Tag: hacking

Users are getting advertisements based on their phone conversations

Today we are living in an era in which there is constant surveillance on us through various sources. Among these, there are satellites and various other electronic equipment that we use daily. Some of those apps collect our data in the background.

The Internet has oven us many things but along with that, there are also some scary consequences. Among those consequences, there is also a breach of our privacy. Especially, smart devices are the main culprits that help in such breaches of trust. We are using them daily. We are also giving consent to various apps to access our microphones as well as our contact list as a whole. This data is then sold to advertising companies, who then show advertisements relevant to us on our devices.

These findings have been proved recently by some recent research. During the research, the users were asked whether they see advertisements based on their conversations or not. In return, several users admitted to getting ads based on their conversations, during phone calls. Several users even admitted to getting emails with the relevant products of their choice. On the other hand, some users did not see any such advertisements. Then some users had no opinion on such matters and some did get such ads some and some very times.

https://unsplash.com/photos/XIVDN9cxOVc

The above problem now needs some strict rules or regulations. This can only happen when the government will pass the Personal Data Protection Bill 2019. Once this will gets passed then people will have control over their privacy. The bill will also ensure that the apps need to specify the data which they are accessing. There also needs to be some clarification about the collection of data and their transactions with third parties.

These changes will make sure that the companies whose apps we are using are alert to the way our data is being used by them. They will also need to be careful with the way they handle our data. Then our data will get some protection om the wrong hands. These changes will also bring about some much-needed changes in the data field. The companies will focus more on the protection of the privacy of data. The data will also need some serious protection from outer elements. It is because various attacks are happening nowadays which are affecting various big organizations. In recent times, AIIMS servers were also hacked and there is a demand for 200 crore rupees in cryptocurrencies from hackers to give back control of servers to the major medical organization.

The recent attacks on the data of such major organizations are also asking for some data-related laws in the country. The changes will pave way for the implementation of some better rules for future generations so that their privacy remains in their own hands. These data-related issues will also safeguard the future of the country. Nowadays, data is the real gold. Data now paves the way for development shortly as technology is getting more dependent on the data being collected from users like us.

CYBER CRIME CASE STUDY IN INDIA

Computer Crime Cyber crime encompasses any criminal act dealing with computers and networks (called hacking).Additionally, cyber crime also includes traditional crimes conducted through the internet. For example; The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking.The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, Trojan attacks, internet time thefts, theft of computer system, physically damaging the computer system

Cyber Law is the law governing cyberspace. Cyberspace is a wide term and includes computers, networks,software, data storage devices (such as hard disks, USB disks), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.

Computer crimes encompass a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories

(1) Crimes that target computer networks or devices directly; Examples – Malware and malicious code, Denial-of-service attacks and Computing viruses.

(2) Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device. Examples – Cyber stalking, Fraud and identity theft, Phishing scams and Information warfare.

CASE STUDIES

Case no:1 Hosting Obscene Profiles (Tamil Nadu)

The case is about the hosting obscene profiles. This case has solved by the investigation team in Tamil Nadu. The complainant was a girl and the suspect was her college mate. In this case the suspect will create some fake profile of the complainant and put in some dating website. He did this as a revenge for not accepting his marriage proposal. So this is the background of the case.

Investigation Process

Let’s get into the investigation process. As per the complaint of the girls the investigators started investigation and analyze the webpage where her profile and details. And they log in to that fake profile by determining its credentials, and they find out from where these profiles were created by using access log. They identified 2 IP addresses, and also identified the ISP. From that ISP detail they determine that those details are uploaded from a café. So the investigators went to that café and from the register and determine suspect name. Then he got arrested and examining his SIM the investigators found number of the complainant.

Conclusion

The suspect was convicted of the crime, and he sentenced to two years of imprisonment as well as fine.

Case no:2 Illegal money transfer (Maharashtra)

ThIS case is about an illegal money transfer. This case is happened in Maharashtra. The accused in this case is a person who is worked in a BPO. He is handling the business of a multinational bank. So, he had used some confidential information of the banks customers and transferred huge sum of money from the accounts.

