Italian mafia cybercrime sting leads to 100+ arrests

Looking over your shoulder: when small mistakes have big consequences

People up to no good get themselves caught in an endless number of ways. This has always been the case in the real world, and continues to be true online. No matter how talented, how daring the schemes, greed and the desire for fame often win out. This has disastrous consequences for those caught, and a little more illumination for those of us taking part or watching from the sidelines.

Anybody can be caught in the act. Even groups with near mythical levels of skillset-cred fall by the wayside. It is, in the worlds of one Agent Smith, inevitable.

Well, occasionally inevitable.

The ever-shifting sands of “I’ve made a terrible mistake”

A recent articleover on ITPro highlights some of the ways would-be cybercriminals and those at the more professional end of data snatching get themselves caught. So-called script kiddies can take a couple of weeks; big name groups can take longer, but they can still fall foul of the smallest mistake.

Some of the most common mistakes listed in the article are combinations of technical misfire, greed, lack of skill, and unfamiliarity with social engineering. How can things go wrong for the unwary? Let’s take a look.

Technological mishaps

Something we see happening is tiny slices of technology causing major ripples in unexpected ways. A person may have a great plan, a plan B, and a bunch of other what-ifs and workarounds. It all comes undone in the most unexpected of ways. If the founder of the infamous Silk Road can run into problems with VPNs, so can anyone.

Even if the VPN doesn’t glitch out at the worst possible moment exposing an IP address, forgetting to switch it on in the first place can give the same end result. Many years ago, a fairly prolific defacer of websites I was tracking fell foul of this problem. They became addicted to the rush of posting their latest compromises to a hacking forum dishing out kudos points for cool hacks.

Their lack of skill beyond the basics coupled with the fame rush resulted in a forum hack from their college network, with the VPN switched off. I’m still unsure if the hack they used was misused somehow and resulted in their IP posted to the defaced page, or this was revenge from the admins. Either way, enough pieces of the puzzle were available that this individual ran into trouble shortly after and ended their defacement activities. 

Oh no, my trophy storage

People involved in compromise, defacement, and other actions simply cannot help themselves with a bit of showing off. It stands to reason that those with this inclination end up assembling a large trophy case marked as “all the evidence goes here”. This trophy storage may take the form of a list of site defacements posted to a forum. It may be on passwordless server storage running off their home network. It might even just be a collection of zipfiles in cloud storage somewhere.

Other times, it may be files grabbed by malware and uploaded to a server with no encryption or passwords applied. It’s left to sit around for the longest time. Once law enforcement comes knocking, it’s likely too late for the accused to do anything about it.

When makeovers go horribly wrong

Back in the Myspace days, we’d sometimes see someone take their first steps into the defacement scene with a revamp of their personal profile. Where once it contained their name, location, and home photographs, it now looked very much like someone had just watched Hackers and decided to HACK THE PLANET.

Unfortunately for them, they didn’t know about the existence of search engine caches, or services like Internet Archive. They also failed to consider the dozens of messages in the comments section calling them by name. This is partially one reason why smarter people in the Myspace hacking scene would place their top friends outside of the top friends box, and place random people there instead.

Even without technical mishaps or overflowing trophy cabinets, there are other ways to fall on your own sword composed of ones and zeroes. The social aspect of underground forums often leads to people letting their guard down. A bit too much information shared, a little too friendly in the direct messages, and it all adds up.

Revealing too much information about yourself on forums and in chat, posting in bragging threads where you display your best hacks, can lead to disaster. Other people caught by law enforcement can turn informer, and socially engineer details from individuals who feel they’re in a safe, relaxed environment.

Turning the tables

The forums themselves can suddenly switch from safe-haven to massive bearpit of law enforcement pandemonium. Some underground forums have a very strict no-spam policy. They strengthen this stance in what may sound like very surprising ways. Some refuse to allow users to login via proxies or VPNs. That’s right: they need to use their actual IP address. How do you think this pans out if the forum is taken over by the authorities? Or simply compromised by somebody for giggles with the forum logs dumped into the wild?

The other suspicion is that any supposed underground forum demanding real world information could well be a sting operation. How does someone ever really know before they sign up?

It’s a dog eat dog world out there

If someone avoids spilling too many beans or posting incriminating information, it can still go wrong. As we’ve seen recently, little fish are tasty treats for more experienced hands. People regularly post hacking tools and phish kits to dedicated forum sections. Every so often, we see someone drop a booby-trap onto a site and gobble up all the data from compromised forum-goers.

This isn’t new, and neither are any of the other pitfalls and mishaps listed above. Even so, overenthusiastic forum-goers will keep walking into them and providing headlines for years to come. Is it reallyworth the worry?

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.