You are to write a technical report investigating a specific topic area related to “computer hackingâ€Â. In doing this work, it is very important that you adhere to ethical norms and that you do not in any way use any software illegally or inappropriately.
Below is a list of broad topics to choose from, although you may choose your own topic (subject to approval by the tutor):
- Ethical, Professional and Legal Issues in Hacking
- Reconnaissance and Intelligence Gathering Methods
- Software/Hardware Tools used in Hacking
- Practical Hacking Methods and Techniques
- Phishing and Social Engineering Techniques in Hacking
- Hacking into the Cloud Systems
- Hacking into Mobile Devices
- Anti-Hacking Techniques and Tools
Aims/Objectives of the Report
Today several cases of computer or mobile hacking are encountered by users. The harmful activities of hackers are increasing continuously and they use different ways to access sensitive information from mobiles, computers and networks. There are various hacking issues faced by IT users. This way of hacking is unethical and illegal because it is about accessing information of someone without permission to make his/her loss of personal or financial information. But if hacking is done in legal and ethical way and with permission of an individual or organization for their help and to get prevention from cyber-attacks then that will be ethical hacking. There are some cases exist where ethical hacking is done. Here in this report we will discuss about an incident of ethical hacking i.e. “Hacking into Mobile Devices”. To perform ethical hacking, it is important for security professionals to know how to remove their information gaps in hacking and how devices, data and users can be protected from hacking attacks. Today every individual is using mobile devices to perform different activities such as communication, information sharing, image capturing, for playing games and for another personal or business purposes. In large business organizations mobile devices are also used to perform various business activities. With the increment in usage of mobile devices, our most sensitive transactions such as emails, banking and social media are used by these devices. High security of mobile networks is the first priority of mobile devices developers, but still issues of hacking of mobile devices are encountered by its users. The reason for this is unique set of vulnerabilities that are using by mobile devices in form of our transactions and hackers are ready to steal information from these transactions. Unfortunately, development of mobile devices is an upbringing ground for cyber attackers. Therefore, security professionals need to be ready to perform their actions by executing ethical hacking. Here we have an incident where ethical hacking is done by security professionals to identify hackers’ hacking activities in mobile devices. This incident is about “Ransomware Attack at University of Calgary”
- This report is made to identify that how hacking of mobile devices can be ethical and how it can be implemented by security professionals.
- Another aim is to discuss that how GDPR impacts on Ethical Hacking.
The main problem found while investigation of ethical hacking was lack of availability of accurate information resources according to topic of “Hacking of Mobile Devices”. It was not easy to find an appropriate case of ethical hacking among given resources of information because it is generally not a common topic to discuss.
As we have selected topic of “Hacking into Mobile Devices”, so here in this segment we will represent hacking into mobile devices through a diagram to understand how hacking can be implemented by hackers.
Figure: Hacking of Mobile Devices
From above diagram, it is cleared that how a mobile device has influenced with host and network attacks that are implemented by hackers. As we know mobile devices are connected with networks and hosts for transferring data. So if these hosts and networks will be infected or hacked by hackers then mobile devices will automatically be affected. It is a sophisticated way used by hackers to hack mobile devices by hacking their hosts. Further, if mobile is connected with any corporate network or cloud platform then it will put bad influence on all users who are connected with cloud platform as shown in diagram. The identification about hacking of mobile device can be analyzed, if any kind of data breach or data loss will find into database.
Problems of Investigation of Ethical Hacking
The hacking attack in University of Calgary was conducted on its laptops and computer systems and forced to pay $20,000 by attackers. According to Vice President of Finance and Services in University, this computer hacking attack did not indicate that any personal data was released to the public. The Vice President also said that university officials were ready to pay to ransom with assurance that systems will be restored (Ico.org.uk, 2017). This hacking attack on mobile devices such as laptops and computer systems was so harmful and it was difficult for university to find that it was conducted by an individual or a group and what was type of this hacking attack.
After critical evaluation on attack of University of Caligary, it is found that it was a ransomware attack, so it is cleared that here software of ransom virus is used by hackers in computing environment of University of Calgary (WhatIs.com, 2017). Ransomware is a malware which is used for data kidnapping. It is also an exploit in which attacker try to encrypt the data of victims and to provide decrypt key for that data they demand for payment. The attackers spread ransomware into mobile devices by using email attachments and infected programs. (Trendmicro.com, 2017). This was really a vulnerable hacking case faced by University of Calgary and pay to hackers $20,000 to restore data was also not the accurate decision. Therefore, to handle this problem, security professionals of University of Calgary implemented ethical hacking to penetrate ransomeware attack. In this process of ethical hacking, security experts of University of Calgary, used technique of social engineering. They sent emails from their account on email ids from which they got vulnerable messages with ransomeware. These emails included personal information of employees and other essential information about a business organization. It was done to attract hackers toward sensitive data and to get their new email address. In this way, they have used their accounts for implementing ethical hacking to identify hackers (Usa.kaspersky.com, 2017).
To perform ethical hacking in case of Ransomware attack, social engineering and email spoofing techniques are used to resolve issue of information hacking (Tutorialspoint.com, 2017).
GDRP is a regulation which is used by European Parliament, European Council and European Commission to unite and to increase strength of protection of data for all individuals within the European Union. With the increment in computer hacking cases, it is necessary to follow strict security regulations by IT users. Under General Data Protection Regulation, principles of data protection are set out. These principles are listed as below (Myers and Myers, 2017):
- According to first principle of GDRP, data shall be processed in lawful, transparent and fair way in relation to individuals (Augustin, 2017).
- In another principle of GDRP, data shall be relevant, adequate and limited to important things that are required for their purpose of which they are processed (Definitions and Hope, 2017).
