Hacking & Cybersecurity

Nowadays, whenever someone talks about computer science or programming, there’s somebody who is more curious to know about how hacking works, so I decided to write an article on hacking.

By Mohsin Raza Abro

First of all, hacking doesn’t require you to write few lines of code and wait for the computer to take hours to hack something, if a password or file is encrypted, it would take millions of years for even a supercomputer to decrypt them by entering guesses.

And the passwords are encrypted on popular websites, so if the hacker gets access to the database of any website, the passwords would still be of no use because the password would look like “a3fB2n4sT41Hds124” when it actually is “123hash”.

And the websites require you to enter a password with uppercase letters, lowercase letters, and numbers so it’d be hard to guess.

 

But on the other hand, on March 21, 2019, Facebook admitted saving millions of passwords on their servers in plain text, leaving them to be read by their employees.

 

So to hack something, the hacker has to use some other ideas,

On 15 July 2020, Twitter accounts of rich personalities such as Elon Musk, Warren Buffet, Obama, were hacked and tweets were posted from their accounts such as “Send us bitcoin worth of $5,000 and get back twice as much in half an hour”. And the people who believed it lost millions of dollars worth of cash from this scam carried out by hackers. Later it turned out that the hacker actually pretended to be an employee of Twitter and told Twitter that he lost access to special privileges that he needed back. So it was not really the Computerized hack but rather a human fault.

 

So how are the websites protected from attacks? The servers are built to work with request and response method, the user sends a request to a server with any data and it’s up to the server whether to give any response or not. So you can’t really hack the server but you can authenticate yourself as an admin and you will only have as much access to the server as admin.

 

And when the website gets too complex with large functionalities, it is bound to have flaws, and that’s why the tech companies such as google hire ethical hackers, ethical hackers are paid to find loopholes or flaws on the website or software during the testing period, so when the product is ready to be launched, it has to be secured from all aspects with help of ethical hackers, because it would be a bummer for the company if somebody finds a loophole and hacks their technology.

The most commonly used method of hacking is called phishing, in which the hacker sends fake prompts to the victim imitating as usual prompts. such as a fake login form, permission to change sensitive system settings, or to install a new OS.

And if the hacker is opted out from all the options above, there is still an option left which is to crash the website by attacking it with millions of users, it is called DoS (Denial of service) attack, in which millions of computers send non-stop requests to the target website, which increases the traffic on the website and results in server’s CPUs and bandwidths to exceed their use limits and which eventually results to crash or lag the website, but the hackers don’t have millions of computers to perform the DoS attack, so the hackers create malware and attach it on several websites and emails, so if the user clicks on them, the malware automatically gets installed on the victim’s computer, without letting the user even know about it. Later this malware is used to perform DDoS (Distributed Denial of Service) attacks.

 

This method was also performed by the hacker group called Anonymous on PayPal and cost PayPal £3.5 million pounds.

Leave a Reply

Your email address will not be published. Required fields are marked *