Hacked: Cyber-safety in the digital era

Cybercrime costs over $10 million every minute. It is projected to set the world back some $10.5 trillion annually by 2025. Data has become the gold of the digital economy revolution considering there will be 200 zettabytes of it by 2025.

And so, cyber-security has emerged as a critical issue affecting anyone with a digital presence. Massive data leaks, identity theft and extortion are just a few of the many problems plaguing the digital space.

Victims range from the often innocent and vulnerable to banks, multinational corporations, and powerful elites. Bangladesh is no stranger to cybercrime either.

That is why it is important to understand one’s digital presence now more than ever. The first step is familiarizing oneself with the hacking methods of cyber-criminals. Here are some of the most common hacking techniques to be careful of, what can be done to protect against such threats, and the measures Bangladesh is taking to securely ensure the digital dream.

Most common hacking techniques to be careful of and how to stay protected

Before getting into the most common hacking techniques, it is important to keep in mind that not all hackers are bad. While there are many malicious minds creating havoc, there are just as many digital guardians working tirelessly to help humanity for the best. The easiest way to tell between the good and bad is to differentiate between white hat and black hat hackers.

White hat hackers are the good guys; they are ethical computer security experts specialized in finding faults in systems that may expose your valuable data. Penetration testing is one of several ways white hat hackers can test and ensure the safety of a company or individual’s information system. They can be found employed among the ranks of Google, Microsoft, and Apple with the mission of keeping the digital space safe for everyone.

Black hat hackers are the bad guys; they are the ones stealing money and identities, leaking sensitive personal data, and facilitating illegal activities -- a few crimes topping the startlingly long list. Black hat hackers break into information networks using an arsenal of attacks, with malicious intentions. They can destroy businesses and ruin lives; according to IBM, “the average cost of a data breach was $3.86 million in 2020.”

Remaining anonymous while committing crimes is their specialty, and they can be found all around the world.

While the list for hacking methods is a long one, here’s a look at some of the most common hacking techniques used by black hat hackers to better understand how to stay alert and protected:

1. Malware - Perhaps the most common, malware is the umbrella term used to describe any unwanted or harmful programs on a system. These can range from trojans, worms, adware, spyware, viruses and ransomware. Malware starts working once someone has downloaded a life, opened an attachment or clicked a link. It is then programmed to seize control of a system (desktop, laptop or mobile) and monitor actions to ultimately steal personal data. In 2019, 93.6%of observed malware was polymorphic, meaning it could change its code to avoid detection.The best way to stay protected against malware is to exercise caution when dealing with email messages, attachments and downloading files. If you must, make sure to have a reliable anti-virus software installed.

2. Bait and Switch - One of the more dangerous forms of hacking, the attackers’ strategy is purchasing advertising space on websites to fool people into clicking on them. When a victim clicks on the link, they are redirected to a page that looks authentic but is programmed to automatically run malicious code and infect the victim’s system with an overdose of malware. Once infected, the hacker has unbound access to a system and its information. The best way to stay safe in this situation is to be extremely mindful of clicking on links or downloading free content. On the internet, if something seems too good to be true, it probably is. 

3. Cookie Theft - A sweet name for a potentially severe problem. Cookies are the files stored by websites visited by an information system. Their purpose is to help the websites visited observe and track visit behavior to deliver more personalized and pleasant user experience.  This becomes a problem when hackers get a hold of this information as this can lead to identity theft. 

The hackers will have access to and use authenticated login information, passwords and mannerisms of their victims. Although many websites must now ask permission to accept cookies from users, businesses can take actions like ensuring web developers use the newest and most updated development techniques, as well as to update encryption protection on a regular basis.

4. DoS or DDoS - Denial of Service or Distributed Denial of Service is an older technique used to crash a system or network by flooding them with repetitive tasks, data requests, and login attempts among others. DoS/DDoS attacks can vary in size and strength. On the more advanced end, methods like Buffer Overflow attacks, which fill online form fields with overwhelming data so they freeze or crash, allows hacks to gain access to personal information. According to Cisco, “by 2023, the total number of DDoS attacks worldwide will be 15.4 million.” 

Similarly to bait and switch, to stay safe, practice caution when downloading files or opening unfamiliar email attachments. Updated anti-malware software or applications can also help prevent these types of attacks. 

5. Eavesdropping - This technique is more passive and tuned for the long game. Hackers, often gaining access through unsecured networks, find and listen in on a network. They observe and record whatever important data possible using methods like packet sniffing and interception of data transmissions. The success of this hack is dependent mainly on the skill of the hacker not being detected. VPNs are the best option here for situations where accessing free Wi-Fi is an emergency. Intrusion Detection Systems (IDS) can be implemented by corporate networks to stay protected against this form of hack. 

6. Keylogging - This method is simple as it is old. Keylogging involves using software that can record keystrokes and sequences from a keyboard to create log files on a system. The log files created can contain highly sensitive information like passwords, bank account and login information. Some more advanced hacks have involved logging mouse clicks and movements. 

It should be noted that nearly 80% of all keyloggers are not detectable by antivirus software or firewalls. The best measure against this is often seen in banking and e-commerce through virtual (on-screen) keyboards. These encrypt text or keys inputted so it becomes difficult for keyloggers to make sense of the stolen data. 

