What is the worst thing about being hacked? Is it losing your data? The financial costs? Having to spend tedious hours getting your system back to where it was? Or is it the embarrassment?
According to Wikipedia, a hacker is someone who displays “playful cleverness.” Hackers take “the serious humorously and their humor seriously.” And in the beginning, most hacks were done by hobbyists, intent on having some serious fun at their targets’ expense. Breaking into networks was a way to demonstrate skill, to prove it could be done. And many hackers still have a code that they live by.
However, we are now in the age of cybercrime when crackers and cyber gangs employ every possible hack, malware and scam to make much money as possible. Criminals know that our PCs facilitate in the most intimate activities in our lives. We bank, shop and flirt via our PCs, as if no one can see what we’re doing. Yet, if our system becomes compromised, every byte of our personal data is there for a criminal to use.
Crackers have rarely gotten into the business of exposing private details, unless they were trying to satisfy a personal or political vendetta. But now—as social networks increasingly entwine or real and our digital lives—criminals recognize that our private lives can be used against us. They can play with their victims’ consciences to soak money out of even the most rational computer user. This has given rise to a new generation of extortionware that is designed to threaten both our wallets and our reputations.
From the harmless to the heartless, here are the 5 most embarrassing hacks in history:
If you ever received the message “You have been bearded”, you know how humiliating it can be to have your PC hit by a Trojan. In the summer of 2000, this nasty Trojan installed a vile, not-safe-for-work desktop wallpaper that once seen can never be deleted from your memory.
The Sober worm didn’t do much damage to your system, but it did give all of your email contacts something to think about. Disguised as a computer security warning (as many attacks often are), Sober included a SMTP engine that sent out to every email address it could find. If the person who received the email—which often used a provocative subject line like “You have sent me a virus!”—installed the attached executable file, the attack spread and spread and spread. It was quickly disarmed up by most antivirus software, but the embarrassment still lingers.
3. You got phished.
For most of us, getting phished can result in our accounts being hijacked and our contacts being harassed. But if you’re a Facebook board member, a phishing attack can make international news. Facebook investor Jim Breyer’s 2301 Facebook friends found out that even insiders at the world’s largest social network are vulnerable. It isn’t clear whether Breyer’s account was hacked or he fell for a scam himself. What is clear is that when you use a social network, any mistake you make can affect both your friends and your reputation.
4. Hentai virus.
This virus took embarrassment to a whole new level. Users who were infected by it had their web history was published online. The victim was then instructed to pay 1,500 yen to have the history deleted. What was particularly insidious about this attack is that the criminals knew the victim probably had something to hide since the virus was hidden to a Hentai porn video game (IF YOU DON’T KNOW WHAT “HENTAI” IS, PLEASE DO NOT GOOGLE IT WHILE AT WORK). Every virus teaches a lesson, and as PC magazine said, this virus taught us all, “Don’t enter any personal information in the videogame porn that you download from Japanese torrent sites.”
5. ICPP Copyright Foundation
The F-Secure Labs is familiar with Trojans that extort users to get their own documents back. But this newly discovered Trojan played on the nearly universal fear of profound legal trouble. Infected users were told that illegal torrents had been found on their system. The choice: Pay $400 or face jail time and fines. (Of course, the real solution was to delete the Trojan using a tool like our free Online Scanner.) What was most impressive about this attack was the detail and professionalism of the design. The use of legalese and small print tapped into a latent fear of many computer users: Someday you’re going to have to pay for all that music on your iPod.
Guilt and shame are powerful motivators. But when your computer starts acting suspiciously or your software starts making demands, the smartest thing you can do is to scan your system.
