Category Archives: hacking

CyberSecurity: Who are the real hackers & Who is targeting you?

As per Wiki: A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. Some people call hackers a problem solver and Crackers are the ones who break the system.

In reality, Lots of people do not know who are the real hackers? And general thinking is that hackers are a group of people who have invisible power & anonymous to public life. Surprising but true that world has represented hackers someone invisible & wearing the hood with warm jacket & laptop. Only difference you could see that White, Black & Grey hood.

Whenever I see this many questions pop up in my mind: Do hackers really wear jackets with a hood? Is this some sort of logo & symbol to hold if you are a hacker (black, white or both) or wish to become a hacker. Do they belong to cold places? Weird questions but took a long time to get these answers.

So who are the Real Hackers (Crackers)?

Real hackers are not the one who wears a jacket & a hood. The whole world has portrayed them as someone like this, especially media always represent them with similar photos. But, The truth is they are normal people with bad intentions. In large, Every hacker falls into the following categories:

1 Criminals

This category of hackers are criminals who are mafia in the digital age. Just like old days, Mafia used to have men working for them. These criminals have organizations & employee the real hackers to break others system and Steal money from banks, individuals, blackmail someone with ransomware etc. These types of hacking also involved in frauds: Ads frauds, fake campaigns etc.

2 Hacktivists

Hacktivists word is coming activist like a social activist, environmental activist etc. Hacktivist is a group of people who come together with a common belief. The biggest example of such group is “Annonymous“. More information available in the wiki. https://en.wikipedia.org/wiki/Anonymous_(group)

3 Criminal Hackers

Criminal hackers could be a smaller group of people or individuals. It is tough to identify nature of these categories people, However, these types of hackers break some system & steal data etc or find vulnerabilities and pass their information to the bigger group (Big bang hackers group).

Another option is to sell their information on the dark web. In returns, They get their cut. It is a quick way to earn money. For example, If one hacker got 2k account details with credit card numbers, he/she can sell in dark web with $2 to $3 per details. The easy way to make money & not get into a bigger problem.

4 Competitors

The situation has become like Tom & Jerry cartoon. Sometimes tom wins sometimes Jerry & fight continues. In Cybersecurity, it is the same. Anti-virus, anti-malware & thousands of tools to protect organizations but there are some organizations who break others to prove their point. They create open source tools to break any system.

Hacking Small Companies Is Big Business https://biztechmagazine.com/article/2016/07/hacking-small-companies-big-business

There are individuals who break the Android, iPhone just shows that a particular technology isn’t secure even though it is secure up to some extent.

5 Foreign nations

Foreign nations are proactively targeting other nations & Countries like China, Russia has become symbols of such things. It is hard to believe one side of the story but there have been enough instances to believe that Nations like China is the biggest contributors in the whole cyber wars.

US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country. It is a clear indication that Nations would go after each other more aggressively. https://followcybersecurity.com/2018/11/08/first-step-towards-cyberwar/

6 Disgruntled Employees

Last categories of hackers are very interesting one. These are the people who build software for someone then they decide to break the same system to teach a lesson to the same organization. Bad for the organization because the person knows in & out of the system.

We all may feel helpless when an organization or individual manager, VP follows unethical practice & unfair to the people. But not everyone feels helplessness & a few people may start targetting to the organization because of individual unethical behaviour.

In Cybersecurity world, ethics are the most important if you have got the power on your fingertips. A very thin line between good hackers & bad hackers. Maintaining ethics isn’t easy when you feel angry & betrayed.

Leave a comment if you have any suggestion to improve on my effort

CyberSecurity: Security Importance of etc host file

You might be surprised to know how critical etc host file could be. I learned the importance of it and thought about sharing some of the details. 

Use of etc Host File

We all are familiar with host file & information in it. Most basic use of the etc host is to map to a hostname to IP (i.e 127.0.0.1 ) like localhost. There are other uses as well, let’s understand by an example.

Let’s see how things work when you type google.com in any web browser. 

Browser as a client would make a DNS request that is what we know. But, In reality, Operating System (OS) checks host file entry first before making a DNS request to resolve IP of the domain. If local DNS found in the local host file then OS picks the local DNS. Then OS uses ARP (Address Resolution Protocol ) to find out destination MAC (media access control) or Physical address.

Then OS handshake begins with destination host through TCP/IP Protocol & start sending the data. Will explain working knowledge of data packets & OSI model in some other posts. For now, just for host file.

Security Aspect of etc Host File

Used by Hackers: Hackers use this file when they wish to redirect traffic of the application to the proxy server. Hackers set up the proxy server before they modify host file. This technique called active network traffic capturing. Basically, Hackers get all the network traffic from your server or machine. It helps hackers to run an analysis & understand insights of application. Even they can decode the actual application logs. And, server network traffic helps hackers a lot in breaking the application further.

Used by Anti-virus & Security Products: Some antivirus & security products track changes to the system’s hosts because changes are a sign of malware. You might need to disable the product’s protection if you want to change the host file.

