You are here: Home » PTI Stories » General » News
Business Standard

What you should know about cyber assaults

Business Standard explains key terms used in the realm of internet-based crimes

Shantanu Bhattacharji  |  New Delhi 


Ultimately, the cyber-world is ungovernable. Cyber terrorism is a growing threat, and of increasing concern to governments around the world. And in this flat and fragile world, a few morphed images and spurious texts can unsettle an entire nation. Experts say using the cyberspace for settling political scores can prove to be detrimental.

Let's crack the story with numbers: a third of all observed computer attacks from July through September last year came from China, according to a report last month from Akamai Technologies, an Internet services company.

On February 1, anonymous hackers attacked Twitter and may have gained access to the passwords and other information of as many as 250,000 user accounts, the microblogging site revealed.

A day earlier, The New York Times reported that Chinese hackers had infiltrated its computers and had stolen passwords of its employees, and The Wall Street Journal announced that it too had been hacked.

The NYT reported that it had been the target of four months of cyber-attacks, which started during a probe by the newspaper into the wealth reportedly accumulated by relatives of the Chinese premier, Wen Jiabao.

According to the Guardian, the hackers gained entry to the newspaper’s internal systems and accessed the personal computers of 53 employees including David Barboza, its Shanghai bureau chief and author of the Wen exposé, and Jim Yardley, a former Beijing bureau chief.

Google chairman Eric Schmidt uses a new book to call China an Internet menace that backs cyber-crime for economic and political gain.

However, Chinese authorities have denied that Beijing has supported any cyber assaults, stressing that hacking is illegal in the country.

Bloomberg News, another American organisation, was targeted by Chinese hackers last year, and some computers were infected. The attack occurred after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, a Chinese official who is expected to become president in March.

In 2010, Google had a very public spat with the Chinese government after it claimed China had led a hacking attack against Google, other technology firms, defense corporations and Chinese dissidents.

Business Standard simplifies the hacking jargons

What is hacking?

In a nutshell, it is a process of exploiting a weakness in a computer network to gain access to it.
__________________

Who is a hacker?

A hacker or White Hat Hacker (also ethical hacker) is one who specialises in penetrating computer systems, finding flaws and holes, and fixing them. Such people are employed by firms with pretty good salaries. They are sometimes called sneakers.
__________________

Who is a cracker?

Black Hat Hackers (or crackers) are those who specialise in unauthorised penetration of information systems. They attack computer systems for profit or fun, or to modify and destroy data.
__________________

Who is a script kiddy?

They are wannabe crackers. They lack knowledge of how a computer really works but use well-known easy-to-find techniques, programs or scripts to break into a computer to steal porn and music files, or send junk mail.
__________________

Different types of hacking: password hacking, phishing and malicious softwares (malware) which may watch users’ screens, pilfer bank accounts or propagate a social message. Domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address.
__________________

Laws

Section 43 of the Indian IT Act provides for remuneration for damage done, and section 66 provides imprisonment for up to three years.

Even as the number of internet users continues to rise and the government increasingly seeks to offer citizen-centric services through the internet, data show about half the government departments and ministries in India are vulnerable to data theft, hacking and cyber terrorism.

According to government sources, of about 7,000 government websites, only 3,192 have been audited for information technology (IT) security, while 3,556 others are being audited.
__________________

Top infamous cyber attack cases

A) Yahoo voices

Hackers posted online what they say is login information for more than 450,000 Yahoo users. The hack, which of course was conducted anonymously, was meant to be a warning, according to the Web page where the documents were dumped.
__________________

B) Operation Shady RAT

In 2011, hackers attacked the computer networks of 72 organisations around the world over a five-year period,  security firm McAfee said. It was dubbed  as Shady RAT by McAfee, which was bought by Intel Corporation. The victims include governments of Canada, India, South Korea, Taiwan, United States and Vietnam. International bodies such as the United Nations, the Association of Southeast Asian Nations (Asean), the International Olympic Committee, the World Anti-Doping Agency were also targeted.
__________________

C) CBI site hacked by Pakistani Cyber Army

In 2010, the website of the Central Bureau of Investigation (CBI) was hacked on by programmers identifying themselves as "Pakistani Cyber Army". The home page of the CBI website had a message from the 'Pakistani Cyber Army' warning the Indian Cyber Army not to attack their websites.
__________________

D) China 'hijacks' 15% of world's internet traffic

According to a report to the US congress, China ‘hijacked’ 15 per cent of the world's internet traffic for 18 minutes in 2010, including highly sensitive email exchanges between senior US government and military figures.  A state-owned Chinese telecommunications firm re-routed around 15 per cent of all web traffic through its own servers during a brief period on April 8, the report said.
__________________

E) In 2010, Iran confirmed that its nuclear program had been affected by a mysterious computer virus. According to Reuters, a senior official at US technology company Symantec said that 60 per cent of the computers worldwide infected by the so-called Stuxnet worm were in Iran, prompting speculation that the nuclear power plant may have been targeted in an attempt at sabotage or espionage.

In December 2010, the corporate websites of Visa and MasterCard were inaccessible due to an apparent cyberattack by purported Wikileaks backers. Messages posted on Twitter indicated the attacks maybe be in response to recent moves by Visa and Mastercard against WikiLeaks.
__________________

F) In January 2010, Google said that it and more than 20 other companies were the victims of a sophisticated cyber attack - later dubbed Operation Aurora - from China-based hackers that resulted in the theft of intellectual property.
__________________

G) In 2011, South Korea has been hit by a series of cyber attacks which have targeted some of the country's leading websites. Government ministries, the National Assembly, the military headquarters, US Forces in Korea and major banks were among those hit.
__________________

Weapons of a cyber attack

Reconnaissance Tools

Used to gather information about networks and systems to help plan attacks on that system or network.

Scanning Tools

Used for in-depth data mining to get information on a target’s environment, its systems and other details.

Access and escalation Tools

These allow you to escalate your level of security clearance once you penetrate a network.

Encryption Tools

Effective in hiding data.

Stenography Tools

These are used to create hidden messages through electronic data. For example, a video file with a lot of noise could actually be an encoded message.
__________________

Tips for regular computer and Internet users

I) Habituate to change your email passwords every 10 days and never open your email id in front of anyone.

II) Avoid public cyber cafes. Use a strong password which shouldn't be a name or date of birth or a word from the dictionary.

III) Always use a password containing letters, numbers and special characters, for example, man@18!@.

IV) Always use a good anti-virus, firewall and operating system. Say no to piracy.

V) Never open any suspicious link or open any suspicious attachment in your email.

VI) Don't store passwords in browsers. Storing passwords in computer is not bad. But, make sure the directory containing the password file should be password protected and never forget to password protect your computer.

VII) Beware of lottery and cash prize win notification emails.
__________________

Ten famous hackers

10) Kevin Mitnick

09) Kevin Poulsen

08) Adrian Lamo

07) Gary McKinnon

06) Robert Tappan Morris

05) John Draper

04) The Masters of Deception

03) Matthew Bevan and Richard Pryce

02) Jonathan James

01) Albert Gonzalez
__________________

ALSO READ
__________________

Half the govt websites in India are prone to cyber attacks

Cyber attackers targeting Android platform in India: Report

First Published: Mon, February 04 2013. 15:46 IST
RECOMMENDED FOR YOU