The term cyber terrorism is becoming increasingly common, which you’ll observe on reading any online hacking weblog. Still, a solid definition of the word seems hard to come by. While the phrase is loosely defined, there is a large amount of ambiguity in what exactly constitutes cyber terrorism. In the post September 11 world, this is somewhat disconcerting.

A New Weapon: Cyber Terrorism

In an attempt to define cyber terrorism more logically, a study is made of definitions and attributes of terrorism and terrorist events. From these attributes a list of attributes for traditional terrorism is developed. This attribute list is then examined in detail with the addition of the computer and the Internet considered for each attribute. Using this methodology, the online world and terrorism is synthesized to produce a broader but more useful assessment of the potential impact of computer savvy terrorists. Most importantly, the concept of ‘traditional’ cyber terrorism, which features the computer as the target or the tool is determined to be only a limited part of the true risk faced.

Cyber terrorism has been quite a game changer for the way we build our online defences. In particular, the breadth of the issue poses significant questions for those who argue for vertical solutions to what is certainly a horizontal problem. Thus, the validity of special cyber terrorism task forces that are disconnected or loosely connected with other agencies responsible for fighting the general problem of terrorism is questionable and a broader, more inclusive method more likely to be effective.

Defining Cyber Terrorism

It is difficult for people to come to a consensus regarding what exactly cyber terrorism is. When the people in question are computer security experts who’d be  the architects of our defenses against cyber terrorism, this discrepancy goes from mere annoying to worrisome. When these 10 people represent varied factions of the governmental agencies tasked with protecting our national infrastructure and assets, it becomes a critical issue. However, given the lack of documented scientific support to incorporate various aspects of computer-related crime into the genre ‘cyber terrorism’, this situation should not be surprising.

Despite copious media attention, there is no consensus methodology by which various actions may be placed under the nomenclature ‘cyber terrorism’, yet the term clearly exists in common usage.

However, the reality is that the reader, solution provider, or defender is often left to his own devices as to what the term actually means and thus what solutions should be created (or implemented). When a government’s or corporation’s entire infrastructure may be at stake, subjectivity is useful but may not be the best evaluative tool.

At the same time, research of this phenomenon shows that cyber terrorism cannot easily be defined. This creates a Catch-22 situation: the thing cannot be defined — yet without defining it, one cannot ‘know’ what it is one is fighting and hence come up with a good solution. Furthermore, even when there is an operational agreement on terms, if an attack/security event does not fit into one of the (often narrowly defined) categories, funding (and as a result investigation or technical remedy) may not be forthcoming.

That’s all for now, but keep reading as we’ll continue to update you with more details on online hacking in future posts, with a particular focus on cyber terrorism.

According to an August 2011 study on online hacking by cyber security software company McAfee, networks of nearly 72 organizations including the UN, governments and companies across the world have fallen victim to online hacking attacks since 2006. Besides making this sensational revelation on online hacking, McAfee has also stated that there was a “state factor” behind the online hacking attacks. However, the company shied away from identifying that factor more concretely, leaving a lot of gaps to be filled in by the wild imaginings of online hacking conspiracy theorists.

Online Hacking Weblog: The Victim Parade

McAfee says in a release that a number of organizations which includes the governments of the US, India, South Korea, Vietnam, Canada and Taiwan, as well as groups such as ASEAN, IOC, WADA and several high-tech enterprises have fallen prey to a concerted, coordinated five-year online hacking campaign that was far from random, and was orchestrated as part of a larger, deeper strategy targeted at these governments.

McAfee had notified all 72 victims of the attacks, which are under investigation by law enforcement agencies around the world.

McAfee revealed in its report that the hackers managed to steal data from the computer networks of the UN Secretariat in Geneva for nearly two years. McAfee learned of the extent of the online hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a “command and control” server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.

Discovering Operation Shady RAT

McAfee discovered what it calls as Operation Shady RAT, which was used by the intruders for hacking into the online systems. The company then collected logs that revealed the huge volume of cyber attacks since mid-2006.

