The Bangladesh bank heist is one of the most infamous instance of a cyberattack involving nation-state-level hackers. In this attack, cybercriminals, presumed to be North Korean managed to steal $81 million from the Bangladesh Central bank's account at the federal Reserve bank of New York. This attack is one of the largest financial heists in history. This attack exhibits that malicious actors can operate from anywhere in the world. Whether you are an individual or an organization understanding how important is cybersecurity is fundamental.

Black Hat Hackers are malicious actors who exploit vulnerabilities for personal gain or to cause harm to an individual.

White Hat Hackers are Ethical hackers who use their skills to improve security by identifying and fixing problems faced by the victims.

Grey Hat Hackers violate ethical standards but do not have malicious intent.

Hacktivists are hackers motivated by political or social causes, they raise awareness against injustice towards an individual or an incident.

Gang type :Ransomware-as-a-Service

Year of origin :2020

Attacks : Ransomware attack on Costa Rica's government in the year 2022

The impact : This gang called Conti, has been involved in high-profile ransomware attacks on the Government of Costa Rica utilizing a double-extortion strategy that demands ransom for both decryption and non-disclosure of stolen data. This stolen data can be used against the country which could be exceptionally dangerous for the strategic planning and development of Costa Rica.

Also this breach may have occurred due to vulnerabilities in the supply chain or third party services. It is necessary for an organization to assess and secure all third party access points and make sure that contractors, service providers and other partners stick to the same cybersecurity standards.

This data breach shows that even multinational companies and agencies world wide are facing cyberattacks. To eradicate them stricter laws and punishments for the hacker should be implemented.

Links:

https://youtube.com/watch?v=mCX-Px7H4h4&si=PwoDQkk8dV7JfbGm

https://youtu.be/4zv56MUXgw8?si=wBIsf-0dt63mFwWd

Unfortunately, this is not the only incident, as numerous similar cases have occurred. One case that comes to mind is India's Aadhaar data breach, which was one of the largest data breaches in 2018. It reportedly leaked sensitive information, including names, bank details, and private biometric data, of nearly every registered Indian citizen.These incidents make us aware about cyber threats, highlighting the importance of ensuring national security, data protection, and, most crucially, public trust.

A women in Australia visited a cafe. After ordering what she needed she tried to pay through a QR stuck at the cafe. When she scanned the QR code, she was redirect to a fraudulent website that mimics exactly like the banks online portal. She entered all her credentials on the portal and unknowingly gave all her bank information to the hackers.

https://youtu.be/KEfeMPGj-Dw?si=CnN1iy0RP19i2bvQ

https://youtu.be/iX8GxLP1FHo

2FA is used to make account more secure by requiring one time password (OTP) which is sent through email or phone number. However hackers are able to bypass this security layer by infecting phone with malicious software that seize the OTP.

Also Cyber criminals manipulate victims by calling them and pretending to be from trusted service and trick them into revealing OTP sent to their phone.

The article stresses that while 2FA remains an important security measure it is not foolproof. Therefore users need to remain more cautious and adopt more advance security to stay protected.

Two-factor authentication or 2FA increases protection against phishing attacks by second verification step after entering a password. It basically checks twice . Even if a user becomes a victim to a phishing scam and states their password, the attacker is unable to get into the account without the second factor, such as a code sent to the user's mobile device or an authentication app. Usually confidential apps like banking and finance use OTP's which is nothing but a one time password. This additional layer makes it difficult for cybercriminals to explore the account or stolen passwords , as they would need access to both the password and the second factor to actually get entry into the app

1. Money: Hackers attacked the Bangladesh Bank in 2016 and stole $81 million by breaking into the bank’s system.

2. Politics: The group Anonymous has hacked government websites to protest issues like internet censorship or human rights abuses.

3. Revenge: In 2017, an ex-employee of the company Tesla hacked their system and leaked confidential data after being fired.

4. Business Competition: Chinese hackers reportedly broke into American companies to steal designs and business secrets to help Chinese businesses compete.

5. Curiosity: In the 1980s, a group of teenagers in Germany hacked into U.S. military systems just to see if they could do it.

6. Fame: In 1999, a Canadian teenager known as "Mafiaboy" hacked into major sites like Yahoo and eBay to show off his skills, gaining worldwide attention.

1. Phishing attacks- Hackers can trick users into entering their OTP's through fraudulent websites or emails that appear genuine. Once the user enters their OTP the hacker can capture it.

