By: Eilip karki

CU ID: 11780548 To: Shiva Maharjan

Executive summary

In this project, we will learn about

i) recent cyber-attacks and answer questions like
 how it happened?
 when it happened?
 Where it happened?
 Why?
ii) Passive reconnaissance; how to do it and where to use it.
iii) Active reconnaissance; how to do it and where to use it.
Table of Contents
The Tiffa incident............................................................................................................................5
What is hentai?............................................................................................................................6
What happened?...........................................................................................................................7
What was the hacker’s motive?...................................................................................................7
How did the hacker hack the system?..........................................................................................8
Comparing this case with CIA model and future risk.................................................................9
Damage and potential risk...........................................................................................................9
Conclusion.................................................................................................................................10
Passive reconnaissance of ace higher secondary school................................................................11
Introduction................................................................................................................................11
Procedure...................................................................................................................................11
Conclusion.................................................................................................................................17
Active reconnaissance of provided vulnerable system..................................................................18
Steps...........................................................................................................................................18
Step 1: network scanning.......................................................................................................21
Step2 vulnerability scan.........................................................................................................23
Conclusion.................................................................................................................................29
References......................................................................................................................................30
Table of Figures
Figure 1: Picture of the incident......................................................................................................................................6
Figure 2: Proof of data leak on Facebook.......................................................................................................................8
Figure 3: Fb page of Ace high school............................................................................................................................11
Figure 4: Key info found on fb.......................................................................................................................................12
Figure 5: Google searching the company.....................................................................................................................13
Figure 6: Ace high schools official site..........................................................................................................................14
Figure 7: Page that list the members staff's name.......................................................................................................15
Figure 8: Fb page of coordinator..................................................................................................................................16
Figure 9: LinkedIn page of principle..............................................................................................................................17
Figure 10: Vunhub site on MMMLAGOS: 1.1...............................................................................................................18
Figure 12: Showing new virtual OS...............................................................................................................................19
Figure 13: Network settings..........................................................................................................................................20
Figure 14: Commands ifconfig and nmap -sn...............................................................................................................21
Figure 15: Commands nmap -sV -A -O.........................................................................................................................22
Figure 16: Starting and checking Nessus......................................................................................................................23
Figure 17: Inserting Ip...................................................................................................................................................24
Figure 18: Nessus GUI...................................................................................................................................................25
Figure 19: Checking vulnerabilities...............................................................................................................................26
Figure 20: Vulnerability of Nessus scan 1.....................................................................................................................27
Figure 21: Vulnerability of Nessus scan 2.....................................................................................................................28
Figure 22: Vulnerability of pinging remote host...........................................................................................................29
The Tiffa incident

Due to global pandemic and quarantine, every field of work was temporarily closed with an
uncertain future. During that time, emergency departments such as hospitals and civil offices
were somehow opened. However, the educational department and private business were closed
and remained so for a long time. Therefore, video conference apps like messenger, teams and
zoom started to become popular and looked like a valid solution to many problems. These apps
helped us meetings and classes online though there were some flaws it was a smart replacement
at that time. However, the main problem of using these apps came after a while as people started
to hack the meeting and do dumb pranks. Although it was annoying, all it did was disturb the
meeting and it could be easily solved by kicking the hacker out of the meeting. As such it was
not such a big deal but something happened on January 30 2022 in Italy. A senate meeting was
held there on the topic of “A Transparent Civil Service” and all the important figures like Nobel
Prize for physics winner Giorgio Parise and other powerful figures were present in that meeting
which was hosted by zoom. Unfortunately for them the meeting got zoomed bombed (hacked
and showed a video in zoom meeting.) by a 30 second of hentai parody of “final fantasy VII”
and thus became an unforgettable news and meme dubbed as “The Tiffa Incident”. This was a
huge disaster and a shame for the whole Italian nation and will probably haunt them for a long
time. This incident also demonstrated how weak the whole nation was against cyber-attack and
why it needs to beef up in the cybersecurity field. To know how severe humiliation the Italian
government faced, we must first know about hentai. ("Final Fantasy Rule 34 vid smut shocks Italy,
surprising artist", 2022)
Figure 1: Picture of the incident

What is hentai?
Hentai is a Japanese word that can be translated as a pervert but its true meaning is that of an
animated or illustrated porn. Generally, hentai has a large genre but among them, parody is
widely famous. Be it the parody of an anime, movie, game or any famous thing in the internet,
there will be a hentai of it and this bizarre incident has also been named as “The rule 34 of the
internet”. (McLelland, M., & Network, A. ,2011).