Investigation Process

Let’s see the investigation process of the case. As per the complaint received from the frim they analysed and studied the systems of the firm to determine the source of data theft. During the investigation the system server logs of BPO were collected, and they find that the illegal transfer were made by tracing the IP address to the internet service provider and it is ultimately through cyber café and they also found that they made illegal transfer by using swift codes. Almost has been  The registers made in cyber café assisted in identifying the accused in the case. Almost 17 accused were arrested.

Conclusion

Trail for this case is not completed, its pending trial in the court.

Case no:3 Creating Fake Profile (Andhra Pradesh)

The next case is of creating fake profile. This case is happened in Andhra Pradesh. The complainant received obscene email from unknown email IDs. The suspect also noticed that obscene profiles and pictures are posted in matrimonial sites.

Investigation Process

The investigators collect the original email of the suspect and determine its IP address. From the IP address he could confirm the internet service provider, and its leads the investigating officer to the accused house. Then they search the accused house and seized a desktop computer and a handicam. By analysing and examining the desktop computer and handicam they find the obscene email and they find an identical copy of the uploaded photos from the handicam. The accused was the divorced husband of the suspect.

Conclusion

Based on the evidence collected from the handicam and desktop computer charge sheet has been filed against accused and case is currently pending trial.

Hacking is a widespread crime nowadays due to the rapid development of the computer technologies. In order to protect from hacking there are numerous brand new technologies which are updated every day, but very often it is difficult to stand the hacker’s attack effectively. With some of these case studies, one is expected to learn about the cause and effect of hacking and then evaluate the whole impact of the hacker on the individual or the organization.

KALI LINUX

Kali Linux Features

What is Kali Linux, and what is a Penetration Testing Distribution?

What is a penetration testing distribution? As legend tells it, years ago there was a penetration test in an isolated environment where the assessment team was not able to bring in any computers or have network access in or out of the target environment. In order to do the work, the first penetration testing distribution was born. It was a bootable Live CD configured with various tools needed to do the work, and after the assessment was completed the Live CD was shared online and became very popular.

Kali Linux has a direct lineage from this original distribution, running on through Backtrack Linux, and now is Kali Linux.

What are the makings of a great penetration testing distribution? What a penetration testing distribution is judged on has changed over the years. Originally it was just how many tools did it hold. Then it was did it have package management, and how often were they updated? As we have matured, so has the features that we need to provide. The true indication of a great Penetration Testing distribution is the selection of useful and relevant features that it offers security professionals. What kind of features are we talking about? We’re happy you asked! We’ve made a short list of some of these Kali Linux features, and linked them to their respective sources.

Special Kali Linux Features of Note

  • Full customisation of Kali ISOs. With the use of meta packages optimized for specific need sets of a security professional and a highly accessible ISO customization process a optimized version of Kali for your specific needs is always easy to generate. Kali Linux is heavily integrated with live-build, allowing endless flexibility in customizing and tailoring every aspect of your Kali Linux ISO images. This can be shown with our basic example build recipes, to our Kali ISO of doom recipe, which shows the types and complexity of customizations possible – build a self installing, reverse VPN auto-connecting, network bridging Kali image – for the perfect hardware backdoor.
  • Live USB Boot. This allows you to place Kali onto a USB device, and boot without touching the host operating system (perfect also for any forensics work!). With optional persistence volume(s) you can have opt to pick what file system to use when Kali starts up allowing for files to be saved in between sessions, creating multiple profiles. Each persistence volume can be encrypted essential feature needed in our industry. If that is not enough, we also have LUKS nuke option, allowing you to quickly control the destruction of data.
  • Kali Undercover. Using Kali in an environment you don’t want to draw attention to yourself? Kali Undercover is perfect to not stand out in a crowd by blending to a familiar operating system that most people recognize to stop shoulder surfers.
  • Win-Kex. Using Kali on WSL? This provides a Kali Desktop Experience for Windows Subsystem for Linux, with seamless windows, clipboard sharing, audio support and more.
  • Kali NetHunter. Kali on your (Android) phone. This covers multiple items, such as a ROM overlay for multiple devices, NetHunter App, as well as NetHunter App Store. On top of this, you also boot into a “full desktop” using chroot & containers, as well as “Kali NetHunter Desktop Experience (Kex)”.
  • Kali Everywhere. A version of Kali is always close to you no matter where you need it. Let it be; ARM, Bare Metal, Cloud (AWS, Azure), Containers (Docker, LXD), Virtual Machines (VirtualBox, VMware), WSL, and so on – is all available.
  • Kali ARM. Supporting over a dozen different ARM devices and common hardware such as Raspberry Pi, Odroid, Beaglebone, and more. We offer pre-generated images, ready to be used as well as build-scripts to produce more. We’re very active in the ARM arena and constantly add new interesting hardware to our repertoire.
  • The industry standard. Kali Linux is the undisputed industry standard Open-source penetration testing platform.
  • For more features of Kali Linux, please see the following page: What is Kali Linux?.

