In its analysis of the forum (together with 17 other, smaller forums) to be published today, Imperva notes that this “is not a hardcore crime site, but it’s not entirely softcore. New hackers come to this site to learn and, on the other hand, more experienced hackers teach to gain ‘street cred’ and recognition... Typically, once hackers have gained enough of a reputation, they go to a more hardcore, invitation-only forum.” The real value of the analysis is that it shows what tomorrow’s hackers are learning today. “By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” explained Amichai Shulman, Imperva’s CTO.
It seems that DDoS and SQL injection attacks are the current focus. Each tied at 19% of all discussed attack methodologies. DDoS is rarely out of the news, with hacktivists using it to make political protests, criminals using it to disguise other attacks, and (potentially) nation states using it to disrupt critical infrastructures. The recent spate of attacks against American banks is thought by many to be a politically-inspired attack by Iranian attackers.
SQL injection attacks have a slightly lower profile but are similarly popular with criminals – and the same US banks have recently been warned about Havij, an automated SQL injection attack tool (itself a common subject of discussion in the chat forums). Such attacks can be mitigated (and Imperva has discussed this in an earlier blog this month). Nevertheless, the company believes that only 5% of industry’s current security budget is spent on defeating this type of attack; which may help explain why it is so popular.
Other subjects disclosed by the Imperva analysis include the growing black market for social media endorsements, especially likes on Facebook and followers on Twitter. Since the social media sites are becoming better at recognizing and excluding automated bots that accrue such ‘currency’, the underground is providing it as a service, with numerous advertisements for buying or selling “illegitimate social network likes, followers, and endorsements” appearing on the forums. But there are also many discussion threads, says Imperva, that include “requests to hack someone’s Facebook profile, usually to settle personal matters. Common examples are spying on one’s girlfriend/ex, taking revenge, and just for lulz.”
E-whoring has also become rampant. “With more than 13,000 threads in the dedicated forum we monitor, e-whoring is surely becoming one of the most common methods for beginner cyber criminals to gain easy money.” It’s basically social engineering where an attacker of either sex pretends to be a ‘hot gal with pics’. Dj Co2 posted an explanation on Black Hat World last month: “So what you will be doing is making a girls profile, add some hot pictures and make it look real. You will then be sending messages to different guys (there's no limit on that). You will then chat with them, make them a little horny and desperate and then get them to sign up through your affiliate link to some webcam site. Tell them that if they buy tokens they can have a private chat with you on the website... 20 Instagram accounts with profile picture for $10.”
“The victim,” says Imperva, “is paying for the illusion of a brief relationship.” Men “would be better off getting to know the girl next door,” it suggests.