close
US

CYBER SECURITY

By Zakeriya Ali
03 February, 2023

The Internet has revolutionized industries, modes of communication, and more importantly to some extent societal norms and cultures...

CYBER SECURITY

COVER STORY

The Internet has revolutionized industries, modes of communication, and more importantly to some extent societal norms and cultures. The belief that the internet is a luxury no longer holds water; it has, in fact, become a necessary commodity, something we cannot do without. However, the catch 22 in this case is cybercrime.

The word ‘cyber’ is an adjective or prefix which means relating to or characteristic of information technology, virtual reality, and computers, and cyber age denotes the characteristic of the culture of computers, information technology, and virtual reality. Numerous social media websites and E-commerce websites usually assist us in performing and undertaking day-to-day operations.

The underlying motive of E-commerce websites is maximum customer satisfaction. This aim is achieved by devolving user-friendly interfaces that capitalise upon user-generated data, in order to maximize profits and productivity.

Ever wondered why Amazon is recommending the name of the book that you have been searching for ages on the internet? The answer is embedded in the algorithm and business model of these renowned sites.

Amazon leverages upon the data collected by the subsidiary services i.e., Alexa, an AI-influenced voice assistant app, Kindle, and its online on-demand streaming service, Amazon Prime. The data salvaged can then be used to generate content satisfying the taste buds and aptitudes of its consumers.

Facebook is currently dominating the online-business industry by implementing a trump card which goes by the name of targeted advertising. Basically, Facebook hoards the data of its consumers and that of the traffic circumnavigating and commuting through it. This data is then provided to a list of partners and vendors who wish to target a wider range of potential customers by showcasing their products.

The New York Times has reported that Facebook has provided the data of its consumers to more than 60 companies which include Microsoft and Amazon. This data can be utilised by diversified corporate entities in order to improve their services and products.

Usually, the data of the consumers is stored on servers or the cloud. The servers serve the purpose of redirecting online traffic through different websites and storage of data. These servers occupy a large swathe of areas. A database is a physical infrastructure consisting of hundreds of thousands of servers and can store the data of millions of users.

One of the most priceless and valuable assets for various social media giants, search engines and conglomerates is the data of millions of users. One has to pay a toll if s/he makes use of free-of-cost social media sites. In the past few years, Facebook has been marred by various scandals, accusations and has been involved in fiascos linked with data breaches and selling off confidential data to different companies. Facebook, of course, adamantly denies these accusations, but it is a far cry from Facebook’s official version of their side of the story. Countless whistle-blowers emerged and surfaced and publicised the malpractices committed by the higher management of Facebook Inc.

CYBER SECURITY

Sandy Parakilas, a former Facebook employee, reckons data of millions of users might have been ‘harvested’ by various corporate giants. Unfortunately, such accusations have become a new norm. In addition to this private and confidential data, phone numbers and emails were also leaked during one of the breaches, which according to the tech giant, occurred in 2019.

It seems as if Facebook is hiding under the cover of targeted advertisement and is selling the data of its millions of users over to private companies. Whatever the motive behind this malpractice is, one thing is certain: one’s identity and data can never be safe on apps like Facebook. Facebook is not unique in this matter.

Amazon, too, witnessed a barrage of accusations put forward by its consumers that their personal data was being preyed upon by Alexa voice assistant, a subsidiary product/ service offered by Amazon.

The direct messaging service provided by Twitter is not end-to-end encrypted, though its novel billionaire CEO promises to take concrete steps associated with the overall safety and encryption of the app. According to The Economist, Twitter is obliged to provide the data of shortlisted users to law enforcement agencies regardless of the grave implications this process might lead to.

CYBER SECURITY

The insecurity of Twitter’s DM service can be gauged by the fact that engineers and technicians employed with the company can view the contents of these electronic messages. A former senior Network security engineer at Twitter claimed that his colleagues went through the contents of such messages. The former data engineer dropped a bombshell when he claimed that Twitter assembled a dedicated team of engineers whose sole purpose is to examine the contents of DM and posts. In addition to this, the globe came to know about mass data breaches in 2013, through Edward Snowden.

Snowden, as you all know, is a former computer intelligence consultant who rendered useful services to the National Security Agency (NSA) of the US. The estranged professional published hundreds of highly classified documents and then fled to Russia where he sought asylum.

Snowden exposed the surveillance practices and mode of operation of the Government Communications Security Bureau (GCSB) of New Zealand. He cited that the above-stated government machinery spied on the residents residing in New Zealand.

According to Snowden, the camera and microphone of a specific smartphone can be switched on at any interval of time and the activity of a smartphone user can be monitored by the law enforcement agencies. This is a gross human rights violation and agencies like the UN must investigate this matter.

The infamous spyware Pegasus was developed by an Israeli firm and the basic premise behind its development was to counteract terrorism and other violent acts. This spyware can detect and transfer text messages, videos and photos stored in a particular electronic device.

