How scammers can take over your computer:
Scams are schemes to con you out of your money. They can arrive by post, phone call, text message, email, or a scammer may turn up at your home.

Computer hackers use computer viruses to gain access to your computer details, to steal your money and identity, then scam you.  They may also get into your wireless (Wi-Fi) network for the same reason.


Fake emails and websites can trick you into buying something bogus or handing over personal details. For example websites that appear to sell event tickets. You pay for the tickets but they never arrive.

This page tells you more about ways fraudsters can get into your computer to steal your money, personal information or identity and what you can do to protect yourself.

Ways your computer can be taken over

Computer viruses

Computer viruses are small computer programs that are designed to try and infect other computers, tablets and smartphones. They break into your computer and spread  from one device to the next as you communicate with other people. They are also known as malware.

How computer viruses spread

Viruses can spread through:

computer programs or files that appear to be harmless but actually do damage. These are called trojan viruses. For example, you may download a file with a harmless looking picture of a celebrity, which is actually hiding the virus
email attachments. The virus then finds new people in your email address book to attack
programs you download from websites
documents. These are known as macro viruses
the internet. This is known as a worm. The worm scans for other computers that are vulnerable to attack and sends a copy of itself across networks. A worm can eat up memory or network bandwidth, which will make your computer slow down or stop responding.
What viruses can do when they reach your computer

Viruses can leave unwanted software on your computer that:

secretly monitors your computer activity
scans for private information, such as passwords
gives scammers control of your computer
send out spam email
display unwanted advertising
hijack your web browser
use your computer to host illegal websites to con other people.  
They can also switch off your computer’s security defences, leaving it vulnerable to more viruses. And they can track what information you put into your computer by monitoring your keyboard strokes.

Spyware

Spywarecan track users through advertising that might pop up on your computer. When you click on the advertising link you may be taken to a website which can install a virus onto your computer without you realising it.

The virus can take over your web browser, scan your computer for private information and slow down your computer. It can be difficult to remove spyware.

Wi-fi eavesdropping

If you use a wireless network to access the internet, the signal that lets you connect to the internet uses a radio link with a range of several hundred feet. This is called a Wi-Fi network. If your network isn’t secure, other people can also access your internet link if they are within range.

Scammers can also set up access to fake Wi-Fi networks in public places. If you log onto the network, they can try to capture personal details, such as passwords and credit card information.

Other computer scams

Ransomware

Ransomware copies personal files or photos from your computer. When a scammer has control of them, they send a demand for money in return for the files or photos. If you don’t hand over the money, they threaten you with the release of images and files to others, to embarrass you.

Scareware

Scareware is rogue security software, such as antivirus software, that protects your computer. It hides in pop up adverts or alerts that advertise security software updates.

If you click on the adverts or alerts, thinking you are downloading legitimate security software, you may inadvertently start to download scareware onto your computer.

When the scareware is installed it may fail to report viruses or say you have a virus when your computer is clean. Sometimes it will download a virus or spyware onto your computer, which steals your personal information or slows down your computer. You may also be asked to pay for these fake updates.

Phone calls pretending to be from computer companies

Callers pretend to be employees of well-known computer companies who have discovered problems or viruses on your computer. They persuade you to give them access to your computer with passwords and security information and then ask for payment and bank details.

Genuine computer companies will never do this. If you need technical help, always call or email your internet service provider's support line or talk to a computer repair company locally.

Cybercrime:

Cybercrime, or computer crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.Debarati Halder and K. Jaishankar define cybercrimes as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)".Such crimes may threaten a nation's security and financial health.Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones". Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nation state is sometimes referred to as cyberwarfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court.


A report (sponsored by McAfee) estimates that the annual damage to the global economy is at $445 billion;however, a Microsoft report shows that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2016, a study by Juniper Research estimated that the costs of cybercrime could be as high as 2.1 trillion by 2019.


