ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Hackingandnerdism

Updated on May 15, 2015
who will shave the barber - we need better tools
who will shave the barber - we need better tools

Uncensored Version | Who will shave the barber

Who will shave the barber, is the answer that surfaced when someone asked me a question about the source and solutions related to Cyber Crime.

Note - This piece was originally written for LinkedIn. A lot of content had to be shaved off. The current article is uncensored.

The Past -

Unlike the notion that many carry, viruses were initially discovered in the telecom domain somewhere in 1960s. The objective was driven more as a passion/intellectual challenge than evil intentions. Phone hackers(also known as phreakers) would break into phone networks to make free International calls

Computers, at least initially were never meant to be used in daily lives. They were mostly targeted for "Elite Organizations". The creative minds would struggle to gain access to computers, which was mostly a shared resource. MIT had a similar hacking group, which used it as an Information sharing platform. In the month of Feb’ 76, Bill Gates became aware that a pre-market copy of the software was being circulated. He wrote an open letter to the group, noting that they could no longer continue to produce and or distribute the software without making a payment. The same year, Steve Jobs also introduced an Apple computer with similar terms.

Categories - broadly, there were two categories with loosely defined boundaries -

  1. Hacker Community - The hacker community had many elite geeks, who always took pride in making or breaking the computer programs. They would research and experiment to do things in different ways and successes were shared at a common platform. It was a hacking community for good. One of the serious after-effect of the License Raj was the fallout of hacking groups.
  2. Activists/ Anonymous - it was an activist group with a core objective of exposing wrongdoing. Julian Assange, founder of WikiLeaks is a celebrated personality and a role model for many. The targets, at least initially were random/or wherever there was a suspicion. This particular community faced the sledgehammer. A few recent events prove that a lot of rogue elements have entered in this area and number of controversies have been on the rise.

As the seriousness as well as intellectual challenges that hackers took pride in depleted, others, including some evil intentions with business objectives chipped in.

The hacking was limited to Viruses and Trojan horses, and spam, which is no longer the case.


Transitioning Snapshot

  1. Early Era – primary driven for challenge, fun, experimentation, and research
  2. Current Era – mostly driven by malicious and/or criminal intentions

Current State -

The domain is not limited to Viruses alone and has migrated to variety a of other areas including malware, identity thefts, spam, credit card frauds, web server hacking (targeting Government, military, corporate networks etc.), phishing etc. to name a few.


Why are we Here –

  1. Rat Race Called IT –Various vendors, with an intention to stay ahead in competition, continue to release software, that is not market ready and/or not thoroughly tested.
  2. Microsoft Windows – the most popular Operating System is also the most vulnerable. No one seems to have taken a serious note of what once the most popular Windows Expert Charles Petzold wrote – Windows is a complex system; putting a programming layer on top of the API doesn't eliminate the complexity it merely hides it. Sooner or later that complexity is going to jump out and bite you in the leg. A little google research would reveal everything.
  3. Whistleblowers are severely punished and the benefit of doubt goes to the mightier.
  4. The Judicial Laws in and around the Cyber Space are either not there, or still in the process of evolution.
  5. Engineering Standards – in the standard engineering lifecycle, software application is typically tested in the final phase (before the release). That said, even if someone points out a showstopper bug, it is either going to get discarded/deferred or in the worst case, the reporter will face the razor. Even if the Organization intends to address/fix the issue, production costs will multiply that will shave off the profits.
  6. Cellphone – customers buy one and before they realize, it consumes significant bandwidth/ airtime for performing various updates (without permission), and make the customers pay for it. Tracking the activities and selling the data to third party vendor etc., are only some of the activities that follow.
  7. Virus creators were initially driven by intellectual challenges and solutions, which did not lastlong. In recent times, it is rare ( but certainly reproducible) to see the security products start propagating infections, in case a subscription is not extended. Pretty much everyone (myself included) knows what goes inside a virus, and have the capacity to detect it in seconds but don’t report it due to the fear of corporate bullying. On the other hand, no one knows where to report, which Government, which Cyber/Crime Law etc.
  8. Evaluation Software Licenses also have a truth attached. There are some (not all), which start infecting the computer in case the subscription is not purchased after the expiration of evaluation period.
  9. Pre - Installed Anti Virus Software - Computers and laptops come with pre-installed with Anti Virus Software with a limited subscription period. What happens after the subscription period is over? Ever tried un - installing after the subscription period?
  10. Skill Sets - Most of the hackers, as of today are half skilled and typically referred to as script kiddies. Unfortunately, they are the most brutal. You know the famous saying-Half knowledge can be fatal.
  11. The Wireless Transition - Before one could realise, the world had already transitioned to Wireless. The early days were alarming as one would see access points in open mode all over the place including airports, shopping malls to name a few. Fortunately, not many knew about technology and an awareness drive seem to have saved enormous potential losses. We are still nowhere close to where it should be. Wireless security standards are based on deep dive specifications of IEEE. There are design issues and then there are implementation issues.The biggest lapse is process, which is reactive.
  12. Terrorist Groups - deliberately left blank
  13. Deep Web - deliberately left blank


A few References and Proofs

Here is a list of 4 incidents (worth mentioning), that I experienced as an end user -

1. I once ran into some issues and requested a friend for help. He purchased a software (accompanied with a boot disk) and could successfully clean the system. Later while handling over the software to me, he cautioned me to either –

  • Uninstall the software before the expiration date or
  • Extend the subscription well before the expiration date

The events that followed were astonishing. Yes! I neither un-installed nor extended the subscription. The result, “the software started propagating/releasing viruses”. That was my first shock and now I am acclimated to it.