CYBER SECURITY

Pegasus was utilised by various governments and groups to prey upon human rights activists, political opponents and journalists. Pegasus was first discovered in 2016, when a human rights activist noticed a technical anomaly in his phone and detected a failed installation attempt of the spyware.

In 2021, it emerged that the private smartphone of the then Pakistan’s premier, Imran Khan, was hacked and the same spyware was used to achieve the mission. Simultaneously, the devices of various other government officials, politicians, and leaders of various countries were also hacked. These events shed light on the overall plight of electronic device users when it comes to data encryption.

The recent unprovoked war imposed upon Ukraine by Russia opened a new portal in the field of modern-day warfare. The European and the US forces have been experimenting with tech and have been meticulously trying to integrate it with conventional mode of warfare. The Russians confounded the Ukrainian armed forces as they manipulated the modems and other hardware linked with ViaSat, an internet service provider. The Russian hackers had been preparing for this onslaught for the past few years, and they did manage to take down the internet service via a cyber attack.

Russian hackers associated with military intelligence agencies continue to pounce on the civilian infrastructure i.e., grid stations. Russian hackers launched an electronic malware Industroyer 2 in April last year and managed to inflict heavy damage upon the Ukrainian grid system.

However, the primitive nature of the electronic devices necessary for operational requirements enabled engineers to manually override the command initiated by the malware and managed to resume power four hours later. Ukrainian officials and its military, however, had buckled up for large-scale malware/cyber assaults as Russian hackers are accustomed to severely restricting the operations of powerhouses and grid stations by launching malware.

In 2016, when Russian forces annexed Crimea, Russian hackers launched a malware Industroyer, which aimed to cripple Ukrainian grid stations and power-producing units. Industroyer is synonymous with ‘crash ride’ software that can delete or override the commands articulated by built-in software and files. These so-called wiped-up commands can also be prescribed physically by an individual.

CYBER SECURITY

In 2010, Israeli developers and hackers launched a malware dubbed Stuxnet, which alienated and severely hampered the physical infrastructure present within an Iranian Nuclear reactor facility, Natanz. The centrifugal machines play a pivotal and supplementary role in the functioning of nuclear reactors and are of uttermost importance in the nuclear bomb manufacturing process. The cyberattack on the Iranian nuclear reactor was regarded as a watershed moment in the history of modern-day warfare and paved the path for Russian hackers to take down electronic and physical infrastructure situated in sovereign Ukraine.

Countries governed by despots suffer from extreme sanctions imposed upon them by the UN. To generate revenue, they indulge in illicit cyber activities. For example, ransomware launched by hackers backed by the government of North Korea eats up a moderate chunk of overall revenue accumulated by the state through actionable and questionable activities. Ransomware can be distributed by files, emails or ads and upon entering the host device, hackers can access the data present on the device.

In order to relinquish their command over the data and the contents of the affected individual, hackers demand ransom. Usually, an affected user might not be able to access his/her files, content and other apps existing on the device. Thus, Ransomwares have everlasting implications on the overall security and scrutiny of the electronic system that governs the functioning of electronic devices.

Even banking systems are not spared by the ruthless ransomware software. A ransomware attack that occurred in late 2020, forced BancoEstado, a leading commercial bank situated in Chile, to suspend its operations for an indefinite period of time.

On August 15, 2021, the official website of FBR, a monetary watchdog and tax-collecting enterprise of Pakistan, was hacked, and the data of millions of users was compromised. Though the governing body did eventually manage to regain control of its website, the damage had already been inflicted. The attack forced FBR to shut down its services for one day, and it cost the exchequer dearly.

In 2021, the website of India’s national flag carrier, Air India, was hacked and sensitive data, including credit card numbers and contact numbers, was extracted by anonymous hackers.

CYBER SECURITY

The remedies to the above-stated issues range between modest and large-scale concrete measures. As individuals, we must commit to educate ourselves regarding the hazards that the digital arena possesses. Tech giants like Facebook, Twitter, etc., should ensure minimum if not null chances and possibilities of a data breach.

As individuals, we all should be conscious of cyber activities and change passwords and login IDs in order to evade detection. One method to surpass the possibility of a social media or ID being hacked is to activate a three-step authentication mechanism.

We must educate the masses, especially the youth and toddlers, regarding the concept of ‘cyber stranger danger’. This optimistic goal can only be attained by creating a productive environment in which teenagers can share their feelings with their parents to eliminate the possibility of a teenager getting exploited by hackers and stalkers.

Our educational institutions must initiate an awareness campaign regarding the perils cyberspace potentially possesses. Our government should recruit and induct more professionals into the FIA cyber crime wing to curb criminals associated with cybercrime.

Undoubtedly, AI and the fields related with cyber security pave our future. I would like to conclude my article via this iconic quote attributed to Lincoln Steffens, ‘I have seen the future, and it works.’