Most measures show that the problem of cybercrime continues to worsen. However, Eric Jardine argues that the frequency, cost and severity of cybercrime cannot be well understood as counts expressed in absolute terms. Instead, these numbers need to be normalized around the growing size of cyberspace, in the same way that crime statistics in the physical world are expressed as a proportion of a population (i.e., 1.5 murders per 100,000 people). Jardine argues that, since cyberspace has been rapidly increasing in size each year, absolute numbers (i.e., a count saying there are 100,000 cyberattacks in 2015) present a worse picture of the security of cyberspace than numbers normalized around the actual size of the Internet ecosystem (i.e., a rate of cybercrime). His proposed intuition is that if cyberspace continues to grow, you should actually expect cybercrime counts to continue to increase because there are more users and activity online, but that as a proportion of the size of the ecosystem crime might actually be becoming less of a problem.


Classification:
Computer crime encompasses a broad range of activities.

Fraud and financial crimes
Main article: Internet fraud
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:

Altering in an unauthorized way. This requires little technical expertise and is common form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect;
Altering or deleting stored data;
Other forms of fraud may be facilitated using computer systems, including bank fraud, carding, identity theft, extortion, and theft of classified information.

A variety of internet scams, many based on phishing and social engineering, target consumers and businesses.

Cyber terrorism
Main article: Cyberterrorism
Government officials and information technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching a computer-based attack against computers, networks, or the information stored on them.

Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. There are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.

Cyberextortion
Main article: Extortion
Cyberextortion occurs when a website, e-mail server, or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand money in return for promising to stop the attacks and to offer "protection". According to the Federal Bureau of Investigation, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the public domain. Perpetrators typically use a distributed denial-of-service attack.

An example of cyberextortion was the attack on Sony Pictures of 2014.

Cyberwarfare

Sailors analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks
Main article: Cyberwarfare
The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included, the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.

Computer as a target
These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these crimes require the technical knowledge of the perpetrators. As such, as technology evolves, so too does the nature of the crime. These crimes are relatively new, having been in existence for only as long as computers have—which explains how unprepared society and the world in general is towards combating these crimes. There are numerous crimes of this nature committed daily on the internet:

Crimes that primarily target computer networks or devices include:

Computer viruses
Denial-of-service attacks
Malware (malicious code)
Computer as a tool
Main articles: Internet fraud, Spamming, Phishing, and Carding (fraud)
When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise. Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline world. Scams, theft, and the likes have existed even before the development in high-tech equipment. The same criminal has simply been given a tool which increases his potential pool of victims and makes him all the harder to trace and apprehend.

Crimes that use computer networks or devices to advance other ends include:

Fraud and identity theft (although this increasingly uses malware, hacking and/or phishing, making it an example of both "computer as target" and "computer as tool" crime)
Information warfare
Phishing scams
Spam
Propagation of illegal obscene or offensive content, including harassment and threats
The unsolicited sending of bulk email for commercial purposes (spam) is unlawful in some jurisdictions.

Phishing is mostly propagated via email. Phishing emails may contain links to other websites that are affected by malware. Or, they may contain links to fake online banking or other websites used to steal private account information.

Obscene or offensive content
The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be legal.

The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs.

One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography.

Harassment

Various aspects needed to be considered when understanding harassment online.

The examples and perspective in this section may not represent a worldwide view of the subject. You may improve this article, discuss the issue on the talk page, or create a new article, as appropriate. (March 2016) (Learn how and when to remove this template message)
See also: Cyberbullying, Online predator, Cyberstalking, and Internet troll
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties. Harassment on the internet also includes revenge porn.

There are instances where committing a crime using a computer can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, Kramer was served an enhanced sentence according to the U.S. Sentencing Guidelines Manual §2G1.3(3)for his use of a cell phone to "persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in prohibited sexual conduct." Kramer argued that this claim was insufficient because his charge included persuading through a computer device and his cellular phone technically is not a computer. Although Kramer tried to argue this point, U.S. Sentencing Guidelines Manual states that the term computer "means an electronic, magnetic, optical, electrochemically, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device."

Connecticut was the U.S. state to pass a statute making it a criminal offense to harass someone by computer. Michigan, Arizona, and Virginia and South Carolina have also passed laws banning harassment by electronic means.

