hacking case study uk

• The Inventory

Support Quartz

Fund next-gen business journalism with $10 a month

Free Newsletters

The UK government has been hacking for years—and now it’s legal

The UK intelligence agency has been hacking computers, phones and networks at home and abroad since at least 2013, and that activity has now been judged legal, thanks to a Feb. 12 ruling by the court in charge of overseeing privacy infringements by state agencies. This judgment could give the government new momentum in its bid to enact a controversial new surveillance law.

The Investigatory Powers Tribunal was responding to a complaint brought by the rights group Privacy International and seven internet service providers. During the course of the hearing, the UK intelligence agency, GCHQ, admitted for the first time that it had conducted “equipment interference”, a euphemism for hacking, since at least 2013. The agency previously adopted a position of neither confirming nor denying that it was hacking computers, phones and networks.

As the case went on, the intelligence agency revealed  (pdf,  p. 11) that:

• It carried out hacking activities in the UK and abroad.
• About 20% of the agency’s intelligence reports in 2013 contained information derived from hacking activities.
• The agency used “implants”, or spyware, that was active over different lengths of time. Some were active for the duration of an internet session while others resided on a computer for an extended period.

The tribunal also ruled that “thematic warrants” for hacking are legal. This lets the spy agency hack groups of people or “property”, which includes hardware and software. Privacy International argued during the hearing  (pdf, p. 10) that the agency could apply for warrants for the following groups, for example:

• All mobile telephones in Birmingham.
• All computers used by suspected members of a drug gang.
• All copies of Microsoft Windows used by a person in the UK who is suspected of having traveled to Turkey in the last year.
• All software obtained by GCHQ.

Impact on draft surveillance bill

The ruling couldn’t have come at a better time for the government. It’s taking a beating over a controversial new surveillance law it has proposed. Three parliamentary groups in the last two weeks have issued reports lambasting the draft law, known as the Investigatory Powers bill , or IP bill. And government-sanctioned hacking is a key area of concern for groups scrutinizing the draft legislation.

The chair of a parliamentary committee tasked with considering the draft bill called it “flawed” in its current form. The committee’s final report on the bill contained dozens of recommendations for improvement. “The fact that we have made 86 recommendations shows that we think that part of the bill is flawed and needs to be looked at in greater detail,” the committee chair, Lord Murphy, said .

The world’s biggest technology companies fear the bill’s provisions for government-mandated hacking could have severe repercussions for their businesses. Apple has criticized the UK government for being “the first national government to attempt to provide a legislative basis for equipment interference.” Microsoft, Facebook, Google, Yahoo and Twitter jointly submitted evidence to parliament calling the bill’s provisions for hacking “a very dangerous precedent” and a “step in the wrong direction.”

The tribunal hearing and the draft bill are intertwined. The hearing put government hacking in the open for the first time, leading to its inclusion in the draft law. The  tribunal’s judgment  (pdf) noted that “the draft Investigatory Powers bill … plainly drew upon the ideas and submissions which have now been openly canvassed before us.”

Privacy International told Quartz it’s exploring options to challenge the tribunal’s decision. It’s not worried that the ruling will boost support for the bill. Scarlet Kim, the group’s legal officer, told Quartz that the bill already faced too much criticism from the parliamentary groups. “We believe that they will considerably undermine the tribunal’s ruling,” Kim said.

The government, for its part, is hoping to build on the favorable judgment. The foreign secretary, Philip Hammond, sought to link the judgment to the draft surveillance law. “The ability to exploit computer networks plays a crucial part in our ability to protect the British public,” he said in a statement. The proposed law, he said, would “strengthen the safeguards” over intelligence agencies’ use of their hacking powers. For privacy campaigners, it would be ironic if their efforts exposed UK government hacking, only for it to be enshrined in a new law once revealed.

📬 Sign up for the Daily Brief

Our free, fast, and fun briefing on the global economy, delivered every weekday morning.

Phone hacking in the British press: three key moments in the scandal – and what happens next

Director of Undergraduate Studies, School of Journalism, Media and Cultural Studies, Cardiff University

Disclosure statement

John Jewell does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

Cardiff University provides funding as a founding partner of The Conversation UK.

