Ka’idojin Mu’amala da “Password” (6)

Tarihin Sace-sacen “Password” a Duniya

Kasancewar “Password” wani makami ne mai matukar mahimmanci, mabudi ne dake sadar da duk wanda ya mallake shi ga abin da yake son kaiwa gare shi na bayanai, yasa kowa ke kaffa-kaffa da nasa.  Abu na farko da duk wani gidan yanar sadarwa mai bayar da damar bude akwatin Imel  a gidan yanar sadarwarsa ko wani kamfani ko ma’aikata ko hukuma dake baiwa ma’aikatanta ko jami’anta akwatin Imel ke yi a farkon lamari, shi ne fadakar da duk wanda suka ba “Password” cewa ya rike kalmar da mahimmanci; kada ya baiwa kowa, kuma kada ya bari wani ya gani a sadda yake shigarwa da dai sauransu.  Meye dalili?

Babban dalilin hakan kuwa bai wuce irin kwamacala da badakalar da aka samu a shekarun baya, sadda mutane basu cika damuwa da boye bayanansu na Imel ko akwatin sadarwarsu ba.  Sadda galibin hukumomi da kamfanoni basu cika tsaurara matakai ba wajen tabbatar da kariya ga bayanan mutanen da suke hulda dasu.  Wannan ne ya haifar da wani bakin zamani inda sace-sace da fasakwaurin “Password” ya bunkasa a duniya baki daya.  ‘Yan Dandatsa (Hackers) suka rika shiga rumbunan bayanan kamfanonin Imel (irin su Yahoo, da Google, da Microsoft), da gidajen yanar sadarwa na dandalin abota (irin su LinkedIn, da Adobe, da Twitter, da Americaonline) don sacewa da hankado bayanan sirrin mutane, suna sayarwa ko amfani da hakan don sace bayanan dake cikin Imel din jama’a don wata bukata daban.

A cikin kasidarmu mai take: “Duniyar ‘Yan Dandatsa” wanda aka buga a wannan shafi a shekarar 2010, mun yi bayanin dalilan dake sa ‘Yan Dandatsa aiwatar da ire-iren wadannan ayyuka na assha.  Bayan neman duniya, akwai son burgewa, akwai ramuwa, akwai yarinta/kuruciya, sannan akwai nuna isa.  Ba wai “Password” kadai ba, hatta lambobin katin adashin banki (Credit Card Numbers) na mutane suna sacewa.  A wasu lokuta kuma su sace lambar katin tallafin kasa (Social Security Number) da hukuma ke baiwa marasa aikin yi a kasashensu (kamar Amurka da Ingila misali), don samun debe dan canjin da ya rage musu a ciki.  Sabanin yadda muke fahimta, wadannan lambobi na katin adashin banki da na katin tallafin kasa da hukuma ke baiwa mutane a wadancan kasashe, duk su ma “Password” ne.

A yau in Allah ya so za mu koma dakin tarihi ne, don sanin wasu daga cikin shahararrun sace-sace da fasakwaurin “Password” da aka yi a baya.  Wannan zai taimaka mana wajen sanin mahimmancin “Password” dinmu, don agaza mana wajen kara kaimi a fagen basu kariya a kowane lokaci.

Yuli 16, 1998

Ranar 16 ga watan Yuli na shekarar 1998 ne hukumar binciken kimiyya ta duniya dake kasar Suwizalan, wato CERT, ta ruwaito yadda wani Dan dandatsa ya afka wa wata kwamfuta ko kwamfutoci, inda ya sace a kalla “Password” da adadinsu ya kai 186,126.  Sadda ya sace wadannan “Password” a hakikanin yanayinsu ya sace su, ba ya sace ne a yanayin kulluwa, wato “Encrypted Form.”  A wannan yanayi, kana iya ganin lambobi ko bayanai masu wakiltar “Password” din ne, amma ba hakikaninsu ba.  Amma akwai manhajojin kwamfuta da ake amfani dasu don “bude” su da bayyana hakikaninsu, kamar yadda za mu yi bayani nan gaba.  A lokacin da aka kama wannan Dan dandatsa, tuni ya riga ya kwance/bude guda 47,642 daga cikin wancan adadi da ya sato.

Disamba 2009

A cikin watan Disamba na shekarar 2009 an ruwaito cewa, a cikin wani sata na musamman da ya auku a gidan yanar sadarwar kamfanin “Rockyou” dake www.rockyou.com, wani Dan dandatsa ya sace “Password” da adadinsu ya kai miliyan 32!  Wannan adadi ne mai girman gaske.  Yana gama sace wadannan “Password” nan take ya jera su a shafinsa na Intanet gaba dayansu, ba tare da bayyana sunayen masu “Password” din ba.  Wannan Dan dandatsa ya yi amfani da tsarin “SQL Injection” ne, wanda daya ne daga cikin hanyoyin da ‘yan Dandatsa ke bi wajen sace “Password” daga rumbun bayanai na kwamfuta dake Intanet ko wani Zangon Sadarwa.  Cikin sauki ya aiwatar da wannan ta’asa, domin “Password” din gaba dayansu an taskance su ne a hakikaninsu (Clear Text), ba tare da wata kariya ba.

