Who are Hackers and its Crimes



Types of Hackers

A Hacker is a person who is intensely interested in the mysterious workings of any computer operating system. Hackers are most often programmers. They gather advanced knowledge of operating systems and programming languages and discover loopholes within systems and the reasons for such loopholes.


There are generally 10-types of Hackers, they are:

  • White Hat Hackers: White hat hackers are the one who is authorized or the certified hackers who work for the government and organizations by performing penetration testing and identifying loopholes in their cybersecurity. They also ensure the protection from the malicious cyber crimes. They work under the rules and regulations provided by the government, that’s why they are called Ethical hackers or Cybersecurity experts.
  • Black Hat Hackers: They are often called Crackers. Black Hat Hackers can gain the unauthorized access of your system and destroy your vital data. The method of attacking they use common hacking practices they have learned earlier. They are considered to be as criminals and can be easily identified because of their malicious actions.
  • Gray Hat Hackers: Gray hat hackers fall somewhere in the category between white hat and black hat hackers. They are not legally authorized hackers. They work with both good and bad intentions; they can use their skills for personal gain. It all depends upon the hacker. If a gray hat hacker uses his skill for his personal gains, he/she is considered as black hat hackers. 
  • Script Kiddies: They are the most dangerous people in terms of hackers. A Script kiddie is an unskilled person who uses scripts or downloads tools available for hacking provided by other hackers. They attempt to attack computer systems and networks and deface websites. Their main purpose is to impress their friends and society. Generally, Script Kiddies are juveniles who are unskilled about hacking.
  • Green Hat Hackers: They are also amateurs in the world of hacking but they are bit different from script kiddies. They care about hacking and strive to become full-blown hackers. They are inspired by the hackers and ask them few questions about. While hackers are answering their question they will listen to its novelty.
  • Blue Hat Hackers: They are much like the script kiddies; are beginners in the field of hacking. If anyone makes angry a script kiddie and he/she may take revenge, then they are considered as the blue hat hackers. Blue Hat hackers payback to those who have challenged them or angry them. Like the Script Kiddies, Blue hat hackers also have no desire to learn.
  • Red Hat Hackers: They are also known as the eagle-eyed hackers. Like white hat hackers, red hat hackers also aims to halt the black hat hackers. There is a major difference in the way they operate. They become ruthless while dealing with malware actions of the black hat hackers. Red hat hacker will keep on attacking the hacker aggressively that the hacker may know it as well have to replace the whole system.
  • State/Nation Sponsored Hackers: State or Nation sponsored hackers are those who are appointed by the government to provide them cybersecurity and to gain confidential information from other countries to stay at the top or to avoid any kind of danger to the country. They are highly paid government workers.
  • Hacktivist: These are also called the online versions of the activists. Hacktivist is a hacker or a group of anonymous hackers who gain unauthorized access to government’s computer files and networks for further social or political ends.
  • Malicious Insider or Whistle blower: A malicious insider or a whistle blower could be an employee of a company or a government agency with a grudge or a strategic employee who becomes aware of any illegal activities happening within the organization and can blackmail the organization for his/her personal gain.
Cyber Attacks are an attempt to destroy or infect computer networks in order to extract or extort money or for other malicious intentions such as procuring necessary information. 
Cyber attacks alter computer code, data or logic via malicious code resulting in troublesome consequences that can compromise the information or data of the organizations to make it available to cyber criminals.
Cyber attacks consist of various attacks which are hacking, D.O.S, Virus Dissemination, Credit Card Fraud, Phishing or Cyber Stalking.
Out of the top 10 most targeted countries by cyber attackers, India ranks fourth and cybersecurity defenders are facing a lot of threats from these cyber criminals. Cyber attacks is an illegal activity and are continuously increasing in India for financial loot.

 Major and Minor Cyber Attacks in India 2018 

SIM Swap Fraud
In August 2018, two men from Navi Mumbai were arrested for cybercrime. They were involved in fraudulent activities concerning money transfers from the bank accounts of numerous individuals by getting their SIM card information through illegal means.

 

These fraudsters were getting the details of people and were later blocking their SIM Cards with the help of fake documents post which they were carrying out transactions through online banking. They were accused of transferring 4 crore Indian Rupees effectively from various accounts. They even dared to hack the accounts of a couple of companies.