View all partners

Prince Harry has emerged as the victor in his civil case against Mirror Group Newspapers. The judge, Mr Justice Fanning, ruled that on the balance of probabilities a sample of 15 out of 33 articles examined by his court were written as result of phone hacking and other illegal measures. In an exhaustive report weighing in at 386 pages , Fanning stated that there was evidence of “widespread and habitual” use of phone hacking at the Mirror newspapers.

Harry was awarded damages of £140,600 and said in a subsequent statement : “Today is a great day for truth, as well as accountability. This case is not just about hacking – it is about a systemic practice of unlawful and appalling behaviour, followed by cover-ups and destruction of evidence, the shocking scale of which can only be revealed through these proceedings.”

That Harry was in a bullish mood was entirely understandable. But his case is only the latest development in a series of events which has rocked the tabloid press in the UK over the past decade or so.

1. The closure of the News of the World

In July 2011, the Guardian claimed that journalists on the News of the World had hacked into the phone messages of murdered schoolgirl Milly Dowler. Not only this, but messages were also removed to make room for more, giving her parents the impression she was still alive and picking up her messages.

The facts of the case have never been satisfactorily concluded, but the reporting on this and other allegations of phone hacking, as well as the strength of the public reaction, were enough to prompt the closure of the News of the World that same month. The paper had been one of the most widely read in the UK.

In a statement at the time , James Murdoch, son of Rupert, said: “The News of the World and News International failed to get to the bottom of repeated wrongdoing that occurred without conscience or legitimate purpose.”

2. The Leveson Inquiry

Seemingly moved by the widespread vitriol attracted by the News of the World, David Cameron, the prime minister at the time, commissioned the Leveson Inquiry into the culture, practices and ethics of the British press.

The inquiry was asked to make recommendations on how more ethical and professional standards could be achieved. The aim was to find a “new, more effective policy and regulatory regime for the press”.

When the inquiry’s report was published in 2012, the tabloid press was singled out for criticism. Its conduct over the years, said the report, could “ only be described as outrageous ”.

Leveson recommended a new organisation be created to regulate the press. This should be entirely independent in composition and free from all political and commercial involvement.

The body that did ultimately emerge from the inquiry was the Independent Press Standards Organisation (Ipso), which has regulated the press ever since but does not fit with the Leveson vision of independence .

The second part of the Leveson inquiry was meant to consider the relationship between the police and journalists, but never actually took place. It was shelved in 2018. The government’s reasoning for this decision was that it considered the exercise “ costly and time consuming ”.

3. Journalism in the dock: phone-hacking trials

In 2014 key journalists who had worked for the Rupert Murdoch-owned News of the World were charged with conspiring to hack voicemails . Among those involved were former editors Rebekah Brooks and Andy Coulson, who had subsequently gone on to become David Cameron’s director of communications at Number 10.

In the event, Brooks was cleared of any criminal wrongdoing while Coulson was jailed for 18 months for conspiracy to hack phones.

The trials ahead

If Harry sounded confident in his victory over the Mirror, it’s maybe because he sees this battle as evidence that he is destined to prevail in a much longer war against the press.

The ruling that there “ can be no doubt ” that Piers Morgan knew about phone hacking while he was editor at the Mirror (which Morgan denies ) has probably emboldened the Prince for the next two contests against Associated News and News UK for alleged violations of privacy and unlawful information gathering.

Harry stated in an interview earlier this year that campaigning against the injustices of the press had become his life’s work . And, as media lawyer Persephone Bridgman Baker told Sky News: “We certainly haven’t seen the end of phone hacking [in the courts].”

• Rupert Murdoch
• News of the World
• Phone hacking
• Rebekah Brooks
• Leveson Inquiry
• Daily Mirror
• Prince Harry
• Give me perspective

Research Fellow – Beyond The Resource Curse

Audience Development Coordinator (fixed-term maternity cover)

Lecturer (Hindi-Urdu)

Director, Defence and Security

Opportunities with the new CIEHF

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug Bounty Radar

The latest programs for February 2023

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Infosec beginner?

