Total Exposure - Built it….They will hack it

By now corporations and governments world wide have taken notice that their security systems are at risk. Well, kinda.

As you can see from this month’s edition of the THN, there is still an arrogance and attitude of “it couldn’t happen to me.” In the meantime, hackers all over the globe are getting into everything from email to top secret documents.

It doesn’t surprise me that the heads of corporations like Sony and government agencies like NASA have been slow on the uptake. For too long these people have been driven by greed and have acted with total impunity.

No more. Because internet security has become the number one target of organized groups like Anonymous or 13 year old boys fooling around on the computer, every government, business, corporation, and personal computer is at risk.

And, the conundrum for everyone is that if you can write a security program, someone can hack it. THN doesn’t think it will be out of business soon because some government agency or billion dollar corporation thinks it can out smart the techies of the world. No, the real issue is how are institutions going to process information, secure and public that cannot be hacked into?

Every era has had a name and this era is going to be named the Era of Hacking. This is the era when the dishonest and corrupt are being caught with their pants down and their phony financial reports exposed.

The hero’s of our world will no longer be gold star generals or presidents but faceless hackers with a weapon called the keyboard.

THN has had the pleasure of sitting back and reporting the hacking news. We don’t hack ourselves but we are the beehive for hacking information and trends in internet security.We thank our loyal readers and welcome our newest. We invite heads of State and dignitaries all over the world to read and understand they are at risk. World stability will come and I promise, not one shot will be fired.

Welcome to the Era of Hacking. Welcome to Total Exposure.

OK READERS, LET’S GET TECHNICAL

We need to talk about the breach of data in large organizations like SONY. Almost 14 attacks on SONY in last two month by different hackers. Hackers exposed almost 100 million user’s data using a small SQL vulnerability or better said as “Developer’s Stupidity.” The data leak is almost of no worth to anyone, no one would have the time to do logins on millions of Users. The real affect is the blemish on the brand name SONY. Still there is a benefit SONY gets from all these hacks. They get free Auditing. YES ! Sony hackers actually help SONY to become the most secure brand in the future. Sony will definitely learn from all those security mistakes. Also, this hack becomes a lesson for others. Once SONY is back with patched sites and servers then it will be sure that they will be more secure than ever before.

Another part of Total Exposure is the disclosure of various vulnerabilities and 0days. The Exploit writers are the best hackers behind this job. They study the whole code, find the vulnerability and make some automated exploits for that code. No doubt that these exploits are dangerous for the security of various users, but still the Developer of that product will get the Idea of vulnerability and they will develop other more secure systems. This is the rule of most security Development that “Until some hacker can’t break your system, you will never think about more secure versions”.

In the past we (The hacker News) tried to contact some Admins of servers/sites about their vulnerability. But most of them never cared to respond because they thought that no one would hack them. I hate to tell them they are in for a big surprise. We decided to post all vulnerabilities of various sites and products online, because until the vulnerabilities are addressed seriously, everyone is at risk.

There are few questions that people have asked us in last few days and I would like to answer them:

Q. Why do hackers love to expose things in public?
A. Hackers! Exposing data is the base of security for them. Some hackers hack for fun, some for particular political aim, some for good causes like Wikileaks and some for revenge like Lulzsec. Everyone has a different motive and different natures of hacks. The exposure of someone’s personal data is never a good thing, but we have exemptions. Let’s let people decide that, who is wrong and who doing right!

Q. What impact does hacking having on technology in general?
A. In General, because of hackers total security development is impossible. They can make a big brand like SONY think again on their actions. They can help security researchers making STUXNET destruction products and they can help the police for cyber investigation like out whitehats do. Technology is the combination of good and bad things.

Q. What is the greatest benefit in hacking information or the exposure of weakness in security systems or sites?
A. Hacking for military or Country is always beneficial for one side. Hacking for fun can never be good for anyone, but if someone is hacking for destruction then that is the worst use of skills. STUXNET, the best botnet of last year, was developed by IRAN for destruction of cyber space of Indian and the US. The best benefit of hacking is that there is a lesson to be learned in positive way. Exposure of weakness has benefit for the administrator will come to know where his mistakes are. Weakness of systems also leads to more security research.

