Breaking the Hackers’ Code

What if you get the chance to curb the hacker’s next step! What if you could understand the psychology of the hacker’s intentions! What if you could dismantle the malicious applications residing onto your mobile devices! What if you could understand the vulnerabilities in your online private or social domain. You have Nullcon on one platform to answer all of that.
Nullcon laid down a holistic two-day conference where the audience was buzzing with ways and solutions and measures to take cyber crime in control. Nullcon focused on national critical infrastructure protection. The emphasis was on cyber attacks on airports, telecom, and power grids. Indian industrial landscape is vulnerable to crippling cyber attacks on a scale that can have serious implications for national security and economy.
What is critical in today’s scenario is to understand the cyber crime and its critical nature which is leading to the social after affects. The reasons of cyber crime was identified by Tejan Timbo, MD, Praxeva in his session. These included-monetary gain, recognition, political, defacement, or just for fun reason.
He highlighted few critical cases of cyber attacks over the last one year and indicated the severity and level of hacker intrusion to public or private platforms online.
“Instances like these will happen unless government initiate regular audits or security measures,” insists Timbo.

Live forensic practices were demonstrated by Mookhey and Vikash revealing the intriguing and innovative techniques to extract data of our mobile devices. KK Mookhey and Vikash from next-gen forensics explained the threat of money laundering, terrorism, and financial fraud all being transacted over smartphones.
Mobility has emerged as one of the most vulnerable areas for cyber or hacker attacks. “Digital forensics techniques have evolved to cover these, yet tools remain costly,” said KK Mookhey, Next-gen Forensics.
Vishesh focused on the necessity to build capability on these fronts and develop open source tools to aid the process and set legal precedent to accept this evidence as well. “There is a necessity to build capability on these fronts, develop open source tools to aid the process and set legal precedent to accept this evidence as well,” informed Vikash from Next-gen Forensics.
Joerg Simon from Symantec, on the other hand, brought a holistic view to cyber security landscape and introduced the open source test and education platform ‘Fedora Security Lab’ and ‘OSSTMM SecLab’. Michael Sutton and Pradeep Kulkarni explained the automating behavioral analysis for mobile application.
The conference reiterated the need to develop a scalable solution to identify overall risk for mobile (iOS and android) applications. The only challenge is that the source code is not available and limited open source/commercial tools for mobile security analysis-most targeted at the android platform.
The conference also showcased vulnerabilities in the technologies across various platforms. forms such as in IVR telephony, internet banking, linked accounts and iPhone apps that can be downloaded for free.
The event laid down live demonstrations on how mobile phone hacking, internet banking password hacking, USSD codes and its fallacy and malicious apps are available on varied operating softwares.
Ajit Hatti from Nullcon took the audience to banking industry where cyber security threats are no less. He listed down flaws, weaknesses with current bank websites.
“All internet banking sites in India have a few weaknesses and offers very low/no security on hostile platforms but still practically very safe today.”
The banks website lack standardization on security features across the banks, communities like Null are playing crucial role in making banks aware of security gaps and banks are responding well and evolving for being better and stronger.
Microsoft EMET Exploit Mitigations explored how enterprise customers can defend their organizations from exploitation of vulnerable software that has already been deployed, and preemptively defend their or ganizations from exploitation of these vulnerabilities. “EMET is a vulnerability independent defense tool that mitigates common exploit techniques/behaviors,” said Neil Sikka from Microsoft.
Lavakumar Kuppan introduced full automation to custom scanner creation and covered use cases for novice to super advanced users and suggested open source platform for advanced web security assessment.
Aiden Riley Eller emphasized on weak or failing security programs due to management inefficiency.
“One easy solution is to retain a security adviser to guide the program. Trust the adviser to select ‘implementation’ consultants or employees. Set a fixed annual budget and expect schedule variance,” said Eller. Zoltán Hornák, on the other hand, explored vulnerabilities of video set-top-box.

“Video set-top-box evaluations discovered volumes of stupid mistakes and exploitable vulnerabilities. Left-open debug access ports, bootloader weaknesses, operating system level pitfalls have helped attackers to have access to STB internals. If security key is distributed over the internet, subscribed content without payment,” reveals Hornak.

Enterprise’s sensitive information could be compromised by the attackers through the victim’s phone. Antriksh Shah, on the other hand, showed how ‘app download’ by bypassing payment from app store is yet to be fixed.
The Nullcon Conference captured the nerve of cyber crime landscape and thus brought together IT professionals, CXO community, leaders of large and small enterprises over one platform to chalk out secure cyber landscape for the country.

Leave a Reply

Your email address will not be published. Required fields are marked *