A rough guide to launching a career in cybersecurity

Cybersecurity conferences

A schedule of events in 2022 and beyond

Legitimate hacking activities under UK law proposed by ‘expert consensus’

Contentious edge case activities are no excuse for further delaying of ‘much overdue’ reform, say campaigners

Campaigners for reform of the UK’s Computer Misuse Act (CMA) have identified cybersecurity activities that should be legally defensible amid an ongoing government review of the 1990 law.

Based on the “consensus” view of experts, these legitimate hacking activities included responsible vulnerability research and disclosure, proportionate threat intelligence, best practice internet scanning, enumeration, use of open directory listings, and honeypots.

This consensus “would form the core basis of a new legal environment for cybersecurity professionals based on a statutory defence,” says a report (PDF) published yesterday (August 15) by the CyberUp campaign.

RELATED Statutory defense for ethical hacking under UK Computer Misuse Act tabled

Far from unleashing “a wild west of cyber vigilantism”, such a defense “will enable the UK’s cybersecurity sector to more effectively protect the UK as part of the whole-of-society effort, whilst ensuring cybercriminals can still be prosecuted”.

The CyberUp campaign also set out actions that should broadly be considered illegitimate, such as so-called ‘hack backs’ and malware deployment, as well as ‘active defence’ techniques that “still represent a grey area”.

These “contentious edge cases”, which require “further consultation and discussion as the policy formation process develops”, include exploitation of vulnerabilities, verification of passive-detected vulnerabilities, infiltrating a bad actor’s network, credential stuffing, active intel gathering, forensic analysis, botnets, and neutralizing suspicious or nefarious assets.

CyberUp insisted that the existence of edge cases is no excuse for further delaying of “much overdue” reform.

The results were based on input from 15 cybersecurity researchers, consultants, and other experts who assessed activities according to the potential harms and benefits accrued.

The degree of ‘consensus’, whereby more than 50% of experts agreed, varied considerably.

For instance, 100% agreed that use of sandboxes caused no or limited harm but delivered clear benefits, whereas 64% agreed that patching third-party networks or using remote desktop protocol (RDP) connections to obtain information from an attacker’s computers potentially ran the risk of causing harm but also provided worthwhile benefits.

Importance of intent

“Unsurprisingly, the exercise also revealed the limitations of any effort to isolate techniques, activities, and actions from the intent of an actor”, where the CMA currently “falls short”, said the report.

Rather than relying on binary lists of legitimate and illegitimate activities, which would quickly become out of date as techniques and technology evolved, CyberUp recommends that courts use broad principles to judge instances of unauthorised access.

A defense framework (PDF) published in 2021 by CyberUp establishes a set of such principles.

Read more of the latest cybersecurity news from the UK

The CyberUp campaign said it disagreed with suggestions from certain experts it consulted that some activities should only be conducted under license or, more stringently still, where actors “have been certified and have a court warrant to proceed”.

“Our view is that, over time with case law, and ideally with clear guidance from prosecutors, the boundaries of legal conduct will be sufficiently unambiguous to counter the need for the high degree of oversight that is sought by those who prefer a system more tightly regulated by the courts,” said the report.

A review of the aging CMA, which criminalizes “unauthorized access”, was announced in May 2021.

RECOMMENDED Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA

Adam Bannister

@Ad_Nauseum74

We’re going teetotal – It’s goodbye to The Daily Swig

Indian gov flaws allowed creation of counterfeit driving licenses, related stories, password managers part ii, chromium bug allowed samesite cookie bypass on android devices.

• Work & Careers
• Life & Arts

Become an FT subscriber

Try unlimited access Only $1 for 4 weeks

Then $75 per month. Complete digital access to quality FT journalism on any device. Cancel anytime during your trial.

• Global news & analysis
• Expert opinion
• Special features
• FirstFT newsletter
• Videos & Podcasts
• Android & iOS app
• FT Edit app
• 10 gift articles per month

Explore more offers.

Standard digital.

• FT Digital Edition

Premium Digital

Print + premium digital, digital standard + weekend, digital premium + weekend.

Today's FT newspaper for easy reading on any device. This does not include ft.com or FT App access.

