For Hacker Intelligence, Visit Their Forums

Mind PowerThe best way to protect your networks is to think like a hacker, and the best way to find out what hackers think is to spend some time on their public discussion boards. This is exactly what the analysts from Imperva, a security research firm, did and the results are intriguing.

In last month’s Hacker Intelligence Report #13, they looked at one of the largest discussion forums (they don’t reveal which one, but it has a quarter of a million members) and found the following:

  • SQL injection is now tied with DDoS as the most discussed topic. Exploits are still quite popular, and defenses are still inadequate.
  • Social networks today are a major interest of hackers, and quite useful exploit tools.
  • E-whoring (selling fake porn) is becoming one of the most common methods for beginner cyber criminals to gain easy money.

New hackers, said the report, come to this particular forum to learn, while the more experienced gain “street cred” and recognition by instructing them. “Typically, once hackers have gained enough of a reputation, they go to a more hardcore, invitation-only forum.”

Imperva also looked at more than a dozen smaller venues, many of which make money through advertising and offering other paid services. They even have a freemium model: offering modest tools for free in the hopes that buyers will come back and pay for  more capable ones. All transactions are done to assure anonymity, using BitCoin or Paypal, for example. Lists of Twitter or Facebook followers can be had for pennies per individual ID.

The term e-whoring was new to me, but the con is as old as the second oldest profession it it stems from. A mark is sent an email or a chat room message from someone purporting to be a model with photos or videos of herself. He’s sent a few samples, then transfers money directly to the scammer. The hacker forums are filled with sample language to get the best results, and lessons on how to be more believable online. With all the free porn available online, you wouldn’t think that this scam would be so popular, but when someone can convince a mark that he’s dealing with a real person, it works. Essentially, this approach is all about the sale of special moments.

So what can we learn from this? Hacking forums are the gateway drug for this subculture, the place where beginners learn the tools of their trade. For those of us who need to get into the heads of these people, cruising around to see what’s offered can help.

Next, learn about how SQL injection works. (You can read my own white paper on the subject. The link’s below. I published it years ago but it’s still valid.)

Finally, get smarter about social networking. Look at advanced firewalls or IDS’s that can examine their behavior and get some visibility across your network.

Related Links

Image: Mind Power [Bigstock]

Comments

  1. BY Ernie Ayres says:

    Good advice, David. I’ve been reading hacker mags like 2600 and visiting hacker sites for years to try and stay ahead of the curve. It’s worked several times that I know of…no telling how many that I didn’t even realize.

  2. BY Malik James says:

    This is good to know, especially for someone who might be interested in seeking a career in security.With the way hackers have being advancing with their tactics, it’s become harder to recognize these threats. What advice can you give to someone like me who is interested in finding out more on this subject? I was thinking about getting into the security side of IT and would like to know how I can be ready for these kinds of attacks.

  3. BY David Strom says:

    I think just start looking around the Internet, say with the 2600 site that is mentioned above. Be open to trying out new tools, even simple ones such as netcat that have a lot of power. Read a few books written by former hackers like Poulsen, Mitnick and others.

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>