The Nation Newspaper

Tag: Hackers

  • Hackers turn online dating Casanovas

    Hackers turn online dating Casanovas

    As more users take to online dating apps to find their soul mates, hackers are also taking advantage of the trend to target the unsuspecting suitors.

    Kaspersky Lab researchers discovered a range of vulnerabilities contained in popular dating apps which have the potential to result in various negative consequences for users: from simply identifying a particular person, to unsecured data transmissions and the leaking of personal information.

    Dating apps are becoming more popular all over the world. According to the latest report titled: Dangerous Liaisons: Is Everyone Doing it Online?, as many as one-in-three people globally are using an online dating service.

    But these popular apps have been challenged by authentication flaw. According to Kaspersky, a common security risk present in several applications is related to the token-based authentication method which is used by dating apps for new registration and sign-up processes.

    It explains that a token is created on request by a server in order to uniquely identify the user and usually asks for access to a Facebook account. It then provides access to general user information, including first and last names, the user’s e-mail address and their profile picture. By using this method, applications receive all the necessary data to enable them to authenticate the user on its servers.

    However, based on the research, tokens are often stored or used insecurely and, therefore, can be easily stolen, says Kaspersky. As a result, intruders are able to gain temporary access to victims’ accounts even without their login and password details.

    Following this vulnerability with insecure token storage, users may also face another threat related to the safety of message histories which are stored on the device and can be accessed and read by intruders, the firm adds.

    “Our research demonstrates that users of dating apps should care very much about cyber security, because many such services are not protected against several different kinds of attacks.

    “Besides this, users are putting themselves at risk by sharing sensitive personal information in their profiles, such as their place of education and work. Armed with this information, intruders can easily find victims’ real accounts on Facebook and LinkedIn networks. It also opens possibilities for stalking – to harass users and track their movements in real life,” a security expert at Kaspersky, Roman Unuchek, said.

     

  • Hackers ‘steal’ Lagos Speaker’s N9.1m

    •Suspects charged with theft, fraud

    Lagos State House of Assembly Speaker Mudashiru Obasa has been duped of N9.188,100 by three men who allegedly hacked his facebook account through which they got his bank details.

    Frank Nwokobia, 27, Ezeoke Kanayochukwu, 25, and Godwin Essien, 28, were arraigned yesterday before Justice Chuka Obiozor, for the offence.

    They are been prosecuted by the State Criminal Investigation and Intelligence Department (SCIID), Panti Yaba, on a five-count charge of conspiracy, impersonation, identity theft and fraud.

    According to the prosecutor William Olu Ologun, the defendants, sometime in May, hacked Obasa’s Facebook account and retrieved information with which they withdrew N9.1million from his Guaranty Trust Bank (GTB) account.

    Ologun said following Obasa’s complaint, the defendants were arrested by the police in Delta State.

    According to him, they confessed to the crime.

    The offences, he added, were contrary to Sections 27(1)(b) and 22(2)(b)(ii) of the Cybercrimes Prohibition  and Prevention Act, 2015.

    The defendants pleaded not guilty.

    Their lawyer, Ali Abba, applied for their bail “on liberal terms.”

    Ali said they had sureties, adding that they would always be available for their trial.

    Justice Obiozor granted them N5million bail with one surety each in the like sum.

    The sureties must be recommended by the defendants’ lawyer; must reside in Lagos; own landed property and be tax compliant.

    Justice Obiozor ordered that they be remanded in Ikoyi Prison, pending the perfection of their bail conditions.

  • Hacking competition: Cyber security firm earmarks N450,000

    Hacking competition: Cyber security firm earmarks N450,000

    The Executive Chairman of Consultancy Support Services (CS2) Ltd, Mr Abdul-Hakeem Ajijola has said that the company earmarked N450,000 for top cyberspace hackers.

    Ajijola told newsmen in Lagos on Tuesday that the firm had put up a hacking competition in search of top hackers.

    He said that the winner would be given a cash prize of N200,000; the second position would get N150,000, while the third position would be N100,000.

    The cyber security expert said that applications for the competition opened on April 10, 2017 and would close on April 21, 2017.

    According to him, the “HackBossNigeria” is a hacking competition aimed at identifying and encouraging young Nigerians with skills and abilities to protect our cyberspace.

