Dark Net reveals how hackers exploit vulnerabilities

The Morales Law Firm would like to share this article Dark Net reveals how hackers exploit vulnerabilities published by the SF Gate.

Dark Net reveals how hackers exploit vulnerabilitiesThat hackers regularly and easily steal private data from consumers and companies is sufficiently unsettling. But if you care to examine (and somehow understand) the details of Internet’s dark side, well, it gets just downright creepy.

Threats. Extortion. Secret identities. Russia’s black market. Need I say more?

The end of my naivete came courtesy of a security researcher and blogger named Kafeine, and no, that’s not his real name. He declined to disclose personal details or be photographed. The best I could tell, he sounds European.

Recording our interview was all right, just as long I don’t upload the file to the cloud. Maybe Kafeine was being a bit overdramatic or even paranoid.

After all, he has his enemies.

“Most people know my identity on the defensive side” against hackers, Kafeine said. And by making his living exposing the methods of Internet criminals, he doesn’t want to take any chances with those on the “offensive side.”

This much I do know. The man is an expert on exploit kits, malicious software that bad guys use to infect computers, pilfer information and money, and hold files hostage. Our meeting was arranged by Malwarebytes, a San Jose startup that has developed software to counteract exploit kits. The company hired Kafeine as a consultant to vet the technology.

“He had a great list of samples of exploit kits,” said Malwarebytes founder and CEO Marcin Kleczynski. “In the underground community, he is a very well known figure.”

Simply defined, exploit kits attack vulnerabilities in websites with poorly written code. Unbeknownst to victims, the kits redirect Internet traffic to servers controlled by hackers, which then infect computers with malicious software.

Unlike opening an e-mail with a compromised attachment, there are no obvious signs that something fishy is going on. Users think they are clicking legitimate links to legitimate websites, and they still get infected with malware that carries bad consequences. For example, a hacker can encrypt a users’ files – documents, photographs or videos – in a “crypto locker” and not release the data until the victim pays ransom.

“They always want something,” Kafeine said. “There is a lot of money involved.”

Exploit kits have emerged as the No. 1 scourge in cyberspace, experts say. Nearly 70 percent of exploit kits originate in Russia, where cybercrime laws are relatively weak, according to a report by research firm Solutionary.

In recent years, a thriving, coordinated underground economy has emerged, a place where criminals swap cash to develop and update the kits, identify targets and rent the “weapons” for as little as $50 a day.

“These black markets are growing in size and complexity,” according to a report by Rand Corp., a Washington think tank. “The hacker market – once a varied landscape of discrete, ad hoc networks of individuals initially motivated by little more than ego and notoriety – has emerged as a playground of financially driven, highly organized and sophisticated groups.

“In certain respects, the black market can be more profitable than the illegal drug trade,” the study said. “The links to end users are more direct, and because worldwide distribution is accomplished electronically, the requirements are negligible.”

The Rand report identified nearly 35 new exploit kits in 2013, compared with less than seven years ago.

To combat exploit kits, Malwarebytes took a unique approach to the problem. Instead of focusing on the malware, the startup developed technology that alerts users if common programs like Internet Explorer or Adobe Flash start to behave funny – a potential sign of an exploit kit attack in progress.

Kafeine said he tested the technology and found it to be “100 percent” effective.

“It’s a real game changer,” he said. “I’ve never seen the ability to (detect) so many exploit kits at once.”

The challenge for Malwarebytes is scaling the technology quickly, especially for the business market, Kleczynski said.

“There are some brilliant minds that are coming up with these exploit kits,” he said. “There’s not a company or user out there that hasn’t already been touched by an exploit kit.”