• 10 additional gift articles per month
• Global news & analysis
• Exclusive FT analysis
• Videos & Podcasts
• FT App on Android & iOS
• Everything in Standard Digital
• Premium newsletters
• Weekday Print Edition
• FT Weekend newspaper delivered Saturday plus standard digital access
• FT Weekend Print edition
• FT Weekend Digital edition
• FT Weekend newspaper delivered Saturday plus complete digital access
• Everything in Preimum Digital

Essential digital access to quality FT journalism on any device. Pay a year upfront and save 20%.

• Everything in Print
• Everything in Premium Digital

Complete digital access to quality FT journalism with expert analysis from industry leaders. Pay a year upfront and save 20%.

Terms & Conditions apply

Explore our full range of subscriptions.

Why the ft.

See why over a million readers pay to read the Financial Times.

International Edition

Two sentenced under the Computer Misuse Act for data theft

The individuals were accused of siphoning away personal data from RAC to an accident claims management firm

The Information Commissioner’s Office (ICO) has led the successful prosecution of two individuals for violating the Computer Misuse Act (CMA) 1990 by stealing personal data to make nuisance calls.

Kim Doyle, a former RAC employee, was found guilty of transferring personal data to an accident claims management firm without permission, including road traffic accident data such as names, mobile phone numbers and registration numbers.

An ICO investigation found that Dyle transferred the data she had obtained to William Shaw, the director of TMS, with this data subsequently being used to make nuisance calls. This constituted a breach of the CMA, with Doyle pleading guilty to conspiracy to secure unauthorised access to computer data, and selling unlawfully obtained personal data.

Both Doyle and Shaw, as a result, have each been handed an eight-month prison sentence, suspended for two years.

Brave accuses the ICO of ‘falling asleep at the wheel’ Computer Misuse Act 'putting critical UK infrastructure at risk' UK gov urged to overhaul "unfit for purpose" Computer Misuse Act

“People’s data is being accessed without consent and businesses are putting resources into tracking down criminals,” said Mike Shaw, who heads up the UK data regulator’s criminal investigations team.

“Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims. Offenders must know that we will use all the tools at our disposal to protect people’s information and prevent it from being used to make nuisance calls.

“This case shows that we can, and will take action, and that could lead to a prison sentence for those responsible.”

Get the ITPro. daily newsletter

Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.

This is only the latest in a handful of prosecutions made under the CMA, led by the ICO. In June 2020, for instance, a businesswoman was sentenced for illegally accessing a company’s servers and deleting files months after resigning as a director.

While only a few individuals are prosecuted under the CMA, historical research had found that more than a third of IT workers admitted to violating this legislation. The research from 2016 showed that roughly half of employees surveyed admitted to retaining access to their former employer’s network, while 36% admitted to accessing corporate systems after leaving their roles.

The act itself, however, is widely deemed out-of-date and counterintuitive by many working in the IT sector and in cyber security.

According to research published last year, the 30-year-old legislation is preventing cyber security professionals from doing their jobs . Many, in particular, are worried about whether may be breaking the law while researching vulnerabilities, or investigating threats. Specifically, 40% of those surveyed said the CMA has acted as a barrier to them or their colleagues and has prevented them from proactively safeguarding against breaches.

A coalition of businesses, trade bodies, lawyers and cyber security lobby groups also wrote to the prime minister, Boris Johnson, in June 2020 urging his government to reform the CMA for similar reasons. This group included techUK, F-Secure, McAfee and Trend Micro, among other organisations.

The Criminal Law Reform Now Network (CLRNN) has also reported on the shortcomings of the CMA, claiming in January last year that the legislation is putting critical UK infrastructure at risk .

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.

