The research (also made on other smaller forums) used the forum’s search engine capabilities to analyze conversations by topic using specific keywords. Unfortunately no details have been provided about the methodology used to collect the data, however the results show that SQL Injection and DDoS are the most discussed topic, both of them with the 19% of discussion volume (I am glad to see that the results are coherent with the findings of my Cyber Attack Statistics).
Of course the data must be taken with the needed caution since the analyzed sample could not be entirely consistent. As Imperva admits: “The site we examined is not a hardcore crime site, but it’s not entirely softcore. New hackers come to this site to learn and,on the other hand, more experienced hackers teach to gain “street cred” and recognition […]. Typically, once hackers have gained enough of a reputation, they go to a more hardcore, invitation-only forum.” This probably means that the incidence of the two attack techniques is overrated since one should expect a beginner hacker to approach the easiest and most common attack methods for which there are many tools available.
Anyway the events of the last months show that an attack does not deserve less attention only because it is carried on by a beginner, nor a beginner worries too much if he uses automated tools without full knowledge and awareness. A look to the infosec chronicles of the last period is sufficient to verify that DDoS and SQLi attacks are always in the first pages.
Sadly, Imperva estimates that only the 5% of the security budget is spent on thwarting SQL Injection attacks.
Other interesting findings of the research are: the fact that social networks pose a major interest for hackers since they are becoming a prominent source of information and potential monetary gain (Facebook was the most discussed social media platform, with 39%, immediately followed by Twitter at 37%), and also the fact that E-whoring is becoming one of the most common methods for beginner cyber criminals to gain easy money (more than 13,000 threads observed).
Law Enforcement Agencies are taking their revenge against the Hacktivists who mostly targeted them during the last months. In a deadly and unexpected sequence, the last 40 days have seen the heads of three infamous hacking crews falling under the blows of FBI and Scotland Yard.
One after the other, the key members of LulzSec, CabinCr3w and Team Poison have been arrested and in all but one case (that is the arrest of the alleged members of Team P0ison for which no details are known so far), the events have unveiled some surprises and unexpected details. Moreover, at least three arrests have been possible since the hackers left behind them a trail of mistakes which allowed the investigators to connect the dots and link their twitter accounts to their real identities.
The following table depicts the facts which may be better summarized from the Criminal Complaints which are reported below for:
As you may notice, in two cases, W0rmer and ItsKahuna, the hackers were betrayed by two familiar technologies which are commonly considered dangerous for users’ privacy and identity: social networks and mobile devices. Sabu was the one who really did a “technical mistake” by connecting to an IRC without protecting his IP address with TOR.
Interesting to say is also the different approach of FBI and Scotland Yard. Once discovered the real identities of the hackers the Feds tried to “enroll” them as informants, at least in one case (Sabu) this strategy was winning. At the opposite the Britons immediately caught the alleged culprits without giving any detail about their identity, maybe hoping the arrest could act as a deterrent for the other hackers. Apparently it looks like this latter strategy was not completely successful since the CabinCr3w survivors are threatening authorities, inviting other Blackhats to join them for the revenge.
Last but not least, I cannot help but notice the tweet below for which I remember to have been particularly impressed when I first saw it since, at that time, I considered it a too much imprudent. Consequently I was not that surprised when I saw it quoted in the Criminal Complaint.
Neighbors thank you for having WEP on your router and amazing dl speeds, im quite enjoying it atm—
Kahuna (@ItsKahuna) January 29, 2012
At the end we are becoming more and more familiar with mobile phones and Social Network, so familiar to forget their level of intrusiveness and the related dangers for our privacy. As an example try to verify how many of you and your friend toggle Geo-Tagging off from their phone cameras. (Un)fortunately, it looks like not even the bad guys are immune from this.
