Today several cases of computer or mobile hacking are encountered by users. The harmful activities of hackers are increasing continuously and they use different ways to access sensitive information from mobiles, computers and networks. There are various hacking issues faced by IT users. This way of hacking is unethical and illegal because it is about accessing information of someone without permission to make his/her loss of personal or financial information. But if hacking is done in legal and ethical way and with permission of an individual or organization for their help and to get prevention from cyber-attacks then that will be ethical hacking. There are some cases exist where ethical hacking is done. Here in this report we will discuss about an incident of ethical hacking i.e. “Hacking into Mobile Devices”. To perform ethical hacking, it is important for security professionals to know how to remove their information gaps in hacking and how devices, data and users can be protected from hacking attacks. Today every individual is using mobile devices to perform different activities such as communication, information sharing, image capturing, for playing games and for another personal or business purposes. In large business organizations mobile devices are also used to perform various business activities. With the increment in usage of mobile devices, our most sensitive transactions such as emails, banking and social media are used by these devices. High security of mobile networks is the first priority of mobile devices developers, but still issues of hacking of mobile devices are encountered by its users. The reason for this is unique set of vulnerabilities that are using by mobile devices in form of our transactions and hackers are ready to steal information from these transactions. Unfortunately, development of mobile devices is an upbringing ground for cyber attackers. Therefore, security professionals need to be ready to perform their actions by executing ethical hacking. Here we have an incident where ethical hacking is done by security professionals to identify hackers’ hacking activities in mobile devices. This incident is about “Ransomware Attack at University of Calgary”
The main problem found while investigation of ethical hacking was lack of availability of accurate information resources according to topic of “Hacking of Mobile Devices”. It was not easy to find an appropriate case of ethical hacking among given resources of information because it is generally not a common topic to discuss.
As we have selected topic of “Hacking into Mobile Devices”, so here in this segment we will represent hacking into mobile devices through a diagram to understand how hacking can be implemented by hackers.
Figure: Hacking of Mobile Devices
From above diagram, it is cleared that how a mobile device has influenced with host and network attacks that are implemented by hackers. As we know mobile devices are connected with networks and hosts for transferring data. So if these hosts and networks will be infected or hacked by hackers then mobile devices will automatically be affected. It is a sophisticated way used by hackers to hack mobile devices by hacking their hosts. Further, if mobile is connected with any corporate network or cloud platform then it will put bad influence on all users who are connected with cloud platform as shown in diagram. The identification about hacking of mobile device can be analyzed, if any kind of data breach or data loss will find into database.
The hacking attack in University of Calgary was conducted on its laptops and computer systems and forced to pay $20,000 by attackers. According to Vice President of Finance and Services in University, this computer hacking attack did not indicate that any personal data was released to the public. The Vice President also said that university officials were ready to pay to ransom with assurance that systems will be restored (Ico.org.uk, 2017). This hacking attack on mobile devices such as laptops and computer systems was so harmful and it was difficult for university to find that it was conducted by an individual or a group and what was type of this hacking attack.
After critical evaluation on attack of University of Caligary, it is found that it was a ransomware attack, so it is cleared that here software of ransom virus is used by hackers in computing environment of University of Calgary (WhatIs.com, 2017). Ransomware is a malware which is used for data kidnapping. It is also an exploit in which attacker try to encrypt the data of victims and to provide decrypt key for that data they demand for payment. The attackers spread ransomware into mobile devices by using email attachments and infected programs. (Trendmicro.com, 2017). This was really a vulnerable hacking case faced by University of Calgary and pay to hackers $20,000 to restore data was also not the accurate decision. Therefore, to handle this problem, security professionals of University of Calgary implemented ethical hacking to penetrate ransomeware attack. In this process of ethical hacking, security experts of University of Calgary, used technique of social engineering. They sent emails from their account on email ids from which they got vulnerable messages with ransomeware. These emails included personal information of employees and other essential information about a business organization. It was done to attract hackers toward sensitive data and to get their new email address. In this way, they have used their accounts for implementing ethical hacking to identify hackers (Usa.kaspersky.com, 2017).
To perform ethical hacking in case of Ransomware attack, social engineering and email spoofing techniques are used to resolve issue of information hacking (Tutorialspoint.com, 2017).