Harassment as defined in the U.S. computer statutes is typically distinct from cyberbullying, in that the former usually relates to a person's "use a computer or computer network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any suggestion or proposal of an obscene nature, or threaten any illegal or immoral act," while the latter need not involve anything of a sexual nature.

Although freedom of speech is protected by law in most democratic societies (in the US this is done by the First Amendment), it does not include all types of speech. In fact spoken or written "true threat" speech/text is criminalized because of "intent to harm or intimidate", that also applies for online or any type of network related threats in written text or speech. The US Supreme Court definition of "true threat" is "statements where the speaker means to communicate a serious expression of an intent to commit an act of unlawful violence to a particular individual or group".

Drug trafficking
Darknet markets are used to buy and sell recreational drugs online. Some drug traffickers use encrypted messaging tools to communicate with drug mules. The dark web site Silk Road was a major online marketplace for drugs before it was shut down by law enforcement (then reopened under new management, and then shut down by law enforcement again). After Silk Road 2.0 went down, Silk Road 3 Reloaded emerged. However it was just an older marketplace named Diabolus Market, that used the name for more exposure from the brand's previous success.

Documented cases
One of the highest profiled banking computer crime occurred during a course of three years beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts.

A hacking group called MOD (Masters of Deception), allegedly stole passwords and technical data from Pacific Bell, Nynex, and other telephone companies as well as several big credit agencies and two major universities. The damage caused was extensive, one company, Southwestern Bell suffered losses of $370,000 alone.

In 1983, a nineteen-year-old UCLA student used his PC to break into a Defense Department international communications system.

Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was hacked several times during an ongoing technological arms race between a pan-European hacking group and Newscorp. The original motivation of the hackers was to watch Star Trek re-runs in Germany; which was something which Newscorp did not have the copyright to allow.

On 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and a copy of the virus spread via e-mail to other people.

In February 2000, an individual going by the alias of MafiaBoy began a series denial-of-service attacks against high-profile websites, including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks.

The Russian Business Network (RBN) was registered as an internet site in 2006. Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with an individual activities earning up to $150 million in one year. It specialized in and in some cases monopolized personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.

On 2 March 2010, Spanish investigators arrested 3 in infection of over 13 million computers around the world. The "botnet" of infected computers included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks, according to investigators.

In August 2010 the international investigation Operation Delego, operating under the aegis of the Department of Homeland Security, shut down the international pedophile ring Dreamboard. The website had approximately 600 members, and may have distributed up to 123 terabytes of child pornography (roughly equivalent to 16,000 DVDs). To date this is the single largest U.S. prosecution of an international child pornography ring; 52 arrests were made worldwide.

On March 1, 2011 at Lassiter High School, two students were accused of impersonation of a staff member via cybercrime, but both claimed they were uninvolved. The offense was made a felony in the Cobb County School District two months after the impersonation had happened. Shortly afterwards, the head of the LHS School Board said "The teacher just wouldn't do this at all". The case ended on May 9, and no evidence was found.

In June 2012 LinkedIn and eHarmony were attacked, compromising 65 million password hashes. 30,000 passwords were cracked and 1.5 million EHarmony passwords were posted online.

December 2012 Wells Fargo website experienced a denial of service attack. Potentially compromising 70 million customers and 8.5 million active viewers. Other banks thought to be compromised: Bank of America, J. P. Morgan U.S. Bank, and PNC Financial Services.

In January 2012 Zappos.com experienced a security breach after as many as 24 million customers' credit card numbers, personal information, billing and shipping addresses had been compromised.

April 23, 2013 saw the Associated Press' Twitter account's hacking to release a hoax tweet about fictional attacks in the White House that left President Obama injured.This erroneous tweet resulted in a brief plunge of 130 points from the Dow Jones Industrial Average, removal of $136 billion from S&P 500 index, and the temporary suspension of their Twitter account. The Dow Jones later restored its session gains.

