Professional Documents
Culture Documents
Cybersecury
Cybersecury
Due to global pandemic and quarantine, every field of work was temporarily closed with an
uncertain future. During that time, emergency departments such as hospitals and civil offices
were somehow opened. However, the educational department and private business were closed
and remained so for a long time. Therefore, video conference apps like messenger, teams and
zoom started to become popular and looked like a valid solution to many problems. These apps
helped us meetings and classes online though there were some flaws it was a smart replacement
at that time. However, the main problem of using these apps came after a while as people started
to hack the meeting and do dumb pranks. Although it was annoying, all it did was disturb the
meeting and it could be easily solved by kicking the hacker out of the meeting. As such it was
not such a big deal but something happened on January 30 2022 in Italy. A senate meeting was
held there on the topic of “A Transparent Civil Service” and all the important figures like Nobel
Prize for physics winner Giorgio Parise and other powerful figures were present in that meeting
which was hosted by zoom. Unfortunately for them the meeting got zoomed bombed (hacked
and showed a video in zoom meeting.) by a 30 second of hentai parody of “final fantasy VII”
and thus became an unforgettable news and meme dubbed as “The Tiffa Incident”. This was a
huge disaster and a shame for the whole Italian nation and will probably haunt them for a long
time. This incident also demonstrated how weak the whole nation was against cyber-attack and
why it needs to beef up in the cybersecurity field. To know how severe humiliation the Italian
government faced, we must first know about hentai. ("Final Fantasy Rule 34 vid smut shocks Italy,
surprising artist", 2022)
Figure 1: Picture of the incident
What is hentai?
Hentai is a Japanese word that can be translated as a pervert but its true meaning is that of an
animated or illustrated porn. Generally, hentai has a large genre but among them, parody is
widely famous. Be it the parody of an anime, movie, game or any famous thing in the internet,
there will be a hentai of it and this bizarre incident has also been named as “The rule 34 of the
internet”. (McLelland, M., & Network, A. ,2011).
As such final fantasy a pg. 13 game also became a victim of such degeneracy and one of the
many particular parodies (3d animated) featuring a female character Tiffa Lockhart was shown
in the meeting and footage of that meeting was shown to a live audience on both national tv and
social media like Facebook.
What happened?
The hacker literally streamed a Tiffa’s hentai for solid 30 seconds and shouted something about
“sex offender”. Due to this certain unexpected situation people in charge of the call got confused
and forgot to act quickly. It is said someone shouted at them to stop it and then only did they
recover and kicked the anonymous hacker out of chat. However, he managed to return to the
meeting and again managed to play another 3d hentai of a Genshin impact character. And after
that he was permanently removed from the meeting. However, damage was done and in addition
to Facebook, the FFVII porn was also apparently broadcast live via Senato TV. Due to that it
caused everlasting shame on the Italian senate as the whole meeting will now and forever be on
the internet and they can’t do anything about it.("Final Fantasy VII Porn Interrupts Government
Meeting", 2022)
However, according to tweeter and rumours, it’s not true and the true hacker was
probably an Italian citizen. The reason was to prank and to make fun of all the boomers attending
the meeting and also to spread awareness of how the whole senate was ignorant of modern
technology. This incident also showed how ignoring something as crucial as cybersecurity will
lead to disastrous outcomes.
As such, the reason for the hack is probably due to the Facebook post and if so then it is a classic
case of data leak and hacker using passive reconnaissance. As such, the hacker has left very
small traces of himself and it’ll probably be hard to catch him.
However, the flaw in the CIA came in the form of integrity and confidentiality. As the person
leaked the whole room id and password for the entire public to see and when asked, she said that
did it to make it more available and easier for others to join the meeting. However, due to this
carelessness and lack of awareness of such high-status members, the whole meeting was
sabotaged and this incident occurred. In this case she chose availability moreover integrity and
confidentiality due to which disaster occurred.
The further potential risk of being ignorant in modern technology could be even horrendous as
there are more evil people on the internet and the thing that they will do to entertain themselves
can be worse than this. Beside this attack such as phishing, password cracking and online fraud
are also all related to being ignorant about modern tech and carelessness.
Conclusion
In the end, even if there isn't any definite proof suggested by the police, it is clear that hackers
broke into the system due to data leak caused by ignorance and carelessness of members. This
can basically fall into human error and excuses such as she did it because she’s not good at
technology is basically inexcusable because as member of higher level of government, it is their
duty to not make such stupid and amateurish mistake like posting an entire classified info on
Facebook. As such to prevent such a shameful event from ever happening in future, they should;
Procedure
In this assignment, I’ve decided to passively collect information on ace higher secondary school.
