Scrum Alliance Price Increase_Dec 2024-mobile

HomeBlogSecurityEthical Hacking Case Study: Times When Hackers Avoided Setbacks

Ethical Hacking Case Study: Times When Hackers Avoided Setbacks

Published
17th Jan, 2024
Views
view count loader
Read it in
10 Mins
In this article
    Ethical Hacking Case Study: Times When Hackers Avoided Setbacks

    Over the years, there has been a huge rise in cybercrime attacks due to the general public's lack of knowledge about hacking and internet-related crimes. Unfortunately, this goes for both common people as well as big companies. People generally think that having an antivirus that offers cyber security is enough for them to stay safe on the internet. The same goes for big corporations that do not use high-quality protection for their data. This is where ethical hackers come into play with some really impressive ethical hacking cases where they saved the day.

    Ethical Hacking - An Overview

    Bypassing or breaking through the security mechanisms of a system to search for vulnerabilities, data breaches, and other possible threats is an example of ethical hacking. It has to be done ethically to comply with the laws and regulations relevant to the area or the company. Because an individual must go through several procedures to get into a system and record it, this form of infiltration is referred to as "penetration testing" in the industry jargon. This is because an individual must record the system after entering it. 

    You must be wondering what ethical hackers are? They are people who possess the same knowledge as hackers but use this knowledge to boost internet protection protocols and software. You, too, can learn how to be an ethical hacker using a CEH certification training course. They are the ones who protect us from actual hackers. There are multiple categories of ethical hackers, such as: 

    1. Black hat hackers: They use their knowledge for malicious intent, blackmail, etc. 
    2. White hat hackers: They possess the same knowledge as the black hat hackers but use their knowledge to help companies increase their defenses against the black hat hackers.

    How Do White Hat Hackers Work?

    With the growing rise in hackers on the internet, companies have begun using ethical hackers to scope out the flaws and vulnerabilities in their software and protection programs. But, how do these ethical hacking cases work? These people use the same techniques as Black hat hackers to penetrate a company's defenses. By doing so, they can understand the safety flaws. This gives them the inside edge to patch the flaws to ensure that hackers cannot get through the protection.

    There have been multiple instances where ethical hackers have been able to spot cracks in a company's security and save them from having huge security leaks due to hackers, which would result in huge losses. The following ethical hacking case study is six instances where ethical hackers were able to save a company from dealing with data leaks and suffering huge financial losses.

    Case Studies of Ethical Hacking

    1. A crack in WordPress leaked user information

    Back in 2019, a new plugin was released for WordPress called Social Network Tabs. As you know, most people use WordPress to make their websites. This plugin got very popular, but none knew about the vulnerability. It basically helped users share their website content on social media.

    Baptiste Robert was a French security researcher who was known online by his user handle, Elliot Alderson. He was the one who found the crack in the plugin, which was given the ID CVE-2018-20555 by MITRE. You can find this case and similar ones in a case study on ethical hacking PDF online.

    You must be wondering what exactly did this flaw in the plugin do? The flaw in the plugin compromised the user's Twitter account. Since the plugin is connected to the user's social media account, the vulnerability leaked the user's social media details. Robert was the first to spot this leak and was fast to notify Twitter about it, which helped secure the user's accounts that got affected by it.

    2. Oracle's vulnerability in their WebLogic servers

    In 2019, Oracle released a security update without any prior notice. This took fans by surprise until they learned why this happened. The security patch was a very critical update that fixed a code vulnerability in the WebLogic Server.

    The flaw was brought to light by a security firm known as KnownSec404. The vulnerability was labeled as CVE-2019-2729 which received a level of 9.8/10, which is pretty high. The vulnerability left it open to be attacked by hackers targeting two applications that the server left open to the internet.

    3. Visa card vulnerability that allowed for a bypass in payment limits

    This was one of the most famous ethical hacking cases brought to light on the internet. It took place on July 29th, 2019. Two security researchers from a company called Positive Technologies spotted a security weakness in Visa contactless cards that allowed hackers to bypass the payment limits. This flaw in their security would cost the company a huge loss. This one case boosted the interest in ethical hacking. As a result, multiple students began taking cyber security course certificates online to learn more.

    Tim Yunusov, the Head of Banking security, and Leigh-Anne Galloway, the Cyber Security Resilience Lead, were the ones who discovered this. This was made public after five major UK banks were targeted. The contactless verification had a limit of £30 on Visa cards, but due to this weakness, hackers could bypass this limit.

    4. Vulnerabilities allow for ransomware in Canon DSLR

    In 2019, the DefCon27 was held, which was attended by Eyal Itkin. He was a vulnerability researcher at Check Point Software Technologies. He revealed that the Canon EOS 80D DSLR had a vulnerability that the PTP, which was the Picture Transfer Protocol, had an issue whereby ransomware could be transferred into the DSLR using the WiFi connection.

    He went on to highlight that there were six vulnerabilities in the PTP that made it an easy target for hackers. They could easily get into the DSLR using this crack in the firmware. The objective of the hackers was simple. Infiltrate the DSLR and infect it with ransomware that would render the pictures useless to the user. The user would have to pay a ransom to get the pictures back to the hacker.

    The team working with Eyal informed Canon about the security breach vulnerability. A few months later, Canon released a notice saying that the vulnerability was never exploited by hackers, which means that it was never discovered. However, they also announced that users should take safety precautions to keep themselves safe.

