Hacking still common despite measures

INTRUDER alert.

Recently, websites of some government agencies, including that of the Metropolitan Waterworks and Sewerage System (MWSS), Philippine Anti-Piracy Team, Department of Interior and Local Government (DILG), National Telecommunications Commission (NTC), and Intellectual Property Office of the Philippines, were defaced by a group of hackers calling themselves “Anonymous Philippines.” They said it was a form of protest against the Cybercrime Prevention Act of 2012.

Despite strict security measures, the hackers were still able to penetrate government websites by redirecting viewers to a black webpage expressing their objection of the new law. The spread of this propaganda in the form of hacking alarmed not only government officials, but also the Filipinos online or netizens.

Hacking is the illegal act of gaining access and tampering with information in a computer system or a network, said Mike Victorio, a Cisco-certified academy instructor from the Department of Information and Computer Studies of the Faculty of Engineering.

“Computer experts hack a system to get information about a particular person, manipulate and change [stolen] data, and for revenge,” Victorio told the Varsitarian.

Usually, hackers use social engineering in the Internet to infiltrate a secured system.

Victorio emphasized that in social engineering, the hacker does not interact with the victims face-to-face. Instead, Internet is utilized to infiltrate a network and access sensitive and confidential information by exploiting basic human nature like trust, fear, and desire to help.

“An example is an employee might unknowingly give away some private information about himself through e-mail or over a phone conversation to someone he doesn’t even know,” he said.

You’ve been hacked!

In hacking computer systems, the attacker gathers all necessary network information about its victim, like the Internet protocol address that serves as the “home address” of a computer user, the Internet service providers, or even the domain name of the target’s website.

Victorio said the hacker then starts to manipulate the users to gain access to their system through the use of social engineering, where the victim incautiously gives away his or her username and password.

“Once the hacker had gained access to the network, he escalates his privileges by loading software or programs that could gather other confidential usernames and passwords,” he said. “The hacker [then] installs a backdoor that can be used in getting inside and outside the network.”

A backdoor is a program used by hackers in order to access a victim’s computer every time he or she logs on to the Internet, the common example of which is a Trojan horse.

Victorio added that once the attacker has successfully installed a backdoor, the victim’s system starts to become vulnerable to computer viruses and worms which eventually steal and damage important files.

“Hackers are the ones behind the creation of computer viruses because they are knowledgeable in how a computer system works and how networks work. They make these threats to corrupt the system’s integrity,” he said.

That was what Onel de Guzman, a Filipino computer programmer, did as he authored a record-breaking virus which originated from the Philippines and reached the United States and Europe in 2000. The virus he allegedly created, called “ILOVEYOU” or “Love Letter,” is a computer worm which had spread through e-mail that bore a file attachment “LOVE-LETTER-FOR-YOU.txt.vbs.”

Opening the attachment allowed the worm to be activated, copied, and sent to the first 50 contacts registered in the Windows Address Book to infect other computers. The virus had also the capability to steal and transport important passwords to the hacker. The rapid spread of this computer virus triggered The Pentagon, Central Intelligence Agency, the British Parliament, and several foreign and local corporations to close their e-mail systems for security purposes. The infamous worm also caused a 5.5-billion US dollar worth of damages worldwide.

Although several people are knowledgeable about these suspicious viruses and worms, Victorio said the use of e-mail for cyber theft is still very common.

“Answering e-mail messages that ask for your credit card information increases the risks of being hacked,” he said.

Ethical hacking

Although hacking creates a negative notion to most people, Victorio said such activity could still be used in a positive way in the form of ethical hacking.

With ethical hacking, a company’s system can be strengthened by improving its security against illegal intruders.

“Hacking can be used to check the vulnerabilities and flaws of a company’s network,” he said. “Nowadays, companies hire people who check the company’s network security in order to see its weakness and give them proposals and recommendations on how to make it more secure.”

Victorio added that the topic about ethical hacking is incorporated in the curriculum of Information Technology students in Engineering.

According to an article of TechTarget.com, an American Information Technology-related firm, ethical hacking is an act wherein an ethical hacker “attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.”

“Ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them,” the article stated.

Usually, a computer is protected by default through a firewall while antivirus software can be installed in the system to reinforce the security.

“A firewall could either be a hardware or software program serving asthe first line of defense of a computer system or networks by blocking unregistered users and packets of information,” said Victorio, adding that the firewall software installed in the operating system should always be turned on.

Sebastian Raymund Mendoza, officer in charge of the Santo Tomas e-Service Providers (STePS), said the University also uses a firewall to protect its network.

Mendoza added that aside from facilitating the network system, STePS also check for any malicious activities perpetrated by a user who tries to gain access and breach the University’s network security.

“[STePS] serve as security guards who overseer and regulate the users accessing the network,” he said.

However, Mendoza emphasized that although a strong firewall and an antivirus software serve as efficient tools in guarding one’s system, there is still no guarantee of being safe from any hacking attacks.

“No network is 100 percent secured. Everyone could be vulnerable to attacks. Security depends on the user implements it,” Mendoza said.

Since social networking sites serve as tools for gathering one’s personal information, Victorio said users should be mindful of the information they input in these websites.

“If possible, you should not disclose all the information about yourself, like your full birthdate and personal address, for these could serve as means of stealing private information like passwords,” he said.

He added that in creating passwords, users should avoid dictionary words.

“Use a combination of small and capital letters, numbers, and special characters to strengthen the security in your personal accounts,” Victorio said. Giuliani Renz G. Paas