How to make €100,000 in 5 steps

The Dutch government recently published a PSA video aiming at raising awareness about phishing and scams. A supposedly Dutch hacker explains how to quickly make €100,000 in 5 easy steps.

First, he buys some debit cards and PINs from students in the streets. He then buys computers on a botnet to collect information about potential targets, reading emails and bank-related information. Calling victims, he convinces them (using social-engineering) to give him a two-factor authentication code from their smartphones. He then uses this code to wire money from the victims’ account to the accounts he previously acquired.

At this point the hacker gets a few thousands of euros from ATMs. Another technique demonstrated is to create a free WiFi hotspot in a public place such as a cafe, then collect information as careless customers use the hotspot thinking it’s provided by the cafe.

To get from €15,000 to €100,000, the hacker travels to Ukraine to rent a call center which provide social-engineering services, thus scaling the whole operation even further. After two days, the hacker cashes-in €100,000 which he uses to buy a brand new Lotus.

Even though the whole thing is fake, most of the techniques used are real and exploited daily by criminal organizations.

Resources

Advertisements

The Cloud: Is it good or bad?

Is the Cloud good or is it bad? In order to answer this question we need to ask ourselves, what exactly is the cloud? What the cloud really is just a network of servers…or in other words, the internet. When you are at home surfing the internet you are on the cloud and the cloud can be used to do a great many things. You can play games on the cloud, watch movies, listen to music, and now everyone is starting to store personal data in the cloud, on the internet.

There are good and bad things about using the cloud. Some of the good things about the cloud are things like access to your personal or work files, even if you forget to bring them around with you. The game distribution program Steam has started using the cloud to sync video game save files so that if you are using more than one computer you still can pick up where you left off. I personally think that game saves are one of the best uses for the cloud so far, mostly because who is going to want to steal you game saves?

Some of the bad things about the cloud is that your files are simply on the internet, whether companies say they are secure or not and as one of the oldest sayings go “Once it is on the internet it is there forever.” Now this is not always the case, because if the files are being shared privately they can just be deleted, but if they get leaked into the public part of the internet they will likely stay there forever.

The article I read referred to the cloud as an “addiction” and I believe this is the right term to use considering all the companies suddenly trying to switch everything over to the cloud. The problem is what you gain from accessibility and reduced cost, you lose in security. This all depends on how each company works, but is also where the article states that the addiction of the cloud kicks in. “This is the slippery slope, data that might inadvertently go to the cloud or fall under the grip of the cloud addiction: ‘The last bit of data we sent to the cloud seems safe enough, so let’s move up the sensitivity pyramid and save even more money.’ ”

In the end, there really is no full security on the internet, or the cloud, what could help with the security would be to encrypt any important files that a company puts on the cloud. This would ensure that even if some files were taken that at least they wont be easily accessed, if at all. Is the Cloud good or bad might not be the right question then. It ,instead, might be better to ask how far are you willing to go to protect your files and how much security are you willing to compromise for the sake of accessibility and cost.

Reference:

http://www.scmagazine.com/cloud-addiction-at-what-point-does-the-elastic-snap/article/317413/

Hackers Exposed to the Web

Most of the time a hacker is usually careful with personal information they steal and also take advantage of the mistakes made by foolish individuals. Unfortunately one hacker has  been the one who was not being cautious.

Apparently, a breach of Adobe Systems’ network was found on a hacker’s web server that held numerous source codes that were open to the internet. The breach also showed 2.9 million encrypted customer credit card records. On October 3rd, Adobe was investigating a breach until chief information security officer Alex Holden, found to what appeared to be the company’s source code on hacking gang’s server. He stated that “the server was hidden but not well hidden.”

Source code can be used by hackers to easily find vulnerabilities in many different products. This can give them the potential to gain access to whatever they are looking for. This unnamed hacker gang is still at large and since this breach occurred other companies are concerned this group may have stolen information they can use against them. However, most of these companies are considered to take action when possible before the attackers strike again.