Q. It appears without "hacking" internet security would not have been challenged and improved. Do you see hacking having any other value?
A. Yes, this is right. Without hacking, internet security is really worthless. The job of a security expert should be always challenged. Only then will he/she will be able to learn more day by day. Even hackers hack for the same reason. They develop their skills by hacking real world servers/sites. Hacking is like a passion for kids these days. Everyone wants to know HOW TO HACK FACEBOOK OR GMAIL. Lolz ! Its really most irritating question asked to me by lots of people.

Q. What lessons can everyone get from Sony Hacks & what are your Views about these 13 Serial Sony Breaches?
A. It is not exactly a new security measure that's necessary, but how Sony can manage the existing security system effectively. Sony needs to run its management cycle remembering that security threats are variable. It gives hackers a chance to invade when businesses are relying heavily on security tools. If Sony hasn't learned the lesson, at least other businesses have. After Sony's incident, the number of inquiries from businesses to various security consultants increased.

Q. Ha the Sony, RSA, HBgary and Other 2011 breaches given some benefit to Security Researchers to analyze and study the Style/Talent of Hackers ?
A. Yes, After SONY, RSA , HBGary and all other 2011 breaches most security experts are now more alert in rechecking their attitudes toward security . They came to know that one small flaw like sql injection can become a reason to hack million dollar companies. Sony fights with George Hotz, but my opinion is that they should have hired him. Why not develop this hacking talent for legitimate purposes. Why make an enemy when you can have them on your side?

Q. Do you feel that groups like Anonymous who hack for the purpose of exposing the criminal and corrupt side of corporations and government have value?
A. Anonymous are hero’s of 21st century. Anonymous is the political movement of change for the 21st century. Anonymous can and certainly will accomplish what many other political and peace movements of the past could not. When corruption, destruction and mayhem strike from governments or corporations it is the goal of anonymous to awaken that entity and the public that a change must occur. Given that, many will use the name Anonymous to perform acts of a criminal and malicious nature. By doing this it gives the real "Anonymous" a bad name. In fact, governments and corporations will try to retaliate against the false anon by restricting internet freedom and user capabilities. We must understand that the Anonymous who strives for political change and world peace must be free to work without the mistrust and misdeeds of others who tarnish their good work. As once was said, "change always comes bearing gifts." Anonymous is the gift we have been waiting for. Honest and trustworthy persons working hard on our behalf for the betterment of mankind.

Q. Many people admire you and support The Hacker News. Did you ever think that you are missing something?
A. It’s really true that THN has become a successful Cyber awareness project in a small time, only because of our support from our readers. I would like to start some more projects in the future related to Security Labs that will help every beginner to advance. Also, sharing and doing research on Cyber Security.

Q. Conversely, what do you think about the FBI and our criminal justice system in regards to hacking?
A. In India we have strict punishments for cyber crime, but laws are not strictly applied to all. This is the same in other countries. Even in China, hacking has becomes part of the China military services. Lulzsec hackers hack PSB, SONY and even one FBI partner and they gave an open challenge to FBI. As of yet, the FBI has failed to identify the hackers so we can say that there are some faults in the justice system in regards to hacking. Millions of sites get hacked monthly, no one cares about those. Even the administrator of the site re-uploads the backup and forgets the defacing done by hackers.

Q. The internet world is sorely unprepared when it comes to security. Do you agree and why?
A. The best term is “No one is secure in this world”. You can check our website for the latest updates of people being hacked. Most of them are hackers, security experts and big brand commercial names.

At last I would like to say “WAKE UP INTERNET WORLD!” Security systems all over the globe are threatened and very few seem to understand what is happening. If the CEO’s, Administrators, Presidents, and other heads of businesses and governments aren’t demanding that their IT departments are re-evaluating their security systems, then they deserve everything the hackers give them.

Hacking is here to stay. It will not go away quietly. It will not be eliminated. If a software engineer can write a security program believe me when I say a hacker can breach it.