hackers

Hackers Versus Cyber Criminals: Know the Difference

Posted by

0


Short Bytes: People are often confused between two terms: hackers and cyber criminals. In this article, I’m sharing a video that tells you the difference between these two.

Cyber crime occurs when breaking into the private worlds of people, these bad hackers start to misuse the information for their own benefit and loss of others. The story of hacking and cyber crime goes back to early 1950s when some phone freaks, commonly known as “phreaks”, started hijacking world’s phone networks and making long-distance calls.

 A report sponsored by the security firm McAfee estimates the annual damage to the global economy due to cyber crimes at $445 billion and near about $1.5 billion was lost in the year 2012 due to online debit and credit card fraud in the US.

According to me, there are two types of hackers: good hackers and bad hackers. The bad hackers are the ones who commit cyber crime.  Here’s a video that shows how Darren Kitchen, a hacker and the host of tech show Hak5, tells how hacking is different from cyber crime:

Watch the video discussion. URL:https://youtu.be/w0u_7DHuuNg

Forget Software—Now Hackers Are Exploiting Physics

Posted by

0


PRACTICALLY EVERY WORD we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.

GettyImages-603192423.jpg

Over the last year and a half, security researchers have been doing exactly that: honing hacking techniques that break through the metaphor to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—in some cases targeting the actual electricity that comprises bits of data in computer memory. And at the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.

Breaking Assumptions
Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.

It’s messy. And mind-bending. And it works.

Rowhammer and similar attacks could require both hardware and software makers to rethink defenses based on purely digital models. “Computers, like all technologies really, are built in layers that make assumptions of one another. Think of a car, assuming its wheels roll and absorb shocks, and don’t melt into goop when they get wet,” says security researcher Dan Kaminsky, who found a fundamental flaw in the Internet’s domain name system in 2008. “What’s interesting about networked technology is the fact that those assumptions can be attacked.”
Last year, Thomas Dullien (one of the inventors of the technique, perhaps better known by his hacker handle Halvar Flake) and his fellow Google researchers showed that they could use electricity leakage to flip crucial bits in the DRAM memory of a set of laptops, the first proof that charge leakage could be predictable and exploitable. Researchers in Austria and France followed up a few months later to show the attack could be enabled by javascript code running in a browser.

Those variations on Rowhammer, along with the newest ones presented at Usenix, show that the hacker world is increasingly focused on techniques that break those fundamental assumptions of computing. “Rowhammer is just scratching the surface,” says Dullien. “This has the potential to be a gigantic field of research.”

Making Rowhammer Practical and Specific
The latest attacks take Rowhammer in a new direction, applying it to cloud computing services and enterprise workstations rather than consumer PCs. One attack by a group of Ohio State researchers used the technique to hack Xen, the software used to partition computing resources on cloud servers into isolated “virtual machines” rented to customers. The hack breaks out of those virtual machines to control deeper levels of the server.

A second paper by Dutch and Belgian researchers achieves a similar effect, and also shows a new way to use Rowhammer more reliably. It exploits a feature called “memory de-duplication” that combines identical parts of virtual machines’ memory into a single place in the memory of a physical computer. On the Dell workstation the researchers tested, they could write data into the memory of a virtual machine and then use that data to locate and “hammer” the physical transistors underlying not just those bits of data, but the identical bits on someone else’s virtual machine running on the same computer.

The trick, which the researchers call “Flip Feng Shui,” allowed the group to pull off highly targeted hacks, like sabotaging an encryption key so that they could later decrypt a target’s secrets. “It’s less like a flamethrower and more like a sniper rifle,” says Ben Gras, one of the researchers at the University of Vrije who came up with it.1

A New Level of Stealth
Rowhammer is far from the only new hacking technique that exploits computers’ physical properties. Proof-of-concept malware shown off by Israeli researchers over the summer, for instance, uses the sound of computers’ cooling fans or hard drive motors to transmit stolen data as audio. Another group of Israelis showed last year they could use just $300 of handheld equipment to extract encryption keys from a computer by monitoring the radio emissions leaked by its processor’s power use.

The result is an ultra-stealthy physical sabotage technique that’s virtually impossible to detect with digital security measures.
But as with Rowhammer, the most disturbing physical hacks are microscopic. University of Michigan researchers have been able to build a secret backdoor into a single cell—a collection of transistors less than a thousandth of the width of a human hair—among billions on a modern microchip. When a hacker who knows about the backdoor’s existence runs a certain program, it causes that cell to pick up charge from nearby transistors and induce a certain bit to flip, just as in the Rowhammer attacks. The result is an ultra-stealthy physical sabotage technique that’s virtually impossible to detect with digital security measures. “It’s operating outside of the Matrix,” says Matthew Hicks, one of the Michigan researchers, who described the technique to WIRED in June.

This kind of exploitation of hardware means that no software update can help. Researchers have identified one countermeasure to Rowhammer’s memory charge leakage: a feature of DRAM called “error-correcting code” constantly corrects abnormal levels of charge in any particular transistor. More widely implementing that feature in computer memory could head off current implementations of the Rowhammer attack.

