Now Reading
The Damaging Dangers of The Internet

The Damaging Dangers of The Internet

Ayush Anand

The internet is warping us and we need to be able to determine what is safe and what is not on the internet.

Internet, when we hear this word, what comes to our mind? Maybe popular websites and some of our favorite apps! Also, the internet is playing a crucial role, especially in these extraordinary times.

The internet is a majestic world! Billions of users and millions of websites and applications. The internet has changed a lot from what it was in the year 1997 and what it is now! 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

Likewise, on the internet, we come across two kinds of people – the one who tries to steal your data and the others who don’t give a fuck who you are! The question isn’t is how to attract the people of the second group (the group who doesn’t give you a fuck)? Let’s name these groups:

  • Group A – Bad Guys
  • Group B – Don’t even know who you are?

You might have read the poem ‘The Spider and the fly‘ by Mary Howitt. If not, let me explain the poem in a nutshell. There is a spider who tries to lure a fly by commenting about, her beautiful wings, eyes and other parts of her body. The Bad guys or Group A tries to lure you by saying all good things about you. You should stay safe from these people as their job depends on how innocent you are!

But you know what as the times have changed, members of Group A have developed a set of skills which makes them invisible, like The Invisible Man by H.G. Wells but you can catch them if you know what tactics they are going to use. You can betray them the way children defeated the ghost in The Invisible Man.

Let’s learn some modern-day attacks and learn how to keep ourselves safe!

Cookie Sniffing

Cookie Sniffing on the internet

Cookie Sniffing? Are those group A members or hackers going to come to my house and taste those cookies which I saved for sustaining the rest of lockdown? The answer is NO. They won’t come to your home and also they won’t eat your cookies! So relax!

Let’s understand what does this new world mean to say by using the word cookies?

Cookies are a small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, remember information about you, such as your language preference or login information. Remember the auto-completion of your login details on certain websites like instagram.com, facebook.com, etc? Auto-completion happens because of cookies. Now think what will happen if I say Hey, “I have your Gmail cookies”! What comes to your mind?

If I can steal your cookies then hell yeah I can log in to your account without username and password, also by-passing that 2FA or @ Two-Factor Authentication.

The question here arises how someone can steal your cookies? Let me give you a hint. Cookies are stored on your persistent storage drive or your Local HDD or SDD! What do you think? Maybe when your computer is under a hacking attack, someone can access those cookies? Yeah definitely! You need to make sure that you don’t download or run paid applications for free! This can happen at times when you download files. Make sure you have an Anti-Virus installed on your device. 

There are certain situations where a hacking attack is performed over a network! Maybe you’re entering some, sensitive information and your session is hijacked, we will learn about session hijacking later in this article! 

MITMA – Man In The Middle Attack

MITMA

MITMA? A nice name! Man In The Middle Attack refers to a hacking attack where the hackers pretend to be your Internet Gateway! You would be like – “Hey Man, Can’t you keep it simple?” Okay, let’s start from scratch! All the information received and sent over the Internet is through packets. Packets are small chunks of file carrying your data which is transferred over the wired or wireless network, whichever medium you choose! Now let me ask a question to you which one you prefer – wired or wireless? Definitely, wireless as we hate to do cable management 😉 ;)! 

The hacker pretends to be your Internet Gateway or your Router by copying the IP and MAC Address of your router which is visible once you are connected to the router! 

Your device identifies a network through IP and MAC Address. Since the hacker is also using the same set of IP and MAC Address your phone will connect to his network! Now the question here arises is won’t your phone connect to the router instead of his? The answer is No, as when a hacker performs MITMA, he makes sure that your router is down by attempting a beacon attack. Beacons are the number of trials you do to connect with a network. Infractions of a second, one can launch millions of attacks depending on his computer CPU. The process becomes a lot faster if the hacker uses his GPU instead of CPU to execute this. 

Since you are connected to his network, all the packets will first reach him than the server. Making you more prone to data loss. Suppose, you are doing a bank transaction when this attack is launched!

There are free tools available on Github all you need is a Debian-based Distribution and a bit of, Terminal Knowledge to run those applications. The question here arises, how we can protect ourself from these sort of attacks? 

The clear answer to this question is – Change your password often and monitor who is connected to your router. If a third person has entered your network, remove that person, and change your password. 

Session Hijacking

Session Hijacking

Session Hijacking is quite similar to MITMA. MITMA ends once the packets start transmission between hackers and you! The rest of the procedure comes under session hijacking.

