Amiya Kumar Mishra
We must be ready to fight against all kinds of cyber crimes
The year 2011 has been a victim to some of the world’s biggest hacking attacks. The hacking of Sony Playstation, customers’ information breach of Citibank, Operations Payback are only a few to name among them. India is also one of the victims of hacking. Recently, the National Informatics Centre (NIC) web servers were hacked by hackers from foreign countries as well as hacking of many top politicians’ website can be good examples.
According to the CERT-IN (Indian Computer Emergency Response Team) reports, around 15,000 websites have been defaced in the year 2011. Apart from this estimate, there must be many websites defaced which have gone unreported.
Cyber crime has become a major concern for enterprises, educational institutes and government sector offices. In fact, it has been a concern to anybody who is using a computer and the Internet.
Literally, there may not be even a single computer that has not fallen victim to cyber crime of one kind or the other. Still, as the reports say:
“Most people don’t even report a cyber crime which may be very critical.”
Cyber criminals are not only interested in details of credit cards and compromised bank accounts, but also our addresses, phone numbers, full names and dates of birth, photographs, and all other kinds of personal details.
All this stolen data is sold in the virtual underworld, which is supporting a range of new illegal activities, including malware distribution, the hacking of informational databases, cyber war and internet pornography.
This whole cyber crime game is run by an efficient team of malicious code writers, hackers, highly experienced webhosts and with a network of thousands of zombies or compromised computers which carry out automated attacks online for different purposes.
The rise of the Internet penetration in India has led its door open to many types of Internet fraud activities. Gone are the days when Yahoo chat and IRC chat were the only major platforms for cyber criminals to commit offences online.
Today, social networking websites such as Orkut and Facebook also deal with major security concerns.
I have received several queries regarding social networking sites and lottery emails which are some ways of a planned phishing attack by cyber phishers. There are many phishing victims in Odisha also.
The growing popularity of these online activities has led many users to become victims of “identity theft”.
What are you going to do if your Facebook or Orkut identity has been hacked? You think “No problem, it’s ok” and don’t bother to report it to the cyber crime cell. But, think if your profile picture has been changed by a nude female photo and your face is morphed on it.
Can you think of the consequences and the mental depression you will face when your friends in Facebook and Orkut see such pictures?
Also, if your email id is hacked, don’t think it is not a big deal as you have no important data in it. Your email id might be used in a cyber crime which you may not be aware of. It’s quite upsetting to think, but it is the dark side of technology.
Are you are really helpless if your online identities are hacked? No. It’s your negligence that you do not report to the police for which even our policemen are not so much concerned to update themselves in field of cyber crime investigation because these types of cases are unreported. Likewise, there are many ways of Internet technology misuse of which you may be a victim. Today, most of the colleges and universities in Odisha have gone online having their own websites. According to a survey done by the Cybercbi – a city based information security firm – about 75 per cent of dynamic websites are vulnerable to cyber attacks. The list includes the websites of some top news portals, ISP providers, top colleges, and even our own government websites. What if your website is open to cyber hackers and why is it not secure? Web developers do not test the immunity to hacking after developing a website. They think that a firewall will protect a website from hackers which is not true. If any website is prone to hacking and if the hacker gains a root access on the web server, then other websites sharing the same server are not safe at all, whatever measures the web developers take at their end which is a major threat to all web hosting providers.
Nowadays, most of our state’s enterprises, colleges, cooperative banks, and news and media sectors are investing a lot on their online exposure. They totally depend on their developers for their website needs. A website may not have significant data online, but if it is hacked, then it can be used in many types of cyber crime which may be a nightmare for the website owner. However, this is not the only aim of a hacker. What if your website is malware-infected and users of the site get their computers infected while browsing their malware-infected sites?
Since we are all a part of the unlimited virtual world, we should take cyber security seriously. Organisations should do regular security audits of websites, web servers and networks by specialised security professionals to reduce the security threats to a great extent.
Some tips for regular computer and Internet users: Habituate to change your email passwords every 7 days and never open your email id in front of anyone. Also, avoid public Internet cafes. Use a strong password which shouldn’t be a name or date of birth or a word from the dictionary. Always use a password containing letters, numbers and special characters, for example, [email protected][email protected] Always use a good anti-virus, firewall and operating system. Say no to piracy. Never click on any suspicious link or open any suspicious attachment in your email. Never store passwords in browsers. Storing passwords in computer is not bad. But, make sure the directory containing the password file should be password protected and never forget to password protect your computer. Beware of lottery and cash prize win notification emails.
(The author is a certified ethical hacker, hacking forensic investigator and certified security analyst)