping canvas fingerprinting, a method of
tracking discussed in the last chapter.
10. Use a VPN. This stands for Virtual Private Network. If you really want
privacy, be prepared to pay from $5 to $10 a month for the use of a good
 VPN.
A VPN is a private server that does the work on the Internet that you ask it
to in such a way that your IP address is hidden. One of the most useful
features of VPNs is that normally if you go to a web page using the
HTTP:// protocol and you submit a password or carry out other secret
processes, then the Internet traffic resulting from this is not encrypted. If
you use a VPN, then all such activity that you may do on your browser is
automatically encrypted. It is as though the protocol was https://
VPNs are treated with the greatest suspicion by US authorities. If a VPN
server is based in the USA, it is far more likely to be compromised than
one based in other countries such as Sweden or Germany. Despite this, if
your wish for anonymity is so that you can view child pornography or
practice terrorism, then you will eventually get caught. The means by
which online activity is tracked is forever becoming more sophisticated.
11. Mac Spoofer: MAC (Media access control) addresses are unique to each
device and can easily be tracked. In order to mitigate against this, you can
use a piece of software called a Mac Spoofer. There are a number of
reasons to change or spoof your MAC address, the most obvious being to
avoid network restrictions and giving you additional privacy.
Another bonus with a spoofed MAC address is that it can present a viable
solution to a broken router, by using a spoofed MAC you can still gain
access to the internet. In order to change your MAC address, you should
open your start menu, select your control panel, after launching your
control panel then click on the network and internet option. Click on
network and sharing center, usually the first option available and then click
on it, this will lead you to your communication/network setup and
connections, select change adapter settings.
Select local area connections and click on properties and then on the
Configure option, from the configure window look to the top right of the
window where you will find the Advanced option, click on this, under the
Advanced options you will see a smaller window headed Settings. Scroll
down until you hit Locally Administered Address, click on it. Look to the
text that will be in a yellow background and search for the text that will
roughly match Change the MAC address used by the network adapter.
Right next to the Settings window is a box marked Value. You will be
 typing a new combination of characters to spoof your MAC address.
It is worth saying that before you change the MAC address it would
benefit you to check the combination of your original address. So now go
back to the Start menu and click on it and there will be a search bar at the
bottom below All Programs. In this search bar type cmd and then look to
the top of the search results and you will spot something labeled cmd.exe,
click on it. A new window with a black background will appear and will
contain some text, there will also be a blank underscore that will be
flashing on and off this is where you should type in getmac and hit enter.
This will result in a list of Physical Addresses appearing, the first of which
is your current MAC address. Now pull up the Advanced options window
and in doing so you can change your MAC address to a new one and by
following the format of your original address which will have 12
characters in total.
You can use letter combinations from A-F and any numbers, so under
Value enter your new address but remember to maintain the format, for
example, if the first 4 characters are A3-E2 then you can change them to
E1-D2, by repeating this with all 12 characters you ensure you keep to the
format required. Okay, the final step is to press OK on the bottom of the
window, the Advanced option window will disappear from your screen
and there will be movement in the Local Area Connection and for a short
while a red cross will appear next to Local Area Connections and will
display the word Disabled, this merely means that the system is registering
a change and after a few seconds this will disappear and your Local Area
Connections will be Enabled. Congratulations, you have successfully
spoofed your MAC address.
12. Get the TOR browser, you will not be disappointed. This is the main topic
of this book, so I will not be saying too much about it now. The next
chapter contains information about it, how to install it and use it. You will
be grateful that you did, because then you will actually be able to browse
the internet and be safe about it.
In addition, always make sure your antivirus and anti-Malware programs are
strong and up to date. Below I will try to explain the difference between the two
and what steps you should take when choosing the best product for you and your
computer.
So, what is a virus and what is malware?? Well, malware covers a whole range
of nasties that can affect your device. Spyware, that is software that is designed
to gather information without your knowledge and also pass on this information
to other parties. Adware is another form of malicious malware that is designed to
generate ads in order to create revenue for its creator. The Trojan, as suggested
by the name, is a harmful program that will access your software by misleading
the user of its true intent and are generally spread by social interaction maybe an
e-mail attachment that contains a routine form.
A virus, on the other hand, is a piece of code that can copy itself and cause harm
to your device, so whilst all viruses are classed as malware, not all malware are
viruses.
