Major cyber attacks in the last five days have left millions of computer users vulnerable to spam and cyber theft. To add to the growing list of hacks during the last week, three large platforms — Apple’s Developer site, Ubuntu’s forum & Nasdaq’s community forum– has been hacked, pointing to a serious setback to the “good guys,” in the battle between black hat hackers and their counterparts who are trying to secure the Internet.
Apple Inc reported an attack on its developer site on Thursday, as it prepares a major software upgrade to its mobile & desktop operating system.
In a much publicized attack on Friday, the Syrian Electronic Army hacked Truecaller, a collaborative phone directory, exposing millions of phone records. In less than 24 hours, The Syrian Electronic Army struck again. The group hacked the website of Tango, an instant messaging platform with millions of Internet records. The group also said that the hack on the instant messaging platform was carried out through a vulnerability caused due to an outdated WordPress installation. This was the same vulnerability that they said they used to exploit the Truecaller databases.
Reuters reported on Thursday that cyber criminals broke into Nasdaq’s community forum and accessed email usernames and passwords of the members of the site. It took two days to come back online, the report said.
Hacks have been reported from other parts of the world as well. For instance, the Central Bank of Kenya (CBK) was hacked on Sunday night, reportedly by hackers from Gaza. Recently a group which calls itself ReZk2LL defaced Kerala’s Kochi metro rail limited website and posted messages against Israel, calling the country a Nazi state par excellence.
Who’s behind this?
The Ubuntu Forums Database was hacked and redirected to that of an image with a twitter handle ‘@Spuntn1k_’ with a message below which read
None of this “y3w g0t haxd by albani4 c3bir 4rmy” stuff. Straight up, you dun goofed. It’s as simple as that”.
The pro-democracy hacking group ‘Syrian Electronic Army’, who had claimed to have hacked Truecaller a couple of days back, is the same group behind the attack on instant messaging platform ‘Tango’.
The Central Bank of Kenya was hacked by the Gaza hacker Team.
What’s going on?
Many of these hacker/hacktivist groups seem to be politically motivated and sometimes aligned with Anonymous. According to a post on Cryptome by a former LulzSec Member, contrary to popular belief most of these groups don’t seem to be coordinated with each other inspite of having similar goals. They also seem to originate from areas facing border and political conflicts, like Palestine, Syria and Lebanon. India V/S Pakistan hack attacks are a routine affair.
The infamous Anons, members of the global Anonymous hacktivist group, mainly oppose Internet censorship and control. Their main targets are governments, organizations, and corporations that support Internet censorship and control agendas.
Ways Users Can Stay Safe Online
Use difficult passwords for accounts and not obvious ones like ‘Date of Birth’. Try to use a mix of alphanumeric and special characters. A password in a native language (say Hindi, is very hard to crack)
The longer the password, the safer it is.
Avoid using the same password for multiple accounts, that way your vulnerability reduces even if one of the accounts is hacked.
Periodically change passwords.
If you have too many password and find it difficult to remember, use a third party password manager like LastPass.
If you are a Firefox browser user, you can encrypt and password-protect your logins using a master password. Many other browsers also support similar functions.
- Always try and backup vital information like contacts and emails. You can do this by exporting your contacts and other information to your local drive periodically.
- A lot of companies also provide safe online backup solutions for your data, directly from your computers.
- On mobile devices you can use backup services, like G cloud for Android or iCloud for iOS, to make periodic backups of your data to the cloud.
Try and opt for the 2-Step-Verification service, provided by most online services nowadays. Once enabled, the process requires the input of a one-time-password (OTP) or a verification code to make account changes like a password reset. This authentication option can usually be found in the ‘Security settings’ menu of your account.
This way you are alerted and intimated via your e-mail account or mobile device, in case of a password reset or e-mail change attempt. Google, Facebook, Microsoft, Dropbox etc are some of the popular services which provide this authentication process.
Recommended Read: Staying Anonymous Online: Screw You CMS, PRISM