Hacktrack

With the latest hacking spree that has rocked the cyber world, one is even more susceptible to identity theft, credit card fraud and other online threats

Beware while shopping online or using your credit card for any sort of business transactions over the Internet. According to media reports, more than 100 million people were affected when Sony's PlayStation Network was hacked in April, 2011.



After that, Sony, Citigroup, Bank of America and International Monetary Fund (IMF) too were hacked. Infact, the credit card data breach of Citigroup that took place in May affected over 360,000 accounts.

Inspite of the arrest of a British teenager on Tuesday, for allegedly attacking various websites, the spate of attacks by the group, which calls itself LulzSec, seem to continue. The group has now threatened to team up with another team of hackers called 'Anonymous' to hack into various government websites.

Hacking
These incidents, however, draw our attention to various types of security threats as well as safety of various Internet users. Vicky Shah, an information security professional, in his book 'Are you protected?' defines hacking as, 'Illegal intrusion into a computer system without the permission of the computer owner, user.

Hacking is committed for Personal gains, Improve technical skills, Get famous, Revenge. Hacking is good for finding vulnerabilities and patching the loopholes, Cracking is actually illegal and performed for causing harm or destroying and altering/modifying the information for the intention to cause inconveniences to others'.

Worse
Many experts feel that the problem of cyber crime is going to get worse. Said, Abhay Thakkar, Chief Executive Officer (CEO) of Zen Technologies, which specializes in IT security and ethical hacking, based in Fort, "Nowadays many hacking groups have come up, who want to prove that no system is secure.

A survey by a cyber security firm in the U.S. indicates that almost 20 per cent of computers working from homes have been compromised. It is about 7 per cent in the case of corporates." Increasing number of users online also contribute to the problem.

Said Sunny Vaghela, ethical hacker and cyber crime expert, "The increasing number of users online, with easily available codes and steps for hacking along with readymade site names at one search on Google has created enough space for amateur and newbie to try their hands at hacking."

Others believe that cyber security threats are here to stay and will continue to grow with emerging technology. Said Shah, "The only way to prevent or limit incidents is to change the mindset and approach towards information security."

Situation
So what is the cyber crime situation in India? Cyber crime experts say that in India, Nigerian fraud (also known as the advance fee fraud) has been ruling ever since but lately a lot of cases related to security of various websites have been observed.

Said, Vaghela, "But from the past two years or so, mostly fake profile impersonation crimes are being reported at large. Identity theft, Credit Card theft are the latest cyber crime related issues."

In India, various types of cyber threats mainly include offensive emails, email account hacking through Malware or Phishing and creating fake profile on social networking sites. Said. Shah, "These days Malwares have become a major threat as they are very difficult to detect and predict the nature of damage."

Unreported
Security experts feel that, in India many cases remain unreported, as people are not aware of cyber crime related issues at all. As a protective measure, one should avoid clicking on unknown and suspicious links.

Said Vaghela, "For a common man, in emergency situation, it is best for him to report to nearest police station, and register a legal FIR for the cyber crime cell of the same to investigate and not to act in haste to get back online quickly.

For the long run, it is best for a person, to attend seminars, workshop related to ethical hacking and information of the cyber space and get themselves aware about the recent trends."

Additional Commissioner of Police (crime), Deven Bharti claims that cyber crime department in association with National Association of Software and Services Companies, (NASSCOM) has been running awareness programmes at various organisations.

"Cyber crime related cases in small towns are on the rise. Inu00a0 big cities, the number of cases are declining," said Bharti. In 2010, 37 cases were registered at Mumbai's cyber crime cell. This year, between January to June, 2011, 28 cyber crime cases have been registered.

Ashish Shabu, President of Association of Public ICT Access Provider (ApiAp) are also taking extra precautions after various websites have been attacked.u00a0

Said Shabu, "We have proper codes and lock systems in place. Hence, lot of these sites that could be viral, are inaccessible to the users. We also thoroughly check the identity of the users who come to various cyber cafes. Hence, users at cyber cafes are no more anonymous."

Tests
As far as corporates are concerned, companies should carry out vulnerability assessment tests to ensue that their security is not compromised. Word of caution for gamers and playstation owners.
u00a0
Said Vaghela, "It is best for the playstation owners and corporates to regularly keep testing their systems for vulnerability and ensure safety and trust of its users, while also being strict in catching fake accounts and garbage information sent to their servers, at the same time in being quick to punish the offenders.

