Updated April 13, 2023
Introduction to the Importance And Role of Cyber Security in our life
Role of Cyber Security in our Life – Hey, guys, I am back again, but before I proceed with this blog, let me tell you that I never had the intention to write any blog or thesis about Cyber Security. But many students in my previous seminar had many questions about this, and thus I thought, why not write a blog on this? So, here it is. I have divided this into two sections of my life, and then I will explain why I think there is a need for the Growth of Cyber Security.
Cyber Security Guide for Life
Let us discuss the first and second half of the cybersecurity guide in detail.
- How it all started
Let me tell you how this actually started. I was in the Commerce field and took my way of career into Chartered Accountancy. I was, however, never confident that I would fit into this field. I passed the entrance exam but was never able to clear the IPCC exam. And only after receiving three failed attempts, I realized I would never fit into this field. But I had a good I.T. background.
I always had a knack for tricking people into getting things done, which I wanted them to do. And this was my first step toward Social Engineering. I never actually knew this term at that point in time. When I was in my First Year in College, it was like in 2010. I started taking an interest in writing cyber security programs and Trojans and cracking passwords via Keyloggers and MITM attacks. But I was unaware of the fact that this is what hacking is all about. Hacking was never famous in India until the first half of 2013, with Anonymous getting famous and Wiki-leaks becoming known. I started learning this, but it was just for fun sake, and doing this, I completed my B.Com in 2013.
- The First Job
After completing my B.com, I never wanted to work for a bank or as an accountant. Thus, I started giving interviews in I.T. cybersecurity firms at that point in time, but no one needed hackers. They all thought they had enough security, and when I said I was a hacker, most of them were like….” WHAT? What is a Hacker?” I was mostly shocked at the start because these people taking interviews didn’t know much about hacking, even though they had completed their engineering in Computer Science and whatnot.
So, I decided to take it upon myself. I decided to do it the hard way. I wrote a Trojan while on my way to an interview at an I.T. company and stored it in a flash drive.
- The Preparation
When I reached the office, I was asked to give my Curriculum vitae (C.V.). I told them I forgot to bring my Resume on the way, but I had it stored in my flash drive, and if they could print it out for me, it would be of great help. They gladly accepted, not knowing that the PDF file to which I had my Resume I had also attached a Trojan to it.
So, when the person clicks on the file to open it, the Trojan would get automatically executed and open a backdoor on my Kali Linux System, known as Backtrack (I will get back to Kali Linux later on). The office HR printed the Resume and gave the hard copy back to me.
The only point of my concern was the antivirus system. But I was confident enough because most cyber security companies have Windows XP in their system, with many vulnerabilities when in comparison with Windows 7. To my luck, their antivirus was quite old.
After having my hard copy, I got a call from the H.R. for the first round. She asked me the basic questions, and I cleared them. There were a total of 4 rounds. Besides me, there were 6 engineers sitting who had their degrees with them except me. They all went through the four interviews, and I was called last. I went in for my second round. It was by the Manager of the company. I went in.
- The Attack
He asked me which profile I was in for. I said Network Security. He said they already had network cyber security engineers with them and didn’t need one. He said if I cleared all the rounds, I would be given the role of Desktop Support, L1 support. L1 support was for noobs. I wasn’t there for that to get a pay of INR 8000 per month.
I had bigger plans. I asked him one last thing before I got off, whether he thought his network was secure. He smiling said it was, and there was no reason to doubt it. I silently smiled, opened my old Asus Laptop, attached my dongle, and asked permission to test his security. He thought that I was joking. I executed a backdoor Trojan, ran the bypass UAC (not in XP) script, and escalated my access from a user to an admin. The machine had a connection with the printer.
I asked the manager whether I could print something via my System. He said it would be impossible. I silently published a sample document from my System to his remote machine. My actions were shocking to him. He said he never in his life would have thought that his network was so insecure that anyone could easily break into it.
He acknowledged my skill and knowledge of Network Security, and I was handed my first offer letter for the Role of L3 Support. He asked me how I had done that. I silently smiled and said, “It’s not just about having a guy with a degree or a good hardware Sir. It’s about having practical knowledge and a way to execute it.”
- The Aftermath
So, I learned that day that almost 80% of the population in the world doesn’t even know what hacking is. I am currently working in a different company with a different profile. But previously, when someone used to ask me what’s my job profile, and I used to say “Hacker”, people would be like, “What kind of job is that? Which degree did you do?” I would then tell them I am a “Network Cyber Security Expert”, and then they would say, “OK, fine”.
The point is people like to hear big terms. When I used to practice Pentesting, my mom would normally think that I was becoming some kind of criminal or a terrorist, but later on, she got an idea of what I was doing since I did not go to Jail (‘Kidding).
These second half parts are actually some random parts of my life.