The main difference between antivirus software and anti-malware is that an anti-
virus program is more likely to target the older more established threats like
Trojans and viruses whilst the anti-malware software will be adapted to focus on
newer up to date threats. Whilst your anti-virus software is working away to
combat threats from malware you may contract from traditional sources such as
email or a USB.
Which should you use?? The simple answer is to run the two programs side by
side as when you try and combine the two elements you lose certain aspects, and
since anti-malware is mostly lightweight and easy to run it is also designed to
work alongside anti-virus programs to give you layered protection against both
viruses and malware.

The best health care plan for your computer could include an anti-virus product
such as Bitdefender, Norton by Symantec or Kaspersky Anti-virus which are the
top three listed for 2017 by PCMag. For an effective anti-malware program try
Hitman Pro, Malwarebytes, Zemena or Emsisoft. A final bit of advice when
choosing your software, never trust unknown malware/adware or virus removal
tools as they can also infect your computer and lead to the type of problems you
are seeking to guard yourself against.
Chapter 4: The Tor Browser
TOR is the abbreviation for The Onion Router. At first, it was a global network
of services developed by the US military so that Internet browsing and use could
be performed anonymously. TOR sends Internet traffic as relays through a global
network of thousands of servers to hide the location and activity of a client from
surveillance and traffic analysis.
TOR servers, which provide the relays, are run by volunteers keen to protect
online privacy and security. Rather than a direct connection with the source or
destination of their communication, users have their network traffic pass through
a large number of servers. The effect of this is to greatly confuse potential
trackers.
Anyone who wishes to keep their Internet traffic out of the hands of advertisers,
journalists and others, will benefit from the use of TOR. It is of great use for
undercover cops working inside criminal organizations. It makes it to where the
cops are completely undetectable as they continue their research.
TOR is a very useful tool for fighting censorship. It permits users to access
destinations, which might otherwise be blocked. This is done while the privacy
of the user is well preserved. Some foolishly regard the wish for online privacy
as an indication of involvement in child pornography or terrorism.
Nothing could be further from the truth. A journalist living in a dictatorship
would need online anonymity in order to protect his or her freedom and possibly
life. They would need this anonymity to protect their sources.
TOR is of great use in the development of a new means of communication with
inbuilt privacy. On the regular web, nothing is private. However, with TOR, you
will be able to surf the web privately, not having to worry about anyone finding
out what you are doing.
TOR has what are called hidden services. This allows users of the network to set
up chat rooms. In these chat rooms, frank discussions can take place on matters
such as rape, domestic abuse, all sorts of illnesses and whistleblowing.
Information, freely exchanged, which could be of great use to insurance
companies, big business, and the media.
If someone is using TOR and someone tries to track them, then all that the
tracker can see are random points on the TOR network. The user's computer
cannot be identified. It will save you from getting hacked, which is a problem in
todays society. You will be able to browse the web, without worrying about
whether you will be attacked or not.
In order to use this network, it is necessary to download the TOR browser and to
install it on your computer. Using the TOR system makes for slower browsing
than normal due to a large number of relays that signals pass through.

These services are only available to TOR uses. Sadly, these services, although
possibly created for the noblest of reasons, have been horribly abused. Various
sites such as the Silk Road whose purpose was the selling of illicit drugs or the
site which was busted by the FBI involving the largest child pornography ring
that has been discovered set very bad examples. Despite these problems, TOR
has been endorsed by such organizations as Indymedia for protecting their
journalists and the Electronic Frontier Foundation for upholding online privacy.
Some large corporations use TOR commercially in order to analyze the behavior
of competitors as well as to shield their own activity. TOR is better than most
VPNs as it is impossible to determine the timing or quantity of a communication.
TOR is still used by the U.S. Navy and it is used by law-enforcement agencies
during many operations where it is important not to leave a government IP
address.
The more people who use TOR the better and the more secure it becomes. Any
user's network traffic is hidden among the traffic of others using the network. A
type of tracking tool, which TOR protects a user from, is called Traffic Analysis.
This cunning method provides knowledge of the source, the destination, the time
and the quantity of a communication and allows deductions to be made as to
who is communicating with whom.
Traffic analysis works by focusing on the header of a data packet. Data packets
have payloads, which could be an email, a video file or a PDF document. The
payload is encrypted often but the header is not and therein lies a vulnerability.
Clever analysis of headers can reveal a wealth of information such as the source,
destination, time and size of the payload.
A problem for those who wish for privacy is that it is essential for the computer
of those who receive your communication to get the information contained in the
header. This information can be obtained by others using sophisticated software.
