How A Student Hacked Teachers WhatsApp

How A Student Hacked into Teachers WHATSAPP Account?

A teacher from Kerala noticed that her WhatsApp account was logged out soon after an online class. Knowing this, she lodged a complaint with cyberpolice. Police cracked the case and found out that the culprit was her student, studying in high school, who logged into the teacher’s account.

The technique used by the student was simple. The teacher was using a screen-share app in her phone during the class. So the students were able to see the screen and also the pop-up notification alerts coming into the phone. The ‘culprit’ student then tried to login WhatsApp with teacher’s number in his phone. And the OTP for verification came as pop-up alert in the teacher’s phone which was visible for all the students. Thus the student easily logged in to the account. The teacher did not have two-step verification on the phone and did not have a password.

The account in teacher’s phone got logged out as WhatsApp does not allow simultaneous use on two different devices. After the police cracked the case and found out the culprit is the student, the teacher withdrew the complaint.

PRECAUTIONS to avoid hacking

With some simple steps, one can avoid getting hacked during screen-sharing. Disable the notification alerts when sharing the screen with others.

Also enable two-step verification for WhatsApp login, so that an additional password is required to login to WhatsApp through other devices.

Soon after screen-sharing, make sure that OTPs or verification messages were not received during the time.

Adv (Dr.) Prashant Mali

Cyber & Privacy Lawyer & Author

Why Cybercrime is increased ? Due to Low Cost I feel

 

Why Cybercrime is increased ? Due to Low Cost I feel

You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

Phishing has become more popular than ever. Bhagwat Karad, the minister of state for finance reported to Indian parliament, that more than 50,000 (50,242) cases of cyber frauds, banking frauds using internet banking, ATM-Debit and Credit Cards were registered in the first nine months of the current fiscal year, citing RBI data (April-December 2021 period). During the nine-month period, the victims of these frauds lost a total of nearly Rs 167 crore.

According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG). The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are cheap and easy available.

What is a Phishing Kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit was $304, with the prices ranging between $20 and $880. 

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums. 

What is the Cost of a Ransomware Attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

Alert

Before you think to become cyber criminal, be aware that the cyberlaw is also catching up. There’s even some evidence that the police can now track and recover funds paid for in cryptocurrency. many cryptocurrency cases in India were detected and cyber expert fraudsters were arrested including ex police officers.Also remember, WHILE CYBERCRIME is largely measured in financial terms it is the psychological trauma that hurts victims the most when they are blamed by their family members or society in general for falling victim to the attack/scam.

The criminal use of cryptocurrency

The criminal use of cryptocurrencies

Cryptocurrencies have been adopted as part of money laundering schemes and are particularly associated with several predicate offences including fraud and drug trafficking. They are also widely used as a means of payment for illegal goods and services offered online and offline.

Money laundering is the main criminal activity associated with the illicit use of cryptocurrencies. The growing popularity and adoption of cryptocurrencies have led to their increasing use in money laundering schemes. Other criminal activities that show an intensive use of cryptocurrencies are related to the use of cryptocurrencies as a payment method for illicit goods and services, fraudulent cryptocurrency investments and cybercrime. In all instances, criminals want to obfuscate the source of the illicit assets with cryptocurrencies. A number of indicators show how criminals involved in frauds strongly rely on the use of cryptocurrencies.

Cryptocurrencies are also the means of payment of choice for criminal commodities and services, such as drugs or child sexual abuse material (CSAM) purchased online. This applies in particular to listings on dark web marketplaces where they are the main means of payment. Different types of malware target cryptocurrencies for theft as well as for the mining of coins in the network of unaware victims. Extortion schemes carried on by cybercriminals make extensive use of cryptocurrencies. Digital services and infrastructure abused for criminal purposes like servers, virtual private networks (VPNs) and hosting services are mostly purchased in cryptocurrency.

Money laundering

Virtually all kinds of criminal profits are laundered using cryptocurrencies. These activities range from the laundering of proceeds already in digital form, such as the payment of ransoms or criminal infrastructures, to a transformation of huge amounts of cash into virtual assets. Examples of cryptocurrency usage in money laundering schemes include the purchase of cryptocurrencies by criminal networks using illicit proceeds and the use of cryptocurrencies to transfer funds.

The use of cryptocurrencies in money laundering schemes has been increasing, and many criminal networks relied on cryptocurrencies as a payment medium during the COVID-19 pandemic.

Money laundering networks specialised in large-scale money laundering

as a service have adopted cryptocurrencies and are offering their services

to other criminal actors. These networks can already rely on established infrastructure such as numerous bank accounts as well as in-depth knowledge of the banking system and use of FinTech.

Money laundering networks provide their services to other criminal networks, which may include the acquisition or trade of cryptocurrencies, the legalisation of criminal assets and the final cash out in the accounts of criminals. Professional money laundering networks are a significant threat and enable other criminal networks to operate. Marketplaces on the dark web advertise money laundering cryptocurrency service providers. They also offer information on how criminals can cash out cryptocurrencies, such as by exchanging Bitcoin for gift vouchers or prepaid debit cards.

Predicate offences

The use of cryptocurrency in money laundering involves the profits of both online and offline criminal activities. They are in fact frequently reported in the context of drug trafficking, fraud and cybercrime.

Cybercrime proceeds

primarily concern funds coming from online frauds, ransomware and dark web marketplaces. The highest volume of illicit transactions is associated with these criminal activities.

Fraud

Fraud is the most frequently identified predicate offence for the illegal use of cryptocurrencies, accounting for more than half of identified criminal transactions.Criminals involved in fraud either make use of professional (crypto) money laundering services or set up their own money laundering schemes.

Criminals involved in investment fraud are particularly adept at using cryptocurrencies to channel illicit proceeds. Cryptocurrency investment fraud schemes have been identified in several EU Member States.

Fraudsters create websites devoted to cryptocurrency investments or advertise lucrative investments and encourage investors to create accounts on online trading platforms. Alternatively, operators from established call- centres offer opportunities requiring small initial investments that end in high profits. The victims have the impression to be able to monitor their investments thanks to internet platforms. However, the whole process is a deception. Brokers try to obtain information about the victims using social engineering techniques, while gaining their trust with simulated trading activities.

On some occasions, fraudsters collect capital to initiate a new profitable cryptocurrency which does not really exist. Pyramid schemes are a frequently used method of attracting investors with promises of high returns. The increase in value promised to investors is just an illusion, and any disbursements to investors are merely funds transferred from investors further down the pyramid. Members are encouraged to bring others into the fold in exchange for a commission.

Drug trafficking

Cryptocurrencies are increasingly used to launder the proceeds of drug trafficking. In recent years, EU law enforcement authorities carried out several investigations into the laundering of drug trafficking proceeds using cryptocurrencies. These large-scale laundering activities normally involve specialised criminal networks that provide professional crypto money laundering services.

Cybercriminals

Cybercriminals make extensive use of cryptocurrencies that consequently have to be laundered, invested or cashed out. Proceeds from cybercrime activities normally do not require a conversion as they are often already in cryptocurrencies. Cybercriminals extensively use obfuscation techniques and services to hinder transactions traceability.

Conclusion 

As I write there seems to be no solution like one tablets suits all. Cryptocurrency as currency for crime is a neat equation and this would remain till cryptocurrencies exist in the world. Do though costly solutions exist to track cryptocurrency used for any type of crime but is not feasible for all police forces across the world . Government now need policies and regulations if crypto is to be governed for at lease law and order purposes .