Role of Cyber Security in our life – Hey, guys I am back again, but before I proceed with this blog, let me tell you that I never had an intention to write any blog or thesis about Cyber Security. But there were lots of students in my previous seminar who had a lot of questions about this and thus I thought why not write a blog on this. So, here it is. I have divided this into 2 sections of my life, and then I would explain why I think there is a need for Growth of Cyber Security.
Cyber Security Guide for Life –
How it all started
Let me tell you how this actually started. I was in the Commerce field and took my way of career into Chartered Accountancy. I was however never confident that I would fit into this field. I passed the entrance exam but was never able to clear the IPCC exam. And only after receiving 3 failure attempts, I realized that I would never fit into this field. But I had a good I.T. background.
I always had a knack to trick people into getting things done which I wanted them to do. And this was my first step towards Social Engineering. I never actually knew this term at that point of time. When I was in my First Year in College, it was like in 2010, I started taking interest in writing cyber security programs and Trojans and cracking passwords via Keyloggers and MITM attacks. But I never thought that it was hacking. Hacking was never actually famous in India until the first half of 2013 with Anonymous getting famous and Wiki-leaks being known to people. I started learning this but it was just for fun sake and doing this I completed my B.Com in 2013.
The First Job
After completing my B.com, I never wanted to work for a bank or as an accountant. Thus, I started giving interviews in I.T. cyber security firms at that point of time, but no one needed hackers. They all thought they had enough security and when I said, I was a hacker, most of them were like…”WHAT? What is a Hacker?” I was mostly shocked in the start because these people who were taking interviews, they even though having completed their engineering in Computer Science and what not, they didn’t know a bit about hacking.
So, I decided to take it upon myself. I decided to do it the hard way. I wrote a Trojan while on my way to an interview in an I.T. company, and stored it in a flash drive.
When I reached the office, I was asked to give my Curriculum vitae (C.V.). I told them I forgot to bring my Resume on the way, but I had it stored in my flash drive, and if they could print it out for me, it would be of great help. They gladly accepted, not knowing that the PDF file in which I had my resume, I had also attached a Trojan to it.
So, when the person clicks on the file to open it, the Trojan would get automatically executed and open a backdoor on my Kali Linux System, which at that point was known as Backtrack (I will get back to Kali Linux later on). The office HR printed the Resume and gave the hard copy back to me.
The only point of my concern was the antivirus system. But I was confident enough because I knew that most cyber security companies had Windows XP installed in their system, which had a lot of vulnerabilities as compared to Windows7 and to my luck, their antivirus was quite outdated.
After having my hard copy, I was called by the H.R. for the first round. She asked me the basic questions and I cleared. There were a total of 4 rounds. Besides me, there were a total of 6 engineers sitting who had their degrees with them, whereas I didn’t. They all went through the 4 interviews, and I was called last. I went in for my second round. It was by the Manager of the company. I went in.
He asked me which profile I was in for. I said Network Security. He said they already had network cyber security engineers with them and they didn’t need one. He said if I cleared all the rounds, I would be given the role of a Desktop Support, which would be L1 support. L1 support was for noobs. I wasn’t there for that to get a pay of INR 8000 per month.
I had bigger plans. I asked him one last thing before I got off, that whether he thought his network was secure. He smiling said it was and there was no reason to doubt it. I silently smiled and opened my old Asus Laptop, attached my dongle and asked him the permission to test his security. He thought that I was joking. I executed backdoor Trojan and ran the bypass UAC (which was not in XP) script and escalated my access from user to admin. The machine, which I had access to, was connected to a printer.
I asked the manager whether I had permission to print something via my System. He said it would be impossible. I silently printed a sample document from my System to his remote machine. He was shocked to see what I had done. He said he never in his life would have thought that his network is so insecure that anyone could easily break into it.
He acknowledged my skill and knowledge about Network Security and I was handed my first offer letter with a Role of L3 Support. He asked me how I had done that, I silently smiled and said, “It’s not just about having a guy with a degree or a good hardware Sir, it’s about having practical knowledge and a way to execute it”
So, I learnt that day that almost like 80% of the population in the world don’t even know what hacking is. As of now, I am working in a different company with a different profile. But previously, when someone used to ask me what’s my job profile, and I used to say “Hacker”, people would be like, “What kind of job is that? Which degree did you do?” I would then tell them that I am a “Network Cyber Security Expert”, and then they would say “OK, fine”.
The point is people like to hear big terms. When I used to practice Pentesting, my mom would normally think like I am becoming some kind of criminal or a terrorist, but later on she got an idea as to what I was doing since I did not go to Jail (‘Kidding).
These second half parts are actually some random parts of my life.
The Bored Party
I remember last year I had gone to the Comic Con fest in Bangalore. I was there sitting with my friend at morning 3.30 in the Airport. The flight was scheduled at around 6.00. There was an Open WiFi over there from the Reliance company, and my friend was trying to connect but was getting a bad reception and he was getting thrown out randomly by the router.