If you think that Facebook’s 600,000 compromised logins per day are not enough, you’d better read an interesting paper issued by a group of researchers from University of British Columbia, concerning the capability to use socialbots, that is software driven fake identities controlled by a bootmaster, to lure real Facebook users with the purpose of stealing sensitive data, and more in general, every kind of information with a potential monetary value.
Social Networks are gaining more and more importance for everyday life, both on a microscopic and on a macroscopic scale. On a microscopic scale they influence the life of a growing number of individuals who concentrate there their personal and professional interests; on a macroscopic scale Social Networks played (and are playing) a crucial role for the Arab Spring, both on a social and military perspective, not only they were the virtual weapons for protesters to witness the events in Tunisia, Egypt, Libya and Syria (but also for the loyalists with actions of propaganda and misinformation), but they were also used by NATO as real weapons in Libya to identify potentially targets to strike after “strong authentication” with conventional technologies (such as satellites).
Of course this constantly growing influence is attracting attentions from governments (which are evaluating technologies to monitor and eventually counteract the streams of information) but also from individuals who look at the weaknesses of social networks (and more in general at the scarce attention towards privacy by many users) as a mean for stealing money and information, a new form of richness of the Web 2.0 era.
The idea behind this research is not completely new, and takes into consideration two well known risk factors for Social Networks: reputation and privacy. The (fake) social reputation of a malicious individual can lure legitimate users to connect with untrusted contacts, after the connection, the poor attention for privacy settings together with a superficial behavior can bring to users to reveal, through the social channel, personal and classified information. This is the reason why resounding examples of fake profiles (with human beings behind) are not new for social networks, for scientific or amusement purposes: the names of Robin Sage and Primoris Era should sound familiar to many.
On the other hand not even the possibility to develop software-based fake social personas is a completely new, at least in theory and, most of all with military purposes, if it is true that the U.S. Department of Defense is developing software personas for propaganda actions inside the Social Network Battlefield.
What is completely new is the fact that no one so far had been able to show the results of a research done with software based socialbots since, so far, only human fake profiles were used to steal informations.
So what happens when bots, a concept proper of Information Security, meet social networks?
The results, at least for Facebook are frustrating: the above mentioned paper shows that, starting with a socialbotnet of 102 socialbots (49 male profiles and 53 female profiles) controlled by a single botmaster, the researchers were able to infiltrate Facebook, fully automating the operation of the Socialbotnet (including fake accounts creation).
The average success rate was 59.1%, with peaks close to 80%, which in several cases, depending on users’ privacy settings, resulted in privacy breaches (harvested data included email addresses, phone numbers, and other profile information with potential monetary value). Even worst, collected data included also private data of users who had not been infiltrated, but were only “guilty” to be somehow connected to infiltrated users, with an average collection day of 175 new chunks of publicly-unaccessible users’ data per socialbot per day.
The infiltration turned into 8,570 connection requests in a timeframe of 8 weeks with 250 Gb of data collected. Moreover the Social Network Defenses, such as the Facebook Immune System, resulted not effective enough in detecting or stopping the infiltration as it occurs: they were effective only when users were able to recognize the fake profiles and mark them as spam. Curiously this happened only in 20 cases (nearly the 20% of the total), all related to female profiles.
From the users’ side, (an easily predictable statement) the research confirms that most users are not careful enough when accepting connection requests sent by strangers, especially when they have mutual connections (the so called triadic closure principle, one of the foundations of the Social Networks).
Personal and Professional Social Networkers (and organizations that are approaching Social Networks) are advised!
Do you remember Mobile Phishing and the related risks? Well This morning I had a bad surprise and could see it anction with my hands (or better with my fingers on the display of my Android Device).
This morning I woke up early (6 AM) since I previously arranged a travel to my hometown which takes approximately 4 hours. As usual I have the bad habit to check email upon awakening, directly from my Android device. This morning found a strange DM strange DM on my Twitter Account:
This made me laugh so hard when i saw this about you lol hxxp://t.co/AusOXeQ
I already exchanged some DMs in English with this contact, so, the content was not so strange (probably a similar message from an Italian contact would have received a different impact and triggered an alarm bell). Moreover I suppose my neurons were not completely up and running (actually they are rerely in this state), so a little bit for curiosity, a little bit for fun I clicked the link directly from my mobile device.
