Blog No.1 Hackers and Viruses

Posted by John Rey Estorgio on

Who is Mafiaboy? What crime did he commit?

  • Michael Calce (born 1986, also known as MafiaBoy) is a high school student from Île Bizard, Quebec, who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites,  including Yahoo!, Fifa.com, Amazon.com, Dell,Inc., E*TRADE, eBay, and CNN.He also launched a series of  failed simultaneous attacks against nine of the thirteen root name servers. On February 7, 2000, Calce targeted Yahoo! with a project he named Rivolta, meaning “riot” in Italian. Rivolta was a denial-of-service attack in which servers become overloaded with different types of  communications to the point where they become unresponsive to commands. At the time, Yahoo! was a multi billion-dollar web company and the top search engine. Mafiaboy’s Rivolta managed to shut down Yahoo!  for almost an hour. Calce’s goal was, according to him, to establish dominance for himself and TNT,  his cyber group, in the cyber world. Buy.com was shut down in response. Calce responded to this in turn by bringing down eBay, CNN, and Amazon via DDoS over the next week. Calce attempted  but was unsuccessful in bringing down Dell during this DDoS attack.

https://en.wikipedia.org/wiki/MafiaBoy

How did Mafiaboy performed the attack?

  • Calce claimed that the attacks had been launched unwittingly,after inputting known addresses in a security tool he had downloaded from a repository on the now defunct file-sharing platform Hotline, developed by Hotline Communication. Calce would then have left for school, forgetting the application which continued the attacks during most of the day. Upon coming home Calce says that he found his computer crashed, and restarted it unaware of what had gone on during the day. Calce claimed when he overheard the news and recognized the companies mentioned being those he had inputted earlier in the day that he had started to understand what might have happened.

https://en.wikipedia.org/wiki/MafiaBoy

Who is Onel de Guzman? What crime did he commit?

  • Onel De Guzman is a former student of AMA Computer College, he is the creator of ILOVEYOU Virus also referred as Love Bug or Love Letter. ILOVEYOU Virus was a computer worm that attacked tens of millions of Windows personal computers.

https://en.wikipedia.org/wiki/ILOVEYOU

How did iloveyou virus spread throughout the world? How much was the damage?

  • TheI loveyou virus, was a computer worm originating in the Philippines, which began infecting computers on May 5, 2000. It spread by e-mail, arriving with the subject line “ILOVEYOU” and an attachment,”LOVE-LETTER-FOR-YOU.txt.vbs”. If the attachment was opened, a Visual Basic script was executed, and the computer was infected. Many recipients were fooled because Microsoft Windows concealed the extension of the file, and it was mistaken as a simple text file. Once executed, the script then e-mailed itself to everyone in the victim’s contact list, edited the Windows Registry to  execute the worm at startup, and replaced the data in many computer files, including JPEG images and Word documents, with copies of itself. This virus affected more than 500,000 systems in 2000 and produced over $15 billion in damages,  including $5.5 billion in the first week alone.

https://www.computerhope.com/vinfo/iloveyou.htm

Who is the suspect behind hacking the COMELEC website in 2016?

The suspect behind hacking the Comelec Website in 2016 is Paul Biteng a Fresh graduate from AMA college, a 23-year-old information technology graduate admitted that he hacked the Commission on Elections (Comelec) website, leading to the biggest leak of personal data in Philippine history.

https://www.rappler.com/nation/politics/elections/2016/130252-suspected-hacker-comelec-website-nabbed
https://newsinfo.inquirer.net/780822/comelec-hacker-arrested-asks-nbi-chief-for-a-selfie

What was the reason behind hacking? (From question no.5)

  • The reason behind the hacking of comelec  website is that hacker Jonel De Asis wants to make sure that all security features are enforced by the Comelec.

http://cnnphilippines.com/news/2016/04/29/Comelec-hacker-data-leak.html

What are the possible and most dangerous effects of Computer Viruses in computer system and websites?

  • A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be “infected”with a computer virus. A virus can destroy/delete or corrupt data e.g. those on specific applications such as all Excel files or all word files e.g.  Sircam worm deletes data. Display irritating message,or otherwise disrupt computer operations. Most viruses stay in your PC’s memory where they can cause problems by interfering with other software you are trying to run. Disable hardware, making the computer unusable. It can perform dangerous operations like formatting the hard disk. It consumes the disk space,memory and wastes the processor time. Once you have a virus, it is very likely that you will pass it on to a colleague or a customer, who may well lose confidence in you and your company.

https://en.wikipedia.org/wiki/Computer_virus

What is the difference between a hacker and a cracker?

