point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

April - 2009 - issue > Technology

Handling Malicious Hackers & Assessing Risk in Real Time

Shailender Kumar
Thursday, April 2, 2009
Shailender Kumar
Imagine this…

A hacker creates a look-alike website of a well-known bank. He sends across e-mails to customers requesting for confidential information claiming the bank’s website is undergoing a revamp or reconstruction. The information sought is confidential customer data. The e-mail has a link embedded in it, which, by default, directs the customer to the fake site that the hacker has created. The customer, thinking it to be a genuine communication from the bank, provides the details, which the hacker saves and later uses for fraudulent transactions such as money transfers or procuring critical passwords.

Not a Secure Situation to be in

The rapid growth of online commerce has brought increasing sophistication to Internet fraud. Frauds are executed across multiple access channels. Threats from Phishing (criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication), Pharming (a hacker’s attack aiming to redirect a website’s traffic to another bogus website), Trojans (a type of malicious software), Key Logging (used to retrieve online password entries), and Proxy Attacks, combined with regulations and mandates (HIPAA, PCI) governing online data piracy place online security at a premium. If you take a closer look at the illustration in the beginning of this article, you will realize that a simple login procedure makes it easy for a hacker to access online accounts and transactions. To thwart hackers, banks are adopting stringent levels of login procedures, which are more personalized and secure. Some of them include the introduction of additional levels of passwords, personalized background image for login, virtual keyboards, or even a virtual mouse among others.

Whatever you type on the physical keyboard can be tapped by hacking, through keylogging. Keylogging provides a means to obtain passwords or encryption keys by bypassing security measures. To prevent this, financial transaction sites are installing virtual keypads and virtual mouse. Instead of typing the password on the keyboard the normal way, as part of the login process the user will be able to use the cursor to select his or her password on the virtual keyboard. This process helps circumvent the key locking setup enforced by the hacker.


Share on Twitter
Share on LinkedIn
Share on facebook