Yuni 2011

A watan Yuni na shekarar 2011 wasu ‘Yan dandatsa sun barko cikin rumbun bayanan hukumar NATO dake nahiyar Turai, inda suka sace bayanan kwastomominsu dake sayan littattafai a shafinsu na yanar gizo.  Wadannan bayanai na mambobin shafin ne masu rajista, wanda adadinsu ya kai 11,000.  Bayanan sun hada da Sunan Yanka (First Name), da Sunan Mahaifi (Last Name), da Sunan Imel (Username) da kuma “Password” dinsu gaba daya.  Kuma nan take wadannan ‘yan dandatsa suka bayyana bayanan a shafinsu na Intanet, don nuna isa.  Da bincike ya kai makura, sai aka gano kungiyoyin suka aiwatar da wannan ta’asa.  Kungioyin kuwa sun hada da kungiyar “Anonymous” (shahararriyar kungiyar Dandatsa da tayi fice a duniya baki daya), da kungiyar “LulzSec” (wacce ita ma ta shahara wajen dandatsanci).  Sun yi wannan aiki danye ne cikin wani yunkuri da suka sanya wa suna: “Operation AntiSec.”  Babbar manufar wadannan kungiyoyi shi ne, sato bayanan sirri a ko ina suke, ta amfani da kowace hanya, don bayyana wa duniya.  A ra’ayinsu, sunce bai dace ace akwai wasu bayanai da ake boye wa wasu sai wasu kadai suke isa gare su ba, ko kadan.  Dankari!  Wani aikin sai ‘yan dandatsa.

Yuli 11, 2011

A ranar 11 ga watan Yuli na shekarar 2011 dai har wa yau kungiyar ‘Yan dandatsa ta “Anonynmous” ta afka wa manyan kwamfutocin kamfanin “Booz Allen Hamilton” dake yi wa hukumar tsaron Amurka ta Pentagon aiki, inda ta sace bayanan sirri (Suna da kalmar iznin shiga – Usernames and Passwords) na jami’an sojin Amurka da adadinsu ya kai dubu casa’in (90,000)!  Wannan yunkuri nasu, wanda kungiyar ta sanya wa suna: “Military Meltdown Monday,” yai sanadiyyar sace bayanan da suka hada da na jami’an sojin kasa na kasar Amurka, da na sojin sama, da na sojin lura da sadarwa na kasar Amurka, da Hukumar Tsaron Cikin gida (Homeland Security), da na jami’an hukumar ofishin shugaban kasa, da na wasu ma’aikatan da ake kyautata zaton ‘Yan kwangilar da hukumar ke amfani dasu ne wajen aikace-aikacensu.  Duk da cewa hukumar ta kulle wadannan “Password” din ne ta amfani da tsarin layance bayanai na “SHA1”, da aka kwance su gaba daya, sai ya bayyana cewa hatta sojoji su ma suna amfani da kalmomin “Password” masu saukin ganewa da tunawa.

Shekarar 2012

Shekarar 2012 ce shekarar da a cewar masana harkar kariyar bayanai a fannin sadarwa ta duniya, tafi kowace shekara yawaitan sace-sacen “Password” a duniya baki daya.  Domin a watanni ukun farko na shekarar kadai, an sace “Password” da adadinsu ya kai miliyan 9!   A shekarar ce aka sace “Password” guda miliyan shida da rabi (6.5 Million) daga gidan yanar sadarwa na abota da neman aiki a Intanet, wato “LinkedIn” (www.linkedin.com).  Wannan ya faru ne a watan Yuni na shekarar.  A lokacin ne kuma aka sace “Password” miliyan ashirin da hudu (24 Million) daga gidan yanar sadarwan kamfanin “Zappos” (www.zappos.com).  Wadannan “Password” an sace su ne tare da Sunayen (Usernames) masu su gaba daya.  Sha yanzu magani yanzu kenan.  Har wa yau, a cikin shekarar ne aka sace zallan “Password” guda miliyan daya da rabi (1.5 Million) na masu rajista a gidan yanar sadarwar “eharmony” (www.eharmony.com).  Wannan sata ta kunshi Sunaye ne tare da “Password” dinsu.

Nuwamba 2013

A shekarar 2013 cikin watan Nuwamba, kamfanin “Trustwave” dake bincike kan harkar kariyar bayanai a duniya ya fitar da wani labari dake kunshe da wata badakala na satar “Password” da kamfanin yace ya shafi gidajen yanar sadarwar dandalin abota da dama.  Abin da ya faru kuwa shi ne, wasu ‘yan Dandatsa ne suka dasa wata manhaja dake iya kallo da hardace dukkan abin da mai kwamfuta ke shigarwa ta hanyar allon rubutunsa (Keyboard), kuma ta aika wa wadanda suka dasa ta nan take.  Wannan manhaja da a fannin kimiyyar kariyar bayanai ake kira da suna: “Keylogger” ta hardato musu Suna (username) da “Password” din mutane sama da miliyan biyu daga gidajen yanar sadarwa irin su: Facebook (“Password” 318,000), da Gmail (“Password” 70,000), da Yahoo! (“Password” 60,000), da Twitter (“Password” 22,000), da Odnoklassniki (“Password” 9,000), da ADP (“Password” 8,000), da shafin LinkedIn (“Password” 8,000).  Wadannan wasu ne daga cikin shahararrun gidajen yanar da wannan manhaja ta sato bayanan da aka shigar musu a lokacin.

Wannan kamfani na “Trustwave” yace da ya bibiya hakikanin rumbun dake adana wadannan “Password” da manhajar take satowa, sai ya ga a kasar Holand Uwar-garken (Server) take.  Wannan kamfani yace nan take ya sanar da wadancan gidajen yanar sadarwa kan abincikensa, inda suka gudanar da bincike na musamman su ma, tare da bayyana wa jama’a abin da ya faru.

Zan ci gaba mako mai zuwa.