The Seven Most Dangerous Hacker Tricks
1. Spear phishing
Spear phishing is a specific form of phishing. In the past, phishing was primarily aimed at making masses of users fall into the trap. Spam mails were not personalised, but as general as possible. By contrast, spear phishing attempts to use as many personal details in an email as possible. Thus spammers scour through public directories such as Facebook and other databases to be able to address recipients by their names. Combined with deceptively genuine looking designs of banks, PayPal or Amazon, such emails give the impression of being legitimate and mislead recipients into clicking a phishing link in the email. The more appropriate the information about the victim, the more underhanded the attacks get. If a phisher has information about the area of responsibility of the victim in his company, he sends him an email with a corresponding meeting invite. If a malicious code has to be sent via an attachment, the attackers increasingly use manipulated documents that prefer to make use of Zero-Day exploits. The documents pass through most spam filters and due to security loopholes, they often grant comprehensive access rights.
Precautions: Regularly install updates for Windows and always check the source of unknown data.
2. Smart-TV attacks
Modern smart-TVs display Internet-based content of content providers such as television stations via the HbbTV platform. Unlike desktop browsers, there are no security protocols for TVs. It is not possible for users to determine whether the content, which is displayed on the TV via HbbTV, is legitimate or whether it has been manipulated. Hackers could, for instance, integrate fake URLs in the DVB or control signal for packet-based video networks (DSM CC) and force the television to call up fake websites and not the media library of the TV station when the red button on the remote control is pressed. Even content spoofing, i.e., the substitution of legitimate content by manipulated content via Man-inthe- Middle attacks is possible, because hardly any TV station uses the SSL encryption for transmitting its HbbTV content.
Precautions: Always use up-to-date firmware provided by TV manufacturers on their websites.
In clickjacking, the content of one website is invisibly superimposed with components of another website. In a normal case of clickjacking, browser users unknowingly grant hackers access to their webcams and microphones. For this, the hackers loaded the settings page of the Adobe Flash browser plug-in in an invisible iFrame. While the victim clicked seemingly harmless buttons on a website, each Flash animation in the foreground granted access to the webcam and microphone of the computer.
Precautions: The latest browsers provide protection against clickjacking. They read the page headers and block harmful frames.
4. Audio virus
It sounds like the script for a science fiction film: to steal information, audio viruses use low frequency sound signals, which link PCs that are not connected at the network level. The malware bridges distances of up to 20 metres as the crow flies as the researchers of the Fraunhofer FKIE showed in an experiment, in which they built an adhoc computer network using audio signals. Then they let the data, which they had intercepted via a keylogger, to “hop” into the adjacent offices via PCs. They used software that was originally developed for underwater communication. It seems however, that the method functions perfectly well even outside the laboratory. The security advisor Dragos Ruiu recently reported that his MacBook was behaving strangely. The system that he had newly installed surprisingly executed a BIOS update. It then transmitted data – even after Ruiu has removed the network and Bluetooth card. The device did not allow booting from a CD ROM and reset configuration changes. Shortly thereafter, the other laptops nearby showed the same behaviour.
Precautions: To stop the infection, you just need to switch off the sound card and microphone because the virus spreads via high frequency sounds. However, since then there has not been another case with a similar nature.
It is not a pleasant thought: hackers access the laptop webcam via a remote connection and record intimate details from the lives of their victims. Bugging a user’s webcam is called camfecting. To tap the camera, the hacker must first infect the victim’s computer with corresponding malware. In most cases, this task is accomplished by using a Trojan, which is sent as an attachment (via phishing), installed as drive-by download or hidden in manipulated video files.
Precautions: Avoid opening attachments, use firewalls and virus scanners as well as a secure WLAN.
6. AR exploitation
According to security companies, hackers are increasingly focusing on AR (Augmented Reality) devices like Google Glass, which display useful information to the user. The targets of attack are the cameras integrated in such devices: hackers can intercept images when PINs or passwords are entered and misuse them. Glass & co. provide detailed information about the daily activities of the user as well. Anti-virus manufacturer Trend Micro thinks that in the coming years, AR devices shall become the preferred targets of attack to obtain personal information.
Precautions: Always use updated firmware for these devices.
7. Watering hole attack
In watering hole attacks, legitimate websites, such online shops or banks, are manipulated directly. The hackers exploit security loopholes of older server operating systems and smuggle a code into the websites. Hackers select the web server to be manipulated depending on the target of attack. For mass attacks, they prefer to change popular websites. When it comes to targeted attacks such as industrial espionage, hackers infect those sites that the selected victims feel are safe to open, for example, the website of a law firm or a development tool. In 2013, some unknown hackers attacked Facebook and Apple employees via their developer websites. However, most attacks of such nature, i.e. almost 25%, are targeted at porn websites.
Precautions: Server operators can take some action to protect themselves from watering hole attacks. For example, “server hardening”, components and functions that are not necessarily required for executing tasks are removed from the operating system. Programs and web applications such as forum software of admins must always be up-to-date. It is also important to have strong and individual passwords for clients and servers.