Backdoor 

Backdoor breach

Backdoor? Do you mean to say the one which is in my kitchen? No, the one which is inside your phone! Backdoors are executable files made for your OS depending upon its architecture and version. Backdoors can prove to be fatal! One can install a backdoor in your phone using different methods. My personal favourite is the one where I combine MITMA and Session Hijacking. When the victim is connected to my network, I force him/her to download an executable file in the name of Firmware upgrade of their router. 

The moment it gets downloaded, I get access to their phone or whichever device my victim is using! Let’s say he is using a phone then I can get access to their WhatsApp Chat log which is encrypted with KEY 12 pair. However, one can decrypt that easily! Once decrypted, I can access all chats and other stuff! Also, one can start recording from the camera without letting the user know! This especially happens on 18+ sites. 

Stay away from those!

DDoS Attack

DDoS attack

DDoS or Denial of Service Attack – An attack that can cause HTTP 504 to be Temporarily Unavailable on your website. Let’s say use shared hosting, having a system configuration of 0.5 GB, clocking at a speed of 1.2 GHz, and 20 GB Persistent storage or HDD (Hard Disk Drive). This low config system is very much prone to 504 errors sometimes by traffic and sometimes by hackers. 

Usually, HTTP websites are more prone to this kind of attack. Henceforth, I would recommend you to enable HTTPS and SSL on your website! You don’t need to pay for it, all you need to do is signup for an account on Cloudflare and have to configure your nameservers to point to Cloudflare’s Nameservers.

DDoS attacks are quite uncommon these days. However, prevention is better than cure!

SQL Injection

SQL Injection

SQL stands for Search Query Listing. In short, the Microsoft Excel of a website! SQL Injection is very famous among us! Remember Self-hosted WordPress it is made, with PHP and MySQL in short, prone to SQL Injection. 

Let me explain it to you! When you request some data over an interface, it sends a query to the web app’s config file. The config file helps in establishing a connection between the Front-End and Back-End of the Website / App, when you request data, the parameters of the URL changes to carry that information and pull out data for you. But, what if we tweak the URL?

Think of a login page! What can you see? Username field and Password field. The data you enter over there is used to pull out your account info from the database. Right? It means it fetches (by running a query) data from a dB (Database). If you see source code of the website, you can notice the parameters used for requesting data from dB. What if we pass the parameters while running a query? We can get access to the whole user table and, if we are lucky enough, then we can also get access to the passwords! 

See Also

Summing this up, we run a query instead of sending a value, and the query fetches the required information. That’s it! Now the question is how to protect ourselves from this? We would recommend you to use the latest versions of dB languages like MySQL 5 or more. SQL injection is getting more advanced these days!

With the increase, in the usage of cloud hosting services like AWS, GCP, Microsoft Azure. A misconfigured S3 Bucket or access to just an image can increase chances of SQL Injection!

A Simple Yet Dreadful Attack On The Internet

Cloud Hacking

This is the last one! Those who are not cloud users, you can skip this one! Attention Cloud Users!

At some point in your website building process, you might have used PEM or PEK security keys to connect with your instance over client-based applications like FileZilla and others! What if you lost your PEM file or someone copied it? You might think PEM key will allow the hacker to access the server files, not the database. You are WRONG. PEM Key is used to initialize a connection with your instance. the connection could be over SSH as well (the way you connect with your instance through your dashboard). 

Let me elaborate, suppose you have built a back-end based website. It would require a database that you would for sure host over the Instance (A majority do!). The database software comes with a pre-configured IP address which is 127.0.0.1 or localhost. It is hosted locally on the instance but since your instance is hosted on the cloud, the database becomes available as well! Now there is a software called PuTTy Web Configuration which helps to initialize an SSH connection with your instance. After using a certain set of commands (I won’t reveal due to security purposes.) one can behave like the instance and can access your dB.

And you can be FUCKED!

Closing Note

So don’t behave like a kid while using any internet services. If you don’t know how to use certain apps/websites don’t start using it for learning! Learn it first and, then use it wisely!

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

From a basic markup layout to jaw-dropping web designs, the internet has changed a lot! I remember the old user interface of Instagram – it has changed a lot. Now, we can consider the internet as a second world! Just like in our life, we meet with two different sorts of people! The ones who have a positive influence on us and the others whom we don’t care much about or whom we don’t like! We can’t hate them, as we all are humans, and hating the other human is an inhumane activity. 

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

Scroll To Top