He was actually pissed since the data pack in his cell was almost over and he didn’t want to incur more charges that being in a roaming condition (We used to stay in Pune then). I was there sitting next to him watching the movie ‘Prometheus’ when he started cursing the network since he had nothing else to do. So, to keep him quite I started my Nexus5 in which I had Wi-Fi Analyzer App.
I searched the radio frequency from where I could get the maximum range, and then I asked him to connect. He connected it, but still he wasn’t getting much of a download speed, it was like around 30-40kbps. So, before he starts bugging me again, I thought I would take a look at it. When I opened Kali Nethunter (Rom for NEXUS series based on Kali Linux OS) and scanned the area with Nmap using my WLAN adapter, I saw that there were like 130-140 people connected to that Hotspot.
So, I started a deauth attack, which threw out all the people connected to the router except my friend (Since I had put his IP address as an exception). Now, he was getting a speed of around 10-12 mbps.
After my flight landed, I went into the store of Reliance, and just told them as a courtesy to strengthen their network cyber security, but what they told me in return was astonishing, ”Are bhai, jisko jo karna hai karne do, wo hamara kaam nai hai”(Let anyone do what they want, its not my job to do anything). I was mouth shut on hearing this, I silently boarded and flight and came back to Mumbai.
The Blind Bluff
Another incident I recall is I was sitting with my friends in Mumbai in the office cafeteria this year, and they asked me to show them some stuff based on hacking. It was 15 minutes left for me to get my lunch time over, So I thought why not. I asked them one of their friends name and Area in which he lived. They gladly told me that.
I had a OnePlus One cell this time with me loaded with Kali Nethunter and multiple other pentesting Apps. I accessed some social networking sites like Facebook, LinkedIn and Naukri.com and was able to gather the person’s email ID and phone number. I had changed my name in TrueCaller to Google India few days before this, so I thought that Social Engineering would be my best chance right now. I called up that guy, and this was the conversation:
Me: Hello Sir, my name is Chetan Nayak and I am calling you from Google India from Hyderabad. I believe your name is Mr. XYZ.
Me: Sir, I believe that this is your mail ID and cell phone number, can you confirm the same.
XYZ: Yes, how can I help you?
Me: Sir, I can see that you stay in Mumbai, Borivali(I got this area from his friend)
XYZ: Yes, Sir. How do you know that?
Me: Mr XYZ, As I told you I am calling from Google India, we can trace your IP address from here. I am calling from the cyber security team and wanted to tell you that some one tried to hack into your account this morning. I will be sending you a confirmation code right now to verify that this is you and will reset your password. Kindly change your password after 24 Hours. (The confirmation code was nothing but Google verification code when you reset your password using ‘Forgot Password’ tab)
XYZ: OK fine, Sir. No issues, and thanks a lot.
Me: Have a nice day ahead, thank you.
Now most of you might be thinking that this is pure conning, where is hacking in this? But no, this is pure hacking. Hacking is a very wide concept. This was a mixture of Social Engineering, Footprinting and Reconnaissance. And this is what most people don’t know. I have seen some people, who think hacking is like typing something very fast and its done, but it only happens in movies. In real life, you just cannot sit on a computer and type some keywords, you need to get up and actually will have to do some physical stuff.
Movies v/s Real Life
So, now you might be thinking that this is just my experience. But that’s just not it. People all around the world don’t know much about this. People normally leave a lot of stuff disclosed on social networking websites, job portals and it becomes easier for hackers to gain your trust and act as if they are a part of something important.
If that’s not dangerous enough, then let me tell you something more. People normally download lots of cracked games and softwares from different websites and torrents. But what they don’t know is that these aren’t just plain cracked software packages. They have Trojans and viruses embedded in them. When you run those applications, there is a code which is getting executed at the same time which is in the background process of your explorer.
You might think that if you don’t store any personal information on your computer, then even if you computer is affected, it won’t be of any use hackers. But, you don’t know what happens behind the scenes, do you?
Black Hat Hacking
Let me give you an example. You might have heard of large banks getting robbed by hackers. But the thing is just one computer no matter how strong the hardware is, will not be capable of handling or cracking multiple cyber security codes and passwords at one point of time.
So, these hackers create bots which then create botnets. Your computer may get affected by one trojan and you wont even know that, but simultaneously other computers from all around the world also get affected. So, these computers combined together are powerful enough to crack any codes. These hackers then execute a script remotely from your computers and when the cops come to trace it, it will be you rather then it being them.
So, I think I have explained enough as of now as to why people should know about ethical hacking, to at least save themselves if not attack others.
That would be it from my end, now it’s up to you to decide, to become a victim, or an attacker.
First Image Source: pixabay.com
Here are some articles that will help you to get more detail about Cyber Security so just go through the link.