As such final fantasy a pg. 13 game also became a victim of such degeneracy and one of the
many particular parodies (3d animated) featuring a female character Tiffa Lockhart was shown
in the meeting and footage of that meeting was shown to a live audience on both national tv and
social media like Facebook.
What happened?
The hacker literally streamed a Tiffa’s hentai for solid 30 seconds and shouted something about
“sex offender”. Due to this certain unexpected situation people in charge of the call got confused
and forgot to act quickly. It is said someone shouted at them to stop it and then only did they
recover and kicked the anonymous hacker out of chat. However, he managed to return to the
meeting and again managed to play another 3d hentai of a Genshin impact character. And after
that he was permanently removed from the meeting. However, damage was done and in addition
to Facebook, the FFVII porn was also apparently broadcast live via Senato TV. Due to that it
caused everlasting shame on the Italian senate as the whole meeting will now and forever be on
the internet and they can’t do anything about it.("Final Fantasy VII Porn Interrupts Government
Meeting", 2022)

What was the hacker’s motive?

Although the hacker hasn’t been found and his real motive is still unclear. But according to the
police, the attack was performed by another nation and the reason for the attack was to shame the
Italian nation, disturb the meeting and to humiliate the government official. ("Italian senate
meeting interrupted by Final Fantasy pornography", 2022)

     However, according to tweeter and rumours, it’s not true and the true hacker was
probably an Italian citizen. The reason was to prank and to make fun of all the boomers attending
the meeting and also to spread awareness of how the whole senate was ignorant of modern
technology. This incident also showed how ignoring something as crucial as cybersecurity will
lead to disastrous outcomes.  

How did the hacker hack the system?

The police are still searching for the clues on how the hacker hack the meeting but many people
have pointed out that the event attendee stupidly publish the link and password for the meeting
on her Facebook as shown in the figure bellow.
(2022)

Figure 2: Proof of data leak on Facebook

As such, the reason for the hack is probably due to the Facebook post and if so then it is a classic
case of data leak and hacker using passive reconnaissance. As such, the hacker has left very
small traces of himself and it’ll probably be hard to catch him.

Comparing this case with CIA model and future risk

CIA is a model that checks basic balance between confidentiality, integrity and availability of a
system. A CIA mode shows how the three parts are interrelated, especially between
confidentiality and availability. As when something is more easily available (easy to use and
free), it is harder and harder to keep it confidential because the developer of the app has to make
money by either fees or by selling data. And also, between availability and integrity too. If an
app is super secure, non-professionals and clumsy people will have a hard time using it so that
certain app will be less popular than a simple app with much less security. As such, by
comparing CIA in zoom, it is quite balanced as there is a lot less chance of data getting misused,
has proper security, and it is very easy to use.

However, the flaw in the CIA came in the form of integrity and confidentiality. As the person
leaked the whole room id and password for the entire public to see and when asked, she said that
did it to make it more available and easier for others to join the meeting. However, due to this
carelessness and lack of awareness of such high-status members, the whole meeting was
sabotaged and this incident occurred. In this case she chose availability moreover integrity and
confidentiality due to which disaster occurred.

Damage and potential risk

The damage suffered by the Italian government was severe. Although there was no physical
danger nor any financial damage however, the psychological damage was great as everyone
watching that live stream had to view that indecent act. Besides that, the once proud nation of
Italy was humiliated in front of everyone and they couldn’t even hide the same because it was
broadcasted throughout the internet.

The further potential risk of being ignorant in modern technology could be even horrendous as
there are more evil people on the internet and the thing that they will do to entertain themselves
can be worse than this. Beside this attack such as phishing, password cracking and online fraud
are also all related to being ignorant about modern tech and carelessness.

