Hack and crack: Cyber crimes and the monetary losses inflicted
By: Farrukh Zafar
KARACHI: What if I tell you that your mobile SIM can be duplicated and used by another person for different motives, without you getting to know about it, let alone your approval?
I know it’s illegal, but it’s happening. Now think beyond the misuse of your phone number, the possible impersonation itself. What about the two-step authentication you have on your Google, Facebook and other accounts? The two-step authentication requires you to enter the code it sends you on your mobile, in case you forget your password or if you login from an unknown device for the first time. And since the hacker already has your SIM, expect your Facebook and Google accounts to get compromised like a piece of cake.
This is the recent loss, some of the high-level officials on the CEO slot have faced. Corporate espionage could never be as easy as this, and Pakistan is the place, where the securest new technology becomes the most vulnerable, with ease.
Imagine the company secrets you had in your Gmail or any other Google product account that gets compromised, just because your SIM gets hijacked.
Similarly, last month, around 50 large-scale Facebook pages of well-known brands were hacked in the same fashion, in one day, as soon as their Facebook accounts got compromised after SIM hijacking, resulting in multi-million losses.
So who’s the culprit and where does the crime stem from? The answer: the black sheep dwelling within the telecom carriers – the same people who are also responsible for handing over long lists of phone numbers that belong to females, which guys later use for prank calls and other abuse.
Some of the victims of these hijackings even contacted NR3C, PTA, their respective ISPs and even the Federal Investigation Agency. None of these authorities bothered to budge.
My two cents
If you really need to put the two-step authentication on, try purchasing a separate SIM, which is only specific for this purpose, and never share that number in public.
There’s also an Android app called Anti/Android Network Toolkit that helps people hack an entire Android smartphone. People are using it for different motives such as identifying open networks through wi-fi scanning and then finding all vulnerable devices on that network, which can reveal the IP addresses of servers out of range.
Once a target device is selected through that app, “Man-In-The-Middle” feature on the app allows hackers to eavesdrop and monitor that device, apart from the most-deadly “Attack” feature, which is self-explaining in its name.
Another great crime that is being done on a corporate level, in a very sophisticated fashion, is the selling of databases and select user base data by huge local publishers and websites such as e-commerce portals, job finding sites, etc, through the help of media buying companies. So the next time you enter your phone number, NIC, address or any other piece of sensitive data, just make sure that slogan of the website, “Everything sells here”, might be literal.
That’s when you realise that the internet and law enforcing authorities in this country are a set of nincompoops and we don’t need a foreign entity like NSA, when we digitally dwell under an incompetent umbrella that doesn’t know what crimes are happening at the most part, meanwhile they’re busy banning YouTube, porn and torrent sites.
The writer runs a software company in Dubai and a healthcare startup in New York.