Introduction:
Cybercrimes are those offenses that take place through the internet. It is an umbrella term for a wide range of offenses that take place within cyberspace. The prime cause for cybercrimes is the anonymous nature of cyberspace, which makes it difficult to trace the offenders once they have committed any cybercrime. These offenders have a thorough knowledge of cyberspace and are technically skilled in computer applications. The crucial element of cybercrime is the involvement of the internet or any other network environment through a computer system.
Cybercrime is committed against an individual or an organization using a computer system[1]. Computer resources are technologically advanced but are also very exposed to cybercrimes in this digital era. More often, the damage caused due to cybercrimes is challenging to estimate in monetary value. The following factors contribute to the sensitive nature of cyberspace:
- Widespread access to information of an organization or any individual linked to any organization, stored as data.
- Easy to derive information stored in the ROM from the virtual medium.
- Negligence by the internet user gives access to hackers by clicking illegal hyperlinks on the World Wide Web.
- Loss of evidence of cybercrime once it has been committed against a person.
- Uncertainty of jurisdiction within cyberspace.
What is Phone Hacking?
Phone hacking or Mobile hacking is a method of cybercrime by compromising any mobile device and accessing all the information or communications within the device. It can range from the exploitation of memory, central processing unit, and file systems in the device through any form of a security breach or unsecured internet connections. Hackers can efficiently gain access to both Androids and iOS-powered mobile devices. The following can be an indication for any mobile device which is hacked:
- Frequent power drain occurs when certain malware and fraudulent apps install a code within the mobile to access information.
- New sign-up or password reset verifications keep prompting in the mobile device from an unidentified location without awareness of the owner.
- Unexpected restarts and system crash occur when the processing unit of the mobile is compromised. It causes the entire system to run slow and droop frequently.
- Unidentified logs from the device happen when a Trojan virus is installed within mobile to tap the messages and calls.
The News International Phone Hacking Scandal
The news international phone-hacking scandal has been one of the biggest phone-hacking cases till now. ‘News of the World’ or ‘News International’ was a British newspaper that was accused of hacking phones of various politicians, celebrities, members of the royal family, and other people of influence in the pursuit of their news cover stories. The accusation led to the resignation of the editor and chief executive of the tabloid. The investigation found out the newspaper agency would hack into the phones of the victims and gain illegal access to the voicemails of the persons without their knowledge.
There existed a wide chain of private investigators and professional hackers who would assist the tabloid in their illegal activities. They would monitor the phone activities of their victims, listen to their voicemails, and record their phone conversations to cook up headlines for their newspapers. They were inevitably ahead of the competition with almost 3 million daily readers even on the day it shut down. The case highlighted the negligence of the London Metropolitan Police Station in keeping track of victims of this massive phone hacking scandal in history thus far.
In 2005, the phone hacking scandal came to the knowledge of the rest of Britain when there was an improbable leak of confidential information made between Prince Williams and his knee surgeon which was only carried through their voicemails and phone calls. The conclusion was derived that the phone of the prince had been compromised and ‘News International’ had gained illegal access to all his sensitive data. The further investigation was carried out by Scotland Yards’ officers till 2009, after which the case went into trial before the court of law. And in 2011, the court found the editors and executives of ‘News International’ guilty of all the phone-hacking scandals, resulting in the closure of the newspaper agency after almost 168 years of the run[2].
The Pegasus Spyware
Earlier this year, ‘Amnesty International’ came across a leaked database holding personal information and access to sensitive data on the mobile devices of thousands of Indian politicians, government authorities, and journalists. This was done through spyware called ‘Pegasus’ or ‘Q Suit’, a malware created by the cyber giant known as the ‘NSO Group’. It is classified as spyware because of its utility of infecting phones with its malware using a unique zero-click method to exploit the flaws within the Operating Systems of the mobile devices.
It was first detected back in 2016 by a group of researchers of Citizen Lab, University of Toronto, but no concrete proof could be found against its creators. Since then, the spyware uses an ‘over the air’ mode of installation using a ‘push message’ sent to the target mobile device only, making it difficult to be detected once it has been installed. This spyware has been allegedly sent all over the world to government authorities without knowledge to the general public. There has been a blatant violation of privacy by authoritarian governments in plain sight.
