FRAUD REPORT HACKTIVISM AND THE CASE OF SOMETHING PHISHY May 2013 While it is true that most cyber attacks orchestrated by hacktivists focus on DDoS onslaughts targeting authority-type entities and banks, all too many times they add a sting to the operation and hack into immense databases containing personal user information. On their quest for notoriety and media attention to make a statement, critics say that hacktivists tend to cross the line when they publicly release untold amounts of data, providing links to the trove and facilitating its free-for-all download. Some hacktivists will call out every target on their list and post their threats publicly and well in advance, while those targeted will prepare to fend off the attack and advise users as needed. But at the end of the day, it is often the innocent online user that takes the hardest hit when their information is leaked across the Internet. HACKTIVISTS OUT, PHISHERMEN IN In one of the largest hacks perpetrated in the name of hacktivist ideals, the end result, beyond the damaged brand reputation of a multinational corporation, was a public leak of account information belonging to nearly 25 million Sony Entertainment users. That was about a third of a previous leak of over 70 million accounts, also inflicted by hackers operating in the name of an opinion they formed and acted upon. Taking the Sony case as just one example, because hacktivist cases such as these have been increasingly plaguing the Internet, it is clear that the one party that did not expect the hack – other than Sony, of course – were the millions of ordinary users whose data was offered up freely thereafter. Those same users were also the ones who did not have advisors, lawyers and information security experts to help them recover from the actual and potential damages of the hack and its possible effects on their identities and personal finances.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
F R A U D R E P O R T
HACKTIVISM AND THE CASE OF SOMETHING PHISHY
May 2013
While it is true that most cyber attacks orchestrated by hacktivists focus on DDoS
onslaughts targeting authority-type entities and banks, all too many times they add
a sting to the operation and hack into immense databases containing personal user
information.
On their quest for notoriety and media attention to make a statement, critics say that
hacktivists tend to cross the line when they publicly release untold amounts of data,
providing links to the trove and facilitating its free-for-all download.
Some hacktivists will call out every target on their list and post their threats publicly and
well in advance, while those targeted will prepare to fend off the attack and advise users
as needed. But at the end of the day, it is often the innocent online user that takes the
hardest hit when their information is leaked across the Internet.
HACKTIVISTS OUT, PHISHERMEN IN
In one of the largest hacks perpetrated in the name of hacktivist ideals, the end result,
beyond the damaged brand reputation of a multinational corporation, was a public leak
of account information belonging to nearly 25 million Sony Entertainment users. That was
about a third of a previous leak of over 70 million accounts, also inflicted by hackers
operating in the name of an opinion they formed and acted upon.
Taking the Sony case as just one example, because hacktivist cases such as these have
been increasingly plaguing the Internet, it is clear that the one party that did not expect
the hack – other than Sony, of course – were the millions of ordinary users whose data
was offered up freely thereafter. Those same users were also the ones who did not have
advisors, lawyers and information security experts to help them recover from the actual
and potential damages of the hack and its possible effects on their identities and
personal finances.
page 2
For fraudsters, the large-scale hacks are like candy. Hacktivists will set up publicly
available download links for anyone to be able to see the exposed databases,
their hunting trophy, and end their part there. But as soon as the links are public,
cybercriminals and fraudsters will access and download it before it is taken down
by the hosting authorities. By that time, the real damage to the end user is done.
Large hacks containing a database replete with email addresses, not to mention payment
cards or other financial data, are an attractive reward for phishers to come for and discuss
in underground communities. Instead of having to do their own hacking, collecting and
stealing, they can enjoy the spoils and bank on the “freshly” dumped data, compliments
of zealous hacktivists, paving a shortcut to a variety of fraud scenarios including:
– Monetizing gaming account credentials by selling them to other gamers
– Enjoying a list of valid email addresses to target with phishing spam
– Leading potential victims to phishing and malware sites and getting paid per install
– Harvesting financial information that can be sold to fraudsters and CC shops
– Using leaked and stolen data for fraud and identity theft
– Checking what other accounts a user has, because as recent research shows,
61% of accounts are set-up with passwords used on other consumer accounts.
It’s easy to see how an attack that stems from idealistic motivations, targeting very large
entities and supposedly conceived in order to protect people’s rights to information,
ends up serving the fraudsters and flooding the Internet with confidential data. With the
variety of actors that gain access to information publicly posted online, hacktivists end
up inadvertently damaging the very people whose interests they claim to represent.
CONCLUSION
The number of phishing attacks recorded monthly is known to vary, fluctuating upwards
and downwards, and there’s limited capability to forecast a trend that is so dependent on
fraudster resources. Although totals are often tricky to predict, some seasonal trends do
repeat every year such as the holiday shopping season when a rise in phishing is almost
expected. Adding to that list, we can include large database hacks that release the
information on millions of users into the wild. Phishing attacks in April 2013 have so far
only shown a moderate increase over the previous month, but with constant headlines
such as the recent announcement of over 40,000 Facebook accounts allegedly hacked,
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa