HACKING.....!!

By Rohit Shirur.

Definition - What does Hacking mean?

• Hacking generally refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.
• Hacking can also refer to non-malicious activities, usually involving unusual or improvised alterations to equipment or processes.

Description: To better describe hacking, one needs to first understand hackers. One can easily assume them to be intelligent and highly skilled in computers. In fact, breaking a security system requires more intelligence and expertise than actually creating one. There are no hard and fast rules whereby we can categorize hackers into neat compartments. However, in general computer parlance, we call them white hats, black hats and grey hats.White hat professionals hack to check their own security systems to make it more hack-proof. In most cases, they are part of the same organisation. Black hat hackers hack to take control over the system for personal gains. They can destroy, steal or even prevent authorized users from accessing the system. They do this by finding loopholes and weaknesses in the system. Some computer experts call them crackers instead of hackers. Grey hat hackers comprise curious people who have just about enough computer language skills to enable them to hack a system to locate potential loopholes in the network security system. Grey hats differ from black hats in the sense that the former notify the admin of the network system about the weaknesses discovered in the system, whereas the latter is only looking for personal gains. All kinds of hacking are considered illegal barring the work done by white hat hackers.

Types of hackers

The security community has informally used references to hat color as a way different types of hacker are identified, usually divided into three types: white hat, black hat and gray hat.

• White hat hackers, also known as ethical hackers, strive to operate in the public's best interest, rather than to create turmoil. Many white hat hackers work doing penetration testing, hired to attempt to break into the company's networks to find and report on security vulnerabilities. The security firms then help their customers mitigate security issues before criminal hackers can exploit them.

• Black hat hackers intentionally gain unauthorized access to networks and systems with malicious intent, whether to steal data, spread malware or profit from ransomware, vandalize or otherwise damage systems or for any other reason -- including gaining notoriety. Black hat hackers are criminals by definition because they violate laws against accessing systems without authorization, but they may also engage in other illegal activity, including identity theft and distributed denial-of-service attacks

• Gray hat hackers fall somewhere between white hat hackers and black hat hackers. While their motives may be similar to those of white hat hackers, gray hats are more likely than white hat hackers to access systems without authorization; at the same time, they are more likely than black hat hackers to avoid doing unnecessary damage to the systems they hack. Although they aren't typically -- or only -- motivated by money, gray hat hackers may offer to fix vulnerabilities they have discovered through their own, unauthorized, activities rather than using their knowledge to exploit vulnerabilities for illegal profit.

Hacker vs. cracker

• The term hacker was first used in the 1960's to describe a programmer or an individual who, in an era of highly constrained computer capabilities, could increase the efficiency of computer code in a way that removed, or "hacked," excess machine-code instructions from a program. It has evolved over the years to refer to a person with an advanced understanding of computers, networking, programming or hardware.
• For many in technology, the term hacker is best applied to those who use their skills without malicious intent, but over time the term has been applied to people who use their skills maliciously. To counter the trend of labeling skillful technologists as criminals, the term cracker was proposed for criminal hackers, with the intention of removing the stigma from being labeled a hacker.
• Within the hacker-cracker framework, hackers are those who seek to identify flaws in security systems and work to improve them, including security experts tasked with locating and identifying flaws in systems and fixing those vulnerabilities. Crackers, on the other hand, are intent on breaching computer and network security to exploit those same flaws for their own gain.
• While technologists have promoted use of the term cracker over the years, the distinction between differently motivated hackers is more commonly referenced by the use of white hat, gray hat or black hat. In general use, cracker hasn't found much traction.

The 10 Biggest Data Breaches of 2018....

1) Aadhaar

• 1.1 billion records breached
• Date disclosed: January 3, 2018
• In January, reporters with the Tribune News Service paid 500 rupees for login credentials to a service being offered by anonymous sellers over WhatsApp. Using the service, the reporters could enter any Aadhaar number, a 12-digit unique identifier assigned to every Indian citizen. Doing so would retrieve numerous types of information on the queried citizen stored by UIDAI (Unique Identification Authority of India). Those bits of data included name, address, photo, phone number and email address. An additional payment of 300 rupees to the sellers yielded access to software through which anyone could print an ID card for any Aadhaar number. 
• The data breach is believed to have compromised the personal information of all 1.1 billion citizens registered in India. 

2) Exactis

• 340 million records breached
• Date disclosed: June 26, 2018
• Security researcher Vinny Troia discovered in June 2018 that Exactis, a marketing and data aggregation firm based in Florida, had left a database exposed on a publicly accessible server. The database contained two terabytes of information that included the personal details of hundreds of millions of Americans and businesses. As of this writing, Exactis has not confirmed the exact number of people affected by the breach, but Troia said he was able to find close to 340 million individual records. He also confirmed to Wired that the incident exposed affected consumers’ email addresses, physical addresses, phone numbers, and a host of other personal information, in some cases including extremely sensitive details like the names and genders of their children.

3) Under Armour

• 150 million records breached
• Date disclosed: May 25, 2018
• On 25 March, Under Armour learned that someone had gained unauthorized access to My Fitness Pal, a platform which tracks users’ diet and exercise. CNBC reported at the time that the criminals responsible for the breach accessed individuals’ usernames, email addresses, and hashed passwords. The incident did not expose users’ payment information, as Under Armour processes this data separately. Nor did it compromise Social Security Numbers or driver’s license numbers, as the apparel manufacturer said it doesn’t collect government identifiers.
• Upwards of 150 million My Fitness Pal users are believed to have had their information compromised in the data breach.