Combating computer crime
This section needs expansion. You can help by adding to it. (January 2015)
Diffusion of cybercrime
The broad diffusion of cybercriminal activities is an issue in computer crimes detection and prosecution. According to Jean-Loup Richet (Research Fellow at ESSEC ISIS), technical expertise and accessibility no longer act as barriers to entry into cybercrime. Indeed, hacking is much less complex than it was a few years ago, as hacking communities have greatly diffused their knowledge through the Internet. Blogs and communities have hugely contributed to information sharing: beginners could benefit from older hackers' knowledge and advice. Furthermore, Hacking is cheaper than ever: before the cloud computing era, in order to spam or scam one needed a dedicated server, skills in server management, network configuration and maintenance, knowledge of Internet service provider standards, etc. By comparison, a mail software-as-a-service is a scalable, inexpensive, bulk, and transactional e-mail-sending service for marketing purposes and could be easily set up for spam.Jean-Loup Richet explains that cloud computing could be helpful for a cybercriminal as a way to leverage his attack – brute-forcing a password, improve the reach of a botnet, or facilitating a spamming campaign.

Investigation
A computer can be a source of evidence (see digital forensics). Even where a computer is not directly used for criminal purposes, it may contain records of value to criminal investigators in the form of a logfile. In most countries[citation needed] Internet Service Providers are required, by law, to keep their logfiles for a predetermined amount of time. For example; a European wide Data Retention Directive (applicable to all EU member states) states that all E-mail traffic should be retained for a minimum of 12 months.

Legislation
Due to easily exploitable laws, cybercriminals use developing countries in order to evade detection and prosecution from law enforcement. In developing countries, such as the Philippines, laws against cybercrime are weak or sometimes nonexistent. These weak laws allow cybercriminals to strike from international borders and remain undetected. Even when identified, these criminals avoid being punished or extradited to a country, such as the United States, that has developed laws that allow for prosecution. While this proves difficult in some cases, agencies, such as the FBI, have used deception and subterfuge to catch criminals. For example, two Russian hackers had been evading the FBI for some time. The FBI set up a fake computing company based in Seattle, Washington. They proceeded to lure the two Russian men into the United States by offering them work with this company. Upon completion of the interview, the suspects were arrested outside of the building. Clever tricks like this are sometimes a necessary part of catching cybercriminals when weak legislation makes it impossible otherwise.

President Barack Obama released in an executive order in April 2015 to combat cybercrime. The executive order allows the United States to freeze assets of convicted cybercriminals and block their economic activity within the United States. This is some of the first solid legislation that combats cybercrime in this way.

The European Union adopted directive 2013/40/EU. All offences of the directive, and other definitions and procedural institutions are also in the Council of Europe's Convention on Cybercrime.

Penalties
Penalties for computer related crimes in New York State can range from a fine and a short period of jail time for a Class A misdemeanor such as unauthorized use of a computer up to computer tampering in the first degree which is a Class C felony and can carry 3 to 15 years in prison.

However, some hackers have been hired as information security experts by private companies due to their inside knowledge of computer crime, a phenomenon which theoretically could create perverse incentives. A possible counter to this is for courts to ban convicted hackers from using the Internet or computers, even after they have been released from prison – though as computers and the Internet become more and more central to everyday life, this type of punishment may be viewed as more and more harsh and draconian. However, nuanced approaches have been developed that manage cyberoffender behavior without resorting to total computer and/or Internet bans. These approaches involve restricting individuals to specific devices which are subject to computer monitoring and/or computer searches by probation and/or parole officers.

Awareness

As technology advances and more people rely on the internet to store sensitive information such as banking or credit card information, criminals are going to attempt to steal that information. Cyber-crime is becoming more of a threat to people across the world. Raising awareness about how information is being protected and the tactics criminals use to steal that information is important in today's world. According to the FBI's Internet Crime Complaint Center in 2014 there were 269,422 complaints filed. With all the claims combined there was a reported total loss of $800,492,073. But yet cyber-crime doesn't seem to be on the average person's radar. There are 1.5 million cyber-attacks annually, that means that there are over 4,000 attacks a day, 170 attacks every hour, or nearly three attacks every minute. Anybody who uses the internet for any reason can be a victim, which is why it is important to be aware of how one is being protected while online.

Black Hat Briefings:
https://www.blackhat.com/upcoming.html

Black Hat Briefings is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. The Briefings take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo.An event dedicated to the US federal agencies is organized in Washington, D.C.