These others include ISPs, law-enforcement agencies if they are tracking you,
and other trackers.
TOR reduces the risk of detection by all types of traffic analysis through its
distribution of communication through multiple servers, the idea being to
deliberately prevent trackers from knowing where the communication has come
from or where it is going.
The means by which this path of nodes or servers is constructed is very clever. It
is done server by server with encryption as it goes along. No server or relay
knows the complete path.

Completion of a circuit allows all sorts of applications to be used on the TOR
network. TOR only works on TCP communication, which has SOCKS support.
Socks is an Internet protocol which exchanges data between a client and server
through a proxy server. This is a server that is a link between networks.
TOR is brilliant but it is foolish to think that if you use it you are completely
anonymous. If you, for any reason, come to the attention of the law, then they
will eventually get you. All TOR can do is slow down this process.
One of the ways in which organizations like the FBI use the TOR network to
catch the bad guys is to join TOR. The services of FBI servers are used as part of
the TOR network unbeknownst to TOR.
Despite this, the big arrests of the child pornographers, which was mentioned
before, was not done via this route but by the injection of malware into the
browser of some abuser who had let his guard down. The browser is the weak
point as regards law enforcement and other tracking. Attacks on the browser are
called Man in The Middle attacks.
Law-enforcement agencies have to be very careful how they operate because the
users of TOR are among the most computer savvy people in the world and if it
became obvious that law-enforcement was targeting too many of them then they
would take countermeasures which would make TOR users much safer and
consequently the targets of the law-enforcement more difficult to catch. Law-
enforcement is consequently very careful to cover its tracks and only go after the
real criminals.
Next, we discuss how to install the TOR browser.
The TOR browser is a version of the open-source Firefox browser. The
installation of this browser is quite easy. Google, 'download TOR browser. You
will come to the download TOR website. Click on that and follow instructions.
You will receive a menu of TOR downloads for the various operating systems
that are, of course, Windows, Apple, Linux, smartphones and one labeled source
code.
Pick the one you want. Assuming you picked Windows, you can select the folder
that you want to place the browser in. Once you have done that, press install and
the process of installation is automatic.
There is one final window you have to work on. Press the upper button unless
your Internet connection is censored, filtered or proxied. Most of us just press
the upper button which says connect. The bottom button says configure. Be sure
and read the warnings on the TOR window.
If you press to connect, the connection is not instantaneous but when it is
complete, you should have a green window with some safety warnings and
information about the TOR project. To ensure that you are connected to the Tor
network, put www.whatismyip.com in your address bar and press enter.
You will notice the slowness of the browser in comparison to the usual speed of
Firefox or Chrome. Pay particular heed to the warnings that TOR urges you to
follow. One of them is that you should not Torrent when you download files. If
you do that when downloading a file, it will give a virus, or a hacker, easier
access to your computer. The next chapter will deal with the Deep Web which
the TOR browser is specifically designed for.
Chapter 5: Secrets of the Dark Web
Dark web: Many people confuse the Dark Web with the Deep Web. The dark
web, refers to the encrypted network between the servers of TOR and those
using them, the clients.
On the other hand, the Deep Web is composed of all the files on the Internet,
which cannot be indexed by normal search engines such as Google and Bing.
The Deep Web has been estimated to comprise 99% of all Internet content.
There are estimates that it comprises 7500 Terabyte of data.
Most material on the Deep Web is not very interesting. For example, newspapers
maintain Deep Web databases of stories that are not published. Much other
equally boring data exists. For instance, the sales records of the billions of
transactions carried out by businesses would be on Deep Web sites. The Deep
Web is mainly benign and boring.
The Dark Web is far more interesting. Just about anything you could want is
available on the Dark Web. Among the things that you can get:
1. Banned books.
Whilst most people believe the Dark Web is filled with pornography, drugs and
all things criminal it is a lesser known fact that there are an awful lot of
bibliophiles on the Dark Web. In 2011 The Dread Pirate Roberts who founded
the original Silk Road began his drug bazaar book club and is quoted as saying,
Knowledge is power, and reading is one of the best ways to expand your
knowledge. Each week we will select a reading designed to expand our
understandings of the issues that face the Silk Road community and have a
group discussion of this material. My hope is that a high level of discourse will
be fostered, and as a community, we can become strong in our beliefs, with a
coherent message and voice as the world begins to take notice.
