An increase in luring attacks targeting dating sites via the TOR network has been uncovered.
Luring attacks are mounted by a competing dating site to lure users from the victim site to the attacker site. Most luring attacks target multiple dating services and send spam messages to a large number of users, inviting them to different dating sites, probably all controlled by the same hacker. According to Imperva, the motivation for the attacker is clear—to divert customers away from the competitor’s site and lure them to the attacker’s site.
“Without a doubt, there is the collateral damage from the attack fronted by the hundreds of luring-oriented highly attractive fake profiles,” Imperva noted. “The attack also confuses the few users remaining in the victim website, harassing them and lowering the overall credibility of the site.”
Imperva researchers have recently witnessed an increase in attackers using the TOR network to carry out luring attacks in order to hide their identities. These are characterized by messages arriving from TOR clients at a relatively low (but steady) request rate of one to three requests every day, probably to sneak under the radar of rate-limit mechanisms to avoid automatic browser detection checks.
Despite the very low rate that Imperva has seen, it is likely that the actual total number of requests was much higher, with only a few requests exposed in their glimpse of the TOR user traffic, researchers noted.
“These attacks have the potential to significantly disrupt business for dating site operators,” said Itsik Mantin, director of security research at Imperva. “By using the TOR network the attackers are able to hide their real location and their identities making them even more difficult to detect and block.”
In order to protect against luring attacks it is recommended dating sites closely monitor for fake accounts and close down anything which is deemed illegitimate, he added.
Photo © Georgejmclittle