History
Black Hat was founded in 1997 by Jeff Moss, who also founded DEF CON. Today, Moss is the Conference Chair of the Black Hat Review Board. These are considered[by whom?] the premier information security conferences in the world. Black Hat started as a single annual conference in Las Vegas, Nevada and is now held in multiple locations around the world.

The conference
The conference is composed of two major sections, the Black Hat Briefings, and Black Hat Trainings. Training is offered by various computer security vendors, in effort to keep the conference vendor-neutral. The conference has hosted the National Security Agency's information assurance manager course, and various courses by Cisco Systems, Offensive Security, and others.

The Briefings are composed of tracks, covering various topics including reverse engineering, identity and privacy, and hacking. The briefings also contain keynote speeches from leading voices in the information security field, including Robert Lentz Chief Security Officer, United States Department of Defense; Michael Lynn; Amit Yoran, former Director of the National Cyber Security Division of the Department of Homeland Security;and General Keith B. Alexander, former Director of the National Security Agency and former commander of the United States Cyber Command.

Conference's topics
USA :

July - August 2009 : MCS-ATL vulnerabilities // attack against MD2 - Breaking SSL ... validation certificate ...

July - August 2010 : Cloudcracker ... such as (wpacracker.com service)

July 27 - August 1, 2013 : Android hacking : application and root

New conference goals[edit]
There is now more focus on tools that can be used or protected, so a new type of conferences called Black Hat Arsenal Briefings has been added since 2011.See here Blackhat Arsenal Archives since 2011 on ToolsWatch website.

Antics and disclosures
Black Hat is known for the antics of its hacker contingent, and the disclosures brought in its talks. Conference attendees have been known to hijack wireless connections of the hotels, hack hotel TV billing systems, and even hack the automated teller machine in a hotel lobby. In 2009, web sites belonging to a handful of security researchers and groups were hacked and passwords, private e-mails, IM chats, and sensitive documents were exposed on the vandalized site of Dan Kaminsky, days before the conference. During Black Hat 2009, a USB thumb drive that was passed around among attendees was found to be infected with the Conficker virus, and in 2008, three men were expelled for packet sniffing the press room local area network.

In the past, companies have attempted to ban researchers from disclosing vital information about their products. At Black Hat 2005, Cisco Systems tried to stop Michael Lynn from speaking about a vulnerability that he said could let hackers virtually shut down the Internet. However, in recent years, researchers have worked with vendors to resolve issues, and some vendors have challenged hackers to attack their products.
More No. https://www.baltihub.com

Kali Linux
 https://www.kali.org/

Developer Offensive Security
OS family Unix-like
Working state Active
Latest release 2016.2[1] / August 31, 2016; 43 days ago
Platforms x86, x86-64, armel, armhf
Kernel type Monolithic kernel
Default user interface GNOME 3
License Various
Official website www.kali.org
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.

Contents  [hide] 
1 Development
2 Supported platforms
3 Features
4 Tools
5 Popular culture
6 See also
7 References
8 External links
Development
Kali Linux is preinstalled with over 300 penetration-testing programs, including Armitage (a graphical cyber attack management tool), nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners). Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu. The third core developer Raphaël Hertzog joined them as Debian expert.

Kali Linux is based on Debian Testing. Most packages Kali uses are imported from the Debian repositories.

Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Supported platforms
Kali Linux is distributed in 32-bit and 64-bit images for use on hosts based on the x86 instruction set and as an image for the ARM architecture for use on the BeagleBoard computer and on Samsung's ARM Chromebook.

The developers of Kali Linux aim to make Kali Linux available for ARM devices.

Kali Linux is already available for BeagleBone Black, HP Chromebook, CubieBoard 2, CuBox, CuBox-i, Raspberry Pi, EfikaMX, Odroid U2, Odroid XU, Odroid XU3, Samsung Chromebook, Utilite Pro, Galaxy Note 10.1, and SS808.

Features
Kali Linux has a dedicated project set-aside for compatibility and porting to specific Android devices, called Kali Linux NetHunter.