And of course, the world did take notice and Roberts was arrested, not for his
book club, but for drug trafficking and money laundering charges. Silk Road was
closed and its book club was no more. But they were not to be silenced, only a
month later and Silk Road was up and running again, as was the book club being
moderated by a Silk Road senior moderator by the name of Inigo, until Inigo
himself was arrested and the book club decided to cut its ties with Silk Road and
continue in a private chat room whilst still upholding the legacy of Inigo, after
all. Knowledge is power!!
2. Copied credit cards.
The Dark Web is like a shopping mall for cybercrime. Not only credit cards but
spammer lists, phishing kits and all the tools needed to carry out all manner of
cybercrime are available. Large batches of credit cards from US retailers appear
on what is known as a carder forum, it is like Craigs List for hackers where
cards backed up with customers details are being traded for as little as a dollar a
card.
3. Fake passports.
There are many opportunities for obtaining fake passports on the Dark Web, the
quality, however, is varied. Many people claim to have purchased and used these
copies on many occasions, seemingly enabled by the sellers claim that they have
insiders in various departments that enable them to enter the false details into
legitimate channels. Most of the time, these people are here illegally and need a
respectable way to travel, thus resulting in them finding these people that sell the
illegal substances.
4. Illicit drugs.
Though only a small percentage of illegal drug purchases are made online the
figure is growing, and growing fast, thus changing the whole process of drug
dealing in the process. Sellers are now more focused on selling a better quality
of product at a more competitive price and thus creating a reputable brand name.
Estimated turnover in 2012 was $15m - $17m yet by 2015 this had risen to
$150m - $180m.
5. Hackers
Want to check out what your ex is up to?? Or maybe bring down a major
company and bring them to a halt, there are a whole bunch of sites on the Dark
Web where you can find people who will do whatever you want them to do.
6. Burglars
Not quite so prevalent, but there are reports of sites on the Dark Web where you
can employ someone to steal an order. You place your request with as much
detail as you can and he will then steal said item and send you a picture to prove
it. Apparently, he also has a list of items for sale that originated when people
ordered the thefts and then never followed through with payment.
7. Illegal betting and match fixing
In these days of highly regulated betting practices, especially since the birth of
online betting that has grown since its conception in the late 1990s and
according to Statista accounted for a volume of $46 billion in 2016 and is
predicted to grow to $56 billion by 2018, it is getting more difficult to place
illegal bets. On the Dark Web however you can place all manner of illegal bets
and match fixing is rife. With the click of a mouse, you can basically do as you
please.

8. Hitmen
Now, this is dark. The availability to hire a trained gun is widespread, and whilst
not cheap, it is not too highly priced to deter a serious buyer. One site is
purporting to advertise an assassination in the US or Canada for $10,000 and
$12,000 in Europe, according to the Mail Online. Some of the slogans and
marketing techniques are truly chilling. One self-styled assassin claims, I do not
know anything about you, you do not know anything about me. The desired
victim will pass away. No one will ever know why or who did this. On top of
that, I always give my best to make it look like an accident or suicide It is
completely terrifying to know that there are people out there that support
something like this. However, you will be surprised to find that a person that is
close to you can even be in on this type of activity.
Almost all sales are via crypto markets the Black Webs equivalent to Amazon
and E-bay, employing a similar feedback method and allowing customers to rate
sellers, products and allow other buyers to base their purchase choices on
informed information. Administrators take a cut from each sale and pay
moderators (in bitcoin of course) to handle forums and complaints.
9. Weapons.
It is rumored that The Armory is the biggest and most known online marketplace
for weapons, requiring a minimum order of $1050 it purports to stock around
400 items for sale, specializing in firearms that are untraceable or have a fake
serial number. Also boasting a military section they appear to be one of the
biggest weapons traders online and have an active community following.
These must be paid for with Bitcoin, which is the online currency. Bitcoin is a
peer to peer system created in 2008 and is used to pay online transactions
without the use of a central trusted authority. Since its creation, it has evolved
into something far beyond a simple currency. It has its own community of users
and it is also an investment vehicle. What makes bitcoin work is the massive
peer to peer network and the consensus involved that enables a payment system
where payments cannot be reversed, accounts cannot be frozen and this leads to
much lower transaction fees.
Bitcoin, as with the Internet itself has no central owner or authority and is
primarily governed by the developers who put their time in to ensure that Bitcoin
works as it is only in their interest to ensure that the right decisions are taken.
The amount of influence their input carries is based on the amount of computing
work they donate to the network.
