Cyber “BUGS”

Software for privacy invasion

The same trends seem to be in place for the software monitoring market. Computer monitoring software[17] is very popular and comparative research is up-to-date and very thoroughly done, base on features, functionality, reliability, and customer feedback.

Mobile phone monitoring software[18] is an even more sensitive area, as mobile phone are virtually anywhere with us. Both computer and mobile phone software is marketed as 100% undetectable, with the application running in the background and not raising any suspicions.

One of the most popular features of computer or mobile phone surveillance is stealth camera[19], a function that allows you to turn almost any smartphone, laptop or tablet into a complete spy tool[20].

 

Can spyware be disguised within emails, social media, web chats etc?

Emails, social media, web chats and other methods of communicating online are now one of the most used aspect of internet for users. To put this into perspective in 2015[50], out of the total world population of 7.2 billion, 3.01 billion use the internet and 2.01 billion of them have active social media accounts i.e. approximately 30% and 3.65 billion i.e. 51% are mobile users. This makes 30-51% connected users vulnerable to spyware and phishing online.

These attacks can be either personal or mass targeted. There are different kind of spyware, from ones that run in the background, gathering user information to simple ones, which ask for the information from users.The most used and well-known method of targeted spyware is phishing. Phishing[51] is a technique that uses spam, malicious websites, email messages and instant messages, social media and other tools to trick people into divulging sensitive information with immediate profit potential.

A common phishing method is to collect sensitive information by pretending to be a trustworthy entity. For instance, posing as a legitimate source, requesting personal information through email[52] and directing recipients to fake sites to enter their data gives phishers access to the exact kind of information they are looking for, most commonly financial information. This information is then used to impersonate the victim and actually steal their money.

However, the world of phishing is very broad, from attacks targeting tens of thousand of potential victims at once, to focusing on a single individual at a time. Google recently published a study[53] demonstrating that manual phishing attacks, the ones that don’t use any automated tools, and simply spend time profiling their targets, are the simplest and most effective method for hacking email accounts.

A good example[54] of manual targeted phishing is this: the attacker scans a social network site, finds a potential target, finds a list of friends and a reference to a cool device the target has just bought at an online retail site. Using this information, a spear phisher could pose as a service assistant from the vendor, asking the target to confirm credit card data or change the password, allowing him access to the victim’s financial information.

Phishing can also be very effective when using more interactive means, like instant messaging or web chat and tricking the user into believing that the attacker is a service provider, usually a live chat[55] disguised as support service for a big e-commerce company or software company. By asking the right questions, an attacker can acquire the victim’s credentials and access the financial information linked with the victim’s actual account.

Basically any form by which the perpetrator can legitimate its action of asking for personal information can be used, from email to web chat and messaging, to social media interaction or using the contacts of a victim to pass on the fraud. Attackers usually take advantage of the cyber context to substantiate their request for information. For instance, a lot of last year’s phishing attempts used the general panic regarding the Heartbleed vulnerability[56] in the popular OpenSSL cryptographic software[57] library to ask victims to change their passwords or other account information in order to protect their potentially exposed personal and financial information.

 

Mobile phone monitoring

Although some cell phone spy programs are unobtrusive and can only be detected using professional services and instrumentation, sometimes there are noticeable signs that might cause concern. Certain indicators can raise suspicion on an eventual cell phone monitoring[58] [59] [60]:

  • trouble shutting down – this is one of the most common issues with bugged cell phones. Background applications could significantly slow the process down.
  • experiencing odd phone behaviour – from turning on unexpectedly, to making noises when not in use or installing programs on its own
  • battery rundown – extra software activity, especially when running 24/7 may cause sudden changes in your phone’s battery life
  • high device temperature – if your battery is in constant use, it usually becomes hot. If you notice your phone is warm when you’re not using it, this may be because something is constantly running