How much of you can be hacked?

As of 2013,  51 years after the ‘idea’ of ‘communicating computers’ was born, the Internet has become home to an amazing collection of numbers.

Over two billion people on the planet now use the service, with 70 per cent of that number logging in every day. The Internet also acquires eight new ‘users’ every second with over 1 lakh websites going live, daily.

Next, is the data

In a single day of activity, the ‘Interweb’ exchanges 144 billion emails (68% of these are spam), 175 million tweets, more than 500 terabytes in photos and 60 hours of YouTube uploads every minute and an average of 3,278,688,524 Google searches. Also, 28 per cent of 18-34 year olds check Facebook before even getting out of bed. 

Now, you can double all those numbers up because, by 2020, Earth will have over four billion ‘web users’ tweeting, commenting, sharing and every once in a while, reminding the rest of population why the Internet can be such a dangerous place.

Which is why the following incident is a case in point

Sheela (name changed because the victim is still a minor) will probably never use the Web again. Target of a sustained “shaming” campaign, she found herself, one day, “friendless’”on a networking website, because someone had gained access into her account and deleted everyone from her friends’ list. But the big shock came a few hours later, when she discovered a series of ‘improper’ photos of herself all over the website. Her “stalker” had even shared the photos with friends, family and continued doing so, for a full month! A terrified Sheela is now under suicide watch and her parents are mulling moving cities. Incredibly, the stalker evaded punishment because Sheela’s parents are refusing to lodge a formal complaint.

The hacker in the rye

It’s true. Hackers spare no one. Over the past several years, online criminals have targeted Fortune-500 industrialists, politicians, housewives, lawyers, doctors and even Michele Obama, the better half to the most powerful man in the world. Sheela, then, is not alone. Because she has one thing in common with the US First Lady — personal information, stored on the Internet under the illusion of tamper-proof, encrypted security. And for hackers, that’s the jar of cookies — information. With almost every aspect of our lives now tucked away within a buzzing server thousands of miles away, the questions that need to be asked are, ‘how much of you can be hacked, and how?’

“I would say, 100 per cent. We have this game, called Farcebook, where we draw up profiles of ‘targets’ and fill up every blank… including their favourite shampoos. Profiles may take up to a month to compile but the prize (Rs 1,000) goes to the hacker with the most private of details. All I can tell you is that it’s getting easier for us,” claims a Chennai-based ‘black hat’.

The 'mobile' gateway

India has over 55.48 crore mobile users and a large part of that number also access the Web through their devices. And that presents a whole new problem because phones apparently are still not ready to take on PC-era malware. Also, apps on phones store user information, are always connected to the Web and worse, continue running in the background. For further insight into the problem, we spoke to a Hyderabad-based ‘white hat’ hacker, Rishal Dwivedi.

All of 17, Rishal tests the “locks” for several tech firms, including Microsoft, Apple, Facebook, eBay, Nokia, Blackberry and Oracle. In fact, Rishal gets paid to hack into websites, because he’s a good guy. Rishal is also a treasure trove of valuable information on hacking.

“When it comes to mobile-based security, the first thing that comes to my mind is the Android OS. The reports are right and I can confirm that the software is still full of vulnerabilities. Hacking into these phones is easy. For example, let’s say you have downloaded popular chat platform, WhatsApp, from a third-party publisher (not Google Play). Now, that version of WhatsApp will be ‘cooked’ to include a virus or malware that constantly sucks every bit of data from your phone… later transmitting it to attackers. What’s worrying is that phones these days often have banking-related apps installed. Now, the malware copies these banking details and sends them across without even the slightest hint. And then one day, while you’re going about your daily business, you’ll start noticing funds and data missing. The bank will go ahead and block your account, but that measure is only after the damage has been done,” reveals Rishal.

There’s also a software called AndroRat — an application which essentially ‘clones’ your phone. Often, attackers embed AndroRat in popular software (like, WhatsApp) and then try to sneak it into your phones. Once the RAT finds the target phone, it will allow the attacker to make calls, send SMSes and even access transaction details. Again, all in the background.

“You will not even know it’s running in your phone. Hackers then take your transaction details and sell them for a dollar in the underground ‘black hat’ market... and that’s minimum price,” Rishal claims.

The 17-year-old also ex-plained why you should not go around liking every Facebook fan page that comes your way. “Several websites these days use Facebook ‘plugins’ that’ll require you to allow that application to access your friends’ details and more. Bad news is that these plugins are infected and are ‘backdoored’ with javascript malware that can sniff out every byte of data you have on Facebook. So, it’s always recommended you stay away from external pages on Facebook.”

Those leaky government sites

Now, imagine you just used a government-authorised website to pay off say, an electricity bill. Turns out, that’s not safe either. “In Andhra Pradesh, we have APonline, which thousands use to pay off various bills. I have found scripting vulnerabilities on that website and I’m now planning to report these holes to them. I’m sure there are more critical vulnerabilities,” adds Rishal.

‘People deserve it’

A rather caustic analysis of the future comes our way when the Chennai ‘black hat’ was asked to comment on the next 10 years of “hacker evolution”. “There’s news now of wearable devices like Google Glass and some stupid, tacky smartwatches. Do people need them? No. The world is all oohs and aahs as far as technology is concerned but very, very few realise that information is key — that’s the real money for the giants. They need to sell you stuff and therefore, they need to know what you eat and what you wear. The minute you press that button, you have already allowed them access. So, technically you’re being hacked every day. As far as I’m concerned, people deserve to be hacked. We have allowed machines to get closer to daily lives and when your devices start whispering out information, you could just sit back for one moment and ask yourself, ‘was I being stupid?’ The answer is most probably, yes.”

So, does that mean we have to turn off the switch? Rishal presents a brighter picture. “Us white hats just want people to be smarter when dealing with technology. Don’t let others use your phones, don’t let children get near them and most importantly, don’t go about clicking at random links. The world of today is very linked, and we should just be... more careful.”

Even if you’re the boss of Germany, or a hapless teenager in New Delhi.