Many hacking incidents have occurred recently, both nationally and internationally, and continue to happen. The second hacking of Yemeksepeti for the last time made many members using this platform uneasy. Then I met with Yasir Gökçe, a cyber security expert on behalf of Webtekno, and asked him some questions about cyber security.
Today hack after hack let’s say it’s happening. As such, people who do not know about cyber security are more likely to have their personal data captured and used for malicious purposes than people who have knowledge. anxiety can hear. Of course, those who have knowledge about these issues may fall short of taking protective security measures in the face of cyber crimes that are developing day by day.
For example, recently leaked GTA 6 images. 17 year old hackerHe was arrested by the London police. In Turkey, there is a serious hacking audience around the age of 15-18, who spend time on platforms like Twitch and give advice to each other on hacking. In this article, we will discuss what cyber security is, how hacking events develop, why cyber security cannot be provided in the national and international context, how young people hack and many more. To Yasir Gökçe we asked. He also happily answered our questions.
Here are Yasir Gökçe’s answers…
Cyber security; It is the systematic protection of informatics, IT and OT systems and the data processed in these systems against threats originating from cyberspace.
In general, there may be different motivations behind the hacking event.
It has just entered the hacking “industry”, our script-kiddies The amateur team we call hacks just to develop/show their new talents and to experience the satisfaction of it. Hacking against intelligence seizing activities of states on their citizens can stand out as a resistance against this activity and the authoritarian/totalitarian mentality behind it.
On the other hand, state-sponsored actors are against the perceived threat group and other states. hacking he can. These activities concern the law of tolerance in cyberspace.
How hacking is done is a very broad and intricate subject.
In summary; Cyber attacks are carried out by exploiting information systems, processes, organizational structures and vulnerabilities in people’s consciousness. For example, an internet access modem or router not configured correctly is a vulnerability for hacking. Likewise, an employee who does not know that he should not click every link sent to him is an important vulnerability for hacking.
The part of hacks called white, red and gray is a classification made according to whether the hacking action is malicious or not.
The hacker who wants to draw attention to the vulnerabilities of the company he targets and who does the cyber attack with the consent of the company is a white hat hacker. black hat hacker, cyber-attacks with the aim of causing harm. The gray hat hacker, on the other hand, wants to warn the company about its vulnerabilities by performing a cyber attack in good faith. However, he does not do this illegal activity with the permission of the directors of the company (or other organizational structure).
Except for incoming messages and direct communications; We’ll know if the hacker posts the information on a site.
In addition, companies/organizations that have lost their personal data in Europe and our country, to the relevant authorities and persons. have been hacked have an obligation to report. As a final step, especially usernames and passwords are offered for sale on the dark web. With a search engine covering the dark web or cyber threat intelligence activities, we may be aware of whether such a thing is happening.
In my opinion, systems should be designed and configured on the assumption that individuals are unconscious so that users are informed about their individual cybersecurity.
In this context, security by design and security by default principles stand out. In other words, a communication program should transmit messages by encrypting (hiding) messages directly. This should not require a separate user action or preference.
In addition, relevant professional organizations and non-governmental organizations can raise awareness of users with virtual brochures supported by visuals, written without bogging down on technical terms. Also, when an app is installed or system setup, with pop-ups (pop-up screen) Cyber security issue can be reminded and guidance can be made.
The person who realizes that he has been hacked can make a complaint to the IT crimes bureau or make a criminal complaint to the responsible prosecutor’s office.
The entity or company that is responsible for protecting the person can also be contacted and asked for an account. digital forensic Unless you are a very sensitive institution that does not require (forensics), the first move is to disconnect the hacked system from the network. I recommend that individuals who are far from the cyber world consult an expert according to the extent of the damage and act with a legal department or a lawyer depending on the situation.
The recommended change frequency of passwords is every 6 months. Password must be complex; must contain at least 12 characters, uppercase, lowercase, numbers and special characters.
It takes 54 years for today’s computers to crack a password like this. Quantum computers however, this changes the time significantly.
