Tag: hacking

Users are getting advertisements based on their phone conversations

Today we are living in an era in which there is constant surveillance on us through various sources. Among these, there are satellites and various other electronic equipment that we use daily. Some of those apps collect our data in the background.

The Internet has oven us many things but along with that, there are also some scary consequences. Among those consequences, there is also a breach of our privacy. Especially, smart devices are the main culprits that help in such breaches of trust. We are using them daily. We are also giving consent to various apps to access our microphones as well as our contact list as a whole. This data is then sold to advertising companies, who then show advertisements relevant to us on our devices.

These findings have been proved recently by some recent research. During the research, the users were asked whether they see advertisements based on their conversations or not. In return, several users admitted to getting ads based on their conversations, during phone calls. Several users even admitted to getting emails with the relevant products of their choice. On the other hand, some users did not see any such advertisements. Then some users had no opinion on such matters and some did get such ads some and some very times.

https://unsplash.com/photos/XIVDN9cxOVc

The above problem now needs some strict rules or regulations. This can only happen when the government will pass the Personal Data Protection Bill 2019. Once this will gets passed then people will have control over their privacy. The bill will also ensure that the apps need to specify the data which they are accessing. There also needs to be some clarification about the collection of data and their transactions with third parties.

These changes will make sure that the companies whose apps we are using are alert to the way our data is being used by them. They will also need to be careful with the way they handle our data. Then our data will get some protection om the wrong hands. These changes will also bring about some much-needed changes in the data field. The companies will focus more on the protection of the privacy of data. The data will also need some serious protection from outer elements. It is because various attacks are happening nowadays which are affecting various big organizations. In recent times, AIIMS servers were also hacked and there is a demand for 200 crore rupees in cryptocurrencies from hackers to give back control of servers to the major medical organization.

The recent attacks on the data of such major organizations are also asking for some data-related laws in the country. The changes will pave way for the implementation of some better rules for future generations so that their privacy remains in their own hands. These data-related issues will also safeguard the future of the country. Nowadays, data is the real gold. Data now paves the way for development shortly as technology is getting more dependent on the data being collected from users like us.

CYBER CRIME CASE STUDY IN INDIA

Computer Crime Cyber crime encompasses any criminal act dealing with computers and networks (called hacking).Additionally, cyber crime also includes traditional crimes conducted through the internet. For example; The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking.The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, Trojan attacks, internet time thefts, theft of computer system, physically damaging the computer system

Cyber Law is the law governing cyberspace. Cyberspace is a wide term and includes computers, networks,software, data storage devices (such as hard disks, USB disks), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.

Computer crimes encompass a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories

(1) Crimes that target computer networks or devices directly; Examples – Malware and malicious code, Denial-of-service attacks and Computing viruses.

(2) Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device. Examples – Cyber stalking, Fraud and identity theft, Phishing scams and Information warfare.

CASE STUDIES

Case no:1 Hosting Obscene Profiles (Tamil Nadu)

The case is about the hosting obscene profiles. This case has solved by the investigation team in Tamil Nadu. The complainant was a girl and the suspect was her college mate. In this case the suspect will create some fake profile of the complainant and put in some dating website. He did this as a revenge for not accepting his marriage proposal. So this is the background of the case.

Investigation Process

Let’s get into the investigation process. As per the complaint of the girls the investigators started investigation and analyze the webpage where her profile and details. And they log in to that fake profile by determining its credentials, and they find out from where these profiles were created by using access log. They identified 2 IP addresses, and also identified the ISP. From that ISP detail they determine that those details are uploaded from a café. So the investigators went to that café and from the register and determine suspect name. Then he got arrested and examining his SIM the investigators found number of the complainant.

Conclusion

The suspect was convicted of the crime, and he sentenced to two years of imprisonment as well as fine.

Case no:2 Illegal money transfer (Maharashtra)

ThIS case is about an illegal money transfer. This case is happened in Maharashtra. The accused in this case is a person who is worked in a BPO. He is handling the business of a multinational bank. So, he had used some confidential information of the banks customers and transferred huge sum of money from the accounts.

Investigation Process

Let’s see the investigation process of the case. As per the complaint received from the frim they analysed and studied the systems of the firm to determine the source of data theft. During the investigation the system server logs of BPO were collected, and they find that the illegal transfer were made by tracing the IP address to the internet service provider and it is ultimately through cyber café and they also found that they made illegal transfer by using swift codes. Almost has been  The registers made in cyber café assisted in identifying the accused in the case. Almost 17 accused were arrested.

Conclusion

Trail for this case is not completed, its pending trial in the court.

