Shahnawaz Backer: Here’s How Hackers Work in Breaking Cybersecurity Systems

The School of Electrical and Informatics Engineering (STEI) hosted a limited webinar with Shahnawaz Backer, the Principal Security Advisor of F5 Labs. F5 Labs—also known as F5 Inc.—is a company specializing in application delivery networks (ADN) and application security. Some of F5’s subsidiaries are BIG-IP, NGINX, and Shape Security, which are quite popular with cybersecurity activists.

“The rapid development of technology has made us realize that cybersecurity is not something we can just ignore. As daily gadget users, we often log in (login) on certain platforms. Features such as CAPTCHA and one-time password (OTP) authentication are some of the platform’s security system efforts to protect user data. However, we are not completely safe from hackers,” said Shahnawaz Backer in the STEI webinar, as reported on the ITB official website, Monday (7/6/2021).

According to Backer, the CAPTCHA feature is no longer effective because there are other programs that can “defeat” the CAPTCHA automatically. This program implements machine learning and artificial intelligence in its algorithms. Even so, Backer doesn’t rule out the possibility that this feature could be effective if someone made the algorithm harder for hackers to beat.

On the other hand, the OTP feature is more difficult for hackers to penetrate. However, Backer said that under certain circumstances and with certain strategies, OTP features can also be conquered. If you pay attention, some applications often ask for OTP when we login on to a new device. OTP is usually only requested once in this case. This is different from security systems with other patterns, such as security systems that require us to enter an OTP every time we perform a certain command.

Backer explained, to beat a system like this, hackers can ostensibly make the device a target device. In other words, the hacker simulates (emulates) the victim’s device on his device. This is done by the hacker after the target receives the malware from the hacker. “Malware will retrieve data such as user activity data and other necessary data. This data will be uploaded to the cloud so that hackers can download the information taken by the malware,” he explained.

Furthermore, Backer also explained that this leaked user data could be misused by hackers, for example selling data on the marketplace. Hackers can also misuse user data for personal gain.

Even so, hacking is not an easy thing because the security system is made with multiple layers of protection. Apart from those already mentioned, security systems usually apply one-way hashing algorithms to passwords so the only way to crack them is to reverse engineer them.

At the end of the webinar, Backer shares strategies points to note, and tools that system security engineers can use to improve the protection of user data. As a user, some preventive measures that can be taken are to create a password with many unique characters and change the password periodically.

(mpw via sindonews)