2. Malware: If a user's device is defected with malware it can capture the OTP or even the user's login credentials. These tools monitor everything that is typed or displayed on the screen including OTP.

3. SIM card swapping- Here the attackers convinces a mobile carrier to transfer the victims phone number to a new sim card. Allowing the hackers to intercept SMS based OTP and gain access to the account.

   One real life incident occurred in 2020 where a group of hackers known as "Twitter hackers" they breached the twitter account of high profile individuals like Barack Obama, Joe Biden and Elon Musk. Even though their accounts were having 2FA enabled the hackers used SIM swapping to take control of the phone numbers. Allowing them to receive 2FA codes sent through SMS and access the accounts.

1.Vulnerability Assessment: Ethical hackers conduct penetration testing to uncover weaknesses in systems, helping businesses bolster their defenses

2.Employee Training: They raise awareness through simulated attacks, educating staff on security best practices and potential threatse

3.Regulatory Compliance: Ethical hacking aids in meeting data protection regulations, reducing the risk of penalties for non-compliance

4.Cost Savings: By preventing data breaches, small businesses can avoid substantial financial losses associated with cyberattacks

"Red teaming" is a cybersecurity approach where companies hire ethical hackers, known as the "red team," to simulate real-world cyberattacks on their systems. This lets the company’s own security team, or "blue team," test their defenses against realistic threats. These exercises often reveal hidden vulnerabilities in areas like IoT devices or internal email systems, which regular security checks might miss. Through red teaming, companies develop stronger, more layered defenses and get a clearer understanding of how attackers might target their systems. This proactive strategy is widely used in industries where data protection is critical, such as finance, healthcare, and government, as it allows organizations to stay ahead of potential attacks.

Sharing a trailer for the documentary film “The Social Dilemma," which highlights concerns that intersect with hacking, emphasising the need for responsible tech development, digital literacy, and cybersecurity awareness.

As cyberattacks are increasing rapidly worldwide and there is a need of cybersecurity awareness, the Indian government has initiated a free cybersecurity awareness program 'NIELIT UP' where students from 8th std, colleges and universities can join various courses from their official online portal.

I am sharing a link of their 5-day free course program for students to aware them about the risk of illegal activities they can face and how to deal with it. https://nielitup.in/upload_docs/Booklet/Booklet_05Days_Cyber%20Security%20Awareness%20Programme_082022.pdf

Similarly, the US government also has CISA Cybersecurity Awareness Program. https://www.cisa.gov/resources-tools/programs/cisa-cybersecurity-awareness-program

1. Use strong, unique passwords for each account

A simple password like "12345" is easy to guess. Instead, use something like "F7g!@9hL2*7Q" to make it much harder for hackers.

2. Enable two-factor authentication (2FA) on important accounts

2FA adds an extra step to logging in, like needing a key (your phone) after entering your password. Even if someone gets your password, they can’t access your account without the second key.

3. Keep software and devices updated

When you don’t update your apps or software, they can have security gaps. In 2017, the WannaCry attack happened because people didn’t update Windows, leaving them open to hacking.

4. Avoid public Wi-Fi for sensitive transactions or use a VPN

Public Wi-Fi can be risky, like talking in a crowded place where anyone can listen. A VPN keeps your connection safe by creating a private tunnel for your data.

5. Be careful with unknown links and attachments

Don’t open links or attachments in emails you didn’t expect. For example, a fake bank email can trick you into downloading malware that steals your information.

6. Install and update antivirus software

Antivirus software acts like a guard that watches for threats. Programs like Norton or McAfee help keep your device safe from viruses and malware.

7. Secure your home Wi-Fi with a strong password and encryption

If your Wi-Fi password is easy (like "admin123"), anyone can connect. A strong password and encryption make it harder for strangers to get on your network.

8. Back up important data

If you don’t back up your files, you could lose everything if your computer crashes or gets attacked. Backing up to an external drive or the cloud keeps your data safe.

9. Limit personal info on social media

Sharing too much personal information, like your birthday or address, makes it easier for hackers to steal your identity. Keep some details private.

10. Stay informed about cybersecurity

Knowing how to spot scams, like fake emails pretending to be from Amazon, helps you avoid falling for tricks

that could steal your personal info.