4) MyHeritage

• 92 million records breached
• Date disclosed: June 4, 2018 
• A security researcher reached out to the Chief Information Security Officer of online genealogy platform My Heritage on June 4 and revealed they had found a file labeled “my heritage” on a private server outside the company. Upon inspection of the file, officials at My Heritage determined that the asset contained the email addresses of all users who had signed up with My Heritage prior to October 26, 2017. According to a statement published by the company, it also contained their hashed passwords but not payment information, as My Heritage relies on third-party service providers to process members’ payments. Because the service also stores family tree and DNA data on servers separate from those that store email addresses, MyHeritage said there was no reason to believe that information had been exposed or compromised. 

5) Facebook

• At least 87 million records breached (though likely many more)
• Date disclosed: March 17, 2018 
• Who can forget the data scandal that rocked Facebook in March 2018? At that time, reports emerged of how a political data firm called Cambridge Analytica collected the personal information of 50 million Facebook users via an app that scraped details about people’s personalities, social networks, and engagement on the platform. Despite Cambridge Analytica's claim that it only had information on 30 million users, Facebook determined the original estimate was in fact low. In April, the company notified 87 million members of its platform that their data had been shared.
• Unfortunately, with Facebook apps facing more scrutiny, it appears the Cambridge Analytica scandal may just be the tip of the iceberg. On June 27, security researcher Inti De Ceukelaire disclosed another app called Nametests.com had publicly exposed information of more than 120 million users.

6) Panera

• 37 million records breached
• Date disclosed: April 2, 2018 
• On April 2, security researcher Dylan Houlihan reached out to investigative information security journalist Brian Krebs and told him about an issue he had reported to Panera Bread back in August 2017. The weakness resulted in Panerabread.com leaking customers’ records in plaintext — data which could then be scraped and indexed using automated tools. Houlihan attempted to report the bug to Panera Bread, but told Krebs his reports had been dismissed. The security researcher checked the vulnerability every month thereafter for eight months until finally disclosing it to Krebs, who published the details on his blog. Panera Bread took its website temporarily offline following publication of Krebs’ report.
• Despite the company initially downplaying the severity of the breach and indicating fewer than 10,000 customers had been affected, the true number is believed to be as high as 37 million.

7) Ticketfly

• 27 million records breached
• Date disclosed: June 7, 2018
• On May 31, Ticketfly suffered an attack that resulted in the concert and sporting-event ticketing website being vandalized, taken down, and disrupted for a week. The hacker behind the attack had reportedly warned Ticketfly of a vulnerability and demanded a ransom to fix it. When the company refused, the hacker hijacked the Ticketfly website, replaced its homepage, and made off with a large directory of customer and employee data, including names, addresses, email addresses, and phone numbers for 27 million Ticketfly accounts. 

8) Sacramento Bee

• 19.5 million records breached
• Date disclosed: June 7, 2018
• In February, an anonymous attacker seized two databases owned and operated by The Sacramento Bee, a daily newspaper published in Sacramento, California. One of those IT assets contained California voter registration data provided by California’s Secretary of State, while the other stored contact information for subscribers to the newspaper. Upon hijacking those resources, the attacker demanded a ransom fee in exchange for regaining access to the data. The newspaper refused and deleted the databases to prevent additional attacks from leveraging them in the future.
• According to The Sacramento Bee, the hack exposed 53,000 subscribers’ information along with the personal data of 19.4 million California voters.

9) PumpUp

• 6 million records breached
• Date disclosed: May 31, 2018
• On May 31, ZDNet reported that they had been contacted by security researcher Oliver Hough in regards to a backend server he had found exposed to the Internet with no password to protect it. The server belonged to the fitness app PumpUp, and it gave anyone who came across it access to a host of sensitive customer data including user-entered health information, photos, and private messages sent between users. The exposed data also contained Facebook access tokens and, in some cases, unencrypted credit card data including card numbers, expiry dates and card verification values.
• When ZDNet reached out to PumpUp, the company did not issue a response, but it did quietly secure the server. It is unknown how long the asset had been sitting exposed.

10) Saks, Lord & Taylor

• 5 million records breached
• Date disclosed: April 3, 2018
• Near the end of March, security firm Gemini Advisory came across an announcement from the JokerStash hacking syndicate offering five million stolen credit and debit cards up for sale. With the help of various financial organizations, Gemini Advisory traced the sale back to a total system compromise of luxury department stores Saks Fifth Avenue and Lord & Taylor. Hudson Bay, the owner of both of the department stores, learned about the incident and took steps to remediate it. But that wasn’t enough for one Bernadette Beekman, who in April 2018 filed a class action lawsuit on behalf of all customers who used a payment card at Lord & Taylor stores during the breach period of March 2017 to March 2018. In her lawsuit, Beekman stated that Lord & Taylor had “failed to comply with security standards and allowed its customers’ financial information and other private information to be compromised by cutting corners on security measures that could have prevented or mitigated the security breach that occurred.”

.................................................!!!!!!!