7. Ransomware - This is a type of malware that finds its way into a system through a virus, trojan or worm. Once infected, the ransomware will compromise personal data and deny access unless a ransom is paid to the hacker. These days many ransomware hackers are demanding payment in bitcoin. Some extreme cases have seen victims having to pay millions of dollars to restore access. 

The US has seen an increase in ransomware attacks and recently had to pay hackers to regain access to a critical US pipeline. In 2019, the healthcare industry lost nearly $25 billion to ransomware attacks. Having reliable and updated anti-virus software or applications from trusted industry experts is the best protection once again in this scenario. 

8. Fake WAP - One of the simpler but most frequently used hacks, Fake wireless access points or “evil twin” access points take advantage of the unsuspecting and in need. A hacker sets up a “free” fake wireless access point network using some software and a wireless network card in an area where people are often looking to access free Wi-Fi. Once connected to the Fake WAP, hackers can easily see data like passwords and login information being entered by their victim. To be safe from this, always exercise extreme caution when using any free Wi-Fi. 

Using quality VPN services is a smart choice in case you find yourself having to use or access free Wi-Fi. Try to ensure using a variety of unique but memorable passwords for all digital profiles. 

9. Social Engineering - This technique is quite possibly the most widely-used yet least-understood on the list. This technique involves mind games, a strong understanding of psychology and the ability to exploit the human condition. 

Instead of outright stealing, hackers exercise a variety of techniques like using fear, trust, sympathy, greed, laziness and ego to get victims to willingly provide their information. This scenario can trick even the best into falling prey. Digital hygiene and appropriate education will be the most effective tools for combating such abstract challenges moving forward. 

Bangladesh and its cyber-presence 

As of January 2021, Bangladesh has registered over 47 million internet users. Among that figure, 45 million out of the 47 million users were on social media, as reported by Data Reportal. The number of mobile connections also saw an increase of 1.7 million (+1.1%) since last January.

These figures point towards one thing- growth. Bangladesh has been making strong economic progress despite the global pandemic. According to the IMF: “Bangladesh economy will grow 5.0% in 2021 and 7.5% in 2022.”

This growth will come opportunities and challenges alike, mainly addressing cyber-security. Bangladesh is still developing in many aspects and has a long road ahead.

About 95% of cyber-security data breaches are caused by human error. This is how Bangladesh became a victim of losing $81 million in a matter of hours. According to WIRED, in February 2016, a simple malware attack was used to initiate the Bangladesh Bank heist.

Unknown hackers used SWIFT credentials of Bangladesh Central Bank employees and sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York. They asked the bank to transfer millions of Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka and a few other parts of Asia.

The hackers’ initial targeted amount was a whopping $1 billion. Thanks to a printer “error”, Bangladesh Bank was able to halt the heist of another $850 million. Although they were never able to recover the $81 million lost during the early stages of the heist, they were able to prevent potentially the biggest cyber heist in history.

This was a jarring wake-up call for Bangladesh and its cyber-presence. Since then, a number of cyber-security companies have been further developed alongside efforts being made by many students as well. We will bring brief focus to a few of such companies playing their part in building safer cyber-security.

1. REVE Antivirus - REVE Endpoint security provides robust network security solutions for precise malware detection through device and application control. Having started their journey in 2016, REVE antivirus has found success in countries like India and Nepal and has recently launched in Turkey. Their services include REVE: Antivirus for MAC and Linux, Internet Security, Mobile Security, Total Security and Endpoint Cloud and Security. 

2. Beetles- Beetles was created with the sole purpose of dealing with cyber-threats and safeguarding client data while ensuring confidentiality, integrity and the availability of intact data. Using a ‘hacker-led’ approach, Beetles simulates real-world attacks on applications, APIs, Network Infrastructure and Devices. Their services include Application PenTesting, API PenTesting, VPN Configuration Assessment and InfoSec Consultancy among others. 

3. Bonton Connect- Fake WAP and Waterhole Attacks all stem from accessing unsecured Wi-Fi. To tackle these issues while giving back, Bonton Connect was created. Bonton Connect is a Wi-Fi sharing platform striving to make the internet affordable for everyone, everywhere in Dhaka city. One of the unique aspects of Bonton Connect is allowing users to get paid for sharing their Wi-Fi, using a secure and encrypted network. 

This is a similar approach used in mobile data. Bonton’s machine learning models can be applied to moderating the application’s USPs. They are currently in the start-up stage, however similar concepts and proactivity are growing amongst the youth. 

Takeaway 

Staying safe in the digital age is more important than ever. Technology will only continue to become an increasingly integral part of human life, so being fluent with its uses and dangers will be essential.Education, training and transparency will be the most influential in effectively navigating these unexplored waters.

A few tips to remember: avoid using free Wi-Fi hotspots, avoid using apps from untrusted sources and ignore unexpected communication. Consulting friends or professionals in the field of cyber-security is also a great way to step out of the cyber shadows and into the digital light.

Bangladesh, albeit having to learn the hard way, will now be paving the path for a far more secure and digitally enhanced future. And considering that in 2021, there will be four million unfilled cybersecurity jobs globally, now would be a good time to polish off those cyber cobwebs.