Share

Related Stories

  • Antichat hacker forum data breach reveals weak passwords are endemic
    A rising volume of research has suggested of late that internet users make frequent re-use of passwords, as well as using relatively weak passwords that are easy to brute force hack. Now a security researcher claims his research suggests that - irony of ironies - hackers are equally slovenly when it comes to their own passphrases.

Top 5 Stories

News

Hackers forums provide sense of community, information security intelligence

18 October 2011

Hacker forums provide a sense of community for the hackers, as well as a source of intelligence for information security professionals, according to a new report by data security firm Imperva.

The report provides insight into hacker psychology, and details the technical strategies they learn, develop, and deploy. Forums are used by hackers for training, communications, collaboration, recruitment, commerce, social interaction, and selling of stolen data and attack software.

The hacker forums are also a valuable source of intelligence for information security professionals, noted Rob Rachwald, director of security strategy at Imperva. “You can discover the types of attacks they are thinking about”, he told Infosecurity.

“For example, you go and see if your company is mentioned on some of these sites. You can look at the type of attack tools they use so you can find out what the attack may look like”, Rachwald said.

According to Imperva’s examination of a major hacker forum with 250,000 members, the most discussed topics were distributed denial of service (DDoS) attacks, with 22% of discussions, and SQL injections, 19% of all discussions, the report found.

“They are spending a lot of time discussing DDoS evasion techniques and new forms of DDoS attacks….I thought the SQL injection would be a little higher. SQL injections require technical knowledge; they are not necessarily difficult but you need to know enough to be dangerous”, he explained.

Rachwald said that close to two-thirds of the hacker forum discussions were focused on data theft, and the rest was about DDoS.

The report also found that attack discussions in hacker forums increased exponentially over a four-year period, growing an average of 157% year over year since 2007.

Chat rooms are filled with technical subjects ranging from advice on attack planning and solicitations for help with specific campaigns. Forums are also a place where neophytes can find “how-to-hack” tutorials on various methods.

The majority of discussions focused on “beginning” hacking, with members devoting 25% of their time sharing “how-to” tutorials and discussing basic methodologies, indicating a strong, steady interest from new talent.
Mobile hacking has seen very strong growth in discussion forums, with iPhone hacking leading the way, the report found.

Rachwald said that sometimes smaller groups break off from the larger hacker forums to discuss issues that are not available to the public; these are called VIP groups. “A lot of groups break off and create their own forum, perhaps 20 to 30 people, and they can be very effective. No one can monitor their activities”, he related.

This article is featured in:
Data Loss  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×