Hacking defense data-Impact of information outpouring of Scorpene in this era of hacking and cyber-terrorism, a data stealing might be a great loss for a country rather than a war. The developed nations had been disbursement billions or Trillions for their defense sectors. The rivals rather than directly attacking the nations, began to compromise the security of their data. A few of day’s back Indian Defense sector were appalled once 22,400 pages of information on Scorpene Submarine were leaked.
In previous article, we understood the first phase of how an attack is launched. In this phase, attackers prepare for launching the attack by gathering as much information about the target as he can. This information may contain the OS details, DB version details, web server details and so on.
Now that attacker has all this data, he may try and identify if there are any vulnerabilities present in the environment, OS configuration details and Network architecture. This second phase of perpetrating an attack is known as Scanning.
The objective of this phase is to find all live servers, open ports, OS and system architecture, services running on the OS and network architecture.
In previous article, we discussed about the major challenges posed to the Data Security of an organization. In global landscape, Hackers utilizes their skills, different tools, vulnerabilities and exploits to perform attacks. In this series, we will discuss about how an attacker performs the attacks.
Hacking any system is comprised of five phases:
IRCTC Website Hacked?
There were news reports that the Maharashtra cyber cell has informed IRCTC, India’s largest e-commerce websites and prime platform for booking railway tickets, about a potential data theft. Even though, IRCTC, the Indian Railway Catering and Tourism Corporation Limited, has denied news reports that its data had been hacked, panic is there among the users of the site. IRCTC PRO Sandip Dutta said: “There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter.” However, most of the news agencies reported it as a case of hacking and with the news, many frantically went and changed their password, some others created new accounts. It was reported that the credit/debit card details, PAN card details, Aadhaar card details, email ids and mobile numbers, which were revealed by IRCTC users will now be used by the hackers.
These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.
These days we are hearing a lot about different online wallets where we can add money to the wallet and can be used for online purchases or it can be for a taxi ride later. We are getting lot of advertisements and offers to add money to the wallet. Yes, I too agree that this is a good technology advancement. However, in case if they deduct One Rupee from this wallet without our knowledge, would you mind in contacting them to check about the details? If we contact them, for sure the telephone charges will be more than One Rupee if they do not have a toll free facility. Most of us wont mind loosing that One Rupee. How about the provider deducts One Rupee from One million customers a day without their knowledge.