Chop-chop: hacking moves up a gear

It was a year of ‘exploit kits’, high stakes espionage, activist attacks and teenage kicks

It was a year of ‘exploit kits’, high stakes espionage, activist attacks and teenage kicks

While hacking is often seen as an outlet for criminality, terrorism and protest in equal measures, perhaps 2012 saw teenage angst join the list of reasons to scan for network exploits and vulnerabilities. Just ask the 15-year-old Austrian boy who broke down in front of police this April when asked why he’d hacked into 259 company websites in the space of 90 days earlier this year.

His efforts – which saw him stealing masses of company data from businesses around the globe – were an attempt to impress friends in an online hacking forum. To be fair, the fact that Europol was investigating his activities before he’s even legally allowed to have a drink should reward him with a reasonable amount of respect among his peers.

Proliferation of threats

READ MORE

The ease however with which the teenager (who can’t be named) was able to gather the tools to go on his hacking spree weren’t a surprise to online security experts. “The challenge of 2012 was that so much happened,” says Sophos director of technology strategy James Lyne. “There’s been a continued massive escalation in the volume of malicious code and hacks across the board.”

Lyne is speaking about the proliferation of threats, such as “exploit kits”, which offer budding cybercriminals the ability to create, distribute and track malware. According to EMC Ireland country manager Jason Ward some cybercriminal forums offer “botnets to rent by the hour”, with hackers now buying “services on demand”.

Elsewhere, 2012 has seen headline-making hacks involving the White House’s networks, EU officials being spied upon in Azerbaijan and LinkedIn letting 6.5 million passwords slip out of their hands. In addition, 30 American banking institutions were lucky that RSA researchers halted a plot to steal millions of dollars via fraudulent wire transfers in October.

In that particular case a group of 100 “botmasters” had hoped to use relatively run-of-the-mill Trojan malware techniques – which went under the moniker of “Gozi Prinimalka”, derived from the Russian for “to receive” – to pull off what would have been the largest theft of its kind in history.

Espionage

Cyber warfare has of course been a recurring theme in security conversations this year, and perhaps 2012’s most publicised hacking incident was the discovery in May of a two-year old piece of malware dubbed Flame by Kaspersky researchers. Targeting systems in Iran (including the nation’s main oil company) there were also instances of the virus in a variety of locations throughout the Middle East and north Africa.

“The main goal is to conduct cyber espionage activities and to steal data in various forms and spread this malware further and deeper,” Vitaly Kamluk, chief malware expert with Kaspersky Lab told The Irish Times.

With several media reports linking the attack to the US and Israeli governments, the virus gave its creators the ability to steal specific files, record audio, capture screenshots, as well as scan for nearby Bluetooth devices to plunder them for even more information.

Whatever the motive, the market for powerful exploits is bigger than ever before, with “zero-day bugs” – unpatched flaws in commonly used software from the likes of Microsoft and Adobe – now sold among the hacking community (and according to some, rogue nation states as well) for up to $500,000 each.

Symantec security response manager Gavin O’Gorman notes that a group behind a cluster of these threats – who have given themselves the rather prog-rock sounding nickname of “The Elderwood Project” – seemingly have an “unlimited supply” of such bugs and released four of them in 16 weeks this summer.

While they reportedly used the zero-day attacks to gain information from Google’s networks, they focused mainly on attacking US defence sub-contractors to swipe intellectual property and “disrupt production of the manufacture of electronic or mechanical components which are then sold to first-tier defence firms”.

Future prospects

Looking into 2013, Sophos’s Lyne and RSA executive chairman Art Coviello both identified increased threats of mobile platforms as being a “big area of interest” for hackers. Coviello, in an end of year address to staff, didn’t leave room for any festive spirit when he told those assembled that in 2013 it’s “highly likely” rogue nations, hacktivists or terrorist groups will begin to successfully target critical infrastructures throughout the globe.

“If all of this sounds depressing, well, it is,” said Coviello. “This isn’t fear mongering. It is a plausible extrapolation from the facts.” The battle, it seems, is just commencing.

Top hacks of 2012

Get me the President

Suspected to have originated from Chinese government-backed hackers, a spear-phishing attack infiltrated the White House’s military office for nuclear commands in late September. A US government official though refused to lay blame at any particular nation’s door and simply said, “the attack was identified, the system was isolated and there is no indication whatsoever that any exfiltration of data took place”.

This is the “police”

Ransomware, which is malware designed to encrypt every file on your PC until you pay a fee to set them free, is now available in a new format which allows hackers to pose as police authorities to trick unsuspecting victims into thinking they need to pay non-existent fines. With the malware in question able to detect what country you’re in, it then displays messages supposedly from the local police force, including the Garda. References to Irish laws are made, while some messages are even said to be in Irish demanding payment of fines from €200 to several thousand euro. Estimates claim these cons could be reeling in as much as €25,000 per day worldwide.

“I See EU”

In June, EU officials attending a web conference in Azerbaijan were informed that their computers had been accessed by an “unauthorised party” and were under surveillance. The incident came after criticism during the conference of the Azerbaijani government’s restrictions on web freedom. European Commission vice president Neelie Kroes said at the time: “My advisers had their computers hacked. So much for openness.”

Black Hole

Described by principal malware researcher at Sophos Labs, Gabor Szappanos, as “the biggest threat on the web”, exploit tool kits such as Black Hole allow more ne’erdo wells than ever before to carry out hacking operations via web attacks or “drive-by downloads”. Russian in origin, a new version was released in September with the ability to deliver exploits against Oracle’s Java programming language, as well as Adobe Flash Player and Adobe Reader. A recent example saw a fake Apple invoice used to entice users to download harmful malware onto their machines.

Flashback Mac attack

A piece of malware known as both Flashback and Flashfake infected hundreds of thousands of Apple computers via a bogus piece of Adobe Flash software. The malware allowed hackers to get their hands on user passwords and other data via the OS X operating system.

Gauss

Found in August, and linked to May’s Flame malware discovery, the Gauss tool kit was also found by researchers at Kaspersky. They determined that it was being used to gain “access credentials” to Lebanese banks, as well as international targets such as Citibank and PayPal.

Shamoon

A group of Middle Eastern hackers calling themselves “The Cutting Sword of Justice” unleashed a virus called Shamoon in August. Targeting Saudi oil firm Saudi Aramco, the aim was to “basically trash all of the computers on that network” as Symantec’s Gavin O’Gorman puts it. The number of machines affected was said to be “around 30,000”, with the tool overwriting all the data on the hard-drives, leaving users with an image of a burning American flag when they next logged in.