2. Security CompanyXYZ (name masked) – XYZ is one of the world’s largest Security Engineering Company. It has some real geeks, and at one point, was the most celebrated and respected brand. A few recent incidents include–

Un-installation Challenges – application comes bundled with laptops/computers with a limited subscription period. If the end user is not interested in renewing the subscription, he is not allowed to un-install the application. In case the end user somehow manages to remove the application, there will be surprises waiting -

It will start infecting the system releasing the viruses. In order to validate the findings perform the following actions:

  • Go to Windows Explorer and change the settings to show all files (which is by default, disabled).
  • Install an alternate AV Scanner. Update the latest definitions, and run the scanner. Ensure that the scanner is not set to delete the infected files, as default.
  • When the infections are detected, navigate to the location and see the publisher.

3. Software Plagiarism detection Application(name masked) - with the current technology trends and web content being the king, determining the originality of content is a challenge. XYZ is one of the most popular tool that checks for plagiarism. Here are the two facts that I had to learn the hard way–

  • Using the Online version of XYZ resulted in results that rated the originality of the piece. In the background, application had stored content in its own database. At a later point, the original technical content was tampered with, even if it was original. Sometime later, before giving a go ahead for Technical Conference (where it was supposed to be presented, I ran a final check on a different tool (grammarly.com). Grammarly, being the most reputed tool flagged as a dupe/plagiarised. Conducting some research revealed that the content was posted to a commercial site, with deep links to the 1st Tool, which was originally used.
  • Out of curiosity, I made a second attempt using a relatively safer approach. I downloaded the evaluation version of XYZ from the official site and did not upgrade to a paid version. My suspicion was confirmed - The Application started releasing Trojans.

4. Mobile Phones Micromax Doodle 2 – One of the most hyped and celebrated smartphones was released with 5 Star Reviews, with the following facts -

  • The wireless functionality was broken
  • The Security License App claimed that it should be either un-installed or purchased, but did not give option to un-install. The Result - Any user, who is not familiar with Android OS would not have been able to un-install the App and could be sued anytime by the vendor.
  • The vendor’s support portal did not have contact number.
  • There was an SMS number listed, which did not work.
  • There was a contact Support Department functionality, which was broken.
  • Emails sent to their Support Department were responded with pre -configured templates. So regardless of the question asked, the answer would always be the same.
  • The electronic publishers, who had given the 5 Star Ratings were contacted but no one responded.

Recommendations

If I really knew the answer, the current post would not have been written. Regardless, there are a few recommendations from me and I am hoping to hear some from the readers

  1. Awareness drive – drive awareness through forums, media channels, or whatever means of communication available.
  2. Research - Ask Questions, perform research, whenever in doubt, check out government and or other enforcement policies that deal with cyber crime.
  3. Don’t Go There – nothing is hidden in the world of web. Anything and everything that you do over the web is public. In case you are not informed about what you are doing, don’t do it. Some examples include sharing your mail id/contact details over the sites or sharing your pictures on Facebook.
  4. Engineering Processes – there is one process improvement area that might be worth considering. Security Testing, as a standard practice, is performed at the final gate (before the production release). This, by any means is of no use except to acknowledge the level of risk involved before releasing the Product. This process, by all means should be moved to early stages of Product Engineering.
  5. General Precautions-
  • Keep the virus scanners patched with latest Security definitions. ‘On Access mode’ should always be in enabled state
  • Use higher levels of encryption modes in security settings
  • Keep the Bluetooth services hidden by default (especially if you are in public place)
  • Online Transactions - double check the URL before conducting online transactions
  • Don't open the emails that look suspicious, for example job offers,
  • Don't not keep the computer camera on in case not using it
  • Enable the safe mode in all browser settings
  • The most expensive anti virus might not be the most dependable, nor the open - source companies the least dependable. Always do some research before arriving at a conclusion
  • To ensure online privacy, use alternate browsers like Tor and alternative search engines like DuckDuckGo
  • Pre - Configured Computers and Laptops - most of the Laptops and Computers come with a pre installed version of anti virus. Check the validity of the scanner and the Licensing terms after the subscription has expired

6. Reporting - check the Judicial laws in and around cyber space. I was pleasantly surprised to see existing laws with well defined hierarchies. A few notable include - www.ic3.gov, www.bbb.org, www.consumerreports.org, www.ripoffreport.com, www.complaintsboard.com, and www.complaints.com


voice of the customer

voice of the customer
voice of the customer

LinkedIn

Reference to Linkedin - Where entire content could not be published

http://bit.ly/wwstbln

bill gates

bill gates who will shave the barber
bill gates who will shave the barber | Source

era of blue boxes and phreaking

era of blue boxes and phreaking
era of blue boxes and phreaking | Source

Steve Jobs and era of blue boxes

Phreaking and Steve Jobs
Phreaking and Steve Jobs | Source

How to Un-install by John McAfee

Awareness of Security Practices

World's first Phreaking Case

World's first Phreaking Case, which was started by none other than Steve Jobs

© 2015 Abhinav Vaid

Comments

    0 of 8192 characters used
    Post Comment

    • abhinavvaid profile imageAUTHOR

      Abhinav Vaid 

      3 years ago from India

      Thank you Monika

    • profile image

      Monika 

      3 years ago

      Useful Information and Good work Abhinav ! I ll surely recommend it to others , everyone needs to have this information while working on computer . Thanks A LOT Abhinav !!

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)