Sources:  http://www.pcworld.com/article/2054160/adobes-source-code-was-parked-on-hackers-unprotected-server.html

 

Google’s Project Loon

As surprising as it may or may not seem, around two thirds of the world’s population is not connected to the internet. In an attempt to lower this percentage dramatically, Google has launched a revolutionary campaign, known as Project Loon. Using giant helium balloons that are equipped to distribute WiFi to the area below, Google’s aim is to provide cheaper, more reliable internet service of at least 3G cellular speeds to those in disaster-stricken areas or those who have not had access to this luxury before, mainly in developing areas, such as in Africa and South America. 

The balloons work in this way. These high pressure, solar-powered pieces of technology ascend to about 20 km above the Earth’s surface, which is in the stratosphere and about twice as high as planes fly. Sent up in clusters, these balloons connect to each other, which then connect to specialized antennas located on the ground, as well as the designated wireless internet distributor for a desired area. Anyone within a 24-mile radius of these balloons is said to have access to internet that is 100 times faster than what most consumers have been using today. Engineers on the ground are able to navigate these balloons by utilizing vertical motion and the wind patterns in the stratosphere in order to direct the balloon to its desired location.

From a cyber security aspect, however, this expansion of an already commanding industry does not appeal to some. Using its extensive reach, Google is able to track the behavior of its users and sell the information gained from this to advertisers. Privacy advocates have voiced their concerns with how much of the data retained by Google for projects such as this is being provided to the government. If Project Loon goes as well as planned, the amount of data possessed by Google could be rather detrimental should it fall into the wrong hands or any other mishap occur.

Thus far, the only launch that Google has conducted has been in New Zealand on the 40th parallel south. Project Loon launched 30 balloons from New Zealand’s south island in June of 2013 and the internet beamed to the pilot testers is being used to refine the project for its next phase. If Project Loon is a success, then five billion people who had little to no internet access prior to this campaign will be provided with a new tool and developmental aid, which will act as an enormous step for mankind as a whole.

http://articles.washingtonpost.com/2013-06-14/business/39983714_1_internet-privacy-balloons-new-zealand

http://www.google.com/loon/where/

Facebook ‘stalker’ Tool

Everyone is pretty much on Social Media these days like Facebook, Twitter, etc. The information people choose to put up and also seek definitely should not be done so carelessly, having a private profile doesn’t always keep away hackers from accessing information. Even a harmless, insignificant ‘like’ or comment can be found and then used to dig more information, thanks to Facebook’s Graph Search.

As explained in the following article; “Even if a person’s profile is locked down to strangers, their friends’ open profiles can be examined, giving an indication, for example, who the person may be close with.” A   A team of hackers from the information security company Trustwave, were able to gather information of a high-profile public figure’s wife by mining and analyzing her public ‘likes’. FBStalker  was the python script developed and used in the attack. It uses Graph Search to enter queries and pull out data and for example can find photos in which two people are tagged in, comments on profiles and more. With the pulled-out information, computer attacks such as spear-phishing and malware could be conducted by hackers. The script FBStalker does what would normally take a human to do in the matter of a couple seconds.

GeoStalker was another script developed by Trustwave where it “takes an address or a set of coordinates and searches for any data geotagged with the same values”. Again, here it can pull out photos and linked information from other social networking accounts such as Twitter, Instagram, Flickr, FourSquare, and so on.

The takeaway I found while analyzing this article is that as careful as we must be with our own post, we must also be mindful of our what our friends do as well. Indeed, it complicates matters even more so and thus the issue of privacy and security.

Kirk, J. (2013, October 17). Facebook ‘stalker’ Tool Uses Graph Search for Powerful Data Mining. Retrieved from http://www.cio.com: http://www.cio.com/article/741632/Facebook_39_stalker_39_Tool_Uses_Graph_Search_for_Powerful_Data_Mining?page=2&taxonomyId=3089