Similarly, some users put in work to aid the smooth running of the peer to peer
network and are rewarded with Bitcoins that can be spent online. This is a
simple form of mining, the term used to describe obtaining bitcoins. The best
way to understand bitcoin is to get some and experiment, there are various ways
to do so and the information is out there to help you.

Some idiotic people put sensitive information, such as nude photographs, in the
Deep Web. They think it is secure. It is not!
A classic example is the Ashley Madison site, which was created for bored
spouses who wanted extramarital affairs. A hacker broke into that site and 10 GB
of data from the site was placed on the Dark Web and thus became available to
users of TOR. The hack was discovered by a journalist called Brian Krebs who
had written for years about internet security and the theft of data from major
companies in the form of a popular blog. He had investigated various firms like
Dominos Pizza, Tesco, and Adobe and he received an anonymous link to caches
of data stolen from a Canadian firm called Avid Life Media (ALM) of which he
was vaguely aware. Since 2008 they had run a well-publicized dating site for
married people.
Promising 100% discretion at the time of the tip-off they were currently claiming
to have a membership of 37.6 million members worldwide. However, simply by
following the links, he had been sent Krebs found himself looking at actual
credit card details for real members of the website that would previously have
promised total discretion. Among documents, he found not only a list of senior
executives but the personal phone number of the CEO. As a consequence, some
users of the Ashley Madison site have been subject to ransom demands, and
even a small number of suicides have been reported. This was possibly the
largest most destructive example of how, no matter how careful you are with
your internet traffic, your online presence is something you should always
mindful of and be aware that outside influences can come into play and expose
personal details.
If you wish to see some of the material on the Dark Web then log onto TOR and
put thehiddenwiki.org into the address bar and press enter. A long list of sites
you can visit is displayed. I won't ruin your experience by telling you what is
there but do advise you to take extreme caution and have very good malware
protection.
Depending on what you intend to do and your state when you visit any of these
sites, it has been recommended that you put masking tape over the webcam on
your computer. If you don't do this, prying eyes may witness you and your home.
This is definitely not in your best interests!
Chapter 6: How to Surf the Web Like a Hacker
First, let me explain the various forms that hacking can take.
Hacking can be a serious crime, and it can affect people who are not necessarily
the intended victim of the crime. The effects can manifest in a number of ways
and be disastrous.
The first way a hacker can harm you is by identity theft. Identity theft can be
devastating for its victims, hackers can steal both identifying and financial
information and wreak havoc on their victim's lives. More often than not, the
hacker is doing this for a reason. They could simple enjoy the thrill of it by using
the details they have garnered so they can make unauthorized purchases. They
can complete wreck your credit as they charge items on an existing credit card,
even ordering new credit cards and subsequently new accounts and sometimes
severely damaging their victims financial status. In the best-case scenario, when
the crime is discovered early, it can still lead to months, or even longer, of worry
and work to recover the situation. Sometimes, multiple false IDs will have been
generated using the victim's data and all activity involving these IDs will need to
be followed and investigated.
Hacking of Government and corporate websites can be devastating and at times
lead to a total shutdown of a site until any security breaches and damage to the
site has been assessed and corrected. The damage that can be caused by these
shutdowns can be long-lasting and lead to huge losses financially. The
shutdowns can also occur if the website has been targeted by a denial of
service attack, put in laymans term the website is targeted and bombarded with
false traffic that leads to it being unable to handle requests from genuine traffic.
Hackers may also resort to placing malware and viruses on computers. Often
these programs are masked by a useful program and this leads to installation of
the harmful portion simultaneously. Some software will then go on and create
the illusion of a computer virus in order to convince the user to purchase fake
antivirus protection or, alternatively the malware will be programmed to record
keystrokes in order to steal passwords and other financial information. These
harmful programs can even allow a hacker to take remote control of a computer
and then perform nefarious activities such as a denial of service attack and make
it appear to have been performed by the infected computer.
A little-known fact about hackers is that not all hackers are malicious.
Sometimes known as Ethical hackers or white hat hackers often assist
government and other possible targets to improve their security and take all
possible measures available to them to prevent major security holes from being
exploited. These good hackers are a major tool in the overall fight against all
matters of identity theft and are striving to reduce the number of instances.
If you Google,' Surf the web like a hacker, you will get all sorts of information.
Some articles will give you tips about speeding up your surfing while others will
tell you how to defend yourself against hackers.