In the following screenshots you may realize how easy and dangerous for the user, mobile phishing is: as a matter of facts the link points to a bogus Twitter-like site, but, believe me, from a 3.7″ screen is really difficult to discriminate it.
The page is really similar to the real one:
But yes, if you look carefully at the address bar (but at the 6 AM with the sleep fog surrounding you is not so easy) you will notice a misplaced detail and it is the link (currently up): hxxp://www.ltwittier.com/session-verify (but not all the address is visibile on the bar). If you click on the text box the situation is even worse since the address bar, a default beaviour for the Android Browser, disappears.
Needless to say, if you login, your account will be hacked and your contacts will suffer the same fate.
This event shows how easy is to fall victim of phishing in case of mobile devices and, even worse, in case the bait comes from Social Network (and a professional social network how Twitter is for me, in which I trust the reputation of my contacts).
Always remember to check the links and be careful to follow strange links from mobile devices!
If you point to the incomplete link: hxxp://www.ltwittier.com/ there is a clear evidence of the fact that the site is bogus:
http://paulsparrows.files.wordpress.com/2011/09/wronglink.png” alt=”” width=”300″ height=”494″ />
Update: Next Web pointed out that that what has been reported is a standard error message used by MySpace since 2009. I know these are hard times of hoaxes and psychological terrorism driven by the recent hacks by Anonymous and LulzSec but I hope that the lesson will be learned. Probably it would be better, in times like these, to use clearer error messages. At any rate this is only the latest demonstration of what it means to be hacking in the time of Twitter: advertising an attack, too often before performing it, has become even more important than the effect of the attack itself.
As usual the hack was announced with an (Anonymous) tweet:
Following the link (http://www.myspace.com/modules/common/static/html/error.html) leads to a bad surprise, a page whose title is meaningful “All is wrong :(“. By the way www.myspace.com is currently unavailable.
We messed up our code so bad that even puppies and kittens may be in danger. Please turn back …now.
Thanks to Andrea Zapparoli Manzoni for suggesting the original concept of Consumerization of Warfare and this update.
In a previous post we defined “Consumerization of Warfare” the growing use of consumer technologies such as Social Networks and Mobile for Military purposes (such as propaganda or espionage).
The most obvious examples of this trend are represented, on a global scale, by the influence (also recognized by President Obama) that social media had for the Wind of Changes blowing from Maghreb to the Middle East. In this contest they were used for different purposes: for witnessing the real extent of the events (which was a key factor in fostering the Allied intervention in Libya), for virally spreading propaganda and psyops information, and, last but not least, in a strict military context, as a further evidence to “strong authenticate” coordinates for Nato Missile Attacks in Libya.
But this approach is not limited to social media. Mobile devices are the natural companions of social media, so U.S. Army, U.S. Marines, and National Security Agency are just evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured.
In particular, despite privacy and reputation issues, social media have proven to be a powerful device for spreading information. Consider for example a single event: Osama Bin Laden’s death. Tweets dealing with this event averaged 3440 TPS from 10:45 to 12:30pm ET on May 2 2011, reaching a peak of 5106 TPS around 11:00pm ET.
Such a formidable weapon must be fully exploited for defensive and offensive purposes, consequently the newcomer in this warfare is none other than the Pentagon, which is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook. The US military’s high-tech research arm, the Defense Advanced Research Projects Agency (DARPA), has put out a request for experts to look at “a new science of social networks” that would attempt to get ahead of the curve of events unfolding on new media.
The program’s goal is:
To track “purposeful or deceptive messaging and misinformation” in social networks and to pursue “counter messaging of detected adversary influence operations,”
according to DARPA’s request for proposals issued on July 14.