Conclusion
In the end, even if there isn't any definite proof suggested by the police, it is clear that hackers
broke into the system due to data leak caused by ignorance and carelessness of members. This
can basically fall into human error and excuses such as she did it because she’s not good at
technology is basically inexcusable because as member of higher level of government, it is their
duty to not make such stupid and amateurish mistake like posting an entire classified info on
Facebook. As such to prevent such a shameful event from ever happening in future, they should;

 Properly educate higher-level employees on the topic of “importance of cybersecurity”,

so they won’t make such rookie mistakes. As we know the world of smart devices is
expanding more and more and due to this more security risk and vulnerabilities in the
human side can be found. To prevent such a situation a minimum amount of knowledge
of cybersecurity is very important.
 Social media of members receiving confidential data must be monitored so even if they
make this sort of mistake, it can be prevented before any kind of disaster occurs. Not
only that but some politically powerful people might spurt some wrong message and
news in the social media and may cause chaos all over the country. Thus, their messages
need to be checked and filtered before being posted.
 Not to use experimental technological methods in national level events thus, it will have
less vulnerabilities in both computing and human resource level. As we learned from this
event, a lot of people are still ignorant of using this sort of device and may make naive
mistakes. Thus, before implementing in higher levels, such devices must be properly
tested and understood in lower levels of offices and must have been properly balanced in
the CIA model and then it should be implemented.

Passive reconnaissance of ace higher secondary school.

Introduction
The art of passive reconnaissance is a way to gather or collect information without letting the
victim know about our motive. In simple words, it is basically an art of stalking someone without
leaving any clue that could link back to you.

Procedure
In this assignment, I’ve decided to passively collect information on ace higher secondary school.
To do this, what I have basically done is to first search the school on Facebook because there
will be more details on a private business on Facebook. ("Masuk Facebook | Facebook", 2022)

Figure 3: Fb page of Ace high school

On Facebook, I clicked on the “about” button which is located on the navigation bar. In about
page, I found information with a lot of potential that may help me infiltrate the organization like;

 It’s location, which is in New Baneshwor, Kathmandu with the map to locate its exact
location,
  Its opening and closing time i.e., from 7:00 am to 9:00pm
 phone number which is 01-4499817
 Its official email i.e., ace@ace.edu.np and finally,
 The potential students.

Figure 4: Key info found on fb

With this information, we will know when and where our target is and can find a potential way
of communication via phone number and email and finally, I’ve got people who are students so I
could ask for information about the college indirectly. However, there is still some key
information missing like the names of members who are in charge of different departments in the
organization. So, when I want to infiltrate it, I can make excuses like I have an appointment with
a certain staff member of that organization. To do that I first googled Ace school then managed
find their official website.

Figure 5: Google searching the company

Then I chose the official page and clicked on the “about AHS” navigation button. Where the list
of positions of members of the whole organization was displayed. ("About Us – Ace Higher
Secondary School", 2022)
Figure 6: Ace high schools official site
So, I noted important names like the names of the chairman, principal, Assistant Manager,
coordinators name and searched them in all Facebook and linked in for more information.

Figure 7: Page that list the members staff's name

Among all these people I will specifically stalk Archana Adhikari karki (first co-ordinator) on
Facebook to learn more about her like how our mutual friends where she lives and where she
studied from and who are her family members. (2022)

Figure 8: Fb page of coordinator.

After her I also got curious about the principle but couldn’t find the Facebook account so I
checked her on linked in and found her information. (2022)

Figure 9: LinkedIn page of principle

Conclusion

In the end, after collecting all the information of key members in origination. I’ve successfully
completed my passive recognizance and now I will know whom to target, how to target and
when to target while hacking them. Using this information, I have two ways to infiltrate the
organization i.e.,

1. By social engineering, I will first become friendly to them and use our common interest
that I’ve researched to get close to key figures and make them accomplish my goals.
2.   By attacking weaker chains. I will first do a phishing attack on the key figures relative
then attack them and finally sabotage the whole organization and it will only be possible
excuse I got the information on them due to passive reconnaissance.
Active reconnaissance of provided vulnerable system
An active reconnaissance means to directly scan a system without bothering to hide your intent.
Unlike passive reconnaissance, active reconnaissance is done very aggressively and can be
traced back to the hacker doing it. This type of reconnaissance is usually done for pen-testing as
it helps us find any open ports and vulnerability in the system. Be mindful that it is very foolish
to illegally use active reconnaissance as compared to passive, you will leave a lot of trace of
yourself and thus will be arrested by the authorities.

