A new report has been released issuing a warning that hackers have become industrialized and represent an exponentially increased threat to individuals, organizations and Government. We didn’t think too much excitement about this until we ran the recommended “test” for the concept.
Imperva suggests we test the mass infection for ourselves by searching Google US with the terms “Viagra and .edu” — now, before you click this, be forewarned, DO NOT CLICK ANY OF THE LINKS YOU FIND HERE.
For instance, the criminals who operate “pill4you dot com” is a Directi Internet Solutions PVT. LTD. (doing business as “PublicDomainRegistry dot com”) client with a forged, falsified domain whois. DIRECTI allows this criminal to shroud identity, clearly against ICANN regulations. The criminals are allowed to utilize PrivacyProtect.org to mask their identity. “Privacy Protect” is a company, located conveniently in the Netherlands, was actually set up by rogue registrars like Directi. Yet another case if ICANN looking the other way.
Pill4you dot com, understanding that email spam is now returning limited returns is following yet another underworld technique — scalping free registration sites. Their robots scour the web for any ‘registration’ or ’set up’ form online and upon finding one, they register and set up a page. In this example, they falsely entered a page at http://www2.las.uic.edu/ setting the page to redirect to their illicit drug sales web site. Google found about 4-million of these.
Imperva’s report says the emerging industrialization of hacking parallels the way in which the 19th century revolution advanced methods and accelerated assembly from single to mass production. The result is that today’s cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability.
As an example of this ‘industrial revolution’, Imperva has discovered new hacker scheme that is infecting educational servers worldwide with Viagra ads. According to Imperva, cyber-criminals are using industrialized methods to automate an as-yet unreported scheme that has infected hundreds, possibly thousands of .edu servers worldwide with Viagra ads. (We’ve been reporting these for over two years, as you’ve read in the pages of InfoManager newsletter.) Imperva CTO Amichai Shulman says:
This attack on academic institutions highlights how hacking has become industrialized infecting servers from major institutions including UC Berkeley, Ohio State and more. Ironically, this technique is the most prevalent method used to create havoc in cyberspace, yet remains virtually unknown to the general public
Key findings in the report include the organizational structure and technical innovations for automating attacks:
Organization structure—Over the years, a clear definition of roles and responsibilities within the hacking community, has developed to form a supply chain that resembles a drug cartel. The division of labor in today’s industrialized hacking industry includes:
- Researchers: A researcher’s sole responsibility is to hunt for vulnerabilities in applications, frameworks, and products and feed their knowledge to malicious organizations for the sake of profit.
- Farmers: A farmer’s primary responsibility is to maintain and increase the presence of botnets in cyberspace through mass infection. Dealers: Dealers are tasked with the distribution of malicious payloads.
- Technical innovations—Hacking techniques once considered cutting-edge and executed only by savvy experts are now bundled into software tools available for download. Today, the hacking community typically deploys a two-stage process designed to proliferate botnets and perform mass attacks.
- Search engine manipulation. This technique is the most prevalent method used to spread bots, yet remains virtually unknown to the general public. Essentially, attackers promote Web-link references to infected pages by leaving comment spam in online forums and by infecting legitimate sites with hidden references to infected pages. For example, a hacker may infect unsuspecting Web pages with invisible references to popular search terms, such as ‘Britney Spears’ or ‘Tiger Woods.’ Search engines then scour the websites reading the invisible references. As a result, these malicious websites now top search engine results. In turn, consumers unknowingly visit these sites and consequently infected their computers with the botnet software.
- Executing mass attacks through automated software — to gain unauthorized access into applications, dealers input email addresses and usernames as well as upload lists of anonymous proxy addresses into specialized software, the same way consumers upload addresses to distribute holiday cards. Automated attack software then performs a password attack by entering commonly used passwords. In addition, today’s industrialized hackers can also input a range of URLs and obtain inadequately protected sensitive data.
We have reported thousands of these criminal pages, and in every case the school, university, organization or nonprofit blog writes back with beaming thank-you letters. Obviously many of these organizations are not watching the back door — just like our Chicago-based .edu site above.
The report, The Industrialization of Hacking, can be downloaded at: www.imperva.com.
Imperva, enables a complete security lifecycle for business databases and the applications that use them. More than 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit www.imperva.com.