Note: A suggestion would be have proper privilege on host file.

CyberSecurity: Finished Threat Intelligence (Security Intelligence) book

Just finished another very good book on cybersecurity: Threat Intelligence. Threat intelligence is a component of security intelligence and it is way how you use tools, knowledge, risk (External or internal), security threads on your overall business.

This books answers many questions & gives a big perspective on many problems currently faces by organizations. And, Why there is no security remedy on time. Information in this book is very good organized. It starts with simple knowledge chapters to the security operations to the dark web.

My Favourite parts are:

  • About Security Threats & Risk Analysis.
  • About the security operation center. And how resources are under stress to deal with thousands of operation alerts. And most of them are false positive (i.e not valid alerts).
  • About Dark web & organized crime. And How organized crime hires hackers, execute projects etc. Little info but got some sense out of it.

Things to learn from Threat Intelligence book

  • How Threat Intelligence can help in dealing with every aspect of security?
  • How SOC (Security operation center) mitigate the risk & identify problems? And SOC can easily handle so many false positive alerts?
  • How to get to know treads, current vulnerabilities & risk analysis of fixing critical vulnerabilities?
  • How to know if threat criminals are already breached the sensitive information? In most of the cases, Organizations get to know after months or so about data breached. Book details out how national vulnerability database does not provide vulnerability info on time & how thread Intelligence tools can help you on that.
  • Some information about the dark web, deep web & organized crime. Little detail about how organized crimes are done?

Final Thought:

Every security professional should read about threat intelligence & understand the overall process. it is a must-read book.

NOTE: I can share the downloaded version but I think it would be unfair to the people who have done all the hard & good work on this books. So here is the reference & you can help yourself.

Reference

CyberSecurity: The privacy policy of Godaddy.com

We all know Godaddy.com & many of us would have used before but not sure if we notice their privacy policy. The privacy policy is something companies always ask but you don’t have a choice to say NO. However, This privacy policy is different.

So Godaddy.com policy suggests that you could register a domain name but not guarantee of keeping your private information safe. You could get spam & scams if you don’t pay some extra amount to safeguard your own profile. To understand in Godaddy.com language, check out below snapshot.

Did you see that? Interesting to know that it is a situation where companies asking to pay more for user privacy. We have been thinking that it is a company or service provider responsibility to take care of their user details & their privacy. But it appears to me that Godaddy thinks differently. There might be a good reason to have this policy but as a user, it is not comforting.

Imagine a case when facebook, google or Apple starts demanding price of users privacy and say look, it is the responsibility of the users to use our services and the user has to pay extra to prevent themselves from any damage. Security & Privacy isn’t free and can’t be given a free service. Question is Is that what we are going to get as a user? Currently, none of organizations or entity has even been liable or punished for any damage. Software providers should be equally responsible for it

Why it is important?

There is whois database where you can get information of every domain. In general, That is the starting point for hackers to gather information about your service, domain & servers etc. More important is that whois database provide every information about the person who owns this domain if the person hasn't paid extra to these domain providers.

WHOIS Link to check information about any domain. https://ca.godaddy.com/whois

godaddy privacy policy
When you search for the domain and add the selected domain to the cart, Godaddy.com shows up their privacy policy for the user in the checkout page. 

Final Thought

The protection of the user privacy & prevent from any damage should be the first objective of any service providers. There may be the case where the domain owner needs to be given to the third party or authority. But does not mean that anyone is authorized to access domain & domain owner information.

CyberSecurity: Regulations on IoT devices

A good initiative taken by the California United States on the security of IoT devices. It seems States are learning a lesson & protective their citizens. European has GDDR law to ask each & every user to accept the cookie popup appears whichever site or application you use. it basically asks for the consent from the user.

Most important point this law has a procedure and enforce manufacturer to not have a default password. This is a significant step because most of the user never change the default password and it is easy to hack. Some users even keep their device SNO as default password like home routers etc.

Impact of this Law

Automobile manufacturers sell their cars worldwide, but they are customized for local markets. The car you buy in the United States is different from the same model sold in Mexico, because the local environmental laws are not the same and manufacturers optimize engines based on where the product will be sold. The economics of building and selling automobiles easily allows for this differentiation.

But software is different. Once California forces minimum security standards on IoT devices, manufacturers will have to rewrite their software to comply. At that point, it won’t make sense to have two versions: one for California and another for everywhere else. It’s much easier to maintain the single, more secure version and sell it everywhere.

Reference

https://www.schneier.com/blog/archives/2018/11/new_iot_securit.html

Another view of the same topic:

Abstract

California has passed an IoT security bill, awaiting the governor’s signature/veto. It’s a typically bad bill based on a superficial understanding of cybersecurity/hacking that will do little improve security, while doing a lot to impose costs and harm innovation.

https://blog.erratasec.com/2018/09/californias-bad-iot-law.html#.W-sLFHpKh0J