Case no:3 Creating Fake Profile (Andhra Pradesh)

The next case is of creating fake profile. This case is happened in Andhra Pradesh. The complainant received obscene email from unknown email IDs. The suspect also noticed that obscene profiles and pictures are posted in matrimonial sites.

Investigation Process

The investigators collect the original email of the suspect and determine its IP address. From the IP address he could confirm the internet service provider, and its leads the investigating officer to the accused house. Then they search the accused house and seized a desktop computer and a handicam. By analysing and examining the desktop computer and handicam they find the obscene email and they find an identical copy of the uploaded photos from the handicam. The accused was the divorced husband of the suspect.

Conclusion

Based on the evidence collected from the handicam and desktop computer charge sheet has been filed against accused and case is currently pending trial.

Hacking is a widespread crime nowadays due to the rapid development of the computer technologies. In order to protect from hacking there are numerous brand new technologies which are updated every day, but very often it is difficult to stand the hacker’s attack effectively. With some of these case studies, one is expected to learn about the cause and effect of hacking and then evaluate the whole impact of the hacker on the individual or the organization.

Ethical Hacking and IT

Data Technology (IT) is one of the greatest and most mainstream businesses as far as building up a profession on the planet today. Industry 4.0 has invited various innovative headways because of which specific IT experts have discovered conspicuousness, in IT organizations as well as in different enterprises. Maybe, the most famous among them is a vocation in online protection.

More than 1 billion network safety experts are required to be sought after over the course of the following 2 years in this field, making it perhaps the most worthwhile profession ways on the planet today. Notwithstanding being a mammoth association, National Health Services couldn’t shield themselves from a huge scope hack. A main nourishment application, MyFitnessPal, likewise went through a monstrous security penetrate where the individual information of more than 150 million clients was taken. The recurrence of these assaults has expanded off-late, making network safety basic in each association.

Huge banks and gems stores regularly enlist proficient hoodlums to endeavor burglaries, to recognize provisos in their security frameworks. Through these preliminaries, these establishments can reliably redesign their security frameworks, to ultimately arrive at a phase of becoming invulnerable. Taking motivation from this interaction, the network protection space has likewise reversed the situation on hacking and made it a legitimized idea through moral hacking.

Moral hacking is a cycle through which experts are paid to hack into an association, to pinpoint weaknesses in the security framework that the association needs to fix. Ill-conceived programmers have likewise discovered lawful conspicuousness in the IT world today because of the developing significance of moral hacking as an idea.

Moral programmers are recruited and prepared to utilize a huge number of methods to attempt to penetrate various associations. They help in the identification of holes inside the security framework as well as during digital assaults.

Government associations wherein digital fighting holds extraordinary unmistakable quality, moral programmers are accustomed to balancing endeavors made by noxious programmers with the expectation of outmaneuvering them, and protecting the information. Another use of moral hacking is of supporting in the examination that follows a digital assault.

Law implementation offices frequently recruit moral programmers to follow the means of a programmer and distinguish the culprit.

Thinking about the incredibly specialized nature of the calling, a basic degree is for the most part insufficient to build up an effective vocation in the field a particular preparing is fundamental. Many driving IT organizations today offer affirmed courses in Ethical Hacking that involve the nuts and bolts of PC organizing as well as intricate methods and driving cycles for keeping up with digital protection.

Think inventively and out-of-the-box:

Aside from these specialized ideas, it is additionally fundamental for moral programmers to have the option to think imaginatively and out of the container. The explanation programmers are developing and can penetrate confounded security frameworks is that they are reliably attempting to concoct new ways and approaches for something very similar.

Another significant quality to have is critical thinking, as the expertise can be fortified after some time, and sharpened with experience and down to earth openness. In this manner, getting ready for a vocation in moral hacking needs to involve a decent blend of both, specialized and reasonable viewpoints.

Be that as it may, there is an exceptionally clear ability hole in the business today, and subsequently, an absence of qualified staff in the field. Attributable to the hole between the interest and supply of moral programmers, this vocation way has gotten very rewarding with monstrous extension later on.

The Three Types of Hackers

The term “hacker” is commonly linked with hackers with bad intent, although it encompasses much more. A hacker is someone who uses their computer software and hardware skills to break down and circumvent security measures on a computer, device, or network. Hacking is commonly thought to be criminal on principle, although this isn’t the case if the system owner willingly and knowingly gives access. In reality, many private companies and government agencies engage hackers to assist them in maintaining the security of their systems.

The motivations of an individual and the legality of their acts are the two key criteria that determine what type of hacker they are. Hackers are classified as white, black, or grey hats, a naming scheme borrowed from classic western films in which protagonists wore white hats and villains wore black.