- Next principle of GDRP defines that data shall be accurate and must be kept up to date where necessary. Besides this, every reasonable step should be taken to ensure that inaccurate personal data is rectified or erased from system (HIPAA Journal, 2017).
- This principle of GDRP defines that surety about appropriate security of data is necessary and it should include protection against unauthorized data, its accidental loss and destruction. Besides this, according to this principle of GDRP appropriate technical or organization measures of data are necessary (Lynda.com, 2017).
- In principle of GDRP it is also defined that data shall be collected for specified and legitimate purposes. This is required to reduce non-specific collection of data for incomplete purposes (Capgemini Consulting United Kingdom, 2017).
As we understand from GDRP principles that data that belongs to business, customers, and employees in organizations or to any other entity must be kept secure. From collection of data to use of data, its security and privacy is necessary. Data collection, storage, processing, upgrading and execution are all important processes and during these processes hackers always try to attack. GDRP provides effective regulations for security of data at every essential point. So if these principles will be followed by users then it can be ensured that chances of hacking can be reduced. But if we talk about ethical hacking, then it GDRP defines that ethical hacking must be done according to cyber laws and ethics and with permission of owner of data. Like hacking, also in ethical hacking data protection rules of GDRP are required to follow. As we know that hackers always try to identify weak point of security of data so that they can easily steal that data from storage device. But if data will be securely access and store then hacking issues will be controlled. The main objective of General Data Protection Regulations (GDRP) is extend EU data protection law to any organization in or outside EU.
Conclusion and Further Work
We have discussed in this report that at what extent issues of computer hacking have been increasing and it has become so important to control these issues. Ethical hacking plays an important role to control hacking. In this, security professionals have to take bad actions for doing well. Like, incident of ransomware malware in University of Calgary, various other incidents are also encountered. But all these issues can be controlled easily if proper security will be maintained by security professionals and appropriate actions will be taken by them periodically. (Ico.org.uk, 2017). In future, advancement in security tools will be seen and security experts are doing efforts to provide more advanced security techniques to control vulnerable data security attacks. These security tools will be Windows Defender, Mitigation Experience Toolkit, SUPERAntiSpyware and Anti-Hacker etc.
References
Ico.org.uk. (2017). Principles. [online] Available at: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/ [Accessed 28 Apr. 2017].
Capgemini Capgemini Consulting United Kingdom. (2017). The impact of the EU General Data Protection Regulation on the financial services industry in relation to customer consent | Blog post. [online] Available at: https://www.uk.capgemini-consulting.com/blog/retail-banking/2017/03/the-impact-of-the-eu-general-data-protection-regulation-on-the-financial [Accessed 28 Apr. 2017].
Myers, L. and Myers, L. (2017). 11 things you can do to protect against ransomware, including Cryptolocker. [online] WeLiveSecurity. Available at: https://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/ [Accessed 28 Apr. 2017].
Ico.org.uk. (2017). Principles. [online] Available at: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/ [Accessed 28 Apr. 2017].
Augustin, L. (2017). General Data Protection Regulation: How will it impact the UK?. [online] IT Pro Portal. Available at: https://www.itproportal.com/features/general-data-protection-regulation-how-will-it-impact-the-uk/ [Accessed 28 Apr. 2017].
WhatIs.com. (2017). What is ransomware? - Definition from WhatIs.com. [online] Available at: https://whatis.techtarget.com/definition/ransomware-cryptovirus-cryptotrojan-or-cryptoworm [Accessed 28 Apr. 2017].
Usa.kaspersky.com. (2017). Ransomware & Cyber Blackmail. [online] Available at: https://usa.kaspersky.com/resource-center/threats/ransomware [Accessed 28 Apr. 2017].
Trendmicro.com. (2017). Ransomware Attack on University of Calgary Forces $20,000 Payment - Security News - Trend Micro USA. [online] Available at: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-attack-on-university-of-calgary-forces-20000-payment [Accessed 28 Apr. 2017].
HIPAA Journal. (2017). Ransomware on Mobile Devices. [online] Available at: https://www.hipaajournal.com/ransomware-mobile-devices/ [Accessed 28 Apr. 2017].
Lynda.com. (2017). Ethical Hacking: Mobile Devices and Platforms. [online] Available at: https://www.lynda.com/Android-tutorials/Ethical-Hacking-Mobile-Devices-Platforms/512725-2.html [Accessed 28 Apr. 2017].
Tutorialspoint.com. (2017). Ethical Hacking Email Hijacking. [online] Available at: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_email_hijacking.htm [Accessed 4 May 2017].
Definitions, E. and Hope, C. (2017). What is ethical hacking and an ethical hacker?. [online] Computerhope.com. Available at: https://www.computerhope.com/jargon/e/ethihack.htm [Accessed 4 May 2017].
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Ethical Hacking Essay: Mobile Device Intrusion.. Retrieved from https://myassignmenthelp.com/free-samples/cc6051-ethical-hacking/tools-and-techniques.html.
"Ethical Hacking Essay: Mobile Device Intrusion.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/cc6051-ethical-hacking/tools-and-techniques.html.
My Assignment Help (2021) Ethical Hacking Essay: Mobile Device Intrusion. [Online]. Available from: https://myassignmenthelp.com/free-samples/cc6051-ethical-hacking/tools-and-techniques.html
[Accessed 19 August 2024].
My Assignment Help. 'Ethical Hacking Essay: Mobile Device Intrusion.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/cc6051-ethical-hacking/tools-and-techniques.html> accessed 19 August 2024.
My Assignment Help. Ethical Hacking Essay: Mobile Device Intrusion. [Internet]. My Assignment Help. 2021 [cited 19 August 2024]. Available from: https://myassignmenthelp.com/free-samples/cc6051-ethical-hacking/tools-and-techniques.html.