The idea to build fake personas to manipulate the social arena is not completely new (and one of the players involved was just the well known HBGary Federal), but this time the scope is pretty much wider, aiming to change the course of events by massive (counter)information campaigns (think for instance to video and images coming from Libya which were crucial to foster the Allied Intervention).
I am not sure Zuckerberg & Co. will be very happy that their creatures are considered, against their will, a battlefield from The Pentagon…
Update August 9: Anonplus defaced once again by Syrian Hackers!
There is no peace for AnonPlus the alternative Social Network established by the Infamous Hacking Group. Only a couple of days after the defacement made by a Turkish Hacking Group, Anonplus, the alternative Social Network established by Anonymous after their account was banned from Google+ has been defaced again by a couple of Syrian Hackers (Th3 Pr0 & SaQeR Syria) in name of the Syrian Electronic Army:
A group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria, and this distortion is carried out by many Facebook pages that deliberately work to spread hatred and sectarian intolerance between the peoples of Syria to fuel the uprising.
In this moment, Surfing to Anonplus, returns the following page:
Clearly the numerous Anonymous hactivism campaings nare attracting the unwelcome attentions not only by police squads of all five continents, but also from rival hacking grouops divided by ideological barriers.
As a matter of fact, at the beginning of July, Anonymous performed some DDoS attacks against Syrian Embassies all around the world as part of their Operation Syria. A similar action, Operation Turkey was declared at the beginning of June, which probably explain the above quoted previous defacement, which occurred at the AnonPlus Social Network on July the 22nd.
The Anonymous Tide is changing the world of hacking and hactivism: at the beginning of 2011, hactivism was included among the Top Security Concerns for 2011 from the leading security vendors. Afer seven months, it looks like that (actually easy) prediction was correct. Not only many would-be hackers have been enrolled (perhaps in a reckless and superficial manner) in hactivism campaigns (and often get stuck in the mesh of justice as it never happened in the last years, see for instance the FBI raids), but, most of all, the cyberspace is really becoming the fifth domain of war, used not only for propaganda, but also to carry on bombastic attacks with social, political, and military scopes.
Moreover, it looks like this is a further consequence of what I defined Consumerization of Warfare, that is the growing use of Consumer Technologies such as Social Networks for Military and Political Operations: the “declaration of war” of the Syrian Group starts from a Facebook page built up to stop the use of Facebook from their adversaries as a mean of communication with the Syrians inside and outside Syria “to spread their destructive ideas” (quoted litterally).
In this context a sentence is particularly meaningful:
So let’s fight them using their weapon
Probably at the beginning the Syrian group wanted to use the so called “their (same) weapon” exclusively against internal enemies. Once realized the latter were not the only to use the social weapons against their cause (Hacking groups, even if not motivated by hactivism make extensive use of Social Media to spread their Word), decided to expand the scope of their campaign, including anonymous among their targets.
Now it’s up to the Anonymous to place their move on the Cyberwar chessboard.
- AnonPlus, Anonymous’s social network, is hacked (nakedsecurity.sophos.com)
With great satisfaction yesterday I took advantage of a promotion so I updated the nav app on my Android device to the new premium version. Albeit I was very satisfied with the previous version, I could not resist, as usual, to a newer release: moreover the opportunity to save a dozen hard-earned euros was too tempting, so I gave a virtual credit card swipe and got the deal. Among the new features, I immediately noticed the so called “Social Navigation” (nowadays you may add the term social to anything), that is the possibility to share on Facebook or Twitter details about the journey.
My sixth sense and half told me not to enable the automatic share of journey details for a simple reason: what if a burglar should intercept my status update or my journey tweets, and consequently knew that I am leaving my home (maybe for several days)? The answer is pretty much simple… And it is exactly the reason why I am not used to post on Social Media details of my journeys, wether they are related to business or holiday.