According to sources within McAfee, the enormous diversity of the victim organizations and the audacity of the perpetrators was disconcerting even for the seasoned cyber security professionals who’re part of McAfee’s threat research team.

McAfee says in its report that as many as eight organizations were victims of online hacking in 2006. The number increased to 29 by 2007. The number of victimized organized continued to increase in following years as it peaked at 38 in 2009 before a slump in online hacking activity. The slump was perhaps due to the widespread availability of the online hacking countermeasures for the specific intrusion indicators used by this specific perpetrator.

What is happening to all this data obtained through online hacking is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook through online hacking), the loss represents a massive economic threat.

Some of the attacks lasted just a month, but the longest—on  the Olympic Committee of an unidentified Asian nation—went on and off for 28 months, according to McAfee. A McAfee spokesperson further made an as yet unsubstantiated claim that this was the biggest transfer of wealth in terms of intellectual property in history. There’s certainly no doubt that the scale at which this is occurring is disturbing.

Is China Behind the Online Hacking Attacks?

Responding the report, cyber security experts with the Center for Strategic and International Studies stated their belief that it is China that is behind the online hacking campaign, which they claim is indicated by the fact that most of the stolen information was of particular interest to China.

The systems of the IOC and several national Olympic Committees were breached before the 2008 Beijing Games. And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

This claim was not commented on either by McAfee, or any representatives of the Chinese government. Concerns regarding the report and its potential effects have been escalated to a level where they have come to the attention of UNO, which has started as investigation into the matter.

A Pentagon spokesperson, Air Force Lieutenant Colonel April Cunningham stuck to the official version that the attackers are as yet unidentified. However, Cunningham has also stated that the Department of Defense has already reported to the Congress in 2010 regarding the active pursuit of cyber capabilities initiated by China, with an aim to ex-filtrate sensitive information of a strategic or military utility.

McAfee had published this report earlier this year to coincide with the commencement of the annual Black hat conference in Las Vegas, a confluence of cyber security professionals with a focus to fighting online hacking and cyber crime.

Imagine this online hacking scenario: someone stealing information from your computer while you are uploading an image on Facebook. Scary, yes. Implausible? Think again; it may sound like its coming from a cyberpunk tale, but it’s quite possible with the latest online hacking techniques.

A collaborative effort between researchers from the University of Illinois at Urbana-Champaign and the Indraprastha Institute of Information Technology in New Delhi, India have come up with “Steganobot”, a new generation botnet, which attaches itself to Facebook profiles and gains access to the user’s confidential data such as e-mail passwords while uploading Facebook pictures. The researchers said that Stegobot was developed to show how easy it could be for a hacker to exploit Facebook photos upload feature to sneak into the user’s computer.

Botnet Malware: Online Hacking Evolution

Malware is an extremely serious threat to modern networks. In recent years, anew form of general-purpose malware known as bots has arisen. Bots are unique in that they collectively maintain communication structures across nodes to resiliently distribute commands and data through a command and control (C&C) channel. The ability to coordinate and upload new commands to bots gives the botnet owner vast power when performing online hacking activities of a criminal nature, including the ability to orchestrate surveillance attacks, perform DDoS extortion, sending spam for pay, and phishing.

The evolution of botnets for online hacking has primarily been driven by the principle of `whatever-works’. Early botnets followed a centralized architecture. However, the growing size of botnets led to scalability problems. Additionally, the development of online hacking defense mechanisms that detect centralized command-and-control servers further accelerated their demise. This led to the development of a second generation of decentralized botnets.

Meet Steganobot: New Botnet developed to Study Future Online Hacking Threats

Stegobot initially gains access to computers through the usual channels such as infected attachments or directs to malware-laden content. After gaining access, Stegobot applies a technique called “steganography” to conceal data in the image files without affecting the picture’s appearance.

