Beware the Black Hats

Apr 25 , 2020
By Kidist Yidnekachew

---

In the age of digital technology, we find ourselves more vulnerable than we had ever previously imagined. For this, we do not even have to go into the sketchy underbelly of the web. It usually comes to us.

Recently, I stumbled upon a vacancy on Telegram, a popular messaging app in Ethiopia and throughout the world, for temporary recruitment. The vacancy said that they were looking to hire individuals who were interested in helping test various applications for at least two hours a day and who had either a smartphone or a personal computer and internet access.

Interested, I contacted the person who posted the vacancy, and he sent me a file format to install the application. He also gave me instructions on how to install the app and asked me to screenshot the “installation complete” pop-up for verification.

I tried to do this the next day. But downloading the app was unsuccessful. I thought it might have been my internet connection. I gave it a second try but was unsuccessful.

Later that day, I tried to contact the person who posted the vacancy, but his username had been deleted, and our correspondence had disappeared. Thus, I turned to a tech-savvy friend of mine and sent him the app for a query.

My friend called the second he received the file and told me to turn off my internet connection and delete the format file to - using his technical term - remove the backdoor Trojan app.

It turns out that the app was a virus. Had I installed it, I could have given the hackers access to my camera, microphone and basically anything saved in my phone. The thought that someone could be watching me through my phone camera at any point and time without my knowledge sent chills down my spine.

This is something we have to consider further as our use of digital technology increases. It seems that every other person in Addis Abeba is sporting a smartphone these days.

Although our engagement with the worldwide web is negligible in comparison to other places, we are already witnessing a number of its pros and cons. We have everything from internet celebrities (vloggers) to social media activists. A less-discussed corner of the internet is Ethiopia’s own version of the dark web, where hackers are known to congregate.

Indeed, not all hackers are bad, and the negative connotation related to the word can be misleading. There are two kinds: black hat and white hat hackers. As obvious as it sounds, the former have malicious intent, while the latter are security experts testing systems for vulnerabilities who are also known as pen testers or penetration testers.

There are two tried and true methods of hacking. One is purely hardware-based. The other is the exploitation of people in the process of hacking them, which almost happened to me.

The hacker first places themselves in the mind of their victims and develops a way for them to install, click or open a file granting them access to the victim. How this is achieved often varies. One popular way has been Telegram.

In between the constant posts for shoes, jackets, glasses and household items, we may find ourselves face to face with a fake Telegram account with users posting Android installation files usually between 90Kb and one megabyte. The files usually come in the form of a data saver format file or even a wallpaper.

Many fail to pay attention to the file size and install these apps that disappear, never showing up in our app drawer, and we just move on. Unknowingly, what we have installed is a tool that allows the hacker to do a number of things from triangulating our location to reading our passwords. Most eerily, whenever we are connected to the internet, the hacker is able to access the camera or listen in on the microphone.

This has become quite a common occurrence. That is why we should be careful of the applications we install on our devices, especially those we find on such social media platforms and the links we find in the random emails we are sent.

As a rule of thumb, whenever we come across such applications prior to installing them, let us either ask someone who knows about these things or do some research on our own. Otherwise, we may have a digital Peeping Tom on our hands.

---

PUBLISHED ON Apr 25,2020 [ VOL 21 , NO 1043]

---