Unfortunately it looks like many people do not think so and have the bad habit to post their holiday plans on Facebook or, worse, to publish in real times pictures shot too many miles far from home. Translated to real world, this behavior is like leaving an advert on the door to a burglar telling him there is nobody home.
This is an opportunity too tempting for “social burglars”, who have become familiar with these beahviors and also take advantage of weak default privacy settings, or also of the viral spread of information proper of social media, for probing profiles, looking for unprotected apartments to burgle.
From a social perspective, this is only the last field in which real life and virtual (social) life dangerously overlap, showing that the same threats may be equally applied to both areas. Luckily the same countermeasures may be applied as well, ans this is the reason why a UK Chelmsford-based security firm, Precreate Solutions for a small fee, provides its customers with “virtual updates” while they are away. The service, by mean of pre-approved messages, status updates and tweets scheduled while the customer is away, aims to show a real and virtual presence at home, discouraging potential criminals from taking malicious actions.
Of course holidaymakers should avoid to post their pictures or status updates while they are in holiday, moreover they also should be able to forge credible pre-cooked messages (what if they should update their status with a post telling “I am watching the football match” in July while there is no match, while contemporary posting pictures at the beach?
Thinking well this is not so different, in theory, from the old world approach where holidaymakers asked their neighbors to monitor their homes, to water the plants, and possibly to show signs of presence (switching on the lights for instance when not made through automated switches)… Moreover the bridge from real world to virtual world could become even more concrete, since Company director Gary Jackson claimed that
It’s getting to the point now when insurance firms are going charge higher premiums for social media users.
Maybe a marketing statement if it is true that the Association of British Insurers said it had never heard of insurers asking customers who use social networks to pay more, (and said it would not be practical to do so); a spokesman, however, warned people to think twice about advertising that they were away.
A further thought for this Social Media Day, a further example of the growing revolution of Social Media and their impact on everyday life, a further example of their privacy and security concerns, most of all if they are used, as often happens, with imprudence and shallowness, a behavior which might lead to serious aftermaths also in real world.
- This security firm offers to update your Facebook status whilst you’re away (theinformativereport.com)
- 861,726 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2013 Cyber Attacks Statistics (Summary)
- 2014 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- 16-31 June 2014 Cyber Attacks Timeline
- 1-15 July 2014 Cyber Attacks Timeline
- A (Graphical) World of Botnets and Cyber Attacks
- 2013 Cyber Attacks Statistics
- 1-15 June 2014 Cyber Attacks Timeline
- About Me
- RT @lastlineinc: Don't miss tomorrow's lecture, "Botnets: C&C Infrastructures, Tricks, & Research". labs.lastline.com/it-security-ed… http://t.co/gris… - 8 hours ago
- Yet another amazing blog post by @LastlineLabs: Exploit Analysis via Process Snapshotting: labs.lastline.com/exploit-analys… - 2 days ago
- Ready to take off... Flying to Santa Barbara to meet my colleagues of @LastlineLabs - 3 days ago
- P.F. Chang's incident calls for updating payments tech lnkd.in/dQpjRE8 - 1 week ago
- @artbyalida @thepacketrat he did the same one week ago for CNET… - 1 week ago
- WSJ website hacked, data offered for 1 bitcoin -> Here's a cyber attack that will be included in the next timeline: arstechnica.com/security/2014/… - 1 week ago
- @HP TippingPoint and @lastlineinc team up to offer advanced network protection h30499.www3.hp.com/t5/HP-Security… - 1 week ago
- Without a good Italian espresso it's impossible to build cutting-edge technology! http://t.co/GZTZFXktsc - 1 week ago
- @lastlineinc recognized by CRN as a 2014 Emerging Vendor | Business Wire businesswire.com/news/home/2014… - 1 week ago
- 1-15 July 2014 Cyber Attacks Timeline #Infosec #Cyberattacks wp.me/p14J6X-2D9 - 1 week ago