Topological Diagram of Steganobot

The botnet incorporates the information into any image you are uploading on Facebook. And then it waits for one of your friends to see your profile. Stegobot can then infect your computer even if your friend has not clicked on the corrupted image. In case your friend is also infected with the botnet, then any photo they upload will also pass on the stolen data. And the relaying of the data can eventually land into the hands of a botmaster, who will be then able to access your identity.

The study focuses on the development of a decentralized botnet based on a model of covert communication where the nodes of the network only communicate along the edges of a social network. This is made possible by recent advances in malware technologies. Social malware refers to the class of malware that propagate through the social network of its victims by hijacking social trust. Instances include targeted surveillance attacks on the Tibetan Movement and the non-targeted attack by the Koobface worm on a number of online social networks including Facebook.

By adopting such a communication model, a malicious network such as a botnet can make its traffic significantly more difficult to be differentiated from legitimate traffic solely on the basis of communication end-points. Additionally, to frustrate defense efforts based on traffic flow classification, Steganobot’s development team intends to explore the use of covert channels based on data concealment techniques. What if criminals used steganographic data hiding techniques which exploit human social behavior patterns in designing botnets? Would it be possible to design such a botnet? How would it be superior to existing botnets, and where would it be inferior to the same? These are some of the questions this study hopes to answer in this paper.

The research related to Stegobot is quite significant as this online hacking threat is virtually undetectable. Of late we have seen a spate of online hacking across the world. Whether it has been a government website or the IMF network, everything online seems vulnerable. Online hacking techniques such as botnets have only strengthened the contemporary need for more secure and foolproof methods to safeguard online identity. For continued updates about malware protection and safe web behavior, keep reading our online hacking weblog.

As you’d have guessed from the previous posts about ethical hacking on our online hacking weblog, Over the past few months, Facebook has been running a bounty program of sorts aimed at rewarding white hat hackers for detecting security holes in the site.  At last count, Facebook had shelled out nearly $40,000 within the first three weeks of this program; if nothing else, this little piece of statistic does illustrate the merits of outsourcing your website’s cyber security jobs to freelance ethical hackers

Bug Bounty: Facebook Pays You for Ethical Hacking

The objective of the “bug bounty” program is to encourage cyber security experts to help ramp up Facebook’s security against online hacking attacks. Facebook has already paid above $7,000 for detecting as many as six serious bugs in the site. The social networking company is running the ethical hacking program alongside its other measures to ward off internet-based threats to the site.

Facebook chief security officer Joe Sullivan has revealed some details of the ongoing bug bounty program in a blog post. He said in the post that the ethical hacking had helped make Facebook more secure by revealing “novel attack vectors, and helping us improve lots of corners in our code”. Sullivan revealed that the minimum sum paid for bug detecting is $500, which can be extended up to $5,000 depending upon the seriousness of the loophole detected. Facebook has already shelled out the maximum bounty once.

Sullivan adds that Facebook’s White Hats initiative has received positive response worldwide. He goes on to describe how Facebook received applause on launching their responsible disclosure policy last year, in which Facebook told ethical hacking researchers that they had the freedom to report the bugs in accordance with the policy without fearing adverse action by Facebook.

Turning to Ethical Hacking to Counter Rising Threats

Facebook’s bug bounty program comes in the backdrop of escalating threats to the social networking site from cyber criminals and vandals. According to reports, Facebook has been a prime target of the cyber criminals and that they are looking out for different ways to extract confidential and useful information from Facebook users and promote spamming on the site, necessitating the move to harness ethical hacking talent from the world over.

Facebook has apparently gone extra mile by inviting bug hunters to ensure site’s safety. Reports have claimed that Facebook is now in talks with third party institutions which are ensuring that the company’s privacy policy also covered the white hat ethical hacking researchers.

Researchers from more than 16 countries have successfully submitted bounty bugs, Facebook said. Its public “thank you” list names dozens of ethical hacking contributors.