It is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member “BinkyBear” and Offensive Security. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as Bad USB MITM attacks.

BackTrack (Kali's predecessor) contained a mode known as forensic mode. This capability was carried over to Kali via live boot. This mode is very popular for many reasons such as many Kali users already have a bootable Kali USB drive or CD, and this option makes it easy to apply Kali to a forensic job. There are however some changes to forensic mode over the regular operation of the system, such as forensic mode doesn't touch the hard drive or swap space and auto mounting is disabled. However, it is recommended by the developers that if Kali is going to be used for real world forensics that these things be tested in that environment.

Tools
Kali Linux includes many well known security tools, including:

Nmap
Aircrack-ng
Kismet
Wireshark
Metasploit Framework
Burp suite
John the Ripper
Social Engineering Toolkit
Airodump-ng
Popular culture
The logo of Kali Linux appears on the background in the TV series Mr. Robot (2015) in episode 5 of season one. The Kali Linux logo also appears again as wallpaper in scenes from episode 1, episode 9 and more prominently in the episode 6, season 2 of the same series, when it is used by two of the main characters, Angela and Darlene. The operating system is also shown to be downloaded and installed at episode 10 of season 2.
Most Other Famous Hacking Tools:
*BackTrack
*Security-focused operating system
*Metasploit Project
*Nmap
*BackBox
*OpenVAS
*Kismet (software)
*Aircrack-ng
*dSploit

Hacking tool:

A hacking tool is a program designed to assist with hacking, or a piece of software which can be used for hacking purposes.

Examples include Nmap, Nessus, John the Ripper, p0f, and Winzapper.[unreliable source] Bribes have also been described as among the most potent hacking tools, due to their potential exploitation in social engineering attacks.Occasionally, common software such as ActiveX is exploited as a hacking tool as well.


Hacking tools such as Cain and Abel, however, are well known as Script Kiddie Tools. Script kiddies are people 
who follow instructions from a manual, without realising how it happens. These Script Kiddies have been an enormous threat to computer security as there are many hacking tools and keyloggers up for download which are free.

Worms:
Main article: Computer worm
Another example of a hacking tool is a computer worm. These malicious programs detect vulnerabilities in operating systems. Not all worms, however, are malicious. The Nachi Worms have actually fixed operating system vulnerabilities by downloading and installing security patches from the Microsoft website.

Port Scanners:
Main article: Port scanner
Port scanners detect vulnerabilities in firewalls, and are able to find a great deal about the computer system, such as the operating system, ISP, wireless routers and how long the system has been online. However, port scanners are the best security auditing tools.

Hacking Linux:

Although not much is said about threats to the Linux system, they do exist and could increase in the future. One of the biggest threats to the Linux system is given by the so-called Rootkits. These are programs that have special privileges and are able to hide to the system administrator.

OWASP ZAP 
(short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.

It is one of the most active OWASP projects and has been given Flagship status.It is also fully internationalized and is being translated into over 25 languages.

When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.

It can also run in a ‘daemon’ mode which is then controlled via a REST Application programming interface.

This cross-platform tool is written in Java and is available in all of the popular operating systems including Microsoft Windows, Linux and Mac OS X.


ZAP was added to the ThoughtWorks Technology Radar in May 2015 in the Trial ring.

Classifications:

Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific group with whom they do not agree.

Eric S. Raymond, author of The New Hacker's Dictionary, advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as a wider hacker culture, a view that Raymond has harshly rejected. Instead of a hacker/cracker dichotomy, they emphasize a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker for more malicious activity.

According to Ralph D. Clifford, a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system". These subgroups may also be defined by the legal status of their activities.

White hat
Main article: White hat
A white hat hacker breaks security for non-malicious reasons, either to test their own security system, perform penetration tests or vulnerability assessments for a client - or while working for a security company which makes security software. The term is generally synonymous with ethical hacker, and the EC-Council, among others, have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.

Black hat
Main article: Black hat
A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005).The term was coined by Richard Stallman, to contrast the maliciousness of a criminal hacker versus the spirit of playfulness and exploration in hacker culture, or the ethos of the white hat hacker who performs hacking duties to identify places to repair or as a means of legitimate employment. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".