- The Bored Party
I remember last year I went to the Comic-Con Fest in Bangalore. I was there sitting with my friend at morning 3.30 at the Airport. The flight was around 6.00. There was an Open WiFi over there from the Reliance company, and my friend was trying to connect but was getting a bad reception, and he was getting thrown out randomly by the router.
I was there sitting next to him, watching the movie ‘Prometheus’ when he started cursing the network since he had nothing else to do. He was pissed since the data pack in his cell was almost over, and he didn’t want to incur more charges than being in a roaming condition (We used to stay in Pune then). So, to keep him quiet, I started my Nexus5, in which I had Wi-Fi Analyzer App.
I searched the radio frequency from where I could get the maximum range and then asked him to connect. He connected it, but still, he wasn’t getting much download speed. It was around 30-40kbps. So, before he starts bugging me again, I thought I would look at it. When I opened Kali Nethunter (Rom for NEXUS series based on Kali Linux OS) and scanned the area with Nmap using my WLAN adapter, I saw 130-140 people connected to that Hotspot.
So, I started a death attack, which threw out all the people connected to the router except my friend (Since I had put his IP address as an exception). Now, he was getting a speed of around 10-12 Mbps.
I silently boarded and flew and came back to Mumbai. After my flight landed, I went into the store of Reliance and just told them as a courtesy to strengthen their cyber network security, but what they told me in return was astonishing, ”Are bhai, jisko jo karna hai karne do, wo hamara kaam nai hai”(Let anyone do what they want, it’s not my job to do anything).
- The Blind Bluff
Another incident I recall is sitting with my friends in Mumbai in the office cafeteria this year, and they asked me to show them some hacking-related stuff. It took 15 minutes for me to get my lunchtime over, So why not. I asked them for one of their friends’ names and the area where he lived. They gladly told me that.
I had a OnePlus One cell this time with me, loaded with Kali Nethunter and multiple other pen-testing Apps. I accessed some social networking sites like Facebook, LinkedIn, and Naukri.com and was able to gather the person’s email ID and phone number. I had changed my name in TrueCaller to Google India a few days before, so I thought that Social Engineering would be my best chance. I called up that guy, and this was the conversation:
Me: Hello Sir, my name is Chetan Nayak, and I am calling you from Google India from Hyderabad. I believe your name is Mr. XYZ.
Me: Sir, this is your mail ID and cell phone number. Can you confirm the same?
XYZ: Yes, how can I help you?
Me: Sir, I can see that you are staying in Mumbai, Borivali(I got this area from his friend)
XYZ: Yes, Sir. How do you know that?
Me: Mr. XYZ, As I told you, I am calling from Google India. We can trace your IP address from here. I am calling from the cyber security team. Someone tried to hack into your account this morning. I will now send you a confirmation code to verify that this is you and will reset your password. Kindly change your password after 24 Hours. (The confirmation code was nothing but a Google verification code when you reset your password using the ‘Forgot Password tab)
XYZ: OK, fine, Sir. No issues, and thanks a lot.
Me: Have a nice day ahead, thank you.
Now most of you might think that this is pure conning. Where is hacking in this? But no, this is pure hacking. Hacking is a very wide concept. This was a mixture of Social Engineering, Footprinting, and Reconnaissance. And this is what most people don’t know. Some people think hacking is like typing something very fast, but it only happens in movies. In real life, you just cannot sit at a computer and type some keywords. You need to get up and actually will have to do some physical stuff.
- Movies v/s Real Life.
So, now you might be thinking that this is just my experience. But that’s just not it. People all around the world don’t know much about this. People normally leave a lot of stuff disclosed on social networking websites and job portals, and it becomes easier for hackers to gain your trust and act as if they are a part of something important.
Let me tell you something more if that’s not dangerous enough. People normally download many cracked games and software from different websites and torrents. But they don’t know that these aren’t just plain cracked software packages. They have Trojans and viruses embedded in them. When you run those applications, a code executes simultaneously in your explorer’s background process.
You might think that if you don’t store any personal information on your computer, it won’t be useful to hackers. But you don’t know what happens behind the scenes, do you?
- Black Hat Hacking
Let me give you an example. You might know about large banks robbed by hackers. But the thing is, no matter how strong the hardware is, just one computer will not be capable of handling or cracking multiple cybersecurity codes and passwords at one point.
So, these hackers create bots which then create botnets. These hackers then execute a script remotely from your computers, and when the cops come to trace it, it will be you rather than it being them. One trojan may affect your computer, and you won’t even know that. So, these computers combined together are powerful enough to crack any codes.
So, I think I have explained enough of why people should know about ethical hacking to save themselves, if not attack others.
That would be it from my end. Now it’s up to you to decide, to become a victim or an attacker.
First Image Source: pixabay.com
This has guided the Importance Role of Cyber Security in our life. Here we have discussed the basic concept, the first and second half of the cybersecurity guide in detail. You may look at the following articles to learn more –