Pure Hacking Blog

When addressing the issue of web security there are two ways to phrase the question concerning what to spend on IT security. The first question is: How much should I expect to spend on web security? The second question is: How much will it cost the company if I don’t spend enough on web security? Of course a business not only needs to spend money on system security, but it must be spent on effective security systems and reviews.

In today’s economic climate the issues of security have come to the forefront as web site hackers and computer system attacks grow globally. When looking at the issue of systems and software security, you must consider potential company losses due to online theft, the return on investment for having adequate security, and the need to stay ahead of the brilliant hackers able to manoeuvre their way through even the most sophisticated muli-leveled software systems.

In March 2009 a hacker’s group proved that hacking can reach into a customer data bases without a company even knowing. A UK newspaper, “The Telegraph”, was compromised by a hacking group and the newspaper found out when the nameless hacking group posted screen shots and other information on the internet, gleaned from their hacking of a 700,000 customer base, as proof of their success.

Upon reading the story closer it seems The Telegraph was using a 2-year old third party code that simply was outdated in the world of sophisticated hackers. When hackers obtain access to customer credit card data, personal information, or government identification numbers, it won’t take long before a company finds itself losing business because the targeted market is unwilling to take a chance on accessing their website.

Read more »

Voice and data has been combined in a way that creates a single network but it has also created a new way for hackers to penetrate computer systems. The integration of voice and data has led to new risks to security that must be addressed with equally new approaches to protecting data. Called VoIP, the voice over internet protocol can be a new management tool for business success or it can be a big open window into your system that’s easy to enter.

VoIP penetration testing is designed to find that open window into the system and close it. Rigorous testing is done on the transmission technologies to determine where it is possible for the system to be breached. One of the mistakes companies make is believing the IP phones and related software have enough security controls built in to them already and they do not need additional enhancements.
How can the VoIP system be compromised or how does it allow unethical and criminal intent be carried out? There are lots of ways and one of them is as old as the telephone itself – eavesdropping. Inadequate security controls can also lead to attackers accessing the server data through the transmission technology, hackers stealing phone calls, service interruptions, and the use of sniffing tools.

When Manipulation is the Goal

VoIP penetration testing is a process whereby an attempt is made to purposely manipulate the VoIP system. All entry points into the WAN and/or LAN are tested and an attempt is made to gain access into the VoIP infrastructure. In other words, security experts try to penetrate both the VoIP system and then use it to see how deep a hacker can get into the computer system itself.

Read more »

The cyber world is full of acronyms and one of the most important is SCADA. SCADA is short for “supervisory control and data acquisition” and refers to a computer system that collects and analyses a constant flow of data. A SCADA system is used to monitor and control some of the most essential systems in the world. SCADA systems are used in plants and on sensitive equipment that handles energy, oil, water, gas, waste treatment, nuclear power, transportation, and/or telecommunications at the business or national level.

A SCADA system is the “brains” of these mission critical operations. The computer system gathers real time data and provides information about the status of the utility and transportation systems at every point. It reports on leaks, flows, environmental conditions, and breeches. Computer systems today are designed to eliminate as much vulnerability to outside breeches as possible, and to report when a system has been hacked, modified, or even when new exposures have been created.

Yet reports emerge regularly about SCADA systems that have been penetrated. As recently as April 2009, there was a report by the Wall Street Journal that hackers in China and Russia were attempting to hack into the US electric grid. What is truly interesting about this situation is the fact the hacking was not detected by the companies controlling the grids. It was uncovered by US intelligence agencies.

Read more »

A question that we hear a lot when it comes to cyber-crime: What are hackers after, anyways?

There are a lot of different types of hackers and computer scammers out there, so there’s no one answer. Some of them are just practical jokers, some use viruses to get revenge on the company they were fired from, or just to bother random people online. The main reason hacking exists, however, is that it’s a great way to make a dishonest living by stealing information from unsuspecting users.

If you have the know how, the time, and the lack of moral scruples, it’s really not that hard to crack into someone’s computer with a spybot and monitor their activity, or even to take control of their computer from afar and look right into their files.

So now the question becomes “Why?” Why do hackers want that information so badly?

There are a number of things a hacker can do with the information they steal from you. The most obvious example would be, of course, that they can steal your financial information or your identity, using your credit card number to buy whatever they like or even getting into your bank account.

Read more »

Times have really changed. Remember in the late eighties and early nineties, before the home computer boom really hit, back when computers were more of a nerd’s hobby than an important part of your everyday life?

Back then, the idea of “cyber crime” was a sort of a romantic notion! Like pirates, but with computers instead of ships. “Hackers” were pure sci-fi as far as most of us were concerned, an elite group of whiz kids who zipped around town on roller blades, using floppy diskettes to crack into CIA networks and pull grand scale practical jokes on the whole of the internet. There was an allure to hackers because, well, we didn’t know what hackers really were at the time, we just thought that computers were kind of nerdy, but if you add an outlaw appeal to them, you have something really cool!