Prevention: The information required for such a scheme is gathered via various public domains and is misused later. Sharing personal information with unknown applications and domains can help in minimizing the risk of having your personal information reaching people with malicious content.

Fraudsters use the victim’s information in various scams and trick them into fraudulent activities. It is advisable therefore that the site where an individual is entering his banking or other details should be verified for authenticity, as scammer uses the fake site to get the information directly from prospective victims.
Cyber Attack on Cosmos Bank
A daring cyber attack was carried in August 2018 on Cosmos Bank’s Pune branch which saw nearly 94 Crores rupees being siphoned off.
Hackers wiped out money and transferred it to a Hong Kong situated bank by hacking the server of Cosmos Bank. A case was filed by Cosmos bank with Pune cyber cell for the cyber attack. Hackers hacked into the ATM server of the bank and stole details of many visa and rupee debit card owners.

The attack was not on a centralized banking solution of Cosmos bank. The balances and total accounts statistics remained unchanged and there was no effect on the bank account of holders. The switching system which acts as an interacting module between the payment gateways and the bank’s centralized banking solution was attacked.


The Malware attack on the switching system raised numerous wrong messages confirming various demands of payment of visa and rupee debit card internationally. The total transactions were 14,000 in numbers with over 450 cards across 28 countries. 

On the national level, it has been done through 400 cards and the transactions involved were 2,800. This was the first malware attack in India against the switching system which broke the communication between the payment gateway and the bank.

Prevention: Hardening of the security systems by limiting its functions and performance only to authorized people can be the way forward. Any unauthorized access to the network should immediately set an alarm to block all the access to the bank’s network. Also, to minimize risk, enabling a two-factor authentication might help. Through testing, potential vulnerabilities can be fished out and can make the entire digital part of the banking system safe.
 
ATM System Hacked in Kolkata

In July 2018 fraudsters hacked into Canara bank ATM servers and wiped off almost 20 lakh rupees from different bank accounts. The number of victims was over 50 and it was believed that they were holding the account details of more than 300 ATM users across India.
The hackers used skimming devices on ATMs to steal the information of debit cardholders and made a minimum transaction of INR 10,000 and the maximum of INR 40,000 per account.

On 5 August 2018, two men were arrested in New Delhi who was working with an international gang that uses skimming activities to extract the details of the bank account.

Prevention: Enhancement of the security features in ATM and ATM monitoring systems can prevent any misuse of data. Another way to prevent fraudulent activity is to minimize the risk of skimming by using lockbox services to receive and transfer money safely. This uses an encrypted code that is safer than any other payment.

Websites Hacked: Over 22,000 websites were hacked between the months of April 2017 and January 2018. As per the information presented by the Indian Computer Emergency Response Team, over 493 websites were affected by malware propagation including 114 websites run by the government. The attacks were intended to gather information about the services and details of the users in their network.

Prevention: Using a more secure firewall for network and server which can block any unauthorized access from outside the network is perhaps the best idea. Personal information of individuals is critical for users and cannot be allowed to be taped into by criminals. Thus, monitoring and introducing a proper network including a firewall and security system may help in minimizing the risk of getting hacked.
Phishing Attack on Wipro
There were reports about an attack on the Wipro system by major online news portals. Attack as per reported was a phishing attack and was done by a group through gift card fraud.Even though the attack was not a massive one, many employees and client accounts were compromised. 

How to avoid Phishing attacks?