CC image credit: Perfecto Insecto
F-Secure Labs reported this week on a new WhatsApp scam that’s successfully spammed over 22,000 people. Spam seems to be as old as the Internet itself, and is both a proven nuisance AND a lucrative source of revenue for spammers. Most people don’t see what goes on behind the scenes, but spammers often employ very sophisticated schemes that can expose web surfers to more than just ads for Viagara or other “magic beans”. Spam typically tries to drive Internet traffic by tricking people into clicking certain websites, where scammers can bombard unsuspecting web surfers with various types of advertising. Profit motives are what keep spammers working hard to circumvent spam blocks, white lists, and other protective measures that people use to try and fight back – and it can pay off. Numerous spammers have been indicted and suspected of generating hundreds of thousands of dollars in revenue from their spam campaigns, with one study projecting that spammers could generate in excess of 3.5 million dollars annually. While most spam circulates via e-mail, the popularity of services like WhatsApp is giving spammers new resources to exploit people, and new ways to make money. Here’s a few ways spammers and cyber criminals are using WhatsApp to make money off users: Following Malicious Links: One way that cyber criminals use WhatsApp to scam people is to trick them into following malicious links. For example, a recent scam sent SMS messages to WhatsApp users telling them to follow a link to update the app. But the message was not from WhatsApp, and the link didn’t provide them with any kind of update. It signed them up for an additional service, and added a hefty surcharge to victims' phone bills. Sending Premium Rate Messages: Premium rate SMS sending malware was recently determined by F-Secure Labs to be the fastest growing mobile malware threat, and WhatsApp gives cyber criminals a new way to engage in this malicious behavior. Basically the users receive a message that asks them to send a response – “I’m writing to you from WhatsApp, let me know here if you are getting my messages”, “Get in touch with me about the second job interview”, and various sexual themed messages have all been documented. Responding to these messages automatically redirects your message through a premium rate service. Spanish police claim that one gang they arrested made over 5 million euros using this scheme – leaving everyday mobile phone users to foot the bill. Manipulating Web Traffic: A lot of spam tries to direct web traffic to make money off advertising. As you might imagine, this means they have to get massive numbers of people to look at the ads they’re using for their scams. Scammers use WhatsApp to do this by using the app to spread malware or social engineer large numbers of people to visit a website under false pretenses. F-Secure Labs found that people were being directed to a website for information on where they could get a free tablet. In March there was a global spam campaign claiming people could test the new WhatsApp calling feature. Both cases were textbook scams, and instead of getting new tablets or services, the victims simply wasted their time spreading misleading spam messages and/or exposing themselves to ads. WhatsApp and other services are great for people, but like any new software, requires a bit of understanding to know how to use. Hopefully these points give WhatsApp users a heads up on how they can avoid spam and other digital threats, so they can enjoy using WhatsApp to chat with their friends. [ Image by Julian S. | Flickr ]
Espionage – it’s not just for James Bond type spies anymore. Cyber espionage is becoming an increasingly important part of global affairs, and a threat that companies and organizations handling large amounts of sensitive data are now faced with. Institutions like these are tempting targets because of the data they work with, and so attacks designed to steal data or manipulate them can give attackers significant advantages in various social, political and industrial theaters. F-Secure Labs’ latest malware analysis focuses on CozyDuke – an Advanced Persistent Threat (APT) toolkit that uses combinations of tactics and malware to compromise and steal information from its targets. The analysis links it to other APTs responsible for a number of high-profile acts of espionage, including attacks against NATO and a number of European government agencies. CozyDuke utilizes much of the same infrastructure as the platforms used in these attacks, effectively linking these different campaigns to the same technology. “All of these threats are related to one another and share resources, but they’re built a little bit differently to make them more effective against particular targets”, says F-Secure Security Advisor Sean Sullivan. “The interesting thing about CozyDuke is that it’s being used against a more diverse range of targets. Many of its targets are still Western governments and institutions, but we’re also seeing it being used against targets based in Asia, which is a notable observation to make”. CozyDuke and its associates are believed to originate from Russia. The attackers establish a beachhead in an organization by tricking employees into doing something such as clicking a link in an e-mail that distracts users with a decoy file (like a PDF or a video), allowing CozyDuke to infect systems without being noticed. Attackers can then perform a variety of tasks by using different payloads compatible with CozyDuke, and this can let them gather passwords and other sensitive information, remotely execute commands, or intercept confidential communications. Just because threats like CozyDuke target organizations rather than individual citizens doesn’t mean that they don’t put regular people at risk. Government organizations, for example, handle large amounts of data about regular people. Attackers can use CozyDuke and other types of malware to steal data from these organizations, and then use what they learn about people for future attacks, or even sell it to cyber criminals. The white paper, penned by F-Secure Threat Intelligence Analyst Artturi Lehtiö, is free and available for download from F-Secure’s website. [ Image by Andrew Becraft | Flickr ]
Malware is an omniscient threat – it’s present even when people don’t realize it. Understanding the threat is a key component of protecting yourself and your devices, and nothing drives that point home like cold hard facts and comprehensive research. F-Secure just released its latest Threat Report, which provides important insights into contemporary digital threats. The report details the various changes and trends in the digital threat landscape using data collected during the 2nd half of 2014. The threat report is full of important information, and it’s worth checking out to get some ideas about what attackers are cooking up. Trends like social media malware, exploits, and ransomware are detailed in the report. But there’s tons of important information people should be aware of, and so we put together an infographic to give you a quick overview of the report. The report provides lots more information about the threats, incidents, and trends that were prominent in the latter half of 2014. There's also some insightful words penned by F-Secure security researchers to give you a little context about why you need to arm yourself with knowledge to defend yourself against digital threats. You can download the full threat report for free from F-Secure’s website.