    “The competition is designed to raise awareness of cyber security education and ethics in forensics, system hacking, mobile troubleshooting, network configuration and reporting.

    “It is for those who work with technology, mobile devices, phones, tablets, computers and networks. It is for those who have cyber security related qualifications or certifications or believe that they have the talent and skills to win.

    “Females are encouraged to apply to take part in the HackBossNigeria 2017 Hacking Competition,” he said.

    Ajijola said that shortlisted participants would be invited to Abuja on April 28 through April 29, 2017 for the final and physical phase of the competition.

    He said that shortlisted participants would get noticed by potential employers and there would be the opportunity to build networks by meeting and engaging with like-minded individuals.

  • North Korea hackers attack banks in 18 countries

    North Korea hackers attack banks in 18 countries

    A report from a Russian online cyber security firm, Kaspersky, has observed that North Korean hackers are allegedly attacking banks in 18 countries, including Nigeria.

    The organisation noted in its report that this could be regarded as the biggest bank heists in world history.

    Banks and security researchers have previously identified four similar cyber-heists attempt on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam.

    But researchers at Kaspersky now say the same hacking operation — known as “Lazarus” — also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.

    This report is coming after more than a year-long investigation into the activity of “Lazarus”, the hacking group allegedly responsible for the theft of $81 million in US currency from the Central Bank of Bangladesh last year.

    The suggestion that North Korea could have been behind the attack, or at least involved, has added to concerns that the Hermit Kingdom is becoming bolder in its cyber attacks against global financial institutions.

    According to CNN, North Korea’s mysterious Lazarus hacking operation has been blamed for several large international cyber attacks in recent years. The hackers can be traced back to North Korea, according to Kaspersky researchers.To hide their location, hackers typically launch cyber attacks from computer servers far from home.

    According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.

    “North Korea is a very important part of this equation,” said Vitaly Kamluk, who leads Kaspersky’s Asia-Pacific research team.

    The North Korean government has reportedly denied allegations of the hack.

    Kaspersky Lab itself has said despite the evidence of the North Korean IP address, that “is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation.”

    When contacted, Central Bank of Nigeria (CBN) Acting Director, Corporate Communications, Isaac Okorafor, said the regulator was not aware of any such occurrence.

    “We have not had anything like that in Nigeria. I am not aware of any such attacks on Nigerian banks,” he said.

  • Hunting hackers in cyber space

    Hunting hackers in cyber space

    With increased affordability of smartphones and data, the internet has become a global phenomenon, transforming business and man’s way of live. Behind the façade of transformation is the threat posed by cyber crooks, who operate in the deep web. Their stock in trade is system hacking for profit. Assistant Editor Lucas Ajanaku asks how are they traced after unleashing their attacks on the cyber space?

    When a cyberattack occurs, ethical hackers are called in to be digital detectives. In a certain sense, they are like regular police detectives on the television.

    They have to search computer systems to find out how an intruder might have come in. Perhaps, a digital door or window was left unlocked.

    The ethical hackers look for the evidence of what an attacker used for entry, like an electronic footprint in the dirt. And they try to determine what might have been copied or taken.

    Director of Innovation, Entrepreneurship, and Engagement, University of Maryland, United States (US), Timothy Summers, in  The Conversation,  said understanding this process has become more important to the public in the light of recent events in the news.

    Last October, the US officially accused Russia of trying to embarrass respected political figures and interfere with the US presidential election process.

    Specifically, the Obama administration formally blamed Russia for hacking into the Democratic National Committee (DNC’s) computer systems.

    The statement hinged on the investigative capabilities of American ethical hackers, working for both private companies and government agencies.

    But how do people track hackers, figuring out what they have done and who they are? What’s involved, and who does this sort of work?

    The answer is that ethical hackers digs deep into digital systems, examines files logging users’ activity and deconstructs malicious software.

    Ethical hackers often team up with intelligence, legal and business experts, who bring outside expertise to add context to what can be found in the electronic record.

     

    Detecting an intrusion

     

    According to him, typically, an investigation begins when someone, or something, detects an unauthorised intrusion. Most network administrators set up intrusion detection systems to help them keep an eye on things.

    Much like an alarm system in a house, the intrusion detection software watches specific areas of a network, such as where it connects to other networks or where sensitive data is stored.

