Chances are by now you’ve experienced the lighter side of the internet such as Facebook, YouTube, so on an so forth, but what about the dark side? Yes the dark side of the Internet such as: hacking, personal data theft, cyber-attacks and so on. Unlike the lighter side the dark side is an area that few dare venture into deeply due to the dangers that lie within. Yet like many others you can’t deny being curious as to what this part of the internet contains, right?
Well luckily for us (i.e. you), we were able to attend a workshop conducted by the Computer Society of Sri Lanka (CSSL) in partnership with the Internet Society of Sri Lanka, that was hosted by Professor Abhaya Induruwa, which gave us a peek into the other side.
The 1st topic of the day was hacking (the bad kind involving data theft – not the good ethical kind that helps people out). Prof. Induruwa began by talking about how lucky we are that we haven’t seen Hollywood level attacks on our local infrastructure.
Moving on he talked about the story of Clifford Stoll, the astronomer turned systems manager, who was tasked with fixing an accounting error but then became famous when he caught hacker Markus Hess back in 1989. You can read the full details of this interesting tale in the book authored by Cliff himself.
The 2nd topic of the day was one we all became familiar with at some point: viruses. Prof. Induruwa kicked off the topic, by talking about the Morris worm, which was one of the 1st computer worms to spread via the internet.
Following the explanation about the Morris worm, he moved on to talk about Stuxnet, the virus which damaged a nuclear plant in Iran and revolutionized viruses, since viruses now are aiming at damaging hardware as well as software and according to Prof. Induruwa the next Stuxnet level attack may not come from the Internet.
The 3rd topic of the day was spam: the scourge of email that Bill Gates tried and failed to eradicate. Spam, according to Prof. Induruwa is low cost method of spreading viruses, however there IS a cost which is bandwidth and that is scarce. As a result it makes spam a mild form of DoS attacks.
He later showed a map which illustrated which countries were generating the most number of spam with China declared the winner in spam generation and Russia the least known for it, though Prof. Induruwa mentioned that these figures can change quickly so by now it’s possible that even we could take over China.
The 4th topic of the day was the vulnerabilities in web applications. As Prof. Induruwa mentioned “Everything is now web based” which is why hackers will be looking to exploit web based services due to their high usage and due to poor error checking procedures, it means that there’s a bunch of ways they can do that.
The 5th topic of the day was Phishing. Prof. Induruwa talked about the 2 versions of phishing we find today: Phishing 1.0 which is dying due to awareness and Phishing 2.0 which is on the rise, costing $1.5 billion and is aimed at growing businesses. For a detailed explanation of the steps of Phishing 2.0 check here.
Following the explanation of Phishing Prof. Induruwa moved onto talk about DoS attacks and then as to how we poorly secure our devices which results in allowing attackers to easily infect them and how this means newer devices that will be launched in the future provide even more avenues for hackers.
Finally the last topic of the day was: the attackers who live in this dark side of the internet themselves. Attackers today according to Prof. Induruwa, will attack using many of the multiple avenues available and once an attack is successful they will exploit it slowly.
The main industries that are targets these days for attackers today are: marketing, finance, information & communication, health and then social. Prof. Induruwa then showed us a real time map which showed how active attackers are today which you can check it out at: http://map.honeycloud.net
After the presentation ended, we entered an interactive Q&A session where a fair number of questions were thrown at Prof. Induruwa from the audience, just before the conclusion of the event.
Just remember folks, you can avoid being the victim of the dark side if you keep your security settings strong and take the appropriate security measures such as a good up to date virus guard and avoiding suspicious emails!