Hacking involves a lot of steps, of which one step at least needs to be taken by the user, for which the hacker eagerly awaits. Hence for gamers, be aware and fully informed on the sites which you are using to give your details of transaction."

Ethical
Infact, ethical hackers can help to ensure safety of the system. What is ethical hacking? Explains Vaghela, " Ethical hacking is a different genre followed by hackers, where in the hacker uses his skills to get past the security and exposes the vulnerability of the system. But unlike other hackers, the ethical hacker follows a certain principle of operation.

The ethical hacker reports these vulnerabilities and helps to empower and strengthen the system by removing these problems." |Performed by "white hats or skilled computer experts," many companies utilise the services of ethical hackers to ensure security of their website.

Elaborates Thakkar, "Many companies utilise ethical hacking services from consultants or full-time employees to keep their systems and information as secure as possible. Ethical hacking is still called 'hacking' because it uses knowledge of computer systems in an attempt to in some way penetrate them or crash them.


Awareness programme to educate children on risks posed by the Internet

This work is ethical because it is performed to increase the safety of the computer systems. The goal of ethical hacking is to determine how to break in or create mischief with the present programs running, but only at the request of the company that owns the system and specifically to prevent others from attacking it.

Community
In India too, there are many underground communities, which are popular on various social networking sites. " Mostly they have forums for discussing the new issues and also some informative news articles based on the world hacking horizons.

Indian Cyber Army is one of the many of those who exist," said Vaghela. The group called 'Anonymous' which has been linked to the recent attack on Sony, claims to have hacked the National Informatics Centre website and the Indian Army website a few days ago.
u00a0
"The Karachi Press Club's website https://www.karachipressclub.com/ had been hacked on Monday and its pages defaced by hackers who claimed in their messages that they were Indian and were known by their alias "IMMORTALS". They posted a 'Jai Hind' cry on the website after redoing it in a matrix like screen.

The defaced page looked similar to the defacing Pakistani hackers had done to the website of India's Central Bureau of Investigation in early December 2010," said Thakkar.

In India punishment, anyone found guilty of hacking can be slapped with a fine of Rs five lakh with three years imprisonment.

Experts feel that Cyber law in our country need to be made more stringent. However, many avid gamers are not concerned with the recent attacks. Said Mridul Sah, who owns a play station, "In case I find a game really interesting then I will go ahead and buy it online."u00a0

Developments
A British teenager has been arrested in a swoop by the FBI and Scotland Yard for allegedly hacking attacks on international businesses and intelligence agencies, the Metropolitan Police said here today. The 19-year-old man is being questioned under the Computer Misuse Act and Fraud Act.

He is suspected of leading the notorious Lulz Security hacking group and was arrested in a pre-planned intelligence-led operation in Wickford, Essex, the Metropolitan Police said. Lulz Security has claimed responsibility for a number of online security breaches at organisations including Britain''s Serious Organised Crime Agency, the US Senate and CIA, as well as the games firms Nintendo and Sony.
u00a0
He was arrested by officers from the force''s e-crime unit. A Scotland Yard spokesman said: "The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international businesses and intelligence agencies by what is believed to be the same hacking group."

"Searches at a residential address in Wickford following the arrest last night have led to the examination of significant amount of material," the spokesman said. "These forensic examinations remain ongoing. The Met and Essex Police are working in cooperation with the FBI", the spokesman added.
u00a0
The teenager remains in custody at a central London Police station. Lulz Security claimed responsibility for crashing the Serious Organised Crime Agency website on Monday. After the arrest of the British teenager, LulzSec has claimed another hacking victory by bringing down two Brazilian government websites.

Gamers and play station owners should...
1u00a0 Change their password frequently
2 Use pre paid cards to do purchase online
3 Password should be at least 10 characters
4 Genuine Product Purchase
5 Update the firmware and other updates on as is basis.

Corporates should...
1u00a0 Perform Periodic Audits
2 Patch the Loopholes and comply with Standards and Best Practices from the Industry.
3 Store Details in Encrypted form

Figures

2010
Total registration 37
Detected 24u00a0u00a0u00a0
Undetected 13u00a0u00a0u00a0
Accused arrestedu00a0 49
Cases charge sheeted 17u00a0u00a0u00a0
A classified (clue but not detected) 2u00a0u00a0u00a0
pending cases 18

2011
Total registration 28u00a0
Detected 16u00a0u00a0
Undetectedu00a0 12u00a0u00a0u00a0
Accused arrestedu00a0u00a0u00a0 36
Cases charge sheeted 5
Pending cases 23