Hacking The Hacker: Have You Been Pwned?

17 April 2018

“The world is built on decency and honesty.” We dream of living in a utopian society as described by Plato thousands of years ago. Our society today is far from this perfect state, as evidenced by the daily headlines. In all areas of life, people fall victim to fraud and deception. In no other area is this more prevalent than when entrusting personal data on the internet. You run the risk of being disarmed each time you register in a new website or application. Modern software systems have huge databases that can be hacked despite the fact their developers and administration may follow the best security practices.
Data provided by PandaLabs, an antivirus laboratory, states 2.45% of unknown threats affect the corporate sector while home users constitute approximately 2.19%. It is important to be informed of these widespread dangers while surfing the Internet. The following are some effective tips to help avoid dangerous hacker attacks.

A Word About Hackers

It’s interesting to note that in the beginning, the word, “hacker,” didn’t have a negative connotation. Originally, a hacker was a computer specialist who creatively approached a computer problem, applying complex computer tasks, and quickly fixing errors in programs by using non-standard methods.

In time, the term, hacker, took on a new meaning. A hacker is now one who is a menace to internet users. Keep in mind, in all fields, there are the good and the bad, as it is true in the case of hackers: the good (white hat hackers) and bad (black hat hackers).  White hat hackers look for flaws in computer programs, report them, and contribute to their elimination. Black hat hackers also look for vulnerabilities in programs, but in detecting them, use them illegally for their own proposes. This article focuses on black hat hackers.

Hackers Янковой

Tricks Of Black Hat Hackers What To Expect From Their Attacks

Black hat hackers are cyber criminals who use software vulnerabilities to invade a computer system or a network with bad intentions. Modern applications are extremely complex, comprised of thousands of lines of code written by people. There is always the element of an occasional human error. Hackers use these gaps to invade the system and steal confidential information or they add viruses to the application code making the computer automatically run malicious programs.Furthermore, this process is exacerbated by social engineering techniques black hackers widely use to manipulate users behaviour and influence them to take an action that may not be in their best interest.

In the case of attacks on individuals, rather than in the corporate world, the favorite loophole for black hat hackers is unreliable password, by cracking which they can gain access to a user’s private accounts containing valuable personal data.

Generally, hacker attacks lead to a breach of the following types of security issues:

A threat to confidentiality by gaining unauthorized access to data.

A threat to integrity by means of destroying or distorting data.

A threat to availability by blocking or restricting access to data.

According to the OWASP top 10 web application security risks, no software could be delivered to the final customer and launched without checking out and eliminating these severe aspects:

1. Injection

If a hacker finds the vulnerabilities of a web resource, then, as a rule, this leads to remote code execution. In this case, the attacker has the ability to modify and generate executable commands. Examples of this type of attack are SQL-injection, LDAP injection, and CRLF injection.

2. Broken Authentication and Session Management

Incorrectly configured user and session authentication could allow attackers to compromise passwords, keys, or session tokens, or take control of users’ accounts to assume their identities. In 2017, there were a large number of attacks aimed at user authentication methods, as well as methods used by the server to determine the user’s rights, service or website authorization

When attacking verification vulnerabilities, hackers may use:

Unsafe recovery of credentials (passwords);

Various methods for circumventing authorization;

Predictable fixation of the session.

3. Cross Site Scripting

Cross-site scripting is another error while validating user data that allows one to pass JavaScript code to execution in the user’s browser. First, an attacker can steal your session cookie, the consequences of which were described in the previous point. Secondly, data entered into forms on the infected page can be stolen(and this can be confidential personal data, or, worse still, a credit card data along with the CVV code). Third, through JavaScript, you can change data located on the page, for example, there may be details for a bank transfer, which the attacker can fake and replace with dummies with pleasure.

4. Insecure Direct Object References

This type of vulnerability is also the result of insufficient verification of user data. Its essence lies in the fact that in the output of any confidential data, for example, personal messages or client credit cards, an object is used to access the object, which is transmitted in clear form in the address bar of the browser.

5. Security Misconfiguration

The security of a web application requires a secure configuration of all infrastructure components: application components (such as frameworks), a web server, a database server, and the platform itself. If the server is properly configured and the cookie_httponly option is turned on, it is impossible to get a session cookie through JavaScript, but often this simple configuration is not available in such important points as private payment system cabinets.

