Ethical hacking

The dark but lucrative world of hacking

Maybe you should encourage your kids to become hackers. When you open Twitter handles and Linkedin profiles, it’s not unlikely that you’ll find people listing hacking as a skill.

Parents used to tell their kids to become doctors, lawyers and accountants. Later, they advised them to learn about computers. These kids grew up to become hardware specialists and then software specialists. That was related to the third industrial revolution.

Yet in the past 10 to twelve years, we have seen ourselves thrown into the fourth industrial revolution, one in which technology affects our lives through social media and augmented reality.

We share more and more of our personal information with more people, companies and institutions every day and we do it willingly and are often blasé about it. This has prompted more people to steal this information through hacking

Hacking background

Since the advent of personal computers in the 1980s hackers have become prolific, initially in first world countries which had an advanced infrastructure. There were numerous cases in the US but as computer technology has permeated the world, hackers have followed suit. 

A hacking group called MOD, Masters of Deception, in the 1980s allegedly stole passwords and technical data from Nynex, and other telephone companies as well as several big credit agencies and two major universities.

The damage caused was extensive and one company, Southwestern Bell said it suffered losses of $370,000 alone. These days the damages, though not always publically announced, can run into a few millions.

READ MORE about the Online Threats hackers use here

This has paved the way for a special information technology (IT) vocation. A security hacker is someone who explores methods for breaching defences and exploiting weaknesses in a computer system and networks. They break into systems they aren’t authorised to, and tend to break seamlessly into email and banking systems.

Advertisment

Hacking as a career

Ben Wilson works as an ethical hacker. He has more than ten years of experience and worked in London where he received on-the-job training. He now works remotely in South Africa servicing UK clients.

“I test websites for clients. I look for vulnerabilities in the systems. I have done a lot of work for banks lately but my work is across industries.” 

“Energy companies are using my services more and more,” he says.

Wilson says he worked in a permanent position for six years. Right now he contracts for five clients regularly.

Ethical hackers are the knights who test how permeable these systems are.

“The majority of my work is for British clients. The UK pound is strong and I like to earn pounds. I’d say the best computer security consultants in the world are in the UK. The US is strong too but the UK consultants are sophisticated and the best.”

Vulnerabilities

The most common way in which people hack information is through email contacts; especially personal Gmail accounts.

People think that their information is safe because it sits with one of the largest companies in the world. But this is exactly why it isn’t safe.

Gmail accounts are regularly hacked and if you want to protect especially valuable information you should either upgrade it to the business/enterprise level, use a different email service, or perhaps the one connected to your employer. 

Nowadays companies use services to protect themselves against hacks and unauthorised access. These monthly or annual service providers might employ ethical hackers to check the companies’ systems.

Hacking, however, isn’t just something that happens to big companies or in blockbuster movies. Here are some reality checks:

  • All websites are under threat;
  • So are applications (Apps) on your phone;
  • People can also programme artificial intelligence (AI) to hack into systems. This has become a big concern and theme for security experts.

Ways to proactively prevent a hack 

Fortunately, there are several ways of protecting yourself and your information from hacking; starting with your emails. Be wary of “phishing” emails asking you to update your information, especially for bogus databases which you have never heard of.

In addition:

Use a spam filter.

Avoid opening attachments from senders whom you don’t know.

Update your passwords regularly.

It helps to have authentication methods, such as a smartphone linked and email linked authentication (2FA) or security keys like Yubico.

Don’t click on any ad – period!

Back up your files regularly – it’s always good idea.

Don’t allow ransomware bullies to bully you.

  • If you get sent communication saying that people have your files and want money or they’ll release the files; ignore them.
  • They can’t threaten you forever and might eventually move onto another target especially if your information loses its value over time.

Anti-hacking software

Advertisment

As a business, use tools like those from cybersecurity experts Acunetix. More than 4 000 companies protect their web applications form vulnerabilities using its powerful web scanner.

Its penetration testing software prevents potential attacks by identifying holes in your websites’ coding. This is where hackers usually plant their complex code which allows them to extract data such as contact details, credit card details and in worse cases, company-sensitive data like patents and blueprints.

Naturally, they also scan networks to find gateway loopholes that could lead to crashes and downtime-related losses. A bank’s website going down for a few hours can cost it several thousands or even millions in lost revenue.