Rubrik IPO plans show surging appetite for data protection solutions

Top SSE use cases

Microsoft’s new London AI hub is another "huge vote of confidence" for the UK tech sector

Most Popular

By Emma Woollacott April 05, 2024

By Daniel Todd April 05, 2024

By George Fitzmaurice April 04, 2024

By Solomon Klappholz April 04, 2024

By Steve Ranger April 04, 2024

By Steve Ranger April 03, 2024

By Daniel Todd April 03, 2024

By Emma Woollacott April 03, 2024

Generative AI security

The business value of Zscaler Data Protection

2024 State of the phish report

Bring your storage from ground to cloud

• 2 Microsoft’s new London AI hub is another "huge vote of confidence" for the UK tech sector
• 3 Over 92,000 old D-Link NAS devices are open to a high severity flaw — and there’s no way to patch
• 4 Why Flux CD’s survival is another major victory for the open source community
• 5 EU lawmakers drop sovereignty requirements for cyber security labeling scheme

For enquiries call:

+1-469-442-0620

Ethical Hacking Case Study: Times When Hackers Avoided Setbacks

Home Blog Security Ethical Hacking Case Study: Times When Hackers Avoided Setbacks

Over the years, there has been a huge rise in cybercrime attacks due to the general public's lack of knowledge about hacking and internet-related crimes. Unfortunately, this goes for both common people as well as big companies. People generally think that having an antivirus that offers cyber security is enough for them to stay safe on the internet. The same goes for big corporations that do not use high-quality protection for their data. This is where ethical hackers come into play with some really impressive ethical hacking cases where they saved the day.

Ethical Hacking - An Overview

Bypassing or breaking through the security mechanisms of a system to search for vulnerabilities, data breaches, and other possible threats is an example of ethical hacking. It has to be done ethically to comply with the laws and regulations relevant to the area or the company. Because an individual must go through several procedures to get into a system and record it, this form of infiltration is referred to as "penetration testing" in the industry jargon. This is because an individual must record the system after entering it. 

You must be wondering what ethical hackers are? They are people who possess the same knowledge as hackers but use this knowledge to boost internet protection protocols and software. You, too, can learn how to be an ethical hacker using a CEH certification training course. They are the ones who protect us from actual hackers. There are multiple categories of ethical hackers, such as: 

• Black hat hackers: They use their knowledge for malicious intent, blackmail, etc. 
• White hat hackers: They possess the same knowledge as the black hat hackers but use their knowledge to help companies increase their defenses against the black hat hackers.

How Do White Hat Hackers Work?

With the growing rise in hackers on the internet, companies have begun using ethical hackers to scope out the flaws and vulnerabilities in their software and protection programs. But, how do these ethical hacking cases work? These people use the same techniques as Black hat hackers to penetrate a company's defenses. By doing so, they can understand the safety flaws. This gives them the inside edge to patch the flaws to ensure that hackers cannot get through the protection.

There have been multiple instances where ethical hackers have been able to spot cracks in a company's security and save them from having huge security leaks due to hackers, which would result in huge losses. The following ethical hacking case study is six instances where ethical hackers were able to save a company from dealing with data leaks and suffering huge financial losses.

Case Studies of Ethical Hacking

1. a crack in wordpress leaked user information.

Back in 2019, a new plugin was released for WordPress called Social Network Tabs. As you know, most people use WordPress to make their websites. This plugin got very popular, but none knew about the vulnerability. It basically helped users share their website content on social media.

Baptiste Robert was a French security researcher who was known online by his user handle, Elliot Alderson. He was the one who found the crack in the plugin, which was given the ID CVE-2018-20555 by MITRE. You can find this case and similar ones in a case study on ethical hacking PDF online.

You must be wondering what exactly did this flaw in the plugin do? The flaw in the plugin compromised the user's Twitter account. Since the plugin is connected to the user's social media account, the vulnerability leaked the user's social media details. Robert was the first to spot this leak and was fast to notify Twitter about it, which helped secure the user's accounts that got affected by it.

2. Oracle's vulnerability in their WebLogic servers

In 2019, Oracle released a security update without any prior notice. This took fans by surprise until they learned why this happened. The security patch was a very critical update that fixed a code vulnerability in the WebLogic Server.

The flaw was brought to light by a security firm known as KnownSec404. The vulnerability was labeled as CVE-2019-2729 which received a level of 9.8/10, which is pretty high. The vulnerability left it open to be attacked by hackers targeting two applications that the server left open to the internet.

3. Visa card vulnerability that allowed for a bypass in payment limits

This was one of the most famous ethical hacking cases brought to light on the internet. It took place on July 29th, 2019. Two security researchers from a company called Positive Technologies spotted a security weakness in Visa contactless cards that allowed hackers to bypass the payment limits. This flaw in their security would cost the company a huge loss. This one case boosted the interest in ethical hacking. As a result, multiple students began taking cyber security course certificates online to learn more.

