You may have noticed recently there has been an explosion in cybercrime. I could write up a very long list of notable organizations that have, in the past two years alone, been victims of cyber attacks; and those are just the ones that make the newspapers. Many more are victims of cybercriminal activity, most never make the press, but the consequences are just as damaging.
The question is why are we suddenly seeing such a massive wave of cyber attacks? I believe one of the reasons is because the tools of the trade, aka the cybercriminals arsenal, are now cheap and easy to obtain. You no longer need to be a clever developer to create malware; you can buy it ready made, like you can buy cake mix from the store…well almost.
Hacking 101
There are a number of tools you can buy, legitimately, from the Internet that will get you on the road to Hackerville. Here are just a few examples of easily obtainable and cheap devices or easy techniques that help you to make a living as a cybercriminal:
- The Wifi Pineapple: You'd be shocked at how many Internet sites, that purport to be ‘secured’, are in fact anything but. Even sites that show the HTTPS connection, which is usually a sign that the communications passed by the site are encrypted, are not always secure, as they haven’t implemented the protocol HTTPS correctly. Often, you’ll find that crucial areas of the site, like the login page, are not protected and devices, commonly available for legitimate penetration testing, like the $99 Wifi Pineapple can be used to grab the login credentials when a person logs in.
- RubberDucky: The RubbyDucky Deluxe USB is a crafty kit and can be used as the ideal insider threat tool. Anyone with access to the computers in an organization, say the janitor, can use this tool, a simple USB key, to extract sensitive data, including login credentials in seconds, just by inserting the key in the USB port. A lot of hacker ingenuity has been used to create the RubberDucky. It uses hacking techniques like keylogging and offers preassembled attacks and even online reconnaissance and reporting; not bad for $42.99.
Looks like an innocent USB thumb drive
Actually it is a mini pc that will steal every bit of your data - Wi-Fi hijacking: It’s pretty easy to intercept any mobile device, letting you grab login credentials, email messages, SMS texts and iMessages. You can even intercept, change and resend emails and text messages. All you need is to sit in an Internet Café and use a simple piece of hardware to setup your own spoof free Wi-Fi spot. People log onto the Internet using the free Wi-Fi and then they are all yours.
- Malware programs. You can even buy full malware programs that you can send out in a spear phishing email. For example, last year a powerful Trojan called Pandemiya, which can steal login credentials and other sensitive data, was up for sale for $1500. Not a bad return on investment when you consider that similar malware could extract potentially millions, as exemplified by the Carbanak malware, which reportedly stole over $300 million from banks and financial institutions.
- Kali Linux. This is a full operating system, designed for penetration testers. It has a suite of built in hacking tools. For example, it contains a fully formed hacking tool called sqlmap that lets you hack into SQL databases. You can even get online tutorials to help you install and use the system.
- SMS Peeper: Shockingly, there is even an online service which lets you put in any mobile phone number in the world and see the last 100 text messages sent and received on that phone – not nice to think a competitor may be watching our every text communication.
It’s also worth noting that if you become a hacker you’ll want to work out how to use bitcoins. Bitcoins are a centralized, web based currency which utilizes encryption to obfuscate their transfer. For example, ransomware is built to extort money from victims but payment is only accepted in bitcoins, simply so the cybercriminal cannot be traced. You can learn how to setup a bitcoin account here.
There are even full websites that offer the entire range of hacking tools and many of these tools are free. These are legitimate websites. We’re not talking about the Dark Web here, we are talking about tools normally used by ethical hackers such as penetration testers who check the security of websites and software. They are easy to find by doing a Google search on hacking tools, The Hackers Online Club, or Hackers Warehouse, for example.
Why, you must be asking, is a security company telling me how to become a hacker? Well, we want to show you how easy all of this is now. Cybercrime is mainstream; the genie is out of the bottle. Cybercriminal behavior is out of control and we in the midst of a cyber war. The old weapons need shoring up with better knowledge, letting us stay one step ahead of cyber threats. We need to up our game and our counter threat tools to be watchful of unusual behavior. We are way beyond the bounds of anti-virus software, and if you think your firewall makes you safe, check out this article showing how to circumvent a firewall in less than 20 seconds.