That will be all for now, but we’ll continue to feature more news articles on ethical hacking on our online hacking weblog.

If you regularly follow any online hacking weblog, the name Anonymous wouldn’t be unfamiliar. They’ve been in the news for all the wrong reasons, even though they are wont to justify their actions by citing certain motivating factors.

There has been some online hacking activity recently, however, that has put even this daring group of civil disobedience activists in the denial mode. Recently, hackers claiming to be from the infamous activist group Anonymous (known for several online hacking attacks) hacked into a Government of  India, GoI for short, website to express their support the ‘India Against Corruption” movement in the country. Obviously, this misguided group claiming to be the Indian chapter of Anonymous seem to believe that their actions are somehow contributing positively to the movement. It is hard to understand how targeting the government websites with online hacking attacks will help the cause. Now, after having seen a spate of attacks on Indian websites, and promises for more, India seems to be a big target on the hit-list of hackers of global notoriety. Though none of the hacks have so far proved to be too damaging, concerns on level of Internet security in the country have grown sharply.

Online Hacking Weblog: The Attack Backfires

The ‘Anonymous’ hackers group also hacked the Indian Army website but quickly retracted after a lot of outraged Indians flooded the Facebook and Twitter pages of Operation India with angry responses to the online hacking attack. Soon after the event, the Facebook and Twitter pages for Anonymous India were removed – a move that took everyone by surprise. It is also not clear whether the move was taken by the online hacking group or the social networking sites were too involved into it.

Things became more confusing after a message, purportedly from the ‘real’ Anonymous, posted on PasteBin said that Anonymous did not launch any online hacking attacks against the government sites but that it was someone else misusing its name.

Here’s excerpt of the message:

“It has come to our notice that some of the Indian hackers and their groups are taking the undue advantage of the situation and the name and platform of Anonymous” “You targeted organizations and other Indian Government properties to settle your own issues and you used the name Anonymous for personal benefits. By doing all this activities, you have not only hampered the image of Anonymous but you all are responsible for the damage caused to #OpIndia.”

Other Online Hacking Attacks

Other than the blame game and discussing who is responsible for the menace, focus should remain on the factors leading to such events. The recent breach of computer networks of International Monetary Fund (IMF) apparently shows the vulnerability of Internet communication across the world. Even after intensification of security, such hacking events are the on rise. Famously, companies like Sony and Citigroup were not spared either. Many will agree increasing online hacking attacks have raised the risks of critical and private data getting out in public. Anonymous India or whosoever it was justified hacking the government website in the name of the anti-graft movement. And then it follows that up with the online hacking attack on the Indian Army website. It is very hard to relate the two acts of online hacking, as they don’t seem to have been done with the same intentions.

The need for better education on online hacking and cybersecurity on all levels is now acknowledged by many IT security experts and even government officials, but it seems that nobody quite knows where to begin.

A paper published by Chatham House last month found that “there was considered to be an absence of an authoritative ‘rich picture’ that could help to develop a more comprehensive and urgent sense of the online hacking threats that need to be tackled.”

The UK Cyber Security Strategy has recently been put back to later this month, in order to attempt to create links between government and law enforcement groups.

Online Hacking Weblog: Tackling Hacking with Education

Virtually everyone acknowledges the dangers of online hacking and related cybercrime, but few, if any, have a clear idea of what to do.

There exists a need to educate from the bottom up and a strategy must be reached to protect the national infrastructure.

With online hacking crimes against individuals still on the rise, there is also an ongoing danger to corporations and government, especially from botnets.

However, it is a mammoth task to change the surfing habits of users and the gaps in the understanding of company leaders and their ICT departments.

Although awareness of the affects of cyber crime is growing, “there is still limited understanding of the nuances of the debate”.

Governments all over the world recognize that they can’t change things by themselves and so there is a need for private and IT security companies to get involved too.

However, research and funding in the area of cyber security to counter online hacking is still sadly lacking in both the public and private sector, although it is recognized that more is needed.