Tim Yunusov, the Head of Banking security, and Leigh-Anne Galloway, the Cyber Security Resilience Lead, were the ones who discovered this. This was made public after five major UK banks were targeted. The contactless verification had a limit of £30 on Visa cards, but due to this weakness, hackers could bypass this limit.

4. Vulnerabilities allow for ransomware in Canon DSLR

In 2019, the DefCon27 was held, which was attended by Eyal Itkin. He was a vulnerability researcher at Check Point Software Technologies. He revealed that the Canon EOS 80D DSLR had a vulnerability that the PTP, which was the Picture Transfer Protocol, had an issue whereby ransomware could be transferred into the DSLR using the WiFi connection.

He went on to highlight that there were six vulnerabilities in the PTP that made it an easy target for hackers. They could easily get into the DSLR using this crack in the firmware. The objective of the hackers was simple. Infiltrate the DSLR and infect it with ransomware that would render the pictures useless to the user. The user would have to pay a ransom to get the pictures back to the hacker.

The team working with Eyal informed Canon about the security breach vulnerability. A few months later, Canon released a notice saying that the vulnerability was never exploited by hackers, which means that it was never discovered. However, they also announced that users should take safety precautions to keep themselves safe.

5. Zoom on the Mac could be hacked and expose the camera

On July 9th, 2019, Jonathan Leitschuh exposed a very critical vulnerability in Appel's Macs. This flaw in the security framework allowed hackers to take control of the user's front camera. As a result, many websites could force a user into a Zoom call without their knowledge or permission. This was something that invaded privacy, and millions of people who would conduct meetings or even use Zoom, in general, were at risk. This is an important ethical hacking case as it was broken on social media to make people aware. The very same day, Apple sent out a fix that was a simple patch that users could download and install to fix the issue. Zoom, too, didn't waste any time by issuing a quick-fix patch to stop the issue. 

6. A backdoor could allow hackers to execute root commands on servers

DefCon27 was where many ethical hacking cases came to light. Another one was the case of Özkan Mustafa Akkuş, who was a Turkish security researcher. They exposed a vulnerability in Webmin, a web-based system configuration in Unix-like systems.

The vulnerability was labeled CVE-2019-15107; it was a backdoor entry that allowed hackers to execute commands with root privileges. This left users exposed to hackers that could take control of their systems or hold it for ransom.

This is an important ethical hacking case study as Jamie Cameron, who is the author of Webmin, claimed that the backdoor was set by an employee. This was something that wasn't known to the company. They announced a new patch update to the new software version, which would be released to all the users.

A very important case study to know about that was featured in the case study of ethical hacking PDF was that of Zomato in India.

7. What happened to Zomato?

In 2017 a hacker broke into the security of Zomato, one of the biggest online restaurant guides and food ordering apps. The hacker was after five things. 

• Names 
• Emails 
• Numeric user IDs 
• User names 
• Passwords 

The amount of data lost was in the millions as 17 million users were targets. The hacker was able to put up this information on the darknet for anyone to buy before starting talks with the company. This was one of the most shocking ethical hacking cases in India. This also led people to question the cyber security of the country.

Once this case was exposed to the public, Zomato issued a few blogs where they spoke about the real person behind this breach. It was said that the work was done by an ethical hacker who wanted to bring the issue of national cyber security to light. It worked as the whole country began talking about cyber security. 

8. The bug bounty program

This was a reward program started to get talented individuals to use their hacking skills to expose the weaknesses in the company's security programs. Today, multiple companies use this program to find the issues in their security. Companies like Google, Microsoft, and Facebook have invested millions in this program to find the flaws in their system and make them stronger against cyber-attacks.

The individual can get cash awards or even recognize if they can point out and fix the issue. This has brought to light multiple numbers of issues as well as many talented, ethical hacker cases that we have ever seen. 

Many people are now interested in taking up ethical hacking as their career. You can get the KnowledgeHut’s CEH certification training to learn more about ethical hacking.