1. Black Hat

Malware, which is routinely used to enter computerized networks and systems, is usually created by black hat hackers. They’re usually driven by personal or financial gain, but they’ll also engage in espionage, protests, or just for the pleasure of it. Black hat hackers can range from inexperienced to highly skilled individuals with the goal of spreading malware and stealing private data such as login passwords, as well as financial and personal information. Black hat hackers can either steal, modify, or destroy system data after they gain access to their targets, depending on their motivations.

2. White Hat

They’re also known as “ethical hackers,” and they’re frequently hired or hired by businesses and government agencies to operate as security specialists looking for flaws. While they use the same techniques as black hat hackers, they always receive authorization from the system’s owner, ensuring that their actions are fully legal. Penetration tests, monitoring in-place security systems, and vulnerability assessments are all tactics used by white hat hackers. Independent sources, training, conferences, and certifications can all be utilized to understand ethical hacking, which is the word used to define the nature of a white hat hacker’s conduct.

3. Grey Hat

As the term implies, these individuals combine elements of both black and white hat hackers, although they will frequently look for weaknesses in a system without the consent or knowledge of the owner. They’ll notify the owner of any problems they see, but they’ll also ask for money or an incentive. If the owner does not reply or rejects their proposal, a grey hat hacker may take advantage of the newly discovered problems. Grey hat hackers aren’t evil by nature, but they do want to be compensated for their services. Because grey hat hackers do not have authority from the system’s owner to access the system, their acts are ultimately regarded illegal, regardless of whatever disturbing findings they may uncover.

CYBERSECURITY – AN OVERVIEW

WHAT IS CYBERSECURITY? 

Cyber Security is defined as the measures taken to safeguard the connected networks and the data related to them from any attack, damage, or unauthorized access. Every organization like educational, medical, or financial organizations store a large number of user data or many confidential data which needs to be protected from outside access. These data if not protected keeps the company’s reputation at stake. The company needs to cover up data just like we hide our personal information in our online life. Healthcare organizations have their patients’ medical reports along with some personal info. Educational institutions will have the students’ and teacher’s personal as well as academic details. Corporate companies save their employee’s private details including their pay structure and banking details. 

Nowadays, we have highly privileged data such as intellectual property, patents, copyrights, etc… which have to be maintained as a secret from other competitive organizations. Losing this kind of information will affect the organization’s future on a large scale. With the advent Internet of Things (IoT), we have a lot more data to be managed and secured as we have widened the storage services through cloud and virtualization. This has given rise to a new stream called Big Data, which covers large volumes of data related to business and technology. 

WHY IT IS NEEDED?

All these details are confidential and need to be covered up from the external world so that no one could take easy advantage of them. Whenever we engage in any websites that have access to our data like name, age, or photos, the information will also be saved in the website’s server which allows the hackers to access the data. When the hackers see something beneficial in you, they use this data to threaten you to get something like ransom in return. Some steal this info to use your identity faking as their own. This may harm an individual or a whole company very badly. This summarizes the need for cybersecurity and the increase in scope for the field.

CIA TRIAD

  • CONFIDENTIALITY – Also known as privacy, this deals with restricting unknown access by using authentication encryption. Various methods used here are data encryption, two-factor authentication, biometrics and Username, ID, and password. 
  • INTEGRITY – This ensures accuracy and consistency even after unauthorized access. It is done by bringing in file permissions, version history, and backups. Checksum uses hashing algorithms to compare the hash value before and after any changes in data. If the data remains the same, the hash value returned is also the same. But even if a minute change is done in the data, the hash value returned will not be the same. By comparing the hash values, we can ensure integrity. 
  • AVAILABILITY – Making the data available only to the authorized users and performing hardware repairs, software updates, and backups on a timely basis. Avoiding attacks by using security software that doesn’t allow malicious attacks.

TYPES OF ATTACKERS

  • AMATEURS – Sometimes called script kiddies, these people are the ones with zero or low knowledge of hacking. They just follow the instructions found on the internet out of curiosity or just try their skills out. Still the results can be highly serious.
  • HACKERS – This group of people tries to get access to computer networks. They are further classified into three.
    • WHITE HAT HACKERS – These people break into computers to find out the flaws and fix them with the prior permission of the organization.
    • BLACK HAT HACKERS – These people break into computers with malicious intent and without permission. They try to take advantage of the company’s weaknesses.
    • GREY HAT HACKERS – These people fall somewhere between white and black hat hackers. They engage in unethical things but not with the intention of harmful attacks like the black hat hackers.
  • ORGANIZED HACKERS  This category includes cybercriminals, hacktivists, terrorists, and state-sponsored attackers.