GDRP is a regulation which is used by European Parliament, European Council and European Commission to unite and to increase strength of protection of data for all individuals within the European Union. With the increment in computer hacking cases, it is necessary to follow strict security regulations by IT users. Under General Data Protection Regulation, principles of data protection are set out. These principles are listed as below (Myers and Myers, 2017):
As we understand from GDRP principles that data that belongs to business, customers, and employees in organizations or to any other entity must be kept secure. From collection of data to use of data, its security and privacy is necessary. Data collection, storage, processing, upgrading and execution are all important processes and during these processes hackers always try to attack. GDRP provides effective regulations for security of data at every essential point. So if these principles will be followed by users then it can be ensured that chances of hacking can be reduced. But if we talk about ethical hacking, then it GDRP defines that ethical hacking must be done according to cyber laws and ethics and with permission of owner of data. Like hacking, also in ethical hacking data protection rules of GDRP are required to follow. As we know that hackers always try to identify weak point of security of data so that they can easily steal that data from storage device. But if data will be securely access and store then hacking issues will be controlled. The main objective of General Data Protection Regulations (GDRP) is extend EU data protection law to any organization in or outside EU.
Conclusion and Further Work
We have discussed in this report that at what extent issues of computer hacking have been increasing and it has become so important to control these issues. Ethical hacking plays an important role to control hacking. In this, security professionals have to take bad actions for doing well. Like, incident of ransomware malware in University of Calgary, various other incidents are also encountered. But all these issues can be controlled easily if proper security will be maintained by security professionals and appropriate actions will be taken by them periodically. (Ico.org.uk, 2017). In future, advancement in security tools will be seen and security experts are doing efforts to provide more advanced security techniques to control vulnerable data security attacks. These security tools will be Windows Defender, Mitigation Experience Toolkit, SUPERAntiSpyware and Anti-Hacker etc.
References
Ico.org.uk. (2017). Principles. [online] Available at: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/ [Accessed 28 Apr. 2017].
Capgemini Capgemini Consulting United Kingdom. (2017). The impact of the EU General Data Protection Regulation on the financial services industry in relation to customer consent | Blog post. [online] Available at: https://www.uk.capgemini-consulting.com/blog/retail-banking/2017/03/the-impact-of-the-eu-general-data-protection-regulation-on-the-financial [Accessed 28 Apr. 2017].
Myers, L. and Myers, L. (2017). 11 things you can do to protect against ransomware, including Cryptolocker. [online] WeLiveSecurity. Available at: https://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/ [Accessed 28 Apr. 2017].
Ico.org.uk. (2017). Principles. [online] Available at: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/ [Accessed 28 Apr. 2017].
Augustin, L. (2017). General Data Protection Regulation: How will it impact the UK?. [online] IT Pro Portal. Available at: https://www.itproportal.com/features/general-data-protection-regulation-how-will-it-impact-the-uk/ [Accessed 28 Apr. 2017].
WhatIs.com. (2017). What is ransomware? – Definition from WhatIs.com. [online] Available at: https://whatis.techtarget.com/definition/ransomware-cryptovirus-cryptotrojan-or-cryptoworm [Accessed 28 Apr. 2017].
Usa.kaspersky.com. (2017). Ransomware & Cyber Blackmail. [online] Available at: https://usa.kaspersky.com/resource-center/threats/ransomware [Accessed 28 Apr. 2017].
Trendmicro.com. (2017). Ransomware Attack on University of Calgary Forces $20,000 Payment – Security News – Trend Micro USA. [online] Available at: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-attack-on-university-of-calgary-forces-20000-payment [Accessed 28 Apr. 2017].
HIPAA Journal. (2017). Ransomware on Mobile Devices. [online] Available at: https://www.hipaajournal.com/ransomware-mobile-devices/ [Accessed 28 Apr. 2017].
Lynda.com. (2017). Ethical Hacking: Mobile Devices and Platforms. [online] Available at: https://www.lynda.com/Android-tutorials/Ethical-Hacking-Mobile-Devices-Platforms/512725-2.html [Accessed 28 Apr. 2017].
Tutorialspoint.com. (2017). Ethical Hacking Email Hijacking. [online] Available at: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_email_hijacking.htm [Accessed 4 May 2017].
Definitions, E. and Hope, C. (2017). What is ethical hacking and an ethical hacker?. [online] Computerhope.com. Available at: https://www.computerhope.com/jargon/e/ethihack.htm [Accessed 4 May 2017].
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download