Steps
 For this project I chose MMMLAGOS: 1.1 from vunhub as it is an easy and new system
to scan. So, I downloaded ova file name Earth which was 2gb ova file. ("MMMLAGOS:
1.1", 2022)

Figure 10: Vunhub site on MMMLAGOS: 1.1

  I used iso file inside the new Earth folder to create a virtual OS named MMMLAGOS:
1.1 using virtual box.

Figure 11: Showing new virtual OS

 Now, I changed network settings for both my kali os and MMMLAGOS: 1.1 so I can
scan the network.
Figure 12: Network settings.

 Finally, it time to use kali terminals where I search ip address for my network using
ifconfig
as such, our network turns out to be 10.2.0.15/24.
Step 1: network scanning.
 I used namp -sn to search if there is a host or not.

Figure 13: Commands ifconfig and nmap -sn

 After confirming the host is up, I used nmap -sV -A -O for aggressively scan the whole
network to find which port were opened and as a result, I found out that 3 port were open
they are msrpc(port 135) use to call program remotely , Microsoft-ds(port 445) used to
transfer files and http(port 80, 5357) and ssl(port 443) are unsecured port.
Figure 14: Commands nmap -sV -A -O

As a result, we found out that the service is at high risk as ports are unsecured and can be used
for remote controlling and sharing files.
Step2 vulnerability scan

 First, I activated Nessus so that I have to move to the directory which has Nessus which
is in download.
 After changing the directory to Downloads, I start my Nessus by using command
sudo systemctl start nessusd.service
 Then I used sudo systemctl status nessusd.service to check if its running or not.

Figure 15: Starting and checking Nessus

  After that, I went to the web browser and go to the link https://:kali:8834 where I login
my Nessus id and after logging in I entered the Ip address I got from ifconfig to scan the
system.

Figure 16: Inserting Ip

  After scanning, there will be a lot of information in the system like total host,
vulnerability, threats caused by vulnerability etc.

Figure 17: Nessus GUI

 In this case, there are only two vulnerabilities. I clicked on vulnerability to learn more
about them.
Figure 18: Checking vulnerabilities

 I Chicked on info of individual vulnerability to learn about them in detail.

Figure 19: Vulnerability of Nessus scan 1
Figure 20: Vulnerability of Nessus scan 2
Figure 21: Vulnerability of pinging remote host.

Finally, after learning in detail, the two vulnerabilities are

i) Nessus scans information; used to scan the host.

ii) Ping the remote host; used to pig the device from the remote host.

Conclusion
This is how an active reconnaissance is done to find vulnerabilities in both with in ports and
system. It is a great way to check all the vulnerability as it doesn’t leave any loophole ignored.
Now that I know the flaw, I can either be a fix it or if I have an evil intent, I can exploit it.
However, it’s not wise to exploit it as you will be caught if you do so.
References
Final Fantasy Rule 34 vid smut shocks Italy, surprising artist. (2022). Retrieved 18 February 2022, from
https://www.polygon.com/22893534/tifa-lockhart-rule-34-porn-video-italian-senate-artist-reaction-viral

McClelland, M., & Network, A. (2011). A short history of 'hentai'.

Italian senate meeting interrupted by Final Fantasy pornography. (2022). Retrieved 18 February 2022, from
https://www.eurogamer.net/articles/2022-01-19-italian-senate-meeting-interrupted-by-final-fantasy-pornography

Final Fantasy VII Porn Interrupts Government Meeting. (2022). Retrieved 18 February 2022, from
https://kotaku.com/final-fantasy-vii-porn-interrupts-government-meeting-1848378136

(2022). Retrieved 18 February 2022, from https://www.youtube.com/watch?v=fEOYZSsu6zQ

Masuk Facebook | Facebook. (2022). Retrieved 23 February 2022, from

https://www.facebook.com/aceschoolnepal/

About Us – Ace Higher Secondary School. (2022). Retrieved 23 February 2022, from

http://www.ahs.edu.np/about-us/

You’re Temporarily Blocked. (2022). Retrieved 23 February 2022, from

https://en-gb.facebook.com/archana.adhikari.395?

comment_id=Y29tbWVudDoyNjIwMTk3OTQ0MDcyODRfMjY0MTk3MTAwODU2MjIw

(2022). Retrieved 23 February 2022, from https://np.linkedin.com/in/udhar-shrestha-b39a2739

MMMLAGOS: 1.1. (2022). Retrieved 23 February 2022, from

https://www.vulnhub.com/entry/mmmlagos-11,192/