First Hacker In Pakistan

0 views

Skip to first unread message

Laila Berri

unread,

Aug 3, 2024, 2:01:07 PM8/3/24

to milcacudis

Rafay Baloch (born 5 February 1993) is a Pakistani ethical hacker and security researcher. He has been featured and known by both national and international media and publications[1][2] like Forbes,[3] BBC,[4] The Wall Street Journal,[5] The Express Tribune[1] and TechCrunch.[6] He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx.[1][7] Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide"[8] and among "Top 25 Threat Seekers" [9] by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer.[10] On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award.[11][12][13][14][15] In 2021, Islamabad High court designated Rafay Baloch as an amicus curia for a case concerning social media regulations. [16][17][18]

Rafay Baloch was born in 1993 in Karachi.[19] He attended Bahria University from which he obtained a bachelor's degree in computer science. Baloch is presently listed in the Hall of Fame at Bahria University.[20] In 2020, Rafay has also been awarded a Chevening Scholarship.[21]

Baloch began his hacking career while he was still doing his bachelor's. He then wrote a book called "Ethical Hacking Penetration Testing Guide[22]". His new book " Web Hacking Arsenal: A Practical Guide to Modern Web Pentesting" is scheduled for release in August 2024.[23][24][25][26][27][28] He is amongst the first Pakistani security researcher to be acknowledged by Google, Facebook, PayPal, Apple, Microsoft[29] and numerous other international organizations.

He has also written several papers on information security, namely "HTML5 Modern Day Attack Vectors", "Web Application Firewall Bypass", and "Bypassing Browser Security Policies for Fun and Profit".[30]

Google then released WebView as a stand-alone application that could be updated separately from the Android version of a device. Simply put, the re-architecting of the WebView would benefit the latest versions of Android, Lollipop 5.0 and Marshmallow 6.0.[63] But this option remains unavailable to anyone on an older version of the operating system.[55]

In 2018, he moved to a new city to start university. He found his calling there, primarily through tech meetups like Developer Circles Islamabad, his first of many. Just one year later, he went from a shy attendee to a speaker at Facebook Hackathon. This transformation was a direct result of the various hackathons he attended and organized, where he gained confidence in his skills and became a crucial part of many networks and communities.

Arsalan has cast a wide net very quickly. His public speaking and technical expertise have led to him live-streaming with GitHub Education, Dev.to, and Microsoft. His mentorship roles in various organizations (including Major League Hacking) have helped less experienced hackers find their own success. He brings younger students at his university into the hacker community, giving them hands-on positions in communities he founded, such as Google Developer Student Clubs (GDSC) NUML. He also supports new members of Microsoft Learn Student Ambassadors (MLSA) Islamabad, helping them extend their reach and scale as a chapter.

MLH is a major part of his life today more than ever. After graduating as a Fellow, he became a Pod Leader, helping grow students in the Fellowship, and excelled. He saw how well he worked with community members and knew he could have a future with the organization. In early 2022, he applied to work for MLH, and today he is a full-time employee.

Arsalan has flourished in technology, coding, and programming. He has grown in confidence, building his brand and speaking at large events, and is well on his way to guiding others in the MLH community to be their best.

The first computer virus was created for research purposes by Bob Thomas at BBN technologies. Referred to as the Creeper Virus, the self-replicating program was detected on the ARPANET in 1971 and foretold the potential of future viruses to cause significant damage to computer systems.

Cybersecurity was a term yet to be coined, let alone an active field, so creating groundbreaking applications for communications and business efficiency was the principal focus of these years. Nevertheless, an underground economy was slowly growing in strength, as viruses started to take hold.

AOL, the leading internet provider of the decade, unwittingly became an attack vector itself, as cybercriminals would steal user credentials, launch phishing attacks, and spam other AOL users through instant messenger or email.

Max Butler, a security consultant for the FBI among others, hacked into U.S. government websites under false pretenses. The U.S Air Force alerted officials to his misdeeds, and he received an 18-month sentence. Later, for another illicit foray, he was sentenced to 13 years, a record for a hacker.

The first decade of the new millennium saw more sophisticated attacks and an abundance of advanced persistent threat actors (APTs), most of which were sponsored by nation-states. The evolution of cybercrime meant new viruses and worms, which caused significant damage to critical sectors of the global, digital economy.

2010-2020 saw an explosion in cybercrime, turning what was once a cottage industry into a big, global business. Attackers developed new malicious programs and techniques, which increased both the cybercrime rate and the number of attacks per day. Trillions of dollars were lost.

The decade also saw the rise of ransomware, as digital currencies like Bitcoin, the digitizing of organizations, and the proliferation of mobile devices, new operating systems, and the dark web, gave threat actors new avenues and resources for attacks.

The Zeus Trojan virus was distributed around the world via email in an attack targeting financial services organizations. The 100-plus-person crime ring, based largely in the U.S., managed to steal more than $70 million from American banks.

In a notorious nation-state attack, Operation Aurora was launched by Chinese military hackers on more than 20 leading technology companies. The public was first made aware of the attacks when Google notified the public that its intellectual property had been seized in the attack.

A researcher discovered that Finnish telecommunications Nokia was essentially conducting man-in-the-middle attacks on its smart phone users by sending HTTPs traffic through its servers and decrypting data. The company said it did so to help compress data and keep rates and charges reduced.

A successful spear phishing attack against high-value Defense Department targets with customized emails led to a data breach of information for 4,000 military and civilian personnel who worked for the Joint Chiefs of Staff. The attack forced the Pentagon to shut down its email system.

A cybercrime group known as Impact Team leaks the internal database of Ashley Madison, a dating site frequented by those looking to have an extramarital affair. The group initially held the data for ransom, demanding the site be shut down, and after Ashley Madison resisted, the database was released. The breach brought to light the importance of data security, specifically around user data, as the site had archived and kept the personal information of past users, including credit card information and legal names.

Just a month later, piggybacking on the success of WannaCry was NotPetya, an updated version of the earlier ransomware strain. It took out organizations from shipping giant Maersk to multinational pharmaceutical manufacturer Merck.

A Lithuanian cybercriminal posed as an Asian manufacturer to deceive Google and Facebook employees into wiring over $100 million to untraceable offshore bank accounts. The attack occurred two years before his capture. For their part, Google claimed to have recouped the funds it had lost.

Capital One fell victim to one of the largest data breaches in banking history when over 100 million credit card applications were accessed and thousands of Social Security and bank account numbers were taken. Capital One spent around $150M mitigating damages.