CONSEQUENCES OF HACKING

The seriousness of the consequences differs with the scenario. But on the whole, the company or the victim is the one who faces the aftermath. For example, the attacker might use phishing techniques to hack your details. There might be some attachments in the mail that seems to be genuine and on clicking that it may look legitimate and ask for your details but actually, it might be a trap of the hackers which may cost you. Another example may be Denial of Service (DoS). We often come across website traffic because a lot of users try to access it. But the overloading may be done by the attackers to shut the website down. Again, this leads to unimaginable consequences. There are many more techniques and examples to cite. 

AWARENESS

Awareness leads to prevention. We can be more cautious when we give our private information like DOB, Banking details, ID proofs on any site. We should also be aware that all our picture uploads and other things are stored in the servers which might cause some problems similar to those we come across in our day-to-day life. It is always suggested to stay intact and stealthy when it comes to our social-media life.

Three young individual charged in Twitter Hack last month

Twitter Inc.’s worstever hack began months earlier with a teenager on a telephone, according to an indictment filed Friday by federal authorities.

The US Department of Justice has charged three young individuals with hacking Twitter last month that compromised the accounts of 130 high profile users including Barack Obama, Bill Gates, Jeff Bezos and Elon Musk.

The three were charged in connection with the July 15 hack, including a 17-year-old juvenile whom authorities have accused of masterminding the scam.

Two teenagers and a 22-year-old were charged with hacking the Twitter Inc accounts of famous people including former President Barack Obama, billionaire Bill Gates and Tesla Chief Executive Elon Musk, the Department of Justice said on Friday.

Mason Sheppard, a 19-year-old British man who went by the alias Chaewon, was charged with carrying out the hack, as well as related wire fraud and money laundering crimes, according to a Justice Department statement.

Orlando, Florida based Nima Fazeli, 22, nicknamed Rolex, was charged with aiding and abetting those crimes. The Justice Department did not name the third defendant, but the Hillsborough County State Attorney Office in Tampa, Florida said it had arrested 17-year-old Graham Clark.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

Anonymous: Since resurface

To say that this year has had its ups and downs would be a major understatement. With the series of major events happening on a daily basis, one could almost imagine God sitting up there playing “Apocalypse bingo”. However, jokes aside this pandemic has brought most of the countries of the world to its knees. Leaders across the globe are working frantically to contain the spread of the virus.

Photo by Pixabay on Pexels.com

However it isn’t all so black and white, as some like Donald Trump are still neck deep in scandals as he very often is. He has often shown sympathy with white supremacists and condoned the acts of high-profile criminals with a similar mindset as him. He has been accused but due to a lack of concrete proof, hasn’t seen justice. This could certainly change soon as he has been forced to take shelter within the president’s bunker, which many speculate is due to the rise in protests of the death of George Floyd who was killed by the Minneapolis police department. This rise in protests could be in part due to the support of an online hacktivist group called Anonymous, who came out of their hiatus of three years. Anonymous started as a hacking prank group from 4chan sites, who did small tome pranks. However over time they slowly shifted towards anti-censorship, and anti-surveillance hacktivism. They have taken part in many wars against giant corporations which while short lived have provided ample evidence of their small-scale cyber guerrilla warfare. Due to them not having a formal leader or head, infighting within the organisation erupts. It is due to this reason that they were unable to hack into Amazon during their “Operation Payback” (in which they had hacked into PayPal.com) .They not only condemned the wrongful killing of Floyd, but also declared an online war against the Minneapolis police due to their repeated systemic racial abuse. They followed through their promise by simultaneously bringing down police servers all across the state. They not only targeted the police but also went after Trump promising to expose his dirty secrets, which they did by leaking not only his ties with Jeffery Epstein, but rather outright naming his a co conspirator in his child trafficking and pornography ring and have called on him for raping, sexual misconduct and numerous other horrendous charges as seen in these transcripts https://www.scribd.com/doc/316341058/Donald-Trump-Jeffrey-Epstein-Rape-Lawsuit-and-Affidavits. They have also named Bill Gates, Bill Clinton and a number of other prominent names to have been a part of Epstein’s illegal activities. As if this wasn’t enough, they have also made allegations on the royal family for staging princess Diana’s death as an accident due to her collecting evidence on the royal family for human trafficking and sexual misconducts, fuelling an already widespread conspiracy theory to new heights. Due to their nature of low-grade DDoS attacks, many social security experts term them as minor threats, however they may change their tune should this gain traction. The twitter account for the anonymous group has already amassed over 6 million subscribers. What the hacktivist group does next is anyone’s guess, however one thing is certain they do not show any signs of stopping soon.

What happens next is for all of us to see.