Security Firm Finds Hackers Forums Who Offer n00b Hackers Training

IT security experts have long loved to troll through hacker forums to gather intelligence on emerging threats and even (as in the ill-fated case of HBGary Federal CEO Aaron Barr) try to profile the hackers themselves. But as a report from IT security firm Imperva shows, many of the so-called hacker portals out there are more hangouts for newbie hackers (and possibly a few budding FBI informants) looking at how to get started in the game.

In its fifth entry of its series of “Hacker Intelligence Initiative” monthly trend reports, Imperva provided a detailed analysis of the types of conversations and information being passed around in one of these portals. By monitoring conversations on these public sites, the report suggests, IT professionals can get clues on what vulnerabilities hackers are attacking, technical insight into their tools and techniques, and a sense of the type of data being bought and sold. There may also be a hint or two about the direction to look in for future attacks (hint: it’s mobile devices).
The main flaw with the report is that it chose just one site to analyze: Hack Forums, a Web bulletin board that Imperva describes as “one of the largest-known hacker forums with roughly 250,000 members.” As a public bulletin board, Hack Forums is by its nature awash mostly in those new to hacking, those eager to share and show off their skills, and a fair number of security researchers and journalists. And if you believe a report from the Guardian from June, at least a quarter of the audience is FBI informants.
For the most part, the content Imperva found largely matches what you’d expect from a site that caters to beginners. More than two thirds of the content on Hacker Forum’s boards is centered around three topics that resonate with entry-level hackers: “beginner hacking” (25 percent), hacking tools and programs (22 percent) and website and forum hacking (21 percent). Even in topics that might fall outside of the beginner class, however, the the content of the site’s discussion threads is often largely of inexperienced users’ requests for information or shortcuts to bigger fish. For example, a recent thread on Facebook consisted of a post asking how to hack a Facebook accounts, followed by a long string of people telling them that it can’t be done, and a few people posting sales pitches for tools vaguely related to the request.
All of this content, the report claims, helps train armies of fresh recruits for various hacker groups, who recruit through the forum. And there are some very well-crafted tutorials on Hack Forum, including some on SQL injection attacks that should be required reading for LAMP Web developers. But there’s also a lot of demonstrations of teenage gamer asshattery,such as YouTube videos showing off denial-of-service attacks used to take down game servers.
The report also suggests that nestled in among the discussion chaff is a wealth of data on what sorts of attacks hackers are developing—though by the time they filter down to a public board like Hack Forum, they’re likely already in regular use by cyber-criminals and security researchers. While the most popular attack topics Imperva tracked on Hack Forum were fairly old school (denial of service [22 percent] and SQL injection [19 percent], with spam coming in a close third at 16 percent), there are a growing number of discussions about attacks for iPhone, Android, Nokia and BlackBerry. The iPhone is the biggest target of interest, with as many discussions about it as all the others combined.
The Imperva report’s authors admit that drilling down on a single forum is a somewhat limited way of getting a good picture of the hacker mind. “Though there are many forums that are small and solely focused on committing cybercrime,” the report states, “we don’t have access to these. The site we examined is not a hardcore crime site, but it’s not entirely softcore either. New hackers come to this site to learn and on the other hand more experienced hackers teach to gain ‘street cred’ and recognition. In the past, this forum has helped security researchers identify illicit cyber activity. Typically, once hackers have gained enough of a reputation they go to a more hardcore, by-invite-only forum.”
One of the ways that some hackers are apparently trying to build their reputation is through a social networking and game site called RankMyHack.com. The site, which was alleged to have been set up by a security researcher, awards points to hackers when they provide proof of responsibility for a site hack or defacement. Register with your e-mail address, and you can start submitting your hacks under your chosen hacker tag to push your way up the leaderboard. The alleged top hack posted on RankMyHack’s homepage is of the Huffington Post. There are also point bounties posted for taking down sites of organizations like the Ku Klux Klan, as well as any .mil, .edu or .gov site.

Categories:

1 comments:

If you are in need of financial Help, don't hesitate to place an order for a program card that can withdraw any amount you want. Deserve Cards are very transparent and easy to deal with. You can Purchase Deserve cards that can withdraw up to $50,000 to $100,000 limit without being detected because of the programming of the card. I'm extremely grateful to them for being honest with their words and delivering the card to me. This is the third day of receiving the card and I have withdrawn $9,500 from the Deserve Programmed Card. I tried purchasing the card previously from someone else, but it never arrived until I tried skylink technology for those in need of more money, you can also contact them. you can place order for the card Via whatsapp +1(213)785-1553 or their Email: skylinktechnes@yahoo.com