In conclusion, ethical hackers are essential to the cyber security field. They are the ones who can figure out the flaws in any system and the ones who can also provide quick fixes. They are important to know how to keep your data safe in these troubled times. If you wish to know more about ethical hacking, you can get the case study on ethical hacking PDF, which you can find online. These case studies are important as they highlight the weakness in online security firmware. These need to be fixed as they could mean a potential data leak which could result in a huge financial and reputation loss for the companies that suffer it. Employing White Hat hackers is one way of fighting against it.

Frequently Asked Questions (FAQs)

An example of ethical hacking done by White Hat hackers is simulating an attack on a system to see if there are any flaws in the system. They can also use the information found online about the company to find a way to infiltrate the company's security.

The role of an ethical hacker is simple. They possess the same knowledge as Black Hat hackers. But, the only difference is that they use their knowledge to spot the flaws in security systems so that they can fix them. They just want to make the security impenetrable to any attacks.

The five steps are: 

• Reconnaissance: This step is about understanding the network and security features. 
• Scanning: This is where they scan for the flaws in the system to see if there could be any entry.
• Gain Access: This is where they gain access to the system by any means necessary. 
• Maintain Access: This is where they keep their presence inside the security software or firmware without alarming anyone or losing access to the system.
• Cover Tracks: This is where they cover up any tracks they left while getting inside or leaving the system.

Vitesh Sharma

Vitesh Sharma, a distinguished Cyber Security expert with a wealth of experience exceeding 6 years in the Telecom & Networking Industry. Armed with a CCIE and CISA certification, Vitesh possesses expertise in MPLS, Wi-Fi Planning & Designing, High Availability, QoS, IPv6, and IP KPIs. With a robust background in evaluating and optimizing MPLS security for telecom giants, Vitesh has been instrumental in driving large service provider engagements, emphasizing planning, designing, assessment, and optimization. His experience spans prestigious organizations like Barclays, Protiviti, EY, PwC India, Tata Consultancy Services, and more. With a unique blend of technical prowess and management acumen, Vitesh remains at the forefront of ensuring secure and efficient networking solutions, solidifying his position as a notable figure in the cybersecurity landscape.

Avail your free 1:1 mentorship session.

Something went wrong

Upcoming Cyber Security Batches & Dates

• International edition
• Australia edition
• Europe edition

News of the World: 10 years since phone-hacking scandal brought down tabloid

On the anniversary of the Murdoch-owned newspaper’s final issue, journalists reflect on the Guardian expose that sealed its fate

Ten years ago this morning, newsagents took delivery of the final issue of the News of the World . But for the man who, through his investigations in the Guardian, set off the events that brought down the UK’s biggest-selling Sunday newspaper, it did not feel like a victory.

“Nobody at the Guardian wanted the News of the World to close down,” said Nick Davies , the reporter who exposed the phone hacking scandal. “We hadn’t even dreamed that the Murdochs would do such a horrible thing.”

Over the course of a few days in July 2011, the News of the World had gone from having tens of millions of readers who every weekend lapped up its agenda-setting mix of sex, scandal and scoops to becoming a pariah publication considered beyond salvation.

It began on the Monday of that week when Davies and colleague Amelia Hill revealed that the News of the World’s reporters had illegally accessed the voicemails of murdered schoolgirl Milly Dowler . By Thursday, owner Rupert Murdoch had concluded his 168-year-old tabloid had became politically toxic and threatened his takeover of broadcaster Sky. He abruptly shut the paper down and sacked most of the 200 staff.

“Usually we made the news, but at that point we’d become the news,” said Tom Latchem, the News of the World’s TV editor when it closed , speaking a decade on. He began to realise the newspaper was doomed when the candidate fired by Alan Sugar on that week’s episode of The Apprentice cancelled an interview as a result of the Dowler story: “I thought, we’re really in trouble here. If these people who are desperate for fame, at almost any cost, are pulling out then that’s not a great sign.”

For years Murdoch’s company had falsely maintained that just ‘one rogue reporter’ – former royal editor Clive Goodman – had hacked voicemails, while paying off other celebrity victims and playing down Davies’ stories. But it was the Dowler revelation that caught the public’s attention.