While registering on the sites, the relevant websites are under the obligation to inform us within the framework of the Law on the Protection of Personal Data about which of our information has been circulated in case of any hacking.
Apart from this, the nature and scope of the information is disclosed on the dark web or ransom We can learn when we talk. When delivering data, it is important to examine the reliability of the receiving organization. Also, data must be delivered (especially for online platforms) after creating a complex password and authenticating. Stolen data is often sold as a whole on the dark web, as I just said. Cyber criminals buy them from there. Giant companies (Facebook, WhatsApp) that take advantage of the gaps in the contracts can also open their own data pool to third parties.
Stolen data can be used to serve personalized ads, hold data hostage and demand ransom. We see that stolen credit card data is used in fraud and theft. Identity and access data can be processed to provide remote access to critical systems.
Artificial intelligence integrated big data systems and programs can obtain data from open or closed sources.
Giant IT companies trying to do it legally. For example, it dictates a provision such as “Allow access to your data if you are going to use the service we offer for free”. They analyze the data obtained in this way with artificial intelligence and offer personalized content. For example, the similarity of a product that we have just searched through Google, as an advertisement on YouTube, falls within this scope.
In Turkey, a law based on the victimization of individuals and institutions that are victims of cybercrimes has been shaped. Unfortunately, the legal infrastructure that regulates the obligation of companies to preserve data is extremely inadequate.
In other words, acquiring high security practices, companies in good faith remains more. In addition, protecting information and privacy is not a sensitivity that has settled in our country yet. On the contrary, the concept of government is based on the storage, sharing and delivery of information. Legal guarantees in favor of the individual regarding the protection of information cannot be fully clarified. Although studies have been carried out on this issue in recent years, there is still a need for more measures to protect personal data.
For example, according to CHP vice president Onursal Adıgüzel, BTK requested the delivery of the most vital user data in a letter sent to all internet service providers. I don’t think that sensitive government data is very safe, considering that sometimes the news on the news that the identity data of the citizens of the states is found on the internet is true. Cybercriminals seek to make themselves anonymous. VPN and Tor using techniques such as It is also very difficult to detect the real IP or MAC address behind the crime by bypassing these methods.
The lack of cooperation at the international level also reinforces the challenge of detecting cybercriminals.
One country’s definition of cybercrime, another country’s right to privacy, right of communication, freedom of expression, etc. sees it as. This makes cooperation in the fight against cybercrime impossible. For example, a country has database servers In a crime committed by using the server, it may not give access to the server in question.
The fact that physical damage can be done by using IT and OT systems has always surprised me.
For example, Russia’s access to the control systems of a power plant in Ukraine and its public power out quite interesting. Or the US hacking a significant part of the Natanz uranium facilities in Iran (Stuxnet incident) can be given as an example.
Data protection requires a set of systematic, collective, orderly, consistent and effective (instant) actions. Thus, it is not difficult for even children under the age of 18 to hack the data of large companies.
Hacking is as easy as copy-paste-entering malicious code into a dataset. The cyber security team leaves work on weekends and evenings within the concept of overtime. Cybercriminals, on the other hand, seek to exploit the vulnerabilities 24/7. In addition, the cost of security measures may exceed the cost that would arise in case of damage, in some cases. In this case inaction and accepting risk can cause. There was a hacking incident in Yemeksepet recently. However your food basket I can’t say anything about this hack without examining and auditing the cyber security maturity.
Editor Note: Saying that he hacked Yemeksepeti, the hacker had previously made a statement. In our article where we gave this explanation from here you can read. Also, let us remind you that hacking illegally is a crime. In this article, we aimed to show how wrong the illegal hacking is by asking an expert. If you are not a white-collar hacker working within a company, we recommend that you do not get involved in these jobs.
- Image Sources: Harvad Business Review, Crowd Strike, Analytics Insight, The New Yorker, BBC, Scroll.in, WIRED, Tech Crunch, Dashlane Blog, Bleeping Computer, Auth0, MIT Technology Review, Tech Crunch 2, The New York Times, VICE, Analytics Insight 2