Despite having firewalls, VPNs and other Internet security systems in place, your websites and Apps being developed are still vulnerable to cyber-attacks or a hack.

Some complex hacks include: SQL Injections, Cross-Site Scripting (XSS) and what is known as Cross-Site Request Forgery (CSRF).

The most commonly known and used however, is a DDoS attack. Basically it works like like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination. Incidently, only a few days ago, Amazon was hit by a DDoS Attack.

So, how would you know or find out if you are vulnerable?  By conducting regular scan on your websites and apps to see where vulnerabilities lie.

Avoiding a hack requires common sense

Be aware and don’t fall into scams. It’s unlikely you’ve won 120-million Euro in a lottery. And you should know by now that are not the descendant of a king!

If someone says they have a sex-tape with you in it and they want your salary, unless you know you made a sex tape, they’re probably lying.

Unless of course, a scorned lover of yours tricked you – but you can’t blame technology or a hacker for that.

Advertisements

The Online Threats of 2019

How you can stop them from happening.

Like a biological virus mutates – as technology advances, so does the complexity of phishing and identity theft schemes. With major services adopting cloud technologies and storing private data online, anyone is vulnerable to hacking.

To make matters worse, hackers continue to come up with some pretty creative ways to profit from stolen information.

Without wasting time, these are the things you should already be doing to avoid being exposed to hackers in the first place:

In order to keep these cybercriminals out of your lives and computers, let’s take a look at some of the actual schemes to watch out for in 2019.

Hacking

We all know what hacking is by now – the term has almost become synonymous with internet security. So a question is: do you love watching movies on Netflix or jamming out to your summer playlist on Spotify? If the answer is yes, then you’re at a pretty high risk of getting hacked.

DynaRisk, a UK cybersecurity firm, recently found that cybercriminals most commonly target these brands, along with adult-oriented sites (you know what we mean) and then, online gaming services.

Identity Theft

A few weeks ago, authorities caught a New York-based gang who had used identity theft to steal over $19 million worth of iPhones. Quartz reported that this operation ran for seven years.

So-called “Top Dogs,” the ring leaders, would organize lower level members of their organization to steal identities and create clone credit and identity cards. Then, affiliates fanned across the nation, signing up for mobile phone plans to acquire iPhones, which were later sold for a profit by the Top Dogs.

Because phone payment plans take the shape of nominal fees over the course of several years, victims often wouldn’t notice the fraud until it was too late. Learn how another scheme dubbed sim port attack works in the diagram below:

Ransomware

Hacking can happen to anyone – including our favorite bands. In early June, a hacker managed to steal the minidisk archive of Thom Yorke, the lead singer of Radiohead. This included previously unreleased demos and audio material from around the time of “OK Computer,” the band’s 1997 worldwide hit album. The hacker then demanded $150,000 on the threat of releasing it.

Holding files for ransom is so common nowadays that it even has its own name: “Ransomware.” Either pay over the ransom or lose your files—or, even worse, have them released onto the unforgiving Internet.

In response, Radiohead released all 18 hours of material on Bandcamp themselves, winning against these ransom hackers.

Most security experts recommend the same route as Radiohead—never pay the ransom, because there’s no guarantee you’ll recover files or prevent their release.

Sextortion

If you think ransomware is bad, there’s an entire subgroup of it aimed to profit off sexual shame. Cheekily named “Sextortion,” some hackers creatively upgraded the classic email phishing scam to scare victims into handing over Bitcoin.

According to Fortune, hackers have already racked up over $900,000 with sextortion. In these phishing emails, the sender claims to have spied on you while you watched porn—and has webcam footage of the salacious deeds. The message then demands a Bitcoin ransom, or else face the social and professional consequences of this lewd video getting sent to all your contacts.

To make the threat even more believable, the sender references a previous password tied to the user’s email account. According to Krebson Security, a sextortion phishing message might look a little like what’s written in the sidebox.

In rare cases, the threats are real—and hackers get their hands on some sexually explicit photos. Recently, American actress Bella Thorne fell victim to sextortion. Last Saturday, she took a similar, albeit more risqué, route as Radiohead, opting to release her nude photographs on Twitter in order to take the power away from her hacker.