This can be addressed within organizations by identifying future threats and budgeting accordingly.

It is more important now than ever that corporations understand the risks and allocate funds and implement plans in order to tackle the problem.

Online Hacking Weblog: Re-engineering Social Web Behavior

On a societal level, greater public awareness about online hacking needs to be achieved and this can be done by first of all ensuring more understandable terminology.

The problem with addressing society as a whole is that it is made up of such a diverse mix of people.

Not only does information have to be accessible to everyone, but it needs to be put across in such a way that gives it “value” to people.

One of the key areas to address is modifying human behavior, because humans, not computers, can be the weakest link in defense against online hacking, say cyber crime experts.

The cyber crime industry has thrown posters, mug mats and beseeching hope at a problem that needs, what behavioral scientists call, ‘choice engineering’. The difficulty in getting both companies and individuals to adopt good security practices is recognized. A more fundamental cultural change may be necessary to drive large-scale transformation in cyber security outreach and online hacking awareness. Whilst awareness surrounding the issues is improving in both government and organizations, this isn’t in any uniform manner and there still exists a basic lack of understanding about the threats of online hacking and in many cases, inadequate response measures are being put in place. Additional work is also needed on improving the culture of cyber security at the societal level, with clearer guidance on what it means to be a ‘good netizen’.

Progress towards improving this culture would serve to establish a kind of immunity to the most widespread and common threats, while also educating a broad group of users about emerging online hacking threats.

Online hacking of credit card information is an abomination arisen out of a phenomenon that has otherwise done only good for the betterment of mankind.

Purchasing products and services on the internet using credit cards has always been dicey for most people since the early days of the internet. While the internet has evolved, bringing new and improved security measures, the danger of online hacking still lurks. And the trouble with online hacking is that the perpetrators of online hacking are always a step ahead; they discover a fault or a security hole in a system and exploit it to gain unauthorized access to information. When the fault is discovered, they are filled up, leaving online hacking experts to look for other fault lines; and they usually do find them.  When it comes to online usage of credit cards, the ramifications of identity theft, even without considering the potential financial loss, are huge. Your credit card leaves an electronic trail of purchases and anybody stealing the credit card details could effectively be using it for something illegal in your name.

The situation might seem hopeless and you may think that there’s not much you can do short of vowing never to use your credit card online, but that is drastic, unnecessary and inconvenient. Sure, some online merchant sites have other payment options too, but the credit card still remains the most widely offered option. Not using a credit card online is likely to prevent you from availing the awesome deals and sales you can participate in on the internet shopping sites. There are, however, ways and means to improve your defenses against online hacking.

Protecting your Credit Card Information from Online Hacking

The first thing you need to check, when shopping online with a credit card, is to ensure that you’re always on a secure page. Online merchant sites often use a high level of on-page encryption to render their pages secure, so that the sensitive information your provided may not be intercepted. This, however, is unlikely to protect you if you have malware such as keyloggers installed on your system, which is one way that perpetrators of online hacking gain your information. Therefore, using anti-virus as well as anti-spywate software is essential. Another trick that you may be subjected to is through phishing emails. It works like this: you get an email that seems to be from your credit-card company or bank, and everything looks like the real deal. The mail would request you to click on a link which would also look a genuine page of the bank or credit card company. This page, however, is a phishing page, one way of online hacking, that would ask you for your password, credit card number or some other sensitive detail (and you wouldn’t suspect a thing because it seems natural for the page to ask this information). This method of online hacking literally tricks you into giving away your own details. So be careful of any email claiming to be from your bank-salsh-credit card company-slash-online payment processor; doubly so if it contains a link to click on. Always access your bank site or any financial transaction site directly by typing the address into your online browser, the old fashioned way.

