Ethical Hacking Techniques and Penetration Testing

Question: Discuss about the Ethical Hacking Techniques and Penetration Testing. Answer: Introduction There has been a huge development in the internet and networking technologies in the past few years (Siponen et al., 2014). With the advancement in the technologies the people have become very dependent on these technologies for obtaining knowledge. But this technology is also viable to breaches. The security breaches on the internet have been increasing with the time passing by. The report provides an example of one such incident that took place recently. It was reported recently that the Apple Store subjected to malware attack. The report contains information in details about the attack and also provides some recommendation, so that this type of security breaches could have been avoided. Apple Store Hit by Malware Attack According to the identityforce.com, it was reported that the Apple was subjected to malware attack recently. In the article, Apples App Store Hit by Malware Attack by the identityforce.com, on October 2, 2015, it was reported that the company had reported that about a dozen of apps that were infected by malware were discovered by the company ("September 2015 iPhone Hack", 2017). Until now the apple users have been experiencing a very high level of security. This is because the Apple Company does interact much with the third party manufacturers. In addition to this apple was not adopted to the level that the other companies were. Hence, the hackers did not target Apple to the extent that the other companies were. But recently security issues are being reported against the company. It was reported that the company had discovered several apps that were infected by malwares. It included some the very popular apps like WeChat, which has more than 500 million users. This report showed that the Apple Store can also be subjected to cyber-attacks on a large scale. It has been reported that the popularity and the increasing number of consumers of the company has made them a target for the hackers. It was reported that the App store was infected with the malware named XcodeGhost (Brockman, Stieglitz Cvetkovic, 2015). The program was found inside the legitimate programs of the App Store. It was fused inside the normal apps so that the user would not understand the defect of the app unless they download it from the store. The malicious programs that existed within the apps were detected by several cyber security firms. It was initially indicated by an e-commerce firm in China named Alibaba. They had discovered that the hackers had uploaded the altered version of the Xcode to one of the Chinese cloud storage service. The Xcode is the program that is used in the development of the iOS aps. In China and in various other parts of the network speeds might be slower. Hence, many of the developer tend to download the instances of the tool from other sources, and end up downloading the infected version of the tool. Although, Apple have a security tool named the Gatekeeper, but the in or der to develop the aps the coders would have to disable the security tool and use the XcodeGhost to develop the apps. Hence when these packages from the external sources are addd to the app code the app becomes infected and the infected app is uploaded into the store which infects the store in return. In addition to these millions of users have already downloaded these infected apps. All this users can potentially be affected to the harmful effects of the malware. The malwares have infected the popular apps so that more and more users could be affected by the security breach. The malware could obtain sensitive information about the users without the user even knowing about the attack. The malware would be able to send alerts to the device that is infected and can obtain the information about the user by tricking them into revelation of the information. The Apple Company have already taken down the apps that were infected from their store. In addition to this the company is looking into detecting more apps that were subjected to the malware attack. In addition to this the company should also look to enhance their security methods. The company should perform effective filtration techniques before allowing the apps to be uploaded on their store. In addition to this, the company should adopt proper testing techniques for the apps that are uploaded on their online store. Although, no instances of the user data being hacked was reported for the incident. In addition to this the users should also be aware of the situation. It is advisable for them to update or delete the reported apps. And also they should not be using the jail broken devices. So that they would be safe from the attacks of the malware. The report provides a brief analysis of one of the several incidents of security breach that are taking place lately. The incident of the breach that took place in the Apple store have been provided in this report. The process of the breach and the effect of the breaches have been provided in the report. In addition to this remedies have also been mentioned in the report. It could have been avoided if the company would have adopted a strict filtration process for the applications in their store. In addition to this the users are advised to update the apps regularly so that malware packages would be uninstalled from their devices. The hacking have had a great development in the past few years. Lately more and more hackers are encouraged to practice the technique (Craig Shackelford, 2014). This is a great development in the field of technologies. But in the recent time the technique is being used for illegal and unethical practices. This causes a great amount of problem for the society. In addition to this the practice is increasing day by day. The report consists of one of the incidents of hack case on the web (Elhai Hall, 2016). The report provide in brief some information about the telegram hack case. The procedures of the hack and the effect of the hack on the people have been described in the report. In addition to this some recommendation are also provided for the case. According to the Telegraph.com, it was reported that the hackers had gained access to a huge number of accounts on the messaging platform the Telegram. In the article, Iranian Hackers Attack Telegram to find 15 million accounts released on August 3, 2016, it has been reported that some Iranian hackers have gained access to the secure platform of messaging