As with many futuristic flights of whimsy, the reality didn’t live up to the speculation. We all thought we’d have flying cars by now, or at the very least, personal jetpacks, but here we are driving around in our boring ol’ Toyota Camry and minivans. What’s worse, hackers aren’t a cool, rebellious youth culture like they were in the movies. They’re just a bunch of crooks trying to steal your credit card. What a gyp!

Of course, if those cyberpunk movies from the days of AOL dialup held any water, we wouldn’t have to worry about hackers at all. The hackers would be targeting “The Man”, when in reality, the hackers target normal people and businesses in an attempt to scam a few quick bucks off of hard working people.

Read more »

When you hear of computer forensics, the first thing that pops to mind might be a Crime Scene Investigator, pulling the plastic sheet off of a computer and inspecting for signs of a struggle. Nobody really ever talked about forensics in daily life until they started making those scientifically accurate primetime cop shows, so of course, simple word association generally leads us to forensic sciences being “Something cops do, right?”

Incidentally, the science behind computer forensics really isn’t much different from the science between crime scene forensics. In both instances, the forensics team or expert is looking for a trail of evidence. In either case, the investigator looks at what has happened, determines how it happened, and from that, deducts who might be responsible.

The major difference between the two is that, while an investigator on the scene of a robbery or a violent crime is looking for physical evidence, the computer forensics investigator is looking for digital evidence.

Interestingly, where physical evidence can often be misleading, confusing, ambiguous, and difficult to put together without the help of witness statements, digital evidence tends to present itself in a much more direct manner.

Read more »

You many know instinctively you need a computer security expert, but understanding the exact reasons means having a true sense of the complexity found in the computer industry today. Every day new upgrades, tools and applications are introduced and they are designed to interface with existing programs in many cases. New technology introductions also mean new security risks in both the programs and where applications are interfaced.

A company that does business with e-commerce or has a networked system which provides multi-user access from both inside and outside the organisation needs to install bullet proof glass, so to speak, when it comes to the security system. Your business needs to be able to reach out into the internet world to access customers, but you don’t want any hackers being able to shoot through your window and breaking the security glass. The security system should be like a bubble that protects your company assets from theft and damage.

Big Business

Hacking has become big business. The internet has enabled hacking to go global too. The complexity of today’s networked systems and applications cannot be understated and they are constantly in a state of flux too. There is new equipment, new software programs, and new user tools introduced all the time. All of this means the computer security system’s importance is elevated each time cutting edge technology and hacker sophistication grows.

Read more »

In the world of computer security, penetration testing is one of the most important concepts. Penetration testing is a method used to test a computer system or network to identify possible points where unauthorised access can be obtained. The purpose of penetration testing is to locate any and all points of vulnerability within the computer system. Basically the person doing the penetration testing is trying to hack into the system.

The term ethical hacking was devised to describe a tester who is hired to try and breach security in a computer system. Whereas the illegal hacker will steal information for the purposes of committing a crime, the ethical hacker will report information about hacking results so security can be improved. During penetration testing, someone has been authorised to breach a security system…if he or she can.

Assessing the Risk

Penetration testing can search for security system weaknesses in several ways.

Read more »

Having someone dedicated to all computer security matters is critical and really not an option if your company is going to have assurances of security continuity. The security refers to both manual security and online security of computer networks. Most systems today represent a combination of networks, software and equipment and there are possible points of penetration at multiple points. The complexity of the systems dictates the need for someone who can oversee the entire operation from both generalised and specific perspectives.

In other words, the heterogeneous computer systems found in businesses today are extremely capable of handling the most complex operations but they also increase the possibility of giving access to hackers unless there is appropriate security. Since many system penetrations actually begin from within the organisation, it is important to have a security system which is designed to prevent breaches no matter who does the hacking.

Integrating System Security

Read more »

Hacking is one of those terms dropped in conversations to prove management is on top of the issues related to computer security. Computer security breaches are reported everyday and occur in even the most tightly controlled environments simply because people are not thoroughly trained in how to identify them or mission critical systems have points where security is missing. Operations where you would think all precautions have been taken find themselves embarrassed when someone steals important information for the purpose of committing a crime.

As recently as November 2008, it was reported a prison inmate gained access to employee online files containing personal information using a computer that was not intended to have access to the internet. The programmers thought access to the internet had been prevented. But “not intended to” doesn’t mean much when using integrated computer systems, because hackers can find ways to get around portals that are guarded. It’s like securing the front and back doors of a building while leaving the side windows unlocked.

Understanding the Problem

Read more »