Securing TCP/IP Sessions from Hijacking Attacks - Essay Sample

introduction

Transmission Control Protocol or Internet Protocol (TCP/IP) sessions are vulnerable to various attacks, which could lead to data loss, theft, malicious hacking. TCP/IP session hijacking is one of the common vulnerabilities (Alqahtani & Iftikhar, 2013). A TCP connection between a client and the server starts with a three-way handshake. In this case, during the synchronization phase, the TCP develops a sequence number that is used for the intended data transfer. Secondly, the host replies by verifying the sequence number that will be used and acknowledges the original request (Alqahtani & Iftikhar, 2013). Thirdly, the originating host sends data acknowledging the sequence number and acknowledgment from the host server. After the handshake, TCP/IP allows the sending of data packets between the host and the user. Noticeably, the primary aim of a TCP/IP session hijacking is to create a situation where the server and client cannot exchange data, enabling n attacker to forge acceptable packets that mimic the real ones between the two ends, gaining control of the communication (Alqahtani & Iftikhar, 2013).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

For the hijacking to occur, the attacker has to eavesdrop a TCP session to redirect data packets. In this case, the hijacker predicts the sequence number of the ongoing connection and creates a mimic segment that resembles the original one (Alqahtani & Iftikhar, 2013). If they manage to forge, they can send counterfeit data packets to the client using the same Internet Protocol (IP) as the source, which will look as if they are originating from the original host. Once an attacker has control over the session, they can decide to block the authentic host by launching a denial-of-service attack. The man-in-the-middle is a type of TCP/IP session hijacking in which an attacker identifies vulnerabilities in an individual’s network and launch malicious tools between a victim’s computer and sites that they visit to collect personal information such as banking credentials (Alqahtani & Iftikhar, 2013). For instance, an attacker may send an email or website that mimic those from a legitimate bank mail (Alqahtani & Iftikhar, 2013). The user clicks the link to the malicious website thinking they are using the trusted bank interface only to give out their bank credentials to the hacker without realizing it.

Bangladesh Bank Hacking

In February 2016, hackers orchestrated the infamous Bangladesh Bank robbery, which foresaw the loss of $81 million via the SWIFT network (Finkle & Serajul, 2016). SWIFT is a secure messaging service that facilitates money transfers between financial institutions in over 200 countries in the world (Byron & Rahman, 2020). In February 2016, criminals attempting to rob $1 billion from the US Federal Reserve in New York, injected a custom malware into Bangladesh Bank’s SWIFT network, which allowed them to send 35 requests to the US Federal Reserve. Notably, the attackers intercepted SWIFT confirmation messages and sent out forged copies for printing to coverup their activities (Byron & Rahman, 2020). However, SWIFT software sends confirmation receipts for withdraws to the host's printer; therefore, if the fraudulent transactions were printed out, banking officials could have identified the scenario. Unfortunately, five of the requests were successful leading to an $81 million loss (Byron & Rahman, 2020). The Federal Reserve Bank of New York managed to block the other thirty transactions.

Mitigation Practices following the Incident

Noticeably, authorities traced the money to bank accounts in the Philippines. Hackers transferred the money to accounts registered with the Rizal Commercial Banking Corporation (RCBC) in Manila, which then disappeared mysteriously through a network of casinos. In response, SWIFT began an initiative to advise banks and other financial institutions concerning methods to improve their network security to avoid similar instances (Finkle & Serajul, 2016). Additionally, it stressed the need of maintaining updated and patched Information Technology environments to minimize vulnerabilities that attackers utilize (Finkle & Serajul, 2016). The company also introduced software to aid banks in spotting and blocking attempted attacks and altered databases.

In the case of Bangladesh Bank, the institution partnered with international anti-cybercrime and local authorities to trace the responsible individuals. Bangladesh’s Central Bank Manager consulted the World Informatix Cyber Security to respond to the incident by launching a vulnerability assessment of BCB IT systems (Schwartz, 2016). The investigations discovered malware and "footprints" of the attackers, revealing that the bank's system had been breached internally and a malicious tool installed., which listened to the institution's procedures for international fund transfers and payments. Up to date, only $15 million of the stolen amount has been recovered with the investigations still ongoing (Finkle & Serajul, 2016).

Overall Impact of the Hacking

The incident did not only cause financial damages but also affected the reputation of the Bangladesh Bank, the RCBC bank, and Philippine anti-money laundering policies (Byron & Rahman, 2020). The RCBC carried most of the blame since the attackers used several accounts registered with the institution to transfer money out of the US. Additionally, the bank branch was suspected of being directly involved in the mess since it allowed the withdrawal of multi-millions from newly opened accounts (Byron & Rahman, 2020). The Bank manager at the RCBC back was sentenced and jailed for seven years, while the Federal Bureau of Investigations (FBI) is still working on a case to link the attack to North Korea middlemen (Byron & Rahman, 2020).

Overall, the incident revealed the in Bangladesh’s challenge with cyber hacking, which threatens financial institutions operating in the region. The country is one of the most notorious cyberattacks with numerous incidents targeting bank users (Byron & Rahman, 2020). Bank clients, especially Bangladesh Bank's customers perceived the incident negatively, which affected their preference for online bank transfers.

References

Alqahtani, A. H., & Iftikhar, M. (2013). TCP/IP attacks, defenses, and security tools. International Journal of Science and Modern Engineering (IJISME), 1(10), 42-47. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.686.1616&rep=rep1&type=pdf

Byron, R. K. & Rahman, M. F. (2020). The billion-dollar hit job. The Daily Star. Retrieved from https://www.thedailystar.net/business/banking/bangladesh-bank-cyber-hacking-billion-dollar-hit-job-1863310

Finkle J, & Serajul, Q. (2016). Exclusive: SWIFT to advise banks on security as Bangladesh hack details emerge. Reuters. Retrieved from https://www.reuters.com/article/us-usa-fed-bangladesh/exclusive-swift-to-advise-banks-on-security-as-bangladesh-hack-details-emerge-idUSKCN0WM0ZS