Ten years on, former News of the World staff – and victims of its tactics – have taken part in an episode of Radio 4’s Archive on 4 about the closure. They recall a pressurised newsroom where almost any method was justified to get a front page scoop, with thousands of pounds kept in a safe in the office to buy up stories at the last minute.

“It got to the ridiculous stage sometimes where I’d be sending out someone on a story and the features department would also be sending a reporter and we’d be bidding against each other,” said James Weatherup, a former news editor who later pleaded guilty to phone hacking .

Paul McMullan, a former News of the World reporter, described a typical sting: “[A celebrity] checked into a hotel room in Paris with a new girlfriend who wasn’t his wife. So what we did is we rang up the hotel pretending to be his accountant and said, we need the entire bill, please with all the phone calls so we can itemise it. And the hotel rather stupidly just faxed over his bill and we just rang all of the numbers until we found the home number of his girlfriend, then sent some paparazzis to get a picture.”

McMullan, who infamously told the subsequent Leveson inquiry into press ethics that “privacy is for paedos” also described leading the newspaper’s campaign against paedophiles, which inadvertently led to a paediatrician’s home being vandalised in south Wales : “It is amazing that you can just write something that took an afternoon and people were rioting in the streets.”

But it was the desire to scoop rivals using almost any method possible that would bring about the downfall of the paper. News editor Greg Miskiw helped introduce phone hacking to the newspaper after learning about it from a private investigator: “One day during a conversation, he said, you do realise that I can listen to people’s voicemails? And I said, wow, that’s astonishing, we might use that service. And so we did.”

The technique was simple. All it required was knowing an individual’s mobile phone number. The reporter would ring it, hope it went to voicemail, then guess the individual’s PIN – usually still set to the default of ‘0000’ or ‘1234’. They could immediately listen to all the voicemails left on that individual’s phone. In an era before smartphones made it easier to send lengthy text messages, a typical set of voicemails could include everything from declarations of love to private medical information.

“I would choose my targets very, very carefully,” said Miskiw. “But by the time I left the London office, the people put in charge were just hacking everybody. And that’s how it eventually unravelled.”

Thousands of people were targeted. Journalists listened in to hundreds of messages left by the then home secretary David Blunkett , who was in charge of the police and security services.

Blunkett said the subsequent front page expose of his relationship with a married woman caused friendships to break down: “I was in the public eye. And I was responsible for my behaviour. But it’s always the family of people that gets hurt.”

Murdoch is said to have regretted the decision to shut the newspaper. At one point after its closure he informally suggested to BuzzFeed , then a fast-growing online news outlet aimed at millennials, that it could reuse the News of the World brand. They declined.

Instead, he is still dealing with the clear-up bill. Fifteen years after the first phone hacking conviction, tens of millions of pounds are still being spent by News UK every year settling claims from phone-hacking victims. The practice was also widespread at the Mirror and Sunday People, all of which continue to deal with cases.

The biggest UK tabloid that never admitted hacking voicemails is the Sun, the News of the World’s sister newspaper. Despite this, only last month Murdoch’s company paid substantial damages to former MP Simon Hughes who specifically claimed he was illegally targeted by the Sun . The settlement ensured Hughes’ claims were never heard in open court.

When pictures of Matt Hancock’s clinch with an aide were splashed on the front page of the Sun last month, it was a rare throwback to the era where such exposes arrived almost every Sunday. Even then, much-tightened privacy law meant it was the couple’s breach of social distancing rules – as much as the affair – which helped legally justify publication.

Looking back at the News of the World’s closure a decade on, Davies said a chance for real change had been missed: “There was an extraordinary period which only lasted a few weeks and it was like seeing the teacher chased out of the classroom. And just for a brief period, we didn’t have to be frightened of Rupert Murdoch and his dreadful newspapers and politicians were free to say what they thought and advertisers were free to tell him to get stuffed.

“But you know, power doesn’t relax its grip easily. And slowly and insidiously Murdoch got his bony fingers back around the throat of British public life and has kept them there.”

• News of the World
• Phone hacking
• Rupert Murdoch
• Leveson inquiry
• Privacy & the media
• Press intrusion

Most viewed