Last thoughts..

So, what’s the best way to avoid your personal, or, business from costing thousands in virtual currency? Since most of these emails are fake, you can just avoid them with a spam filter. And you should probably buy a webcam cover…just to be safe. When it comes to general browsing- we suggest using a VPN.

Read more about VPNs here

There are now more secure anti-hacking tools that use the Blockchain and offer great protection especially against identity theft. Have a look at our feature on Tokenisation.

Most online services now like mobile banks, offer App-based 2-factor authentication. This should now be regarded as the minimum security for ANY online account or App.

To avoid hacking or phishing scams in general, optimizing your cybersecurity and using online common sense will save you loads of time, trouble and money.

Cybersecurity by Acunetix

The latest cloud computing trends in 2019

It’s 2019, and the Cloud is everywhere—from the apps we use every day to the infrastructure of global tech giants.

According to researchers at Gartner, revenue generated from public cloud services is projected to grow 17.5 percent in 2019. This amounts to a total of $214.3 billion, up from $182.4 billion in 2018.

More than a third of organizations surveyed by Gartner saw cloud investments as a top three investment priority. With this kind of growth, tech organizations are racing to get onboard with cloud-only software and platforms. Here are some of the trends to look out for this year:

Hybrid Cloud, Multi-Cloud and Mergers

IBM announced its purchase of Red Hat last October, calling it the “most significant tech acquisition of 2018.” This combined Red Hat’s extensive network of open-source clouds with IBM’s Hybrid Cloud team.

Mergers like these are likely to become a trend this year, as companies see the vast benefit of using multiple clouds across all sectors of their organization. Furthermore, this system will dominate in the future, as businesses find public clouds inadequate to meet every one of their requirements.

As a more flexible and functional solution, many organizations will shift to a network of multiple private, public and hybrid clouds in the coming years.

Serverless Cloud

Serverless computing is a young market in technology, but it will continue growing in 2019. Serverless computing isn’t actually “serverless.” Instead, it is a cloud-computing model in which the cloud provider itself runs the server on a dynamic, as-used basis (FaaS).

Rather than buying server space, developers can simply use a back-end cloud service to code, only paying for the server space they actually use.

As this relatively new technology develops, we can expect to see more companies providing and expanding their “serverless” offerings.

Artificial Intelligence

Although cloud technologies are growing exponentially, artificial intelligence (AI) could prove an even greater economic driving force. This is because according to Accenture, the impact of AI could double economic growth rates by 2035 in developed countries. 

Around 80 percent of large companies have adopted some form of AI, according to the Harvard Business Review.

Amazon, Twilio and Nvidia, to name a few, are thus, incorporating AI with cloud computing, next-gen GPUs and the Internet of Things (IoT). This has led to the developing of applications with “smart assistants,” and voice-to-text technologies.

Such a combination of AI and the cloud provides an extremely powerful and unconstrained computing network.

Security

Digital transformation is already underway, with Gartner also projecting that 83 percent of all workloads will shift to the cloud by 2020. However, this movement presents issues of cybersecurity.

Many businesses have not properly secured their cloud-stored data. For example, marketing and data aggregation firm Exactis left around 340 million records exposed on its cloud servers. This was uncovered in a data breach last year.

Mitigating factors

The implementation of the General Data Practice Regulations (GDPR) makes this even trickier. The GDPR affects cloud security, and IT companies will likely struggle to comply with these new laws while protecting sensitive information.

Cloud computing services are progressing exponentially, as are their new developments. As a result, 2019 will surely be filled with businesses pouring investment into enterprise solutions. This while expanding, securing and implementing cloud technologies to their fullest extent.

Bridget is a freelance writer and editor, and the founder of Lost Bridge Blog, where she writes about traveling as a Millennial woman on a budget. When not writing, you can find her traveling, drinking inhuman amounts of caffeine and scrolling through the latest tech & political news.
N26 Bank
N26 Bank

Already GDPR-ed Out?

Well it didn’t take long. Less than a full week in fact, for the first GDPR-related court cases to surface against none other than the biggest social tech giants Facebook and Google.

It was as if lawyers were just waiting to pounce on the tech giants for their apparent failure to protect our rights as an online users.