the Telegram (McGoogan, 2017). According to the report the security researchers have stated that the details of around 15 million users of Iran have been accessed by the hackers. The Telegram is considered one of the most secured messaging platform on the web. The hacking of the platform is a major case in recent times. The tool provides security and privacy to the users by the end to end encryption method. But the hackers that had used advanced methods for hacking into the systems. According to the report, the telecom companies have to option to intercept the messages that the company sends to the users when they are either logging into their accounts from a phone or some other devices. The hackers can easily use these intercepting techniques of the telecom companies and get access of the messages of the Telegram Company. In addition to this, there is also a chance that the Telecom companies are providing the data to the hackers and they are using it to set up the accounts on some other remote devices. This method makes the users vulnerable to the telecom companies and the hackers. Hence hacking into the sytem of the Telegram platform was unavoidable. According to the report around 15 million user in Iran were affected by the hack. The hackers could get the information of the users from the techniques implemented by them. The personal information of about 15 million users were available to the hackers. In addition to this the hackers could also intercept the messages that the users sent to each other. The reports on this case had spread fears into the minds of the users that were using the platform. They feared that most of their sensitive information that were contained in their messages would be available to the hackers. The common people also feared that very sensitive communications would be compromised. The people feared that they would be losing their privacy. In addition to this it has been also reported that about a dozen of telegram accounts have been compromised by the company. In addition to this since the Telegram is based on the phone numbers anyone can easily check the registration status of the phone number in the s ystem. Although the company have stated that, the users can continue using their accounts with the fear of breaches but they have not mentioned any such procedures by which they can protect their communications. The company have stated that do not block anybody who expresses the opinion peacefully. The company should try and increase their security constrains. In addition to this they should also look to improve their methods of communication. They should try and secure the communication processes. They should try and stop the telecommunication companies from intercepting into their networks. This reduce the risk of the communication information from getting hacked. The company has also stated that, the hacking is not a very serious issue. But the count of the effected users is around 15 million. Hence, the company should look into the security matters with more seriousness. Although the company blocks the terrorist bot and the channels, but they do not have a proper authentication process in place. In addition to this user should also be aware that they should not pass the sensitive information over the messages. In addition to this the users must follow the instruction provided by the company for securing their communication. The company advices the users to follow their two- step authentication process. The users should follow this process to keep their connections secure. Conclusion The hacking case of the Telegram Company have been provided in the report. The procedures of the incident and the effect of the hacking case have also been provided in the report. In addition to this information about some actions that could have taken by the company have also been provided in the report. The company should look to increase their security measure and should seriously look into the hacking case. In addition to this, the users should also be aware of the situation and perform their actions accordingly. They should follow the advices of the company to keep their connections secure. References Alapati, S. R., Gossett, S. (2014).Oracle WebLogic Server 12c Administration Handbook. McGraw-Hill Education. Annachhatre, C., Austin, T. H., Stamp, M. (2015). Hidden Markov models for malware classification.Journal of Computer Virology and Hacking Techniques,11(2), 59-73. Brockmann, T., Stieglitz, S., Cvetkovic, A. (2015). Prevalent Business Models for the Apple App Store. InWirtschaftsinformatik(pp. 1206-1221). Chowdappa, K. B., Lakshmi, S. S., Kumar, P. P. (2014). Ethical hacking techniques with penetration testing.International journal of computer science and information technologies,5(3), 3389-3393. Craig, A., Shackelford, S. (2014). Hacking the planet, the dalai lama, and you: managing technical vulnerabilities in the Internet through polycentric governance. Elhai, J. D., Hall, B. J. (2016). Anxiety about internet hacking: Results from a community sample.Computers in Human Behavior,54, 180-185. Hassan, N. R., Mingers, J., BERND, S. (2015). Call for Papers: IS Philosophy Special Issue.European Journal of Information Systems, available at: https://www. palgravejournals. com/ejis/EJIS_IS_Philosophy_Special_Issue-v6a_Final_Copy. pdf. McGoogan, C. (2017). Iranian hackers attack Telegram to find 15 million accounts. The Telegraph. Retrieved 7 April 2017, from https://www.telegraph.co.uk/technology/2016/08/03/iranian-hackers-attack-telegram-to-find-15-million-accounts/ Narra, U., Di Troia, F., Corrado, V. A., Austin, T. H., Stamp, M. (2016). Clustering versus SVM for malware detection.Journal of Computer Virology and Hacking Techniques,12(4), 213-224. Parks, R. F., Adams, L. (2016). Analyzing Security Breaches in the US: A Business Analytics Case-Study.Information Systems Education Journal,14(2), 43. Safa, N. S., Von Solms, R., Futcher, L. (2016). Human aspects of information security in organisations.Computer Fraud Security,2016(2), 15-18. September 2015 iPhone Hack. (2017). IdentityForce. Retrieved 7 April 2017, from https://www.identityforce.com/blog/apple-account-information-stolen-by-iphone-hackers Siponen, M., Mahmood, M. A., Pahnila, S. (2014). Employees adherence to information security policies: An exploratory field study.Information Management,51(2), 217-224. Thomas, R. C., Antkiewicz, M., Florer, P., Widup, S., Woodyard, M. (2013). How bad is it?a branching activity model to estimate the impact of information security breaches.