  • hacker is aperson intensely interested in the arcane and recondite workings of anycomputer operating system. Hackers are most often programmers. As such, hackersobtain advanced knowledge of operating systems and programming languages. Theymight discover holes within systems and the reasons for such holes. Hackersconstantly seek further knowledge, freely share what they have discovered, andnever intentionally damage data.
  • cracker is onewho breaks into or otherwise violates the system integrity of remote machineswith malicious intent. Having gained unauthorized access, crackers destroyvital data, deny legitimate users service, or cause problems for their targets.Crackers can easily be identified because their actions are malicious.

https://searchenterprisedesktop.techtarget.com/tip/The-difference-between-hackers-and-crackers

Differentiate computer virus from a worm.

  • Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate

https://www.cisco.com/c/en/us/about/security-center/virus-differences.html

How can a system or website be protected against computer malware and hacking?

  • There are some ways to protect and remove malware from our computer but sometimes this is not enough to ensure your computer is secure all the time. The more layers of defense, the harder  for hacker to use your computer . Here are some critical steps to protect our computer and specially our personal information.
  • Keep your software updated. It’s crucial that you keep your operating system, general applications, anti-malware and website security programs updated with the latest patches and definitions. If your website is hosted by a third-party, make sure your host is reputable and keeps their software up-to-date as well.
  • Protect against cross-site scripting (XSS) attacks. Hackers can steal credentials and login cookies from users when they opt-in or register by introducing malicious JavaScript into your coding. Install firewalls and protections against injections of active JavaScript into your pages.
  • Protect against SQL attacks. In order to defend against hackers that inject rogue code into your site, you must always use parameterized queries and avoid standard Transact SQL.
  • Double validation of data. Protect your subscribers by requiring both browser and server-side validation. A double validation process will help block insertion of malicious scripts through form fields that accept data.
  • Don’t allow file uploads on your website. Some businesses require users to upload files or images to their server. This presents significant security risks as hackers can upload malicious content that will compromise your website. Remove executable permissions for files and find another way for users to share information and image.
  • Maintain a robust firewall. Use a robust firewall and restrict outside access only to ports 80 and 443.
  • Maintain a separate database server. Keep separate servers for your data and webservers to better protect your digital assets.
  • Implement a Secure Sockets Layer (SSL) protocol. Always purchase an SSL certificate that will maintain a trusted environment. SSL certificates create a foundation of trust by establishing a secure and encrypted connection for your website. This will protect your site from fraudulent servers.
  • Establish a password policy. Implement rigorous password policies and ensure they are followed. Educate all users on the importance of strong passwords. In essence, require that all passwords meet these standards:
    • Length is at least 8 characters
    • At least one capital letter, one numeral and one special character
    • Do not use words that can be found in the dictionary
    • The longer the password, the stronger the website security.
  • Use website security tools. Website security tools are essential for internet security. There are many options, both free and paid. In addition to software, there are also Software-as-a-Service (SaaS) models that offer comprehensive website security tools.
  • Create a data breach response plan. Sometimes security systems are breached despite the best attempts at protection. If that occurs, you will need to implement a response plan that includes audit logs, server backups and contact information for your IT support personnel.
  • Set up a backend activity log system. In order to trace the point of entry for a malware incident, ensure you are tracking and logging pertinent data, such as login attempts, page updates, coding changes and plugin updates and installations.
  • Maintain a fail-safe backup plan. Your data should be backed up regularly, depending on how frequently it is updated. Ideally daily, weekly and monthly backups are available. Create a disaster recovery plan appropriate for your business type and size. Make sure you save a copy of your backup locally and offsite (many good cloud based solutions are available), enabling you to rapidly retrieve an unaltered version of your data.
  • Train your personnel. It is imperative that everyone is trained on the policies and procedures your company has developed in order to keep your website and data safe and prevent cyber-attacks. It only takes one employee clicking on a malicious file to create the opportunity for a breach. Ensure everyone understands the response plan and has a copy of it which is easily accessible.
  • Make sure your partners and vendors are secure. Your business may share data and access with many partners and vendors. This is another potential source of breach. Make sure your partners and vendors follow your web security best practices, to help protect your website and data. This can be done using your own audit process, or you can subscribe to software security companies which offer this service.

https://www.marshmma.com/blog/15-best-practices-to-protect-your-website-from-malware-and-cyber-hacking

Leave a comment