Virtual Credit Cards to Fool Online Hacking

Using a payment processor such as Paypal is also a good way to protect yourself while shopping with a credit card online. You’re furnishing your information to only one site (Paypal, in this case) which then proceeds to make payments to the sites you do your purchases from, thus limiting risk by limiting online exposure of your data. The downside is that while these payment processors have a good coverage of online merchant sites to provide you the service, there are still an awful lot of sites which wouldn’t be covered by your payment processors. You see, all processors don’t work for all websites or, for that matter, for all geographical locations.

Using virtual credit cards is another alternative to using credit cards online. These cards eliminate the risk involved in your online credit card transactions by giving you single time useable credit card numbers that can only be used online, and only be used once. Contact your credit card company to know more of these facilities that would help you shop online with your credit card.

Keep watching this space for cyber-security tips and tricks to protect yourself from the dangers of online hacking, whether for credit card information or otherwise.

A phishing is an online hacking attack of a very sneaky sort; in fact its more in the category of fraud rather than attack.  It is also one of the crudest of online hacking methods to be used for the purpose of identity theft. The term itself originates from phone phreaking, a word that traces its way to early hacking news reports and identity theft investigations. Though based on a simple underlying concept, perpetrators can weave an elaborate con aimed at ‘phishing’ the identity details of a target. These may then be used to mail bomb another target, other online hacking activity or even to access the target’s financial data.

Online Hacking: Tricks of the Phishing Trade

Phishers try to con you into providing them with sensitive info such as email/ login data, which they can then put into their nefarious online hacking skills and use it to make money out of the system.

One very vulnerable target for phishers is your PayPal account. PayPal is a web-based payment processing system that lets you transfer money to and from your PayPal account with your credit or debit card, thus avoiding the risk of revealing your credit card details to every e-commerce website you shop at.

This does make PayPal a particularly meaty target for online hacking. If you wanted to take money out of other people’s paypal accounts, all you would really need is their email address and password. Then you sign in to their account, and send the money to an account you have set up.

What phishers will do is email paypal customers with an email that looks like an official email from paypal. It will have the paypal logo and format and will look exactly like official paypal emails to customers. It may even come from an address that looks like paypal’s official website. It will go on to say it is a random security check or some other technical procedure and that you are required to type in your user name and password. It will then thank you and say the check or whatever other scheme it claims to be is complete. In the meantime, the phisher will have your password and can clear out your account.

While this is a basic example, there are countless variations of increasing complexity that will be used to try and entice customers to give out bank account details, credit card details or other sensitive information. It can often be next to impossible for the average customer to detect that the email or website is not the official one of the company it is supposed to be from and they are therefore very dangerous.

If you do suspect that an email you receive is a phishing attempt then notify the appropriate company immediately. The other thing to remember is that most banks, credit card companies and other institutions now inform their customers that they will never ask their customers for their passwords in an email, nor will any of their employees ever ask for a password and therefore never give it to anyone who asks you for it.

Keep watching this online hacking weblog for the  latest online hacking news.

Fight the Hacking Menace

Electronic fraud and Internet-related offenses such as hacking are fast-turning into a serious law-and-order issue, especially in the Western world. With internet technology becoming an ever pervasive part of our lives, it is becoming more and more crucial to be aware of security issues with respect to hacking and the dos-and -don’ts of being a netizen so as to not be a victim. Also, with corporations becoming more aware of the need for computer security, a qualification in cyber security can make for a lucrative career, turning you into a veritable cyber-Marshall who combats the evil of hacking. What’s more, a lot of these courses are available online!

Of course, there exist proper brick-and-mortar institutions that offer similar courses, but online learning affords you the luxury of learning at your own pace. Effectively, it lets you plan your course to suit your life instead of the other way round.

A Course to Counter Hacking

While you’ll learn many things in this course, of utmost importance is the part where they teach you about countering cyber-terrorism. Cyber-terrorism is still a tentative term and aspects of it are still emerging. However, one can say that cyber-terrorism is where the menace of hacking, hitherto ranging from merely annoying fiddling to financial crimes or even corporate espionage, has now turned into a full-blown hazard threatening the national security of various countries and endangering millions of lives.