    When it spots an unusual activity, such as an unauthorised user or a surprisingly high amount of data traffic to a particular off-site server, the intrusion detection system alerts network administrators.

    They act as cybersecurity first responders – like digital firefighters, police officers and paramedics; they react to the alert and try to figure out what triggered it.

    This can include a wide range of attacks, from random, unstructured incursions by individuals and small groups to well-organised and precision-targeted strikes from hackers backed by government agencies. Any of them can set off an intrusion alarm in a variety of ways.

     

    Immediate response

     

    Summers said many times, the initial investigation centers on collecting, organising and analysing large amounts of network data. Computer networking equipment and servers keep records of who connects, where the connection comes from and what the user does on the system.

    Depending on what the analysis shows, the administrator may be able to fix the problem right away,  by preventing a particular user from logging in, or blocking all network traffic coming from a particular place.

    But a more complex issue could require calling a sophisticated incident response team. Ideally, each company or organisation should have its own internal team or rapid access to a team from outside.

    Most countries, including the US, have their own national response teams, often government employees supplemented by private contractors with particular expertise. These teams are groups of ethical hackers, who are trained to investigate deeper or more challenging intrusions.

    In addition to any self-taught skills, these people often have additional experience from the military and higher education. Their most vital expertise is in what is called “just-in-time learning”, or figuring out how to apply their skills to new situations on the fly.

    They conduct larger-scale digital forensic enquiries and analyse malicious software that may have been introduced during the attack. Typically, these teams work to stop the attack and prevent future attacks of such. The teams can, at times, hunt down the attackers.

     

    Attributing attack

     

    Determining the identity or location of a cyber attacker is incredibly difficult because there’s no physical evidence to collect or observe.

    Sophisticated hackers can cover their digital tracks. Although there are many different attribution techniques, the best approach takes advantage of more than one.

    These techniques often include looking very closely at any files or data left behind by the attackers, or stolen and released as part of the incursion.

    Summers argued that response teams can analyse the grammar used in comments that are commonly embedded in software code, as programmers leave notes to each other or for future developers.

    They can inspect files’ metadata to see whether text has been translated from one language to another.

    For example, in the DNC hack, American cyber experts could look at the specific files published on Wikileaks.

    Those files’ metadata indicated that some of them contained text converted from the Cyrillic characters of the Russian alphabet to the Latin characters of English.

    Investigators can even identify specific sociocultural references that can provide clues to who conducted the attack. The person or group who claimed responsibility for the DNC hack – using the name Guccifer 2.0 – claimed to be Romanian.

    But he had a hard time speaking Romanian fluently, suggesting he was not actually a native. In addition, Guccifer 2.0 used a different smiley-face symbol than Americans. Instead of typing “:)” Guccifer 2.0 just typed “)” – leaving out the colon, implying that he was Eastern European.

    Experienced cyber-investigators build an edge by tracking many significant threats over time. Just like with “cold cases” in regular police work, comparing the latest attack to previous ones can sometimes reveal links, adding pieces to the puzzle.

    This is particularly true when dealing with what is called “advanced persistent threats”. These attacks progress gradually, with very sophisticated tactics unfolding over long periods of time. Often, attackers custom-design these intrusions to exploit specific weaknesses in their targets’ computer systems.

    That customisation can reveal clues, such as programming style – or even choice of programming language – that combine with other information to suggest who might be responsible.

    According to him, the cyber-defense community has another advantage: while attackers typically work alone or in small groups and in secret, ethical hackers work together across the world.

    When a clue emerges in one investigation, it’s common for hackers to share that information – either publicly on a blog or in a scholarly paper, or just directly with other known and trusted investigators.

    This way, ethical hackers build a body of evidence and layers of experience in drawing conclusions.

    Very often, a report from an attack investigation will yield clues or suggestions, perhaps that attacker was Russian or was using a keyboard with Korean characters. Only when the conclusions are clear and irrefutable will investigators directly accuse specific attackers.

    When they do, though, they often share all the information they have.

    That bolsters the credibility of their conclusions, helps others to identify weaknesses or failures of logic – and shares all the knowledge with the rest of the community, making the next investigation much easier.

    The most skilled hackers can write self-erasing code, fake their web addresses, route their attacks through the devices of innocent victims and make it appear that they are in multiple countries at once.