6. Sensitive Data Exposure

Many web applications do not protect confidential data, such as credit cards and credentials for authentication. Attackers can steal or modify such poorly protected data for their own purposes. Another example is the lack of encryption of critical data, such as passwords or credit card numbers. These vulnerabilities can lead to the disclosure of information to third parties who gain access to this data which may include:

Information about the client base;

Data on the history of correspondence through the website;

Information from the user’s personal cabinet;

Data about the web resource, its components and structure.

7. Missing Function Level Access Control

The majority of web applications verify access rights before displaying data in the user interface. However, applications must perform the same access control checks on the server when requesting any function. If the request parameters are not thoroughly checked, the attackers can forge a request to access the data without proper authorization.
Perhaps the most common case of this vulnerability we already described in the fourth point – the lack of verification of a user in private messages.

8. Cross-Site Request Forgery, CSRF/XSRF

The attack vector CSRF, also known as XSRF, allows an attacker to perform actions on behalf of the victim on a server where additional checks are not provided. If a victim comes to the site created by the attacker, a request is secretly sent from him/her on the above page of the payment system. As a result, the money will be sent to the account of the attacker, and then promptly exchanged for Bitcoin or transferred to another irretrievable payment system.

9. Using Components with Known Vulnerabilities

Typically, web applications are written using special libraries or frameworks supplied by third-party companies. In most cases, these components have open source code, which means that they are open for millions of people around the world who study their source code, including vulnerabilities.

10. Unvalidated Redirects and Forwards

Web applications redirect users from one page to another. In the process, improperly verifiable parameters can be used, specifying the destination page for the redirection.
Without proper checks, an attacker can use such pages to redirect the victim to a forged site, which, for example, may have a very similar or indistinguishable interface, but will steal your credit card information or other sensitive confidential data.

Hacker attacks can lead to serious security breaches both for owners and users.

Keeping user data from unauthorized access is of utmost importance. Financial loss as well as the reputation of the company are at stake if information is left unsecured. The most devastating consequence of website attack is leakage of important confidential information, documents, and financial reports and theft of personal data.

Hackers can use your site to attack other web resources, like a staging bridgehead, to send spam and carry out DoS attacks. This causes the blocking of your site by search engines and browsers, also leading to loss of reputation and users.

Attacks, especially targeted on online shops are carried out for fraud and theft of client databases.

Violation of security due to hacker attacks leads to an “infection” of visitors to your site. For example, use of exploit hacks through exploitation of browser vulnerabilities.

We Know How To Confront These “Black Hat Hackers”

Cybercriminals are ingenious villains waiting for you at every corner of your Internet surfing. This article provides a variety of modern techniques and tools for ensuring security and inviolability of personal data.  Follow these simple rules:

  1. Check whether or not your email and password are in a hacker base. Recently Thoy Huns, the famous cybersecurity expert, released an update of the website https://haveibeenpwned.com/. It contains info about hacked accounts from all data leaks and hacks.
  2. Don’t stick to one password everywhere. Even if a database is hacked, hashing does not allow attackers to acquire passwords in their pure format. After all, there are users who have the same password/log/email on all sites they use. In case of a password leak on one site, you automatically endanger all your accounts on other sites. Create unique passwords using a special password generation service for each resource.
  3. Use a reliable login and password for databases, not allowing the default admin to be used as a login. Using the same password generation service, you can create a password and login with a high level of reliability and protection.
  4. There should be users with different privileges. For each database, create a separate owner and several users with a different set of rights to manage the stored data. However, access to other databases on the same server must not be the same as for a neighboring database.
  5. Remote access to the database must be disabled if the application and database are installed on the same server. In this way, you work through sockets.
  6. If a hacker attack occurs and someone deletes all data from the database, then you need to make a recovery. To do this, there should be an automatic backup of a database on a server, or you can perform it manually, at least once a month. Moreover, ensure backups are made and stored on a separate server.

As you know, the most vulnerable link in any chain is a person.  Avoid contact with internet intruders by being diligent and on the alert. Take care of security issues in your virtual environment the same as in real life!