Shahnawaz Backer Exposes How Hackers Break the Cybersecurity Systems

By Adi Permana

Editor Adi Permana

BANDUNG, itb.ac.id—School of Electrical Engineering and Informatics (STEI) ITB held a limited webinar with Shahnawaz Backer, F5 Labs' Principal Security Advisor, on Friday (28/05/2021). F5 Labs—also known as F5 Inc.—is an application delivery network (ADN) and application security company. BIG-IP, NGINX, and Shape Security are three of F5's companies that are well-known among cybersecurity activists.

Because of the rapid advancement of technology, we realize that cybersecurity is not something we can just ignore. We frequently log in on specific platforms as everyday gadget users. Some of the platform's security systems try to secure user data using CAPTCHA and one-time password (OTP) authentication. However, we are not fully safe from hackers.

According to Backer, the CAPTCHA feature is no longer effective because other programs may automatically "beat" the CAPTCHA. The algorithms in this program use machine learning and artificial intelligence. Even so, Backer doesn't rule out the idea that this feature can be effective if the algorithm is made more difficult for hackers to defeat.

On the other hand, hackers will have a harder time breaking into the OTP feature. However, Backer said that under certain circumstances and strategies, it can also be defeated. If you pay attention, you'll notice that several programs frequently request an OTP when we log in on a new device. In this instance, the OTP is normally only requested once. This differs from security systems that use other patterns, such as those that need us to enter an OTP every time we make a command.

Backer explained that hackers may presumably make the device a target to defeat a system like this. To put it another way, the hackers emulate the victim's device on his own. This step is done after the target receives the malware from the hackers. Malware will retrieve information such as user activity data and other important data. The information acquired by the malware will be sent to the cloud, where hackers can download it.

Furthermore, according to Backer, hackers can make use of the leaked user data by selling it on the marketplace. Hackers can also potentially take advantage of user data for personal benefits.

Despite this, hacking is difficult due to the security system's various layers of protection. Apart from the ones already stated, security systems commonly use one-way hashing algorithms on passwords, making reverse engineering the only option to beat them.

At the end of the webinar, Backer discusses strategies, things to remember, and technologies that system security engineers can utilize to increase the safety of user data. As a user, you can take precautions by creating passwords with a large number of unique characters and changing it on a regular basis.

Reporter: Maria Khelli (TPB STEI, 2020)
Translator: Sekar Dianwidi Bisowarno (Bioengineering, 2019)