    This makes getting them arrested very hard. In some attacks, we are able to identify the perpetrator, as happened to celebrity-email hacker Guccifer 1.0, who was arrested and imprisoned.

    But when the attack is more advanced, co-ordinated across multiple media platforms and leveraging skillful social engineering over years, it’s likely a government-sponsored effort, making arrests unlikely.

    That’s what happened when Russia hacked the US presidential election. Of course, diplomatic sanctions are optional. But pointing fingers between world superpowers is always a dangerous game.

  • Hackers attack UNN website, distorts Coomassie’s citation

    Hackers attack UNN website, distorts Coomassie’s citation

    VC begs honouree 

    Cyber criminals notoriously known as hackers yesterday turned the Vice Chancellor of University of Nigeria, Nsukka (UNN), Prof. Benjamin Ozumba,  to a beggar during the 45th convocation of the institution.

    Ozumba knelt down before all and begged former Inspector General of Police, Alhaji Ibrahim Coomassie, saying hackers distorted the information in his citation.

    Coomassie was among five prominent Nigerians awarded honourary doctorate degree to mark the school’s

    45th convocation.

    He bagged honourary doctorate degree of Public Administration.

    The vice chancellor, who was totally irked by the distortion, went on his two knees and begged Coomassie to overlook the noticed mistake.

    Other awardees, including Igwe Alfred Achebe of Onitsha; Chief Arthur Eze and other prominent Nigerians joined Prof. Ozumba in begging the former IG to bear with the University.

    Not done with begging Coomassie, Ozumba mounted the rostrum and openly apologised that hackers inserted the former Police chief was invited for questioning by security agencies for a crime he allegedly committed while in service.

    Chief Arthur  Nwankwo and Senator Ike Nwachukwu  also mounted the rostrum to apologise for the terrible insertion into Coomassie’s citation.

    Another citation was quickly put up and read to pacify the former police chief.

    The Ooni of Ife, Oba Adeyeye Ogunwusi (Ojaja II) was installed as the new Chancellor of the institution.

    The Paramount ruler said urged Nigerians to patriotic, saying  “today is the happiest day of my life”.

  • Hackers break into banks, corporations vaults, says NIBSS

    Hackers have become more daring, breaking into banks’ vaults to fleece customers of their money, the Nigerian Interbank Settlement Systems (NIBSS) has said.

    Hackers, it said, gained entry into accounts either through internal collusion, customers’ carelessness or breaking into the security system of financial institutions and companies from outside and stole over N6 billion last year.

    Speaking at an event organised by the Lagos Chamber of Commerce and Industry (LCCI) on  The role of ICT in a Cashless Economy’, its Managing Director,  Mr. Adebisi Shonubi said the challenge financial institutions, organisations and individuals face in a cashless economy is that of security of funds.

    Examining the growth of cashless economy, Shonubi said 95 per cent transaction in 2011 was based on cash with attendant high armed robbery cases where bank bullion vans were attacked almost daily. He said people did almost all their transactions in cash to the extent that in every N100 spent, N65 was on cash transaction.

    He however said between 2013 and 2014, for instance, cashless transactions increased to 53 per cent in volume and 78 per cent in value, growing the economy by cutting down on idle time. He said some of the iadvantages of cashless economyare its ability to cut leakages, reduce cases of cash related crimes and boost government revenue.

    Represented by the agency’s Director of Industrial Services, Mr. Olufemi Fadiro, he encouraged the public to be more circumspect in disclosing their personal data to strangers or paying online. He argued that somebody can be in Nigeria and lose his life savings outside Nigeria because of the heightened interest of people to pay everything online and also disclose the security numbers to unknown sites.

    Speaking on ‘Providing Seamless Connectivity in E-commerce,’ Managing Director, Vodacom Business Africa (Nig.), Mr. Guy Clarke, outlined the importance of e-commerce to the economy, noting for instance, that it makes life easier for people by giving them alternatives and choice of the durability of the products they are buying.

    He said it also ensures seamless transaction between customers and the service companies. Represented by Mr. Abu Eto, Clarke  however, encouraged the e-commerce companies to ensure adequate security, sustainability and connectivity.

    Earlier, Chairman, LCCI, ICT Group, Mr. Zakari Usman, called for a policy drive towards cashless economy that will benefit everybody. He canvassed a position that will holistically resolve issues and challenges associated with cashless economy by making the products user-friendly.