Hacking has a variety of social, economic, and national effects on each individual. I believe that everyone should take precautions against hacking, such as avoiding clicking on dubious links or odd advertisements, upgrading software often, utilizing a VPN, and—above all—raising awareness and educating others about cyberthreats.

1.Update all passwords, especially for compromised accounts, using strong, unique ones.

2. Set up 2FA for key accounts to improve security.

3. Perform antivirus and anti-malware scans on all devices.

4. Review bank and credit card statements for any unauthorized transactions.

5. Notify friends and family who may be affected by the hack.

6. Report the breach to the affected platform and authorities if needed.

7.Consider freezing your credit to prevent identity theft.

8. Be cautious of suspicious emails or messages asking for personal info.

9.Reach out to cybersecurity centers for guidance on securing your data.

1. Doing regular audits of the systems which include hardware, software and networks to spot any weakness or issues and to ensure it's reliability.

2. Keeping all the systems and softwares up to date as attackers often exploit outdated software as seen in the Bangladesh bank heist case.

3. Adding Multi-factor Authentication (MFA) for stronger security where users have to provide more than one form of identification like a password plus a fingerprint or face recognition.

4. Use of tokenization Or 3D secure protocol for strong and secure payment transfers.

5. Training and raising awareness among the employees on attacks like phishing, social engineering and cyber threats. Also conducting mock phishing attacks to test and train also to teach how to handle doubtful emails.

6. Using end to end encryption for sensitive internal and external communications, VPN's (Virtual Private Networks) should be implemented for for employees working remotely.

7. Giving access of sensitive information to all the employees can be harmful. Employees should be given access to the information only needed to execute their tasks.

8. Cybersecurity followed by the financial institutions should also be practiced by the third party vendors associated to them.

Cybersecurity is a continuos process so it is important to adopt these measures to remain observant.

Also we can share the same information with our friends and family so that others don't get their information leaked.

A hacked device often shows signs like slow performance or frequent overheating, rapid battery drain, and unexplained spikes in data usage. One might notice unauthorized changes such as apps being installed or settings altered without your permission. Excessive pop-ups or ads can also indicate malware. Suspicious messages, such as emails or texts sent without your knowledge, are another warning sign. Pay attention to security alerts from your accounts or antivirus software, as well as unknown processes or apps running in the background. Identifying these signs early can help you take quick action to secure your device.

Cyber bullying or hacking is a crime and is illegal too.

• Section 43 of the Information Technology Act, 2000 (IT Act): Under Section 43 of Chapter IX of the Act, whoever, without the permission of the person in charge of the computer system, accesses, downloads any data, introduces a computer virus, or causes denial of access will be liable to a penalty up to Rs 1 crore.

• Section 65 of the IT Act: Under Section 65, whoever tampers with computer source documents knowingly or intentionally conceals, destroys, alters, or causes another to hide, destroy, or change any computer source code will be punishable with imprisonment up to three years or with a fine that may extend up Rs 2 lakh or with both.  Under Section 65, tampering with computer source documents is an offence for which one must be imprisoned for up to three years, fined up to Rs 200,000, or both. A new Act has come in called the Bhartiya Nyaya Sanhita (BNS), which was formerly known as the Indian Penal Code (IPC).

(Taken from- https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/india)

1. Human error: Humans tend to fall for phishing emails or clicking on harmful links also keeping weak passwords these mistakes make cybercriminals successfull in hacking our systems.

2. Insider threats: Some hacks emerge from within an organization, employees may misuse their privilege of accessing information. Preventing this can be difficult as these individuals already have access to the systems.

3. Constantly evolving threats: Hackers constantly find new methods to exploit vulnerabilities. Continuous growth of technology evolves tactics of cybercriminals too.

4. Complexity of systems: The larger the digital systems the more opportunities exist for vulnerabilities. No system is 100% secure from small websites to major multinational companies security gaps can exist anywhere.

Ultimately, the goal isn't to prevent hacking completely, but to reduce the likelihood of successful attacks and to minimize the damage when they do occur.

Some preventive measures:

https://www.wired.com/story/how-to-prevent-getting-hacked/

From my point of view, I've learned how complex modern technology can be. After exploring these moral and legal concerns, I realized how important it is for everyone to take caution, make informed choices, and work together to enhance the internet for all.

Unhealthy Hacking is a crime and it should not be practiced.

Along with that, spreading right awareness verbally and through demonstrations can awaken people of the crimes happening in country due to a small term ‘hacking’.

Thank you!