This pertains specifically to issues relating to data privacy and the sharing of private details mainly with third-party marketers.

Now the issue about how Facebook stores and shares data has been clarified by several intense inquiries in the US and recently in Europe. This is where the law is set to benefit users of the social media platform on that geospatial area of the world.

The said lawsuit, however, focuses on the opt-out clause that forces you and I to make a choice to comply or leave. The claimant is a privacy campaigner. He has made the Billion-Euro complaint on behalf of several users; seemingly a challenge to the likes of Facebook.

Additionally, he has launched a separate suit against Google, accusing them of “pressurizing” users into accepting their data collection policies.

This ‘comply and accept or get thrown out’ clause could leave many without their routine dose of social media consumption simply because they prefer to engage privately. Such a clause is deemed unfair.

It could cost a lot if they get their way based on the terms stipulated in the new law.

The social media giant could be fined up to a few billion or a sizeable fraction of their earnings in punitive damages.

The aim of the new law

The passing of the new regulation on May 25th, 2018, better known as the General Data Protection Regulation {GDPR} has been a long time coming.

Despite the warnings several months or even a year in advance of the “kick-in” of the regulation – many find themselves unprepared for it.

Some of the reactions to the law include that of confusion, anxiety by both large and small firms alike and plain comical hysteria!

Non-compliance now carries heavy fines and penalties, up to 20 million euros for anyone operating within the EU borders.

So, what then, is the big fuss about GDPR?

Well, it boils down to a right that has since the launch of the Internet to the mainstream, been waivered and overlooked.

The CONSENT to use your data for anything other than the reason you went public on the world wide web is now very crucial.

This has become a contentious issue as many companies have over the years, unscrupulously benefited from data acquired (mined) without your consent – Facebook only brought this into the spotlight recently.

Read more about data mining here

Who needs compliance?

If you hold a folder, database of clients whether online or on your internal server, you would have to comply with the rules which stipulate full disclosure. This includes who you share your details with, and how the information is tracked, shared and kept private/secure.

Furthermore, research in March this year showed that only 39% of the Fortune 500 companies in the UK and 47% had GDPR compliance taskforces. It is unlikely  that that statistic is 100% by now.

Another UK firm commissioned study found that our buying behaviours these days, are heavily influenced by we perceive our data is being handled by the company offering the good or service.

The consent given to use your basic information such as one’s name, phone number and email address cannot be taken for granted – even in the medical environment.

German doctors’ practices, in the wake of GDPR, are manually making their clients sign consent forms. Doctors are required to fully disclose who they share your contact information with.

This is a practice that we have always treated with levity. The new law nevertheless clearly stipulates that henceforth, it will be mandatory.

How to be compliant

There are simple ways you can stay GDPR compliant. One method is to adopt an attitude of embracing it rather than just complying with it.

Being transparent with your customers can be achieved in the following ways: Adding a cookie bar to your website. You can also add a clause/paragraph to that effect (in your website’s disclaimer) in the ‘About Us’ section.

Similarly, you must state clearly on any opt-in forms. Newsletters for example, and any forms where their data is collected, used and passed onto other third-parties must be announced. State clearly who they are and which data they have access to.

You then need to give your customer the option to select what they want to share even if it seems insignificant.

Even if such data may not be necessary for them to receive services from you.

This probably involves reviewing your relationships with third-party affiliates and partners to ensure that they are also complying with the law.

They could be jeopardizing your data compliance efforts – as Cambridge Analytica did with Facebook.

The last and most challenging step requires the action of what is promised above. This, therefore, means an upgrade of your internal software  to include security/encryption.

GDPR compliant software

You can obtain full compliance by using a GDPR-compliant package like Office 365 Enterprise E3.

This package has email software specially designed for those of you dealing with sensitive client’s data that need to be kept for long periods.  Litigation hold, heavy archiving features; as well as basic email encryption are all included.

You can add supplementary encryption software such as Azure Information Protection as an extra layer of security. This helps you to safeguard exchange-hosted emails and stored data from being lost, compromised or accidentally shared.

All said and done it is likely that if you are a bigger firm, you would either need to create the position of a data security officer internally (if your lawyers are not up to date with digital laws), or to outsource the service.

This should make you fully compliant thereby having to avoid issues with the data compliance authority altogether.