But Dullien warns that DRAM is just one potential target. “Lots of things—chips, hard disks, whatever—are designed to be OK in the average case but probably not when they’re given adversarial input,” he says. “We don’t know where the next broken piece of hardware will show up. But that’s why everyone’s so excited about researching this more.” Computer scientists may soon find their machines aren’t just vulnerable in ways they haven’t considered, but in ways their digital models don’t even allow them to imagine.

3 tips for protecting your smartphone from hackers

Posted by

0


Woman and Man Texting

Phones are becoming a prime target for hackers.

From 2013 to 2015, new mobile vulnerabilities increased from 127 to 528, or about 214%, according to Symantec’s 2016 Internet Security Threat Report.

And some of the vulnerabilities are downright terrifying.

A recent 60 Minutes report recently highlighted one particular  exploit that gives hackers access to your phone call and messages by just having your phone number.

So how can you protect yourself?

We asked Dr. Anup Ghosh, CEO of the security firm Invincea, for some tips on how consumers can keep their smartphones safe from cyber criminals.

Ghosh, who is also a former DARPA scientist, told Tech Insider there are three simple things you can do to help protect your smartphone from hackers.

Use encrypted messaging services for communications

iMessage.JPG

As the 60 Minutes report pointed out, there is a vulnerability in a network protocol called SS7 that makes it possible for hackers to listen to your phone calls, read your messages, and even track your location.

While this kind of attack is rare, it’s harder to protect yourself from because the security flaw exists in the network, which is outside of your control.

However, you can use encrypted messaging systems like Apple’s iMessage, Facebook Messenger, or Wickr Me to help keep your information away from prying eyes.

“There are also apps for secure voice, but they typically require the person you are calling to be on the same app. They will encrypt the data/phone calls making it difficult to capture and analyze,” Ghosh said.

Some of these services include Silent Circle and Open Whisper Systems.

Even if your phone is new, make sure the OS is updated

Android phones

You should always keep your phone’s operating system updated so hackers can’t take advantage of any vulnerabilities in old software.

But you should also check to make sure software on any new mobile device, especially those that have an Android operating system, are up-to-date, as well.

“You see this a lot more on Android than on Apple, the Android operating system that you get from your carrier on your phone tends to be out of date on day one, sometimes by years,” Ghosh said.

“So that means that adversaries could take advantage of those vulnerabilities on those devices to be able to exploit them. Making sure your device OS whether iOS or Android is updated to the most recently supported version could help close some of those known vulnerabilities.”

Be careful what apps you download

App Store icon

Apps you download can collect all kinds of information about you, so it’s important that you are only downloading apps from reputable sources, Ghosh said.

“If you look at how do these devices get compromised in the first place, it’s almost always untrusted content that you are putting on it,” Ghosh said.  “Some apps collect your movements, like your GPS, others mine your contacts for information, and then others might actually do malicious things to your device itself. So I would say the number one thing you can do as an individual is make sure you’re only downloading apps from an app store where the app has been vetted.”

In fact, Symantec analyzed 10.8 million apps in 2015 and found that 3.3 million of those apps classified as malicious.

Because Apple has a closed ecosystem and vets all of the apps before allowing them into its App Store, apps for iPhones tend to be more secure, he said. So Android users need to be especially aware of where they are getting their apps and they should always make sure the maker is a trusted company.

WhatsApp introduces encryption to keep your messages safe from spies, spooks and hackers

Posted by

0


Communications app will scramble data so it is unreadable unless a secret key or password is entered

Instant messaging service WhatsApp has announced it has completed a move to fully encrypt all the content within its app, enhancing user privacy in the process.

WhatsApp

The announcement follows Apple’s high-profile battle with the FBI over encrypted content on a terror suspect’s iPhone, and the technology giant’s refusal to co-operatein unlocking the device, citing user privacy and security.

Until the announcement, only text-based messages sent in one-to-one conversations were encrypted in WhatsApp. However, all content within WhatsApp, including voice calls, videos and group conversations across both iOS and Android are now covered by what is known as “end-to-end encryption”.

Encryption involves scrambling data so it is unreadable unless a secret key or password is entered. In general smartphone terms this is the passwords and keycodes used to lock devices and log-in to various accounts.

WhatsApp

Both Apple and Google encrypt the data within their user’s smartphones by default in order to protect sensitive information from potential hackers, but governments have increased pressure on the firms in recent months to help make such data more accessible, claiming the current levels of protection are enabling terror cells to communicate without detection.

In the Apple case, the FBI used a third-party in order to gain access to the iPhone.

In a blog post announcing the full roll-out of encryption within the app, WhatsApp’s partners in the programme, Open Whisper, said: “As of today, the integration is fully complete. Users running the most recent versions of WhatsApp on any platform now get full end to end encryption for every message they send and every WhatsApp call they make when communicating with each other.