A hacker is usually a very clever person who tries to get into the computers and
computer networks. There are many people who do not want the hacker to do
this, but in situations you cannot ward against them unless you have a very good
blocker on your computer. Hackers crave anonymity. They crave the attention
they gather when they do a job successfully. Their activity is usually illegal, and
if they are found out, it will cause them to result in paying a hefty fine and prison
sentence. However, there are some hackers out there that do not get caught
ever. They know the internet like the back of their hand, and they can
successfully filter through the pages without being detected.
Many hackers do what they do as a challenge. It is the same way that some
people enjoy doing crosswords or Sudokus. Like fans of these more familiar
activities, more and more challenging hacks are required by hackers doing that
activity for pleasure. They enjoy the thrill of being able to get into places normal
people cannot.
Unfortunately, some hackers have criminal motives and you need to protect
yourself against them by installing malware and other virus protection onto your
computer. Irrespective of their motive, whether it be for the intellectual challenge
or for more sinister reasons, once a hacker has access to the device or network,
they can do enormous damage.
They may plant programs called Trojans or backdoors into the computers of its
victims. When they accomplish this, it will relay information back to the hacker.
They will be able to get any type of information from your device with as little
effort as clicking a button. Hackers sometimes work alone. They feel the need to
work alone, as they will only have to rely on themselves. Occasionally, they will
belong to collectives, but you will not find this often.
One of the best-known hacker collectives is the one called Anonymous.
Wikipedia has a very interesting article about Anonymous and I suggest that you
read it. The Scientology organization suffered greatly at the hands of
Anonymous, as have other organizations which have annoyed Anonymous. In
the wake of the Charlie Hebdo shootings in January 2015, Anonymous released
a statement on Twitter condemning the attack and declaring a war on the
terrorists responsible. He vowed to shut down any associated social media
accounts. It is reported that on the 15th of January they did indeed manage to
close down a website belonging to one of the groups believed responsible for the
attack, but critics have pointed out that by closing down extremists websites you
then make it harder to track their activities.
Earlier in this chapter, the desire of hackers for their activity to be anonymous
was mentioned. By use of the TOR browser, anyone can achieve the anonymity
that hackers crave.
Conclusion
So, now you are armed with the knowledge you need to enter the world of the
Dark Web. Ive give you the steps to do this as safely as possible and to conduct
yourself in a way that will not put you or your device in peril. Also, here are a
few more key tips to remember, which are listed below.
1. Providing you are using the Tor browser, you could actually be safer on
the Dark Web than your normal internet activity. It comes preconfigured to
provide protection against privacy threats that are not addressed by normal
browsers.
2. If you do register on a site dont use your real e-mail address, your real
name or username. Create a throwaway identity, and whatever you do
refrain from using a credit card, you have absolutely no recourse and you
may have some awkward explaining to do when your charges appear.
3. If you are concerned that your activity online may alert a higher authority
then relax, there is so much activity on the Dark Web that, unless you live
in a particularly authoritarian country, you are highly unlikely to raise a
flag and attract unwanted attention. If this is a concern you can always
connect to a VPN before connecting to Tor.
4. If you really must download something, and please dont unless you really
must, then protect yourself with a really good anti-virus such as
VirusTotal. Anything that you download can effectively hurt your device.
You must be totally sure that you are going to be safe from virus. If you
get a warning sign, turn back. Do not go forward with the download.
5. And finally, exercise common sense in everything that you do. As in any
other activity you undertake, remember, if it seems too good to be true, it
probably is. You do not want to risk yourself, or your system. If there is
some random stranger being overly friendly, is he now your next best
friend? Probably not, remember your own common sense and natural
instinct. It will serve you well if used correctly and can provide a greater
protection much more than any anti-virus or defensive software (but
obviously you still need these protective tools).
 Just remember that once you are using Tor and its hidden services, you are
equipped to navigate the web on a day to day basis, so build your skills
and use them well.
The ability to surf the Internet anonymously is of ever increasing importance. It
gives you the ability to do the things you would not normally accomplish, giving
you the confidence boost you did not know you needed in your researching
skills.
Why this so important and how to do it is the essence of this book.
This book has thoroughly covered the means by which this can be done, and be
accomplished successfully.
It has demonstrated how to stay anonymous as you use this technology, which
plays such a dominant part in our lives. It is hard to stay anonymous in this day
and age, and TorBrowser helps with that.
It has repeated warnings about steps you need to take before you venture into the
Dark Web. The Dark Web is a dangerous place, and if you do not know how to
venture into it carefully, you can find yourself in peril. Now that you know about
the dangers you can face, you can plan against them.
Happy Surfing!