Real Life Cyber Criminal Cases

NAME
ID
SECTION NUMBER
Contents
Introduction................................................................................................................................2
Impacts due to Cybercrime....................................................................................................2
About Phishing.......................................................................................................................2
Real Life Cyber Attack..............................................................................................................3
Overview of the Attack..........................................................................................................3
Cyber Attack Details..............................................................................................................3
Process of Hacking.................................................................................................................3
Review and Technical Information Learned..........................................................................4
Conclusion..................................................................................................................................4
References..................................................................................................................................5
Introduction
Technology is greatly modernized over the past years. This has progressively increased the
cyber-criminal activities. What is cyber-crime? It is a criminal activity that can target
computer or networks to get the desired information. Cybercrime may be done by some
organizations or individuals; though, it is not necessary that it is committed by cybercriminals
or hackers for financial needs. It usually damages computers for the benefit of an individual
or organization. The reason can be political or personal reasons that leads to cybercriminal
activities. Cybercrime is usually done for different perspectives that include email and
internet fraud, identity fraud, and cyberespionage etc.

Impacts due to Cybercrime

Cybercrime has impacted many website, personal data and corporate data etc. Different
Cybercriminal activities have different costs that is illustrated in the figure below. It shows
the descriptive data of 2017 where the cost is presented that incurred directly or indirectly for
the cyberattack. Note that this does not present the harm to people’s lives.

The chart shows that maximum cost of cybercrime is for financial services. This is usually
done to either hack the services offering financial model or to theft the financial data.
[CITATION htt43 \n \l 3081 ]
What are the examples of Cybercrime? Phishing is one of the most famous examples for
different types of cybercrime attacks that are used by cybercriminals. It is briefly discussed as
under.

About Phishing
It is a technique adopted by cybercriminals with an intention to trick the user to perform an
act while using the website that undermines the security of that particular platform or
organization. This maybe done through messages, emails, ads or images. These messages
usually contain infected attachments where the user maybe asked to respond to confidential
information to attain the confidence. For instance, during football world cup in 2018 (hosted
in Moscow), cybercriminals sent emails to the football fans to entice them with fake free trip
to Moscow. The personal data was stolen for those who opened the email. [CITATION
htt42 \n \l 3081 ]
Other type of Phishing is Spear-Phishing where the messages are usually crafted in such a
way that they look professional in stye and from trusted sources. This assures the user that
they are not fake.

Real Life Cyber Attack

As mentioned about one of the examples of Cyber Attack, I will talk about a real-life cyber-
attack done on one of a Dating website that could’ve let hackers read the private messages of
the users. It was mainly due to the App Flaw that let the cybercriminals to attempt for reading
the private messages.

Overview of the Attack

Okcupid is an online dating platform that is trusted by those who want to find their loved
ones. It has more than fifty million users that are registered that are mostly aged in between
25 to 34. It: moreover, has over ninety-one million connections made every year where
approximately 50,000 dates are settled on weekly occasions. Due to pandemic, it was
reported that the website observed a growth of 20 percent increase in conversations carried
out with approximately 10 percent increase in the matches globally.
On 29 July, 2020, it was reported by the cybersecurity researchers that there are many
security issues that can lead attackers to spy on the privacy of the user or may do malicious
actions through the access of targeted accounts. It was done through a URL that was
generated by the hackers. When opened by the user, the user would become the victim of the
cybercrime by giving the control of their account.

Cyber Attack Details

As stated earlier, on 29 July’20, OkCupid, due to its flaw in their security and policies gave a
chance to cyber. It occurred on the platform of OkCupid and the users of OkCupid were
targeted on this activity. According to the reports, it is believed that a 33-year-old Russian
Hacker, Maksim Viktorovich Yakubets, who is said to be the head of Russian hacking group
Evil Corp, is responsible for the cyber criminal activity. [ CITATION DHW20 \l 3081 ]. Due
to this attack initiated by a Russian hacking group, fortunately, there were no users that were
affected by it. Thanks to the Check Point researchers who promptly revealed their finding to
the services provider of OkCupid. All of it was done before the hacking group could avail the
chance of the vulnerabilities of OkCupid. The flaws spotted as a part of reverse engineering
of their Android app having version of 40.3.1. It was released on 4 months before attack.
There have been dozens of updates since the version 40.3.1.

Process of Hacking
According to the Check Point, deep links were introduced that enables the hackers to send
custom link that were defined in application manifest file by opening a browser window that
is enable by JavaScript. [ CITATION Rav20 \l 3081 ] Moreover, it was also uncovered that
malicious JavaScript codes were also used using SECTION parameters. It makes it incapable
of resisting XSS attacks particularly found in the usefulness of OkCupid's settings.
Using the server of OkCupid, “User” cookies are sent there. This is because XXS payload
that is implemented as offered by the WebView of the application. In the response, server
reacts with JSON that contains the ID of user and token its authentication. When the user ID
and authentication toke is obtained, the hacker is able to send a request to endpoint. This
leads to the activity of getting all the personal information of the user’s profile. This maybe
their family status, email address, photos, family status etc. The hacker may also perform
actions while using the victim’s profile i.e., sending messages or changing the profile data.

Note that a hacker can not hack the full account as the cookies offered are in protection under
HTTP. It can reduce the danger that are accessed by client-side scripts retrieving protected
cookies. The vulnerabilities have not been abused in the wild; however, the scene shows how
hackers may use these weaknesses to destroy the privacy and threaten them.
Taking in note the issue, the security and privacy management of OkCupid immediately took
action while fixing the flaws that were associated with the security. [CITATION DHW201 \l
3081 ]. It was done within 48 hours after the case was brought into consideration.

Review and Technical Information Learned

It is not the first time that OkCupid has been affected by cybercriminals. It was reported in
2019 as well where a flaw was found in the application that could have let the cybercriminals
to steal the personal information of users. [ CITATION Lin20 \l 3081 ] Keeping this in
review, OkCupid needs to strict their security and policies for further losses. This could
greatly affect their registered users as they do not compromise under their personal security
concerns.
The technical information learned in this report includes the types of Hacking that are used
these days. In this case, Phishing was done to target the users. Moreover, the process of
hacking was also learned that was used in OkCupid.
Conclusion
Cybersecurity concerns has been significantly seen in the past few years. Many websites and
renown applications has been affected by cybercriminals. Many personal information has
been extracted and is used for different means. It is therefore important that organizations and
online website that assure the privacy of customers should also maintain such security that
can not be exploited. Keeping this in view, OkCupid should also review and keep their
policies alert to assure the privacy of the users.

References
Desk, D. W. (2020). OkCupid dating app vulnerable to cyber attack: Check Point.
Desk, D. W. (2020). OkCupid dating app vulnerable to cyber attack: Check Point.
https://www.kaspersky.com/resource-center/threats/what-is-cybercrime. (n.d.). What is
Cybercrime? Retrieved from Kaspersky.
https://www.trilateralresearch.com/cybercrime-what-is-the-hidden-nature-of-digital-criminal-
activities-nowadays/. (n.d.). Cybercrime – what is the hidden nature of digital
criminal activities nowadays? Retrieved from trilateralresearch.
Lakshmanan, R. (2020). OkCupid Dating App Flaws Could've Let Hackers Read Your
Private Messages.
O'Donnell, L. (2020). OkCupid Security Flaw Threatens Intimate Dater Details.