Cyber terrorism is the sort of hacking where a hacker breaks into a system containing sensitive classified information pertaining to a nation’s security interests; the access is usually granted via the internet, but sometimes a hacker may have to connect to a more secure, exclusive network through the internet, thus involving another layer of security that has to be compromised. The classified information thus accessed may be made public for all to see, or just sold to the highest bidder. Such hackers can even be in the employ of intelligence agencies seeking to spy on another country. Cyber-terrorism is just an extension of one way that hacking has been used by the business world for quite some time: corporate espionage by breaking into a rival company’s systems. The difference is that the stakes are much higher in this case than just corporate hacking. The anonymous nature of the Internet makes it easy for certain groups to attack rival groups or target individuals with impunity.

A few of the other topics of relevance that are taught in the course are cyber law, computer forensics, fighting malware and cyber-compliance. There is also a fair degree of stress on countering intrusion with software/ hardware and firewalls.

In a Nutshell

What it comes down to is protecting sensitive information and checking unauthorized access to any data. Implications of this can be very wide, from preventing national-security level espionage, to saving critical computer systems from malicious software, and even to preventing identity theft that ultimately leads to credit card fraud or possibly something more nefarious.

A computer is like a gun; it can be used for evil or for good, and that depends on the man controlling it. By being a cyber security professional, you are choosing to take things in your hands and do your bit to counter the threat of hacking.

Be the Hacker to Counter Online Hacking

When it comes to combating cyber-crimes such as online hacking, the methods and technologies used mean that there’s a very thin line that divides you, the cyber-security expert, from the criminal hacker (or cracker) you are meant to stop. In such a case, it is most important to be aware of yourself and where you stand, as also being aware of your opponent, the evil genius computer hacker (sounds melodramatic, but humor us) and his strengths and weaknesses.

Applying Sun Tzu & The Art of War to the ‘ War Against Online Hacking ‘

Ancient Chinese philosopher Sun Tzu has said something to the same effect: for certain victory, one must at all times recognize yourself and acknowledge of your enemy; being aware of yourself but not recognizing your enemy’s nature lowers your odds of victory to merely probable, while not being aware of either will lead to certain defeat.

Heed the immortal words of Sun Tzu, know yourself. Or perhaps more to the point, know your computer system; the security holes and the loopholes. Think like an online hacking expert as to how you would invade the system if you were a hacker; to stop the hacking attack, you must become the hacker, find the weaknesses, and plug them in anticipation of the actual online hacking attempt.

Your diligence or ingenuity in writing code is no guarantee of security from being compromised. You must be proactive and use an online hacking mindset in discovering faults in the system that can be exploited to gain unauthorized entry.  Even then, your job may only be half done.

Trying to trace a hacker on the Internet can be as elusive a task as looking for irrefutable proof that the ‘Loch Ness Monster’ exists. Of course, technologies exist in the field of cyber-forensics that can enable tracking online hacking miscreants, but as the proverb goes: a bird in the hand is better than two in the bush. So, it is better to thwart any attempts at online hacking than to detect and punish the hacker later, because a stitch in time saves nine. It might also save your company from featuring on the nine ‘o clock news as the latest victim.

Simply learning the most commonly exploited loopholes and the most widely used access methods would not help, especially if you slavishly follow what you’ve learnt by heart. You’ll be mistaken in your assumption that you’re secure from all online hacking activity. You must instead learn to be dynamic; understand that ordinarily, a hacker is one-step ahead of the law and would easily thwart all textbook attempts to prevent hihim from hacking into the system. You must therefore erase this lead a hacker has over you by being unpredictable yourself, then only shall you fulfill the tenets described by Sun-Tzu and only then shall you be assured of victory. Armed with this knowledge shall you go forth to fight online hacking.

Stay tuned to this online hacking weblog for more updates, articles and opinions of the world of (cyber)crime-fighting.