    5. Zoom on the Mac could be hacked and expose the camera

    On July 9th, 2019, Jonathan Leitschuh exposed a very critical vulnerability in Appel's Macs. This flaw in the security framework allowed hackers to take control of the user's front camera. As a result, many websites could force a user into a Zoom call without their knowledge or permission. This was something that invaded privacy, and millions of people who would conduct meetings or even use Zoom, in general, were at risk. This is an important ethical hacking case as it was broken on social media to make people aware. The very same day, Apple sent out a fix that was a simple patch that users could download and install to fix the issue. Zoom, too, didn't waste any time by issuing a quick-fix patch to stop the issue. 

    6. A backdoor could allow hackers to execute root commands on servers

    DefCon27 was where many ethical hacking cases came to light. Another one was the case of Özkan Mustafa Akkuş, who was a Turkish security researcher. They exposed a vulnerability in Webmin, a web-based system configuration in Unix-like systems.

    The vulnerability was labeled CVE-2019-15107; it was a backdoor entry that allowed hackers to execute commands with root privileges. This left users exposed to hackers that could take control of their systems or hold it for ransom.

    This is an important ethical hacking case study as Jamie Cameron, who is the author of Webmin, claimed that the backdoor was set by an employee. This was something that wasn't known to the company. They announced a new patch update to the new software version, which would be released to all the users.

    A very important case study to know about that was featured in the case study of ethical hacking PDF was that of Zomato in India.

    7. What happened to Zomato?

    In 2017 a hacker broke into the security of Zomato, one of the biggest online restaurant guides and food ordering apps. The hacker was after five things. 

    1. Names 
    2. Emails 
    3. Numeric user IDs 
    4. User names 
    5. Passwords 

    The amount of data lost was in the millions as 17 million users were targets. The hacker was able to put up this information on the darknet for anyone to buy before starting talks with the company. This was one of the most shocking ethical hacking cases in India. This also led people to question the cyber security of the country.

    Once this case was exposed to the public, Zomato issued a few blogs where they spoke about the real person behind this breach. It was said that the work was done by an ethical hacker who wanted to bring the issue of national cyber security to light. It worked as the whole country began talking about cyber security. 

    8. The bug bounty program

    This was a reward program started to get talented individuals to use their hacking skills to expose the weaknesses in the company's security programs. Today, multiple companies use this program to find the issues in their security. Companies like Google, Microsoft, and Facebook have invested millions in this program to find the flaws in their system and make them stronger against cyber-attacks.

    The individual can get cash awards or even recognize if they can point out and fix the issue. This has brought to light multiple numbers of issues as well as many talented, ethical hacker cases that we have ever seen. 

    Many people are now interested in taking up ethical hacking as their career. You can get the KnowledgeHut’s CEH certification training to learn more about ethical hacking.

    Conclusion

    In conclusion, ethical hackers are essential to the cyber security field. They are the ones who can figure out the flaws in any system and the ones who can also provide quick fixes. They are important to know how to keep your data safe in these troubled times. If you wish to know more about ethical hacking, you can get the case study on ethical hacking PDF, which you can find online. These case studies are important as they highlight the weakness in online security firmware. These need to be fixed as they could mean a potential data leak which could result in a huge financial and reputation loss for the companies that suffer it. Employing White Hat hackers is one way of fighting against it.

    Frequently Asked Questions (FAQs)

    1What are the apt examples of ethical hacking?

    An example of ethical hacking done by White Hat hackers is simulating an attack on a system to see if there are any flaws in the system. They can also use the information found online about the company to find a way to infiltrate the company's security.

    2What is the role of an ethical hacker?

    The role of an ethical hacker is simple. They possess the same knowledge as Black Hat hackers. But, the only difference is that they use their knowledge to spot the flaws in security systems so that they can fix them. They just want to make the security impenetrable to any attacks.

    3What are the five steps of hacking ethically?

    The five steps are: 

    • Reconnaissance: This step is about understanding the network and security features. 
    • Scanning: This is where they scan for the flaws in the system to see if there could be any entry.
    • Gain Access: This is where they gain access to the system by any means necessary. 
    • Maintain Access: This is where they keep their presence inside the security software or firmware without alarming anyone or losing access to the system.
    • Cover Tracks: This is where they cover up any tracks they left while getting inside or leaving the system.
    Profile

    Vitesh Sharma

    Blog Author

    Vitesh Sharma, a distinguished Cyber Security expert with a wealth of experience exceeding 6 years in the Telecom & Networking Industry. Armed with a CCIE and CISA certification, Vitesh possesses expertise in MPLS, Wi-Fi Planning & Designing, High Availability, QoS, IPv6, and IP KPIs. With a robust background in evaluating and optimizing MPLS security for telecom giants, Vitesh has been instrumental in driving large service provider engagements, emphasizing planning, designing, assessment, and optimization. His experience spans prestigious organizations like Barclays, Protiviti, EY, PwC India, Tata Consultancy Services, and more. With a unique blend of technical prowess and management acumen, Vitesh remains at the forefront of ensuring secure and efficient networking solutions, solidifying his position as a notable figure in the cybersecurity landscape.

    Share This Article
    Ready to Master the Skills that Drive Your Career?

    Avail your free 1:1 mentorship session.

    Select
    Your Message (Optional)

    Upcoming Cyber Security Batches & Dates

    NameDateFeeKnow more
    Course advisor icon
    Course Advisor
    Whatsapp/Chat icon