    He said cashless economy has reduced armed robberies at homes and banks as people no longer carry cash, but do their transactions on phones and other mobile devices.

    He said industries and the economy can only grow if cutting edge technologies where people can sit at the comfort of their homes and offices to transact their businesses is embraced.

     

  • Tonto Dikeh warns against hackers

    Tonto Dikeh warns against hackers

    As celebrities’ social accounts are often hacked by criminals and used to dupe their unsuspecting fans, newly wedded actress and singer, Tonto Dikeh, has been hit again. She wants fans to be wary of her social media accounts this time, which she said was compromised on November 3, 2005, even though it has been rectified.

    She said: “Please my Instagram account has been hacked and name changed. Please disregard any post from it until further notice. Thanks.”

    Reiterating the warning, Dikeh said: “Hey guys, my Instagram account got hacked this morning and the name was changed. But it has been retrieved; kindly ignore any previous post that has been deleted. Thanks.”

    Now Tonto Dikeh-Churchil, the entertainer who hails from Rivers State came to prominence in 2005 as a contestant on The Next Movie Star reality show where she was the first runner up. After her appearances in several movies, she decided to go into music with her debut singles; ‘Hi’ and ‘Itz Ova’ feat Snypa.

  • Hackers steal T-Mobile’s 15m customers data

    Hackers have stolen personal information of about 15 million T-Mobile US customers and applicants.

    The breach was at a unit of the credit agency Experian, which T-Mobile uses to process information on subscribers.

    Names, birth dates and social security numbers are among data stolen, but not financial details, the firms said. Chief executive John Legere said his company would review its link with Experian. “Obviously I am incredibly angry about this data breach,” he said.

    Subscribers who were credit-checked between 1 September 2013 and 16 September 2015 are most at risk.

    In a statement, Mr Legere said: “I take our customer and prospective customer privacy very seriously. This is no small issue for us.

    “I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.

    “Experian has assured us that they have taken aggressive steps to improve the protection of their system and of our data.”

    Experian North America chief executive Craig Boundy said in his own statement, “We sincerely apologise for the concern and stress that this event may cause.”

    It was unclear when the breach was discovered, but Experian said the matter was reported to the authorities immediately after it learned of the hack.

    The company said in a statement: “We continue to investigate the theft, closely monitor our systems, and work with domestic and international law enforcement. Investigation of the incident is ongoing.

    “Experian is notifying the individuals who may have been affected and is offering free credit monitoring and identity resolution services for two years. In addition, government agencies are being notified as required by law.”

    The firm said there “is no evidence that the data has been used inappropriately.’

    There have been a string of high-profile hacks of businesses and other organisations in recent years affecting millions of people, including adultery website Ashley Madison, Sony Pictures, and retailers such as Home Depot, Target, and eBay.

    T-Mobile is now the third biggest mobile firm in the US, having surpassed Sprint this year.

  • Fashola’s twitter account hacked

    Fashola’s twitter account hacked

    Immediate past Governor of Lagos State, Mr Babatunde Fashola has alerted the public that his twitter account @tundefashola has been compromised by hackers who posted four tweets in a language that resembled Japanese.

    According to a statement signed by his Special Adviser on Media, Hakeem Bello on Saturday, the twitter account must have been compromised on Friday, as members of the public, who follow the former Governor, started calling to draw attention to the strange tweets in the early hours of Saturday.
    Ex- Governor Fashola also recently dissociated himself from a facebook scam, whereby some unscrupulous persons used his photographs and ascribe fictitious statements to him to defraud innocent people.
    Bello said the conmen have, through Facebook, been urging unsuspecting people to apply for some government facilities or utilities meant to benefit the public but to which some agencies of government have been given the responsibility to manage.
    One of such information titled, “Disbursement of Subsidy Dividend (SURE-P)” purported to have been issued by the former Governor is informing “Citizens that Subsidy proceed is available for Agro and commercial business”, and asking them to “Apply for soft loan with no collateral, zero percent interest rate and flexible terms”.
    While advising members of the public to always clarify with the appropriate agencies of government at all levels before engaging in any dealings with people purportedly working for them, Bello urged people to report to the law enforcement agencies so that those involved in the nefarious acts can be made to face the wrath of the law.