Want to learn more about the Kali Linux Operating System?

  • Download Kali Linux. the most advanced penetration testing platform ever made. Available in 32-bit, 64-bit, and ARM flavors, as well as a number of specialized builds for many popular hardware platforms. Kali can always be updated to the newest version without the need for a new download.
  • Kali Documentation. Whether you are a seasoned veteran or a novice – our Kali Linux documentation site will have something you need to know about Kali Linux.
  • Kali Community. Kali Linux, with its Backtrack lineage, has a vibrant and active community. With active Kali forums, IRC Channel, Kali Tools listings, an open bug tracker system and community provided tool suggestions – there are many ways for you to get involved in Kali Linux today. Joining the community is easy – don’t hesitate; jump right in!

What is Ethical Hacking?

Hacking refers to the practice of gaining access to systems or computers through unauthorized means. While our everyday life is increasingly moving online as are all activities, it is important that our privacy is maintained, our bank accounts remain secure, and our data not be used for other purposes. Cyber-crimes which are crimes perpetuated online pose a massive threat to our security in the virtual world and are on the rise every day. These activities are done by malicious hackers who use the information for their own personal gain or for organizations with criminal intentions. It is to counter this threat that ethical hacking is promoted now.

code on computer screen
Photo by ThisIsEngineering on Pexels.com

Ethical hacking refers to the practice of breaking through or bypassing system security with non-criminal intent. It is a pre-emptive measure to identify the flaws in a system as well as expose the probable cracks through which data can be compromised. The breach in the system will allow the organization to understand their current security status and do what is needed to better it. Ethical hackers are also known as White Hat hackers as opposed to Black Hat hackers who use illegal means to gain access to a system and do harm. There is a third group who are called the Grey Hat hackers. They are hackers who break into systems without authorization but do so with no mal-intention. Many do it for the fun of it and also report their breaches to whoever concerned. However, the lack of official authorization makes even this act a crime. Data theft, identity stealing, and large-scale money heists are all common activities that a black hat hacker would engage in. In the current landscape of commerce and technology, it is undebated that those who have access to and control of more information get the upper-hand. Information and data are the currency used most widely now. It is to ensure that these transactions and safekeepings are as secure as possible, and that the organizations who handle our data are able to safeguard them that we have need of ethical hacking.

An ethical hacker employs his skills to find the glitches in the armor and alerts his employers about his findings. With technological innovations reaching new heights every day, it is necessary that security systems are constantly upgraded and under scrutiny. Companies hire ethical hackers to find vulnerable points in their security systems and software that could be points through which an unethical hacker could enter the system. Ethical Hacking is also known as pen-testing or penetration testing. This is because they perform what is called a ‘pen test’ to hack into the system. Ethical hackers usually use the same methods that unethical hackers will use to enter a system. The only difference is that they are doing it with legal authority. They are required to keep their findings and understanding of the security system of an organization confidential since any slippage of information from them can cause harm as well. They are to remove or erase any traces of the hack once they have finished checking the system in order to stop unethical hackers from exploiting the same vulnerabilities. Ethical hacking can be learnt online from professionals or as part of courses. It is becoming a much sought-after profession and an increasingly pertinent one in the current global scenario.