Three rising cybercrime threats

3/28/2012 7:01:08 PM

Three rising cybercrime threats

Just when you think you've safeguarded yourself from electronic security risks, along comes a new exploit to keep you up at night John Brandon explains three up and coming threats, and how to beat them

Text-Message Malware

Description: Text-Message Malware

While smartphone viruses are still relatively rare, text-message attacks are becoming more common, according to Rodney Joffe, senior vice-president and senior technologist at mobile messaging company Neustar and director of the Conficker Working Group, a coalition of security researchers that came together to fight the malware known as Conficker. PCs tend to be well protected today, he said, so some black-hat hackers are now targeting mobile devices. Their incentive is mostly  financial: text messaging provides a way to break into devices and make money.

Khoi Nguyen, group product manager for mobile security at Symantec, confirmed that text-message attacks aimed at smartphone OSes are commonplace now that people  are increasingly reliant on mobile devices. It’s not just consumers who are at risk, he added. Any employee who fails for an SMS ruse using a company smartphone can jeopardise the business’s network and data.

Social network spoofing

Description: Social network spoofing

Users of Facebook, Linkedin and other social networks are vulnerable to attacks that rely on account spoofing. A scammer poses as someone you know or a friend of a friend in order to fool you into revealing personal information. He then uses that information to gain access to your other accounts and eventually steal your identity.

In a typical exploit, someone contacts you on a social network pretending to be a friend of a friend or a co-worker of someone you trust. This new 'friend' then contacts you through text message or email. The correspondence seems legitimate because you believe he has a connection with someone you trust. In another scenario, a scammer might impersonate someone you already know - claiming to be an old school friend, for example. Spoofers can find out your connections by following your public feeds or looking up the names of co-workers on sites such as Linkedin, where you've posted your work information.

GPS Jamming

Description: GPS Jamming

An emerging criminal tactic, which sees hackers interfering with GPS signal, has security experts divided on just how harmful it could become.

Jamming a GPS signal at the source is next to impossible, said Phil Lieberman, founder of enterprise security vendor Lieberman Software. Blocking the radio signals that are broadcast from orbiting GPS satellites would require a massive counter transmission. And because the satellites are operated by the US military jamming them would be considered an act of war and a federal crime.

However, it’s easy to jam GPS receivers using low-cost jamming devices such as one sold by Brando. This jams a receiver by overloading it with a signal that’s similar to the real GPS signal. The receiver then becomes confused because it can’t find a steady satellite transmission.

Lieberman doesn’t give much credence to fears about jammers disrupting aero planes or air-traffic-control systems.

…and how to beat them


"This is a similar type of attack as is used on a computer - an SMS or MMS message includes an attachment, disguised as a funny or sexy picture, and asks the user to open it," Nguyen explained. "Once they download the picture. It will install malware on the device. When this malware has loaded it will acquire access privileges, and it then spreads through contacts on the phone, which each get a message with the malicious attachment from that user."

In this way, said Joffe, hackers create botnets for sending text-message spam with links to a product the hacker is selling, usually charging you per message. In some cases, the malware even starts buying ringtones that are charged to your phone bill, lining the pockets of the hacker selling the ringtones.

Mobile operators try their best to stave off the attacks. For instance, US network Verizon's spokeswoman Brenda Raney said the company scans for known malware attacks, isolates them on the mobile network, and even works with federal crime units to block them.

To keep such malware off phones, Joffe recommends that businesses Institute strict policies limiting that employees can text using company networks and phones, and what kind of work can be done via text messaging. Another option is a policy that prohibits text messaging entirely, at least until the Industry figures out how to deal with the threats.


Once the scammer has established a connection with you, he uses devious means to steal personal data, such as chatting online to find out the names of your family members, favorite bands, hobbies and other seemingly innocuous information. Then he uses that information to try to guess your passwords.

Justin Morehouse, a principal consultant at Stratum Security, describes another type of attack that targets companies. The spoofer might set up a Facebook page that claims to be a company's official fan page, suggesting members should use it to contact the firm.

The page might offer fake coupons to entice people to join, and it soon goes viral as people share it with their friends. Once hundreds of users have joined the page, the owner tricks them into giving out personal Information, perhaps by signing up for additional coupons or special offers.

Consumers are harmed because their personal data is compromised, and the company Is harmed because Its customers now associate the fake Facebook page with the real company - and decide not to buy from that company again. There's no way to prevent a criminal from setting up a fake Facebook page, but companies can use monitoring tools such as to see how their name is being used online. If an unauthorized Facebook page is turned up, the company can ask the social network to remove the fake listing.

Because those networks use a different GPS signal from the one we use in cars and handheld devices. Jamming could, however, be a potentially dangerous issue when it comes to financial records because GPS devices are used in the banking industry to add timestamps to financial transactions, although completely blocking transactions would be difficult, he said, an industrious hacker could theoretically disrupt transactions and cause headaches for banks.

Security expert Roger Johnston, a systems engineer at the Argonne National Laboratory in Chicago, said spoofing GPS signals is the greater danger. GPS receivers are low-power devices that latch on to any strong signal, he explained.

Spoofing could be used for serious crimes - tricking a delivery truck driver into turning down a dark alley, changing the timestamps on financial transactions, delaying emergency vehicles from finding their routes, and so on. There have been no reported cases of GPS spoofing to commit a criminal act, but Johnston warned that the government and businesses must work to deter such attacks.

Taking some extra precautions - using strong encryption technology, engaging only with trusted friends on social networks, and using penetration testing software on corporate networks - can alleviate some fears and help you sleep at night, even If the bad guys keep coming up with new exploits.

  •  2012: the year of the mobile threat
  •  DrayTek Vigor 3200n
  •  What the cyberhackers do with your personal information
  •  Multifaceted Tests : Attempting Server-Side Includes (SSI) Injection Systematically, Attempting Log Injection Interactively & Attempting LDAP Injection Interactively
  •  Multifaceted Tests : Attempting XPath Injection Interactively & Attempting Server-Side Includes (SSI) Injection Interactively
  •  Multifaceted Tests : Attempting Command Injection Interactively & Attempting Command Injection Systematically
  •  Multifaceted Tests : Attempting PHP Include File Injection Interactively & Creating Decompression Bombs
  •  Programming .NET Components : Addressing Other Security Issues
  •  Programming .NET Components : Principal-Based Security
  •  Programming .NET Components : Visual Studio 2005 and Security
    Top 10
    Review : Sigma 24mm f/1.4 DG HSM Art
    Review : Canon EF11-24mm f/4L USM
    Review : Creative Sound Blaster Roar 2
    Review : Philips Fidelio M2L
    Review : Alienware 17 - Dell's Alienware laptops
    Review Smartwatch : Wellograph
    Review : Xiaomi Redmi 2
    Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
    Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
    3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
    Popular Tags
    Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8