Information Sharing between Hackers

Written by Hila Marudi

Arab hacker groups often share cyber information. From time to time, Arab hackers even upload self-written guide books or translate them from other languages. They post them on closed Facebook groups or password-protected forums, reaching a sizeable audience and thus improving the technological capabilities of potential attackers.

By way of example, we traced a series of guide books in Arabic for SQL injection attacks written by an Egyptian hacker nicknamed “Black Rose”. He shared them with his Facebook friends and on closed Arabic forums associated with hacking.

The Table of Contents
The Table of Contents

One of his guides, published in late 2013, addresses different ways to overcome obstacles in SQL injections. It is written mostly in Arabic, with technical terms in English. The instructions are accompanied by various screen shots to illustrate everything as clearly as possible.

Screenshot from the book
Screenshot from the book

We have noticed these kinds of books and instruction guides on different hacker group platforms, as well as personal ones. Although the level of the technical content is mediocre, over the last six months we have discerned an improvement in the hacking capabilities of hacktivist groups.

Slang Used in the Russian Underground

Written by Tanya Koyfman

The language used by native Russian hackers to communicate over the Web is a unique mixture of modern Russian slang, technical English terms from the hacking world and abbreviations commonly used in Web discussions. In addition, non-Russian words are frequently affected by Russian grammar, thus creating new words decipherable only by native Russian speakers with a computer background.

Another noticeable characteristic of this interesting language evolution is the prevalent use of curses, utilized to express a specific idea and not just to swear at other forum members. Moreover, many Russian words are used in new, computer-related contexts with a meaning totally different from that defined in the dictionary. From our experience, these are the hardest to understand if you do not possess a profound understanding of the different hacking fields.

There are plenty of examples of the mechanism of forming words with an English stem and Russian grammatical additions: check, test, crypt, traffic, accounts, information, subject and hide become “chekanut” (чекануть), “testit” (тестить), “kryptanut” (криптануть), traf (траф), “aki” (акки), “infa” (инфа) “subj” (сабж) and “khaid” (хайд). These words have become such an integral part of forum communication that sometimes a Russian speaker will have difficulty separating the non-Russian part of the word.

Abbreviations from English Internet slang also make an appearance, although usually with minimal changes: ТС (originated from the English Topic Starter), FUD (used in English versions, meaning fear, uncertainty and doubt) and ИМХО (from the English IMHO, meaning “in my humble opinion”).

As regards adopting words from other semantic fields, sometimes a lot of imagination is required to figure out the new meaning of the words. For instance: the word “zaliv” (залив) usually means spill. But on Russian forums, it describes a method for stealing financial data.

The following is a good example of the unique, rich language used on Russian forums:


What Does “Cyber Intelligence” Mean, And Why Is It Needed?

Hi All,

SenseCy Blog has been up and running for a week now and we are extremely happy with the traction we’ve achieved so far.

Its time to elaborate about what we mean when we say “Cyber intelligence”.

As far as cyber defense goes, organizations have traditionally relied on technology and procedures to mitigate cyber threats.

But as recent events show, this thinking is no longer valid. Without knowing what threats are out there, and who is targeting them, organizations find it impossible to tweak their defensive mechanism and procedures and fail time and again to secure their data from breaches.

So what attributes one must look for in cyber intelligence services?

  • Up-to-date intelligence needs to be on-time, relevant and accurate, based on the needs of a specific organization.
  • Derived from research sources, including Deep Web, open-source, closed groups and password-protected forums (this is where the real information resides), covering multiple languages.
  • A mixture of both technical and operational intelligence (not just “Another variant of malware was detected”)
  • “Analyst approved” intelligence, meaning that information has been correlated, aggregated and analyzed from leading to near-zero false positives.
  • Have operational value – “What do I do next?” question answered.
Example of operational intelligence derived from password-protected groups

With such intelligence at its disposal, the organization could better mitigate evolving threats and achieve much greater efficiency and effectiveness from its technology.  

In future posts, we will explore the production and analysis aspects of Cyber Intelligence and show some real-life examples of our work.

Keep in touch!

The SenseCy Team