Be prepared for a hacker attack!
An ethical hacker teaches you what precautions to take against the rising hacking problem.
A few days back, while I was trying to access www.vimeo.com, a video sharing site similar to YouTube, I kept getting an error message stating, ‘The access to this website is denied’. Being an IT guy, I investigated the issue and realised that the problem was not at my end, but at my ISP’s – Reliance. Luckily, I also have an Airtel connection and so I logged in with that and could access Vimeo. But the problem showed up once again the next morning, even on my Airtel connection.
This left me bewildered. But after a bit of research, it became clear that due to a High Court order the ISPs had shut access to vimeo.com and quite a few other sites. Though I couldn’t find the court order, I understood that the court had blocked vimeo and other file sharing sites to combat piracy.
Thursday saw the online community was up in arms against the court order with social networking sites and micro-blogging sites inundated with angry posts protesting the latest attempt to censor the Internet. A hacker group — @opindia_revenge — brought down the websites of the Supreme Court of India (supremecourtofindia.nic.in), Department of Telecom (dot.gov.in) and the Congress (aicc.org.in). The fight got dirtier by the minute and more targets were added, all fuelled by a few nasty tweets about how the government was trying to take away freedom of speech and access to information.
Was the Government wrong, was the order Unconstitutional? Were the hackers doing the right thing? I don’t want to take a side here.
I agree that companies have a right to go to court to protect themselves from piracy, and after proving it in court, they should be able to (a) get the website to take the content offline or (b) be able to block access to these websites. But in this day and age, where information can spread faster than fire through a thick forest, these methods are useless. The responsibility to stop piracy rests with the people.
So was the government’s stand wrong, or baseless? Well, to a certain extent. I feel an order that blocks a website anticipating some sort of trouble affects people who watch legal content, or use these websites for legal file transfers and this should not happen. I know a lot of design agencies, which uses file transfer services to transfer large media files. There are many people who use vimeo on their Smart TV’s to watch HD Content, and a Blanket ban, is a No! No!
What about @opindia_revenge? I won’t call them trigger happy, but they do seem trigger happy on this case. They took a stand that they won’t damage the servers that host the content, or delete any content, but simply deny services to these servers through DOS attacks.
The war between the OpIndia guys and the IT teams from the various organisations and DOT is still on and more targets are being added even as I write this article.
So what is the need for this article?
Well, what if hackers attack your company’s website or even your personal website tomorrow? What should you do? Can the hackers misuse the web server you have? Can the hackers use your PC? What are the things you should take care of? Here are some answers:
Question 1: How prepared are you for an attack?
Call up your hosting provider and check for details. Find out how they handle DOS Attacks, what happens when your server comes under attack, do they already have firewalls to take care of this, or is that a separate cost. Remember it reflect negatively if your website’s down. So ensure you are hosted with a Good company and they take care of Basic attacks against your servers. If after all this you are under attack, shut down your servers, fix the vulnerabilities, before a lot of damage can be done, and then switch them back on.
Question2: Can the server that hosts your site be used for an attack? How does it get you legally involved?
Each server on the Internet has to have a unique IP address. The IP address belongs to the hosting company that runs these servers. In case the server is used for attack, the hosting company will get to know. In case you are using a Shared web server, you may not get blamed, but if you are the only customer on that server, you have to ensure security. You should also ensure your web application developer has tested the code and the server for security. Ensure you have complex passwords, and not passwords like 1234, or one2three4.
Question3: Can your home PC be used for attacks?
Yes. All those e-mails that come with attachments promising insider trade information for some stock or a lottery bonanza are usually viruses. These viruses will allow hackers a backdoor entry into your PC. Further, always ensure you aren’t using pirated software. Keep the latest version of all the Operating Systems and the Anti-virus updated. Lastly, switch off your PC when not in use.
What is a Dos Attack?
DoS is Denial of Service. Let us take a real world example, supposedly you live on the 10th floor of a building and are waiting for an elevator. There are 20 people who come every 5 minutes, push you aside and go up the elevator. They come down again and repeat their behaviour stopping you from getting on the elevator. They may be just having fun, but they are delaying you. The same principle implemented electronically will send a number of requests to the servers, so that the servers get busy answering these fake requests, and you – the genuine users—is unable to access the server.