ISSUE 98

29 September 2019

Article of the Month   Around the World




In modern world everything is based on information systems and poor software quality may adversely affect application security by increasing the potential for a malicious breach of a system and hacking is identifying and exploiting weakness in computer system and or computer networks.

The person engaged in hacking activities is known as hacker and hacker may alter system, application or network security features to accomplish a goal that differs from original purpose of that system. Cybercrime is committing a crime with the aid of computing/information technology infrastructure and there are types of hackers who belongs to cybercrimes and some are legal. This paper will discuss about what is hacking and who are the hacker, categories, legality specially concepts and phrases of hacking and furthermore methodologies, maintain and control.

In cyber security world, the person who is able to discover weakness in a system and manages to exploit it to accomplish their goal can have referred as a Hacker and that process can have referred as Hacking. As an example, using password cracking algorithm to gain access to a system. In now days computing infrastructure have become mandatory to run a successful business as well as for many useful personal works and it is not enough to be an isolated computer system; they need to be connected to computer network such as internet to facilitate communication with external businesses.

What is Hacking?

During the 1990s, the term �Hacker� originally denoted, and it is art of exploring the hidden things that are being hidden from general usage and finding loopholes and use them to benefit the others. In other way hacking is simply identifying weakness in networks or computing systems to exploit its weakness to gain access.

What is a Hacker?

Hacker can describe as an individual who uses computing and networking skills to overcome a technical problem and often refers to a person who uses his or her abilities to gain access to unauthorized systems or network in order to commit crimes. b. Types of hackers
Hackers can classify according to the intent of their actions. The types of hackers often referred to as wearing colored �hats� with each have different implication for the target.

Ethical Hacker (White Hat)
A white hat hacker is computer security professional and they do not have any malicious intent whenever they break into security systems. White hat hacker probably has deep knowledge about computer and network security.

Cracker (Black Hat)
A black hat hacker can know as hacker who gains unauthorized access to computer systems and their intent is usually malicious, steal data and violate privacy rights. And they use their knowledge for unethical activities.

Grey Hat
A hacker who is between ethical and unethical hackers are known as grey hat hackers. Grey hat hackers usually hack systems without proper permissions form system administrators of the network but they will expose the networks vulnerabilities to the



What is Ethical Hacking?

Information is the most valuable assets in modern world keeping that information secure can protect the privacy. Keeping the data and information safe is very difficult at this present time and that�s where the role of the ethical hacker becomes valuable.

Ethical hacking is identifying weakness in computer systems and come up with countermeasures that protects the weakness of the system. Ethical hackers must follow the following some rules before they breach into system.

  • Get written permission from the owner of the system.

  • Protect the privacy of the system/organization

  • Report all identified weakness and vulnerabilities to system owner or administrator

  • Inform hardware and software vendors about identified weaknesses



Ashen Udayanga

Ashen is an undergraduate of Sri Lanka Institute of Information Technology, Faculty of Computing who is currently following Bachelor of Science Honors degree specializing in Cyber Security, currently, he is working as an Intern - Information Security Engineer at Sri Lanka CERT|CC




















1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru
  Why Are Scientists So Excited about a Recently Claimed Quantum Computing Milestone?


"...A quantum computer may have solved a problem in minutes that would take the fastest conventional supercomputer more than 10,000 years. A draft of a paper by Google researchers laying out the achievement leaked in recent days, setting off an avalanche of news coverage and speculation......."


Are you sure you wiped your hard drive properly?


"....Have you ever seen a hacker movie? When the other shoe drops, you can see the black hat scrambling for their computer, tearing out their hard drives and trying to erase them. They may even run neodymium magnets over them and then finish the job by driving an electric drill directly through the platters of the drives. Alternatively, they just smash it with a hammer and hope for the best........"


iOS Exploit �Checkm8� Could Allow Permanent iPhone Jailbreaks


'...A researcher is warning of an un-patchable bug affecting hundreds of millions of iPhones that gives attackers system-level access to handsets via an unblockable jailbreak hack. Right now, the scope of the attack is limited.......'

Magecart web skimming group targets public hotspots and mobile users



'...One of the web skimming groups that operate under the Magecart umbrella has been testing the injection of payment card stealing code into websites through commercial routers like those used in hotels and airports. The group has also targeted an open-source JavaScript library called Swiper that is used by mobile websites and apps......'

After complaints over leaked Voice Assistant recordings, Google says: We hear you


'....Google has laid out what is and isn't recorded when you use your voice to operate its Assistant app, and tweaked some of its preference settings labels to be more upfront about what happens to your audio data. It also said sorry � again.........'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in August 2019


  Statistics - Sri Lanka CERT|CC

Masad Spyware Uses Telegram Bots for Command-and-Control

'...A freshly discovered commercial spyware dubbed the �Masad Clipper and Stealer� is using Telegram bots as its command-and-control (C2) hub. Masad harvests information from Windows and Android users and also comes with a full cadre of other malicious capabilities, including the ability to steal cryptocurrency from victims� wallets.....'

Twitter�s new policy bans financial scams

"...This verified account was inactive for a few months and then suddenly sprang to life, tweeting about cryptocurrency and asking for deposits. The display name was changed and the avatar was reset. In isolation, just one of these behaviors might not mean much, but in series, they paint a picture of an account that�s likely up to no good......"

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

�...Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.....�
Email is an open door for malicious actors looking to exploit businesses

."..In one of its central findings, the report identifies email as a company�s greatest cybersecurity vulnerability. Email offers the most significant access point for criminals by exploiting a human fallibility � the inability to spot malicious emails... ..."

Notice Board

Training and Awareness Programmes - October  2019

Date Event Venue

Brought to you by: