Jihadi Cybercrime (Increasing Interest in Spam and Phishing Methods on Closed Islamic State Platforms)

While monitoring closed platforms that propagate an Islamic State agenda, we detected an initial interest in hacking lessons, focusing on spam and phishing methods. Many discussions in the technical sections of closed platforms affiliated with the Islamic State deal with the implementation of Continue reading “Jihadi Cybercrime (Increasing Interest in Spam and Phishing Methods on Closed Islamic State Platforms)”

HACKoDROID: An Increasing Tendency Toward Smartphone-Based Attacks

New Smartphone technologies have made our lives easier. At the touch of a button, you can call a cab, pay bills, connect with your friends and even reach your personal trainer. On the other hand, the world of hacking and cracking now also has a lot of useful tools to hack your system and steal your data, using a smartphone.

We have recently seen the development and publishing of hack applications for smartphones on underground forums. The wide range of such tools means that anybody can find a suitable tool for dubious purposes. The items available include a variety of DDoS tools, wireless crackers, sniffers, network spoofers and more.

HackForum Post
HackForum Post

Most tools are only available for Android smartphones, and many require root permissions. The most popular tool for cookie theft is DroidSheep. With the help of this tool, an attacker can collect all browsing data, including logins, passwords and more, merely by using the same Wi-Fi network as the victim.

Moreover, the attacker can connect to the victim’s password-protected Wi-Fi network. There are several Wi-Fi cracking tools, for example, WIBR+ uses uploaded password databases to identify passwords common to the victim’s network. The users can also upload and update these databases. Another tool – Wi-Fi Kill – is capable of shutting down any other device connected to the same network and can intercept pictures and webpages recently visited by users of this network.

More and more tools now include more than one hacking capability. The DSploit tool features such functions as password sniffers, cookie sniffers, browsing history sniffers, and webpage redirecting. Another program, Bugtroid, contains cracking and protection applications. The owner can choose the most suitable program from a list and install it in one click. The tool offers a variety of tools to suit almost every cracking purpose.

Sniffers and DDoS Tools
Sniffers and DDoS Tools

For iOS systems, there is a limited number of hacking tools, mostly in the realm of game cracking. Examples of such tools are GameGem and iGameGuardian. These tools break games for the purpose of stealing monetary units. The most common tool for iOS is Metasploit, which contains a number of useful applications for different fields.

The tools presented above are not new, but they represent the main capabilities in the field. We are seeing a growing tendency to use portable devices, such as smartphones and tablets, to conduct attacks in public places. Mobile devices and public Wi-Fi networks tend to be less protected and more vulnerable. With the help of collected data by mobile device, the attackers can perform more complex attacks via PC. As long as there is no protection awareness regarding mobile devices, we expected a continued increase in the number of smartphone-based attacks.

List of Hacking Tools
List of Hacking Tools

Phishers Hide their Hooks in Short URLs

We have recently encountered a more elaborate phishing scheme, one which includes cleverly hidden links.

Some days ago we received an email titled “American Express has an important update for you”. Funny, I don’t recall having an AMEX account… and the email from which the message was sent from was all to suspicious and not connected to AMEX: [communication.4abr7w64haprabracrafray552dreste[at]azurewebsites.net].

Phishing_Email

 

 

Still, I kept reading the message which was all about the new anti-SPAM law:

Effective July 20, 2014, United State’s new anti-spam law comes into effect and American Express wants to ensure that your representative will be able to continue sending you emails and other electronic messages without any interruptions. In addition to messages from your representative, we may also send you other electronic messages, including but not limited to newsletters and surveys as well as information, offers, and promotions regarding our products and services or those of others that we believe you might be interested in (“Electronic Messages”).

The next paragraph contained a request to click an “I Agree” link to express consent to receiving Electronic Messages from AMEX.

The hyperlink points to bit.ly address. Here’s the catch.

We all know that by hovering above a suspicious link we can usually see where it points to, and this is usually different than the link itself (the link could say “americanexpress.com” but hovering above it will show the real address “russianspammers.ru”).

So in this case we cannot simply identify the destination of the link. What can we do?

Simple. Just paste the link address in getlinkinfo.com (or similar service), and voila, you can see the original link (and in this case, with a warning attached).

GelLinkInfo

 

 

 

 

 

So other than the cynical use of anti-SPAM email to actually promote SPAM, the sender cleverly hides the real address inside a URL shortening service, making it more difficult to detect for the unsuspecting eye.

Will Your Toaster Attack You?

Lately, we have been hearing an awful lot about the Internet of Things (IoT).

What this buzzword describes is a world where every device is connected to the Web and communicates with other devices, and us humans, usually via Smartphone interface.

And, to a certain extent, this is an everyday reality, even today – smart TVs, printers, thermostats, and other home appliances are connected to the Web via wireless communication and receive orders from their owners who are often miles away. And, sure enough, this trend has not been overlooked by hackers.

Since each such device now has a unique IP address, Internet connectivity and the ability to send and receive packets of information, hackers can (in theory) connect them, infect them with malware and use them to send traffic – basically anything that can be performed with a regular PC. An evidence that such schemes are being planned and implemented is growing rapidly.

Security research firm Proofpoint recently announced  that they discovered that hackers broke into more than 100,000 gadgets – including TVs, multimedia centers, routers, and at least one fridge – and used the appliances to send out more than 750,000 malicious emails between December 23, 2013 and January 6, 2014 (I guess asking for a Smart TV for Christmas wasn’t such a good idea after all…).

So, while the (now-growing) popular belief is that such appliances can be hacked, tinkered with and turned into malicious machines attacking their human masters is not true, it is very likely that they will be used for all kinds of cyber crime, from sending SPAM, spreading malicious files or participating in DDoS attacks (these are, after all, robots).

Will these appliances attack you?
Will these appliances attack you anytime soon?

Even more interesting are the discussions on various communication platforms regarding the possibilities presented by this trend. References to the above incident were found in Arab media and also on the Facebook page of the famous “Alkrsan” hacker forum. The latter may indicate a rising interest among Arab hackers for this method of cyber-attack.

Reference to IoT hacking at the famous hackers' forum "Alkrsan"
Reference to IoT hacking on the famous hacker forum “Alkrsan”

As for the Russian-speaking Internet, the HabrHabr computer blog published a post entitled “a botnet consisting of ‘smart’ TVs, media centers, PCs and … refrigerators was discovered”.

Generally, news sites refer to this affair as an evolving new threat in the cyber world and lively discussions are being held on closed forums regarding the trend.

Russian computers blog HabrHabr  discusses  IoT hacking
Russian computer blog HabrHabr discusses IoT hacking

So, will your toaster turn against you anytime soon? Not likely. But we have every reason to believe that any device that can be hacked is a legitimate target for hackers and will be breached sooner or later, changing the “Internet of Things” into the “Internet of Vulnerabilities”.