Hacking a mailbox in information security terminology is considered a “targeted” or “targeted” attack. State intelligence such as the NSA and the GRU are engaged in such things, but there is also a black market for services for mere mortals, where you can order the hacking of any box for a modest fee. This is the hack-for-hire market. It is actively flourishing in the Russian Federation, because here, unlike in Western countries, such petty crimes do not face criminal liability.
Despite its popularity, the infrastructure of this market is not well understood. Little is known about how these hackers work and how much of a threat they pose. But details are gradually emerging. For example, a relatively small market research was conducted by Ariana Mirian of the University of California, San Diego. results
Domains were auctioned to provide the history of each dummy. Through the WHOIS database, this web page was linked to the victim’s email address, as well as the email address of the fictitious partner. In general, the researchers thought out and implemented high-quality “traps” to identify all attack vectors.
Additionally, Facebook pages were created for each victim to see if hackers would use them in their attacks. All elements on the Facebook page were private (a third party would not be able to see these elements), with the exception of a profile showing the victim’s web page (like a business advertisement).
The activity of each mailbox was automatically logged. Thanks to the help of Google, it was possible to obtain logs of any logging activity in the victims’ Google accounts. These logs record attempts to log into the account and IP addresses, brute force attempts, as well as the activation of two-factor authentication in case of a suspicious login attempt.
Finally, all network traffic to the site of each of the “victims” was analyzed. If an attacker visited the site from a Facebook page, this was reflected in the traffic record.
The actions of hackers who tried to hack into accounts were tracked for several weeks. In fact, it turned out that some of the “crackers” are common scammers who took payment and did nothing. Others took payment post factum, that is, they agreed to receive money in case of a successful hack. But they, having received the task, did nothing. The researchers also point out that the “work with clients” in e-mail hacking services is extremely poorly organized: someone does not answer requests at all, someone responds, but with a long delay.
The attackers in one way or another led the “victim” to a phishing page, where they had to enter a password or two-factor authentication code from their account. The project participants acted as deceived users and entered all the necessary data. After that, the hackers cheerfully reported their success.
Interestingly, not a single hired cybercriminal tried to brute force accounts, there were no calls to Facebook accounts or to a partner’s email. One in five perpetrators sent a malicious executable file to the victim by mail. The rest used phishing as their main attack vector.
On average, attackers sent 10 messages within 25 days using different pretexts, as shown in the diagram above. The most popular trick is to fake a Google letter, followed by letters from partners and fake emails from strangers.
By clicking on the phishing link, the victim is taken to a landing page that looks like a Google account login page. After entering the password, a page opens with a request to enter the 2FA code. All hackers who gained access to the account achieved what they wanted with phishing. There were no particularly complicated techniques or sophisticated attacks.
To protect yourself and your family from such attacks, experts recommend using a USB hardware security dongle for 2FA, and also being careful – this is a standard recommendation.
Take steps to protect users and email service providers. Google has introduced additional heuristics for user login. Automatic login attempts are also detected and blocked. By the way, after these actions by Google, two hacking services previously contacted by researchers doubled the price of their services.
ORIGINAL PAGE –