  • Always think before you click. Phishing links can impersonate as authentic links with some minor changes that might not be visible at a single glance. Make sure that you have read the complete link before clicking it.
  • Install measures that can effectively prevent such attacks.
  •       Make sure that the websites you are accessing are secure. Usually, a secure website will have a security certificate to safeguard all the customer information. Make sure that that website begins with https and has a lock symbol on the extreme left of the address bar. Check your online account on a regular basis and make sure that there are no suspicious activities. Change the password frequently. Update your browsers regularly as updates often will have security patches for existing loopholes. Keep your personal details secret
    Big B Amitabh Bachchan ‘s Twitter Account Hacked!
Lately, Amitabh Bachchan’s twitter handle got hacked and the perpetrators posted hateful messages putting everybody in shock.This can happen to big companies also. However, if the news gets out this can be a huge blow to the credibility of any company.
How to prevent Social Media Profile Hacking?
  • Social media is infested with third-party applications. Make sure that you are using legitimate authorized applications
  • Use strong credentials and change it often
  • Install proper antivirus
  • Enable two-factor authentication
Exposed Health Care Data
Be it any government-related data; it has to be kept in utmost secrecy. What if it’s exposed? That’s what happened lately when healthcare data of India was left exposed without enough security measures.
This mistake was found out by Bob Diachenko during a regular security audit. He found out that India based IP contained a data pack that’s been left exposed without any security measures.
How to Prevent Database Hacking?
  • Make sure that proper web application firewall is installed
  • Strengthen network security by login expiration, changing password,
  • Make sure that the admin level of your website is not exposed with a simple password
  • Change the database prefix from wp6 to something random which can’t be guessed
  • Stay updated regarding the latest hacking threats
Personal Data Exposed from JustDial Database
An unprotected API end was the issue in this incident. Justdial one of India’s leading local search platform let a loose end which exposed all of their user data who accessed their services through the web, mobile, and their phone number. Leaked data includes name, email, number, address gender, etc. the shocking part according to reports is that since 2015 the API has been exposed like this.
How to make your API secure?
  • Validate all the incoming data
  • Use the essential method for authentication verification
  • Monitor and manage using automated scripts
  • Encrypt data

Security Testing and its Significance

Hackers and criminals are getting smarter every day. The countermeasure is to predict their attack and block it in the most effective way possible before any unfortunate events.


In Testing, mostly 4 major types of testing ate performed

  • Network security
  • System software security
  • Client-side application security
  • Server-side application security.
By Adv.Pankaj Bafna[ Bafna Law Associates]

Comments

Post a Comment

Popular posts from this blog

New types of Cyber Crimes

New Cyber Crimes: Crap-flooding: Crap flooding is a form of online trolling with illogical, repetitive postings to make it difficult for other users to read relevant, useful information. The aim behind crap flooding may also include wasting the website’s bandwidth and storage space with useless text. Automated soft-wares can be employed for the purpose, which can execute the task quickly and efficiently, than manual methods.  Backscatter: It is the side effect of spam emails, worms and viruses. Consider this example: A hacker sends millions of spam emails using your email address as sender. Many of them will be addressed to non-existent email addresses, resulting in - “this example@gmail.com address is invalid” type back responses. Since, you shall be receiving thousands of similar reply, you will get overwhelmed and irritated with backscattered responses from invalid email addresses.  Griefers: A griefer is a playing character in an online game that deliberately causes annoya...
Read more

CELL PHONE HACKING CATEGORIES

Image
Cell Phone Lookup: How to Do a Reverse Cell Phone Lookup A Reverse Cell Phone Lookup is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number. At times it becomes necessary for us to start investigating on someone to know their personal details. The reason for this can be many – Some people may go for a cell phone lookup in order to locate their old friends, some to investigate the prank calls or to trace a suspicious number. There exists a lot of websites on the Internet that offer reverse cell phone search, some claim to be free while others ask you a small fee for the subscription. There also exists a few directories that provide access to both landline and cell phone numbers thereby providing an all-in-one lookup service. Since most people wish to access this information for free, they go in search of those websites which provide the reverse cell pho...
Read more

What is Bitcoin and Is it Legal ?

Image
Bitcoin, often described as a cryptocurrency, a virtual currency or a digital currency - is  a type of money that is completely virtual. Each Bitcoin is basically a computer file which is stored in a 'digital wallet' app on a smartphone or computer. People can send   Bitcoins (or part of one) to your digital wallet, and you can send Bitcoins to other  people. Every single transaction is recorded in a public list called the blockchain. It's like an online version of cash. You can use it to buy products and services, but not many shops accept Bitcoin yet and some countries have banned it altogether. The physical Bitcoins you see in photos are a novelty. They would be worthless without the private codes printed inside them. How does Bitcoin work? Each Bitcoin is basically a computer file which is stored in a 'digital wallet' app on a smartphone or computer. People can send Bitcoins (or part of one) to your digital w...
Read more