Easy access to hacking tutorials worry experts [Security] [Times of India]
(Times of India Via Acquire Media NewsEdge) PUNE: The alleged involvement of a Pune man in a global hacking network hasn't really shocked experts who note that underground hacking groups have the most potent weapon__ freely available open-source operating systems__ that enables them to hack computer passwords and banking servers.
Experts said these systems are available online for free and have tutorials that even people who are not too tech-savvy can follow. Designed to test if user applications and computers are secured, these testing tools are often misused by hackers. Add to this a host of other age-old hacking techniques, such as installing trojans or malwares on the victim's computers, using hardware or software key loggers, among others, and you have a virtual recipe for disaster.
Rishi Aggarwal, founder, Anti-Hacking Anticipation Society- HANS, told TOI that most underground hacker communities have plenty of options to hack among which using dedicated open source operating systems like 'Backtrack' and 'Kali' are most widely used. "These 'Operating Systems' are available online, free of cost. There are hundreds of such open-source 'Operating Systems' that are designed as a 'penetration testing framework', but are used by hackers to hack. Online tutorials make sure that any one can use them to hack anything," said Aggarwal.
Aggarwal said that software and hardware key-loggers--small devices that can be manually fixed on public computers (such as in cyber cafes, airports) and capture all keystrokes made on the computer's keyboard __ are also used by hackers.
A common hacking method involves sending malwares/Trojans and then installing them on the victim's computer, said Kirtar Oza, manager - Information Security at a top IT service provider. He said this can be done through any of the social engineering techniques-- either by sending a prank email or making a person download a software that looks authentic/useful or even making the person click on an advertisement that pops-up many times during browsing. "Trojan is nothing but a malware (malicious software) lurking in a file that looks authentic. Hackers send Trojans by binding the malware with any of the other normal files like a picture, word, excel or power-point file. When these dubious files are downloaded and opened by the victim on the computer, the malware automatically executes in the background and starts capturing all the sensitive information that includes stored credentials as well as keystrokes," said Oza.
Oza added that it is really difficult to say how many Pune groups or hackers are associated with any of the international hacking communities. "From what I understand, there is an existence of a 'Cyber Sleeper Cell' in India that steals/hacks the information related to credit card/debit cards or other sensitive account information at the ground level and sells it to the international market. Then, an international syndicate sells this info on their website," he added.
Cyber crime investigation expert Sandip Gadiya said that hardcore hackers find vulnerabilities in an email service, and then exploit it to compromise email accounts.
Anshul Abhang, managing director and CEO of a risk management company in the city, however, added that brute forcing the email account is very difficult for hackers in the current era of increased internet security. Brute forcing the account means using automated tools that generate a number of passwords till the combination matches the password the hacker wants to break into.
More ways to hack:
Sniffing: Hackers can sniff the data traffic on public internet wi-fi hot-spots and if sensitive information, like passwords, is going in a clear text, it can be captured easily.
Phishing Attack: A duplicate login screen is generated by viewing the-source code option in internet explorer. The new link is sent to the victim, and if the victim falls in this trap, he fills his login details on the fake page, that forwards a copy of typed username and password to the desired address of the hacker.
How hackers remain secure:
Oza said that everything is tracked online based on the IP address of users. "IP address is 'the identity' of the user on the internet. Hackers use tools available online to conceal their real identity, which means even if a hacker is from India, his/her IP address may be a spoof IP, which may show his/her location as Portugal or UK or Germany anything. So tracing the real identity is a big problem in cybercrime. Tools like TOR, VPN gate-ways, proxies are available to hide the real identity. These kinds of services are sold in underground markets that will help hackers to hack without getting busted," he said.
Hackers have easy ways to reach your account if it has been hacked before:
The easiest way for a hacker to keep accessing your email after you've supposedly re-secured your account is to set up forwarding rules that push your emails to them.
The next easiest way for a hacker to maintain access to your account is to alter your password recovery settings.
Email services offer lots of tools beyond just email and each one offers attackers more backdoors to your account.
(c) 2014 Bennett, Coleman & Company Limited
[ Back To TMCnet.com's Homepage ]