The menace of hacking gets worse
Anand Mokashi –
In the past weeks, security teams of many businesses have been under siege with billions of information about various accounts stolen.
Although most of the data hacked was at least four years old, it is a matter of serious concern. These data appeared on the ‘Dark Web,’ a section of the Internet for illegal activities. The current stolen data was uploaded on a website called, ‘The Real Deal’ and is sold for thousands of dollars, mostly in ‘Bitcoins,’ a popular Internet currency.
The hacker in this connection is called, ‘Peace of Mind.’
Rising cybercrime
The global tendency to complete most tasks online rather than offline has led to the growth of cybercrime. Cyber criminals, often hackers, proliferate the worldwide web.
Last fortnight, Facebook Chief Executive Mark Zuckerberg had his Twitter and other social media accounts hacked, with his passwords uploaded for sale.
His password, according to unconfirmed web reports was ‘dadada.’
Hashing and Salting
Encryption methods are constantly changing and the two methods currently in use are ‘Hashing’ and ‘Salting.’
Hashing: Passwords and such sensitive information is never stored ‘as is.’
The cache of passwords is converted into a mass of cryptographic hashes.
Hashes are ‘meaningless’ strings of characters into which passwords are mathematically transformed to prevent them from being misused. The hashing logic is developed in such a way that it is easy to perform, but difficult to reverse.
When a user logs-in to a website, the password is hashed using the same algorithm and the hashed version entered is compared with the hashed version of the original password set when creating the account. If the hashed versions of both these passwords match, then the programme rightly concludes that the “original” password is correct and allows further access.
The Programmes
Hashing uses specialist programmes. The exact kind of hashing that the passwords have undergone determines how easy or difficult it is for potential hackers to crack them.
In simple words, the easier the algorithm used for the hashing process, the easier it is for the hacker to un-hash the passwords. Hashing programmes that are commonly used are are SHA1, Argon2 and bcrypt.
In 2012, about 177 million stolen LinkedIn accounts were hashed., using ‘SHA1’ without extra protections. This led to the hashed passwords to be trivially cracked. On the other hand, ‘Patreon,’ which was also hacked, had used the tool and hence suffered less loss.
A hash-cracking programme works by generating and guessing billions of possible passwords and automatically comparing them with the stolen hashed passwords to find matches.
Salting is a technique used to strengthen the hashing process by adding random characters to the original password and subjecting them to the hashing algorithm. Hackers get confused between the real password and the characters added (salted).
The obvious question that is asked, is, ‘Can I be 100% safe?’
The answer always is, ‘No.’ However, by using some commonsense techniques, you can minimise risks of your data being compromised. Do not use easily guessable passwords. As a simple thumb-rule, if the password is in the dictionary, it is a weak password. Similarly avoid names of spouse, pet, city of birth and common words.
Do not save passwords credit cards, financial details and other sensitive information online. Hackers cannot hack data that are not available. As far as possible, do not engage in sensitive transactions involving money in public places.
If possible, use credit or debits cards with small limits for online transactions.
If you believe that your computer has been hacked contact the Police.
Anand Mokashi is an IT Lecturer, Consultant and Digital Media Specialist with a passion for all things online. Email: anand_mokashi@consultant.com
Image Source: Jonathan’s Blog (weblogs.asp.net)