Both Android and iOS based mobile devices have become a victim to this spyware since it can easily adapt and impersonate the network servers of these operating systems. Hence, the malicious code could be easily transmitted through either of the operating systems using their security bugs. The installation of Pegasus is often referred to as ‘Network Injection’ because it is injected into the network of the mobile device once and spreads within the entire operating system of the device on its own. If the operating system is upgraded, the spyware adapts and need not be injected again. Thus, the mobile device becomes a digital spy for the attacker.
The spyware is dangerous because it gives access to all the commands and control of the phone to the hacker including access to the end-to-end encrypted information shared by the user from that device. So far, the government of India various initiatives since 2017 to build the capacity measures of CISOs in the IT Department, developed the NCCC to monitor real-time cyber threats flowing within the internet traffic, introduced the Cyber Swachhta Kendra and I4C for mobile users, and CERT-IN to deal with phone hacking[3].
How is Ethical hacking different from Phone hacking?
Ethical hackers are also known as the ‘white hats’ and they perform the assessment of the security system of computer networks and operating systems. Ethical hacking assists organizations and governments to strengthen their security measures within their operating networks. It is different from phone hacking because there is authorization by the organizations to conduct security assessments through hacking to prevent any malicious hacking in the future. The goal is to identify the security vulnerabilities of the system by duplicating the strategies adopted by malicious phone hackers. Thus, there is no compromise of sensitive data stored within the system.
Ethical hackers need to have authentic certification of their subject matter expertise before conducting any security assessment and need to define their domain of ethical hacking to their clients. This obligation has been created by the ‘EC Council’ which regulates the certificate for ethical hacking worldwide, therefore, the ethical hackers are duty-bound to communicate the scope of their assessment and report the vulnerabilities to their clients. Unlike malicious phone hackers, ethical hackers do not crash backend servers or cause financial losses to internet users for the sake of enjoyment. Ethical hackers simply re-run the operating systems or computer networks and report the unidentified security flaws[4].
Conclusion
The following should always be kept in mind to prevent phone hacking of any mobile device and ensure cyber safety while accessing the internet:
- Always have the phone password protected and never use the same password for more than one device. The password should be less predictable and should not be shared carelessly.
- Avoid using public Wi-Fi connections. If used, make sure to enable a VPN to protect your phone from being hacked through the open network.
- Always install apps from the official app stores. Downloading from an unofficial app store can easily expose the phone to any malware or spyware and would also miss the updated security system of the operating system.
- Keep your phone with yourself when outside or in an unfamiliar place. Additionally, keep the device location-enabled at all times. It would make it easier for the cyber security cells to track the location of the phone if it is lost.
- Always keep the operating system and installed applications updated. Keep a two-factor verification for mail accounts, bank accounts, and other login access within the device.
- Always clear the cache, cookies, spam emails, and internet search history. Always report spam SMS, calls, and mails. Use ad-blocks while surfing on Google, and disable or customize the tracking of activities on Google[5].
References:
[1] Ashish Pandey, Cyber Crime Detention & Prevention, 1st Edition JBA Publisher, 2006.
[2] Phone hacking trial explained, BBC News, 2014. https://www.bbc.com/news/uk-24894403 (6th Nov., 2021, 05:00 PM)
[3] Jay Mazumdar, How the Pegasus software infects a device? The Indian Express, 2021. https://indianexpress.com/article/explained/pegasus-whatsapp-spyware-israel-india-7410890/ (8th Nov., 2021, 06:00 PM)
[4] What is ethical hacking? EC-Council. https://www.eccouncil.org/ethical-hacking/#:~:text=Ethical%20hacking%20is%20a%20process,and%20looking%20for%20weak%20points. (7th Nov., 2021, 05:00 PM)
[5] How to stop phone hacking? Kaspersky. https://www.kaspersky.com/resource-center/threats/how-to-stop-phone-hacking (6th Nov., 2021, 06:30 PM)
0 Comments