Codecademy Logo

Unethical Hacking

First federal computer fraud law

The Computer Fraud and Abuse Act (CFAA) was created to amend the first federal computer fraud law to address hacking.

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) deals with hacking by prohibiting intentional access to a computer without authorization.

Cyber Attacks

In cyber attacks, adversaries use special techniques to exploit vulnerabilities in applications, processes, or procedures.

Cross-Site-Scripting (XSS)

Cross-Site Scripting (XSS) is a part of the OWASP Top Ten.

XSS is when an application allows untrusted data, potentially user-supplied data, into a web page without proper validation or sanitization.

It’s dangerous because it can allow attackers to execute malicious scripts in a victim’s browser leading to hijacked sessions, or malicious page alterations or redirections.

The code is an example of some code that may be used as part of a XSS attack. It could be inserted into a URL.

<script>alert(1);</script>

Mitigating SQL Injection Attacks: Input Sanitization

One way SQL injections can be mitigated is through input sanitization. Sanitization is the process of removing dangerous characters from user input.

Dangerous characters might include:

  • ;
  • \--

This is important because they allow attackers to extend SQL queries to gain more information from a database.

Careful, this method is not the perfect defense against SQL injections. Removing characters may have no effect in some queries and, if an attacker finds a way to bypass the sanitization process, they can easily inject data into your system.

SELECT username, email FROM users WHERE id = '1' AND '1' = '2';

SQL Injection

A SQL injection is a serious vulnerability affecting applications that use SQL as their database language. Through cleverly constructed text inputs that modify the backend SQL query, threat actors can force the application to output private data or respond in ways that provide intel. SQL injections attacks can ultimately be used to steal information and even take complete control of a system.

A login form with "lorenzo_33" as the username and "password'; DROP TABLE Accounts;--" as the password.

Cybersecurity: What Is Malware?

Malware is malicious software inserted into a system to cause damage to systems or data or to gain unauthorized access to a network.

Some examples of malware are:

  • Viruses
  • Adware
  • Spyware
  • Scareware
  • Trojan horses
  • Rootkits
  • Ransomware
  • Worms
  • Fileless malware

Malware: Spyware

Spyware is malware downloaded without a user’s authorization which is used to steal sensitive information and relay it to an outside party in a way that harms the original user.

The key word here is “spy”. Clicking suspicious links or downloads could result in spyware.

Phishing Uses

Phishing is a social engineering tactic that can be used for many things, such as stealing credentials or getting malware onto a system.

Cybersecurity: Password Attacks

In Cybersecurity, a password attack is any attack that attempts to hack into a password-protected asset, like an account or encrypted file.

Cybersecurity: Password Spraying

Password Spraying refers to a type of brute force attack in which a threat actor tries common passwords on multiple usernames.

Cybersecurity: Credential Harvesting

In Cybersecurity, credential harvesting refers to when an attacker attempts to harvest, or learn, a victim’s credentials.

Often, the attacker may just want to gain a large database of credentials rather than exploiting the user directly.

Buffer Overflow Attack

A buffer overflow attack is caused when an attacker intentionally passes data that overfills a buffer. This can allow an attacker to fill the buffer with data of their choosing.

An image showing a buffer overflow. There are two arrays of random 2-digit hexadecimal values, and the first four indexes are labeled “buffer”. In the second array, the second half of the array is labeled with "overflow", and it's clear someone has filled the second half of the array with strange data: the word “dead beef” is repeated twice.

Specialized Types of Phishing

Some specialized types of phishing include:

  • Vishing: “Voice” phishing uses spam calls
  • Smishing: “SMS” phishing uses text messages
  • Spear Phishing: A phishing strategy that targets specific victims
  • Whaling: A phishing strategy that targets high-profile victims

Adversarial AI

Adversarial artificial intelligence (AI) is a method used to identify vulnerabilities and attack vectors to circumvent security systems.

Supply Chain Attack

A supply-chain attack is a cyber attack that attempts to harm an organization by targeting vulnerable parts of its supply chain.

One of the more recent real-world examples of a supply-chain attack affected a company known as SolarWinds.

Learn more on Codecademy