Hackers Use Cyber Security Bloggers for PR

Written by Tanya Koyfman

As in any illegal activity, those who break the law are much more familiar with those that try to enforce it than vice versa. The Russian underground is no exception, and members of different forums know much more about security sources and researchers that the latter know about them. Links to a wide variety of sites and blogs dealing with cyber security issues are frequently posted on forum discussions – sometimes in order to get advice or find out about a new malware that was reported; sometimes to promote sales of a tool or a service; and sometimes just to express feelings of frustration or to make a joke.

Taking into account the fact that Russian hackers often have difficulties with English, we found the phenomenon of referring English sources quite unexpected. Of course references to Russian sources dealing with security are seen as well, but far less than English ones.

Indisputably, the most famous “good guy” on Russian forums is Brian Krebs, a journalist who reports about the cyber-crime world. Links to his posts regarding different types of malware are very common on the forums, and catching his attention is considered a sales promotion act among malware vendors. For example, on one of the forum discussions regarding the sale of malware called “PowerLoader“, one of the repliers advices the seller to leak the malware files to Brian Krebs, “and this will be bring him a lot of clients, after Krebs will write a post about the powerful Russian hackers.” Another less delightful mention of Krebs’ name pertains to hackers’ concerns about infiltration of foreign impostors trying to obtain information or incriminate the forum members. Thus, every post written in English and not in Russian tends to be suspicious and the writer is contemptuously called “Krebsenish“.

The blog “Malware don’t need Coffee” dealing mostly with malware undoubtedly originates in the Russian underground as the author is embedded on some forums, is also well known to Russian forum members. The author is called Caffeine, and links to his malware/vulnerability reviews are frequently posted on them. The funny part of this is that sometimes a forum member uploads a post and instead of describing details or uploading images, he just gives a link to a post in the above-mentioned blog (that quotes another Russian source in more details).

One more Western celebrity among Russian hackers is the French blogger Xylibox, whose blog is dedicated to malware technical analysis. It should be mentioned that the blog is treated with respect and seriousness among the forums members, and is often cited in professional discussions and the sale of malware.

As we can see, the Russian underground is interested in the opposite side at least as much as the opposite side is interested in it. The forum members follow security sites and blogs, try to stay updated with the latest news and trends, and refer to them in their illegal malware sale business. Perhaps their life becomes even easier when someone else does all the marketing for them?!

References to the Brian Krebs and Xylitol blogs on the Russian underground
References to the Brian Krebs and Xylibox blogs on the Russian underground

One thought on “Hackers Use Cyber Security Bloggers for PR

  1. Information is free to all. What we do with that information is up to us. Hackers I recall back in the 90’s were divided into white hat hacker and black hat hacker. White hat meaning good guy and black hat meaning bad guy. Hackers learn from each other whether they are good or bad. This is just a fact of life.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s