Grey hat
Main article: Grey hat
A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee.Grey hat hackers sometimes find the defect of a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their personal gain, unauthorized access to a system can be considered illegal and unethical.

Elite hacker
A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.

Script kiddie
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other black hat hackers), hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature), usually with little understanding of the underlying concept.

Neophyte
A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

Blue hat
A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

Hacktivist
A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.

Hacktivism can be divided into two main groups:

Cyberterrorism — Activities involving website defacement or denial-of-service attacks; and,
Freedom of information — Making information that is not public, or is public in non-machine-readable formats, accessible to the public.

Publish#Rinchan_Baltis

Security hacker:

In the computer security context, a security hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment, or to evaluate those weaknesses to assist in removing them. The subculture that has evolved around hackers is often referred to as the computer underground.
https://www.baltihub.com There is a longstanding controversy about the term's true meaning. In this controversy, the term hacker is reclaimed by computer programmers who argue that it refers simply to someone with an advanced understanding of computers and computer networks, and that cracker is the more appropriate term for those who break into computers, whether computer criminal (black hats) or computer security expert (white hats) - but a recent article concluded that: "...the black-hat.

History:

In computer security, a hacker is someone who focuses on security mechanisms of computer and network systems. While including those who endeavor to strengthen such mechanisms, it is more often used by the mass media and popular culture to refer to those who seek access despite these security measures. That is, the media portrays the 'hacker' as a villain. Nevertheless, parts of the subculture see their aim in correcting security problems and use the word in a positive sense. White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field. They operate under a code, which acknowledges that breaking into other people's computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is still an interesting activity that can be done ethically and legally. Accordingly, the term bears strong connotations that are favorable or pejorative, depending on the context.

The subculture around such hackers is termed network hacker subculture, hacker scene or computer underground. It initially developed in the context of phreaking during the 1960s and the microcomputer BBS scene of the 1980s. It is implicated with 2600: The Hacker Quarterly and the alt.2600 newsgroup.

In 1980, an article in the August issue of Psychology Today (with commentary by Philip Zimbardo) used the term "hacker" in its title: "The Hacker Papers". It was an excerpt from a Stanford Bulletin Board discussion on the addictive nature of computer use. In the 1982 film Tron, Kevin Flynn (Jeff Bridges) describes his intentions to break into ENCOM's computer system, saying "I've been doing a little hacking here". CLU is the software he uses for this. By 1983, hacking in the sense of breaking computer security had already been in use as computer jargon,[8] but there was no public awareness about such activities. However, the release of the film WarGames that year, featuring a computer intrusion into NORAD, raised the public belief that computer security hackers (especially teenagers) could be a threat to national security. This concern became real when, in the same year, a gang of teenage hackers in Milwaukee, Wisconsin, known as The 414s, broke into computer systems throughout the United States and Canada, including those of Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank.The case quickly grew media attention, and 17-year-old Neal Patrick emerged as the spokesman for the gang, including a cover story in Newsweek entitled "Beware: Hackers at play", with Patrick's photograph on the cover. The Newsweek article appears to be the first use of the word hacker by the mainstream media in the pejorative sense.

Pressured by media coverage, congressman Dan Glickman called for an investigation and began work on new laws against computer hacking. Neal Patrick testified before the U.S. House of Representatives on September 26, 1983, about the dangers of computer hacking, and six bills concerning computer crime were introduced in the House that year. As a result of these laws against computer criminality, white hat, grey hat and black hat hackers try to distinguish themselves from each other, depending on the legality of their activities. These moral conflicts are expressed in The Mentor's "The Hacker Manifesto", published 1986 in Phrack.



Use of the term hacker meaning computer criminal was also advanced by the title "Stalking the Wily Hacker", an article by Clifford Stoll in the May 1988 issue of the Communications of the ACM. Later that year, the release by Robert Tappan Morris, Jr. of the so-called Morris worm provoked the popular media to spread this usage. The popularity of Stoll's book The Cuckoo's Egg, published one year later, further entrenched the term in the public's consciousness.