To do this, what I have basically done is to first search the school on Facebook because there
will be more details on a private business on Facebook. ("Masuk Facebook | Facebook", 2022)
On Facebook, I clicked on the “about” button which is located on the navigation bar. In about
page, I found information with a lot of potential that may help me infiltrate the organization like;
It’s location, which is in New Baneshwor, Kathmandu with the map to locate its exact
location,
Its opening and closing time i.e., from 7:00 am to 9:00pm
phone number which is 01-4499817
Its official email i.e., ace@ace.edu.np and finally,
The potential students.
With this information, we will know when and where our target is and can find a potential way
of communication via phone number and email and finally, I’ve got people who are students so I
could ask for information about the college indirectly. However, there is still some key
information missing like the names of members who are in charge of different departments in the
organization. So, when I want to infiltrate it, I can make excuses like I have an appointment with
a certain staff member of that organization. To do that I first googled Ace school then managed
find their official website.
Then I chose the official page and clicked on the “about AHS” navigation button. Where the list
of positions of members of the whole organization was displayed. ("About Us – Ace Higher
Secondary School", 2022)
Figure 6: Ace high schools official site
So, I noted important names like the names of the chairman, principal, Assistant Manager,
coordinators name and searched them in all Facebook and linked in for more information.
Conclusion
In the end, after collecting all the information of key members in origination. I’ve successfully
completed my passive recognizance and now I will know whom to target, how to target and
when to target while hacking them. Using this information, I have two ways to infiltrate the
organization i.e.,
1. By social engineering, I will first become friendly to them and use our common interest
that I’ve researched to get close to key figures and make them accomplish my goals.
2. By attacking weaker chains. I will first do a phishing attack on the key figures relative
then attack them and finally sabotage the whole organization and it will only be possible
excuse I got the information on them due to passive reconnaissance.
Active reconnaissance of provided vulnerable system
An active reconnaissance means to directly scan a system without bothering to hide your intent.
Unlike passive reconnaissance, active reconnaissance is done very aggressively and can be
traced back to the hacker doing it. This type of reconnaissance is usually done for pen-testing as
it helps us find any open ports and vulnerability in the system. Be mindful that it is very foolish
to illegally use active reconnaissance as compared to passive, you will leave a lot of trace of
yourself and thus will be arrested by the authorities.
Steps
For this project I chose MMMLAGOS: 1.1 from vunhub as it is an easy and new system
to scan. So, I downloaded ova file name Earth which was 2gb ova file. ("MMMLAGOS:
1.1", 2022)
Now, I changed network settings for both my kali os and MMMLAGOS: 1.1 so I can
scan the network.
Figure 12: Network settings.
Finally, it time to use kali terminals where I search ip address for my network using
ifconfig
as such, our network turns out to be 10.2.0.15/24.
Step 1: network scanning.
I used namp -sn to search if there is a host or not.
After confirming the host is up, I used nmap -sV -A -O for aggressively scan the whole
network to find which port were opened and as a result, I found out that 3 port were open
they are msrpc(port 135) use to call program remotely , Microsoft-ds(port 445) used to
transfer files and http(port 80, 5357) and ssl(port 443) are unsecured port.
Figure 14: Commands nmap -sV -A -O
As a result, we found out that the service is at high risk as ports are unsecured and can be used
for remote controlling and sharing files.
Step2 vulnerability scan
First, I activated Nessus so that I have to move to the directory which has Nessus which
is in download.
After changing the directory to Downloads, I start my Nessus by using command
sudo systemctl start nessusd.service
Then I used sudo systemctl status nessusd.service to check if its running or not.
In this case, there are only two vulnerabilities. I clicked on vulnerability to learn more
about them.
Figure 18: Checking vulnerabilities
Conclusion
This is how an active reconnaissance is done to find vulnerabilities in both with in ports and
system. It is a great way to check all the vulnerability as it doesn’t leave any loophole ignored.
Now that I know the flaw, I can either be a fix it or if I have an evil intent, I can exploit it.
However, it’s not wise to exploit it as you will be caught if you do so.
References
Final Fantasy Rule 34 vid smut shocks Italy, surprising artist. (2022). Retrieved 18 February 2022, from
https://www.polygon.com/22893534/tifa-lockhart-rule-34-porn-video-italian-senate-artist-reaction-viral
Italian senate meeting interrupted by Final Fantasy pornography. (2022). Retrieved 18 February 2022, from
https://www.eurogamer.net/articles/2022-01-19-italian-senate-meeting-interrupted-by-final-fantasy-pornography
Final Fantasy VII Porn Interrupts Government Meeting. (2022). Retrieved 18 February 2022, from
https://kotaku.com/final-fantasy-vii-porn-interrupts-government-meeting-1848378136
https://www.facebook.com/aceschoolnepal/
About Us – Ace Higher Secondary School. (2022). Retrieved 23 February 2022, from
http://www.ahs.edu.np/about-us/
https://en-gb.facebook.com/archana.adhikari.395?
comment_id=Y29tbWVudDoyNjIwMTk3OTQ0MDcyODRfMjY0MTk3MTAwODU2MjIw
https://www.vulnhub.com/entry/mmmlagos-11,192/