Professional Documents
Culture Documents
NAME
ID
SECTION NUMBER
Contents
Introduction................................................................................................................................2
Impacts due to Cybercrime....................................................................................................2
About Phishing.......................................................................................................................2
Real Life Cyber Attack..............................................................................................................3
Overview of the Attack..........................................................................................................3
Cyber Attack Details..............................................................................................................3
Process of Hacking.................................................................................................................3
Review and Technical Information Learned..........................................................................4
Conclusion..................................................................................................................................4
References..................................................................................................................................5
Introduction
Technology is greatly modernized over the past years. This has progressively increased the
cyber-criminal activities. What is cyber-crime? It is a criminal activity that can target
computer or networks to get the desired information. Cybercrime may be done by some
organizations or individuals; though, it is not necessary that it is committed by cybercriminals
or hackers for financial needs. It usually damages computers for the benefit of an individual
or organization. The reason can be political or personal reasons that leads to cybercriminal
activities. Cybercrime is usually done for different perspectives that include email and
internet fraud, identity fraud, and cyberespionage etc.
The chart shows that maximum cost of cybercrime is for financial services. This is usually
done to either hack the services offering financial model or to theft the financial data.
[CITATION htt43 \n \l 3081 ]
What are the examples of Cybercrime? Phishing is one of the most famous examples for
different types of cybercrime attacks that are used by cybercriminals. It is briefly discussed as
under.
About Phishing
It is a technique adopted by cybercriminals with an intention to trick the user to perform an
act while using the website that undermines the security of that particular platform or
organization. This maybe done through messages, emails, ads or images. These messages
usually contain infected attachments where the user maybe asked to respond to confidential
information to attain the confidence. For instance, during football world cup in 2018 (hosted
in Moscow), cybercriminals sent emails to the football fans to entice them with fake free trip
to Moscow. The personal data was stolen for those who opened the email. [CITATION
htt42 \n \l 3081 ]
Other type of Phishing is Spear-Phishing where the messages are usually crafted in such a
way that they look professional in stye and from trusted sources. This assures the user that
they are not fake.
Process of Hacking
According to the Check Point, deep links were introduced that enables the hackers to send
custom link that were defined in application manifest file by opening a browser window that
is enable by JavaScript. [ CITATION Rav20 \l 3081 ] Moreover, it was also uncovered that
malicious JavaScript codes were also used using SECTION parameters. It makes it incapable
of resisting XSS attacks particularly found in the usefulness of OkCupid's settings.
Using the server of OkCupid, “User” cookies are sent there. This is because XXS payload
that is implemented as offered by the WebView of the application. In the response, server
reacts with JSON that contains the ID of user and token its authentication. When the user ID
and authentication toke is obtained, the hacker is able to send a request to endpoint. This
leads to the activity of getting all the personal information of the user’s profile. This maybe
their family status, email address, photos, family status etc. The hacker may also perform
actions while using the victim’s profile i.e., sending messages or changing the profile data.
Note that a hacker can not hack the full account as the cookies offered are in protection under
HTTP. It can reduce the danger that are accessed by client-side scripts retrieving protected
cookies. The vulnerabilities have not been abused in the wild; however, the scene shows how
hackers may use these weaknesses to destroy the privacy and threaten them.
Taking in note the issue, the security and privacy management of OkCupid immediately took
action while fixing the flaws that were associated with the security. [CITATION DHW201 \l
3081 ]. It was done within 48 hours after the case was brought into consideration.
References
Desk, D. W. (2020). OkCupid dating app vulnerable to cyber attack: Check Point.
Desk, D. W. (2020). OkCupid dating app vulnerable to cyber attack: Check Point.
https://www.kaspersky.com/resource-center/threats/what-is-cybercrime. (n.d.). What is
Cybercrime? Retrieved from Kaspersky.
https://www.trilateralresearch.com/cybercrime-what-is-the-hidden-nature-of-digital-criminal-
activities-nowadays/. (n.d.). Cybercrime – what is the hidden nature of digital
criminal activities nowadays? Retrieved from trilateralresearch.
Lakshmanan, R. (2020). OkCupid Dating App Flaws Could've Let Hackers Read Your
Private Messages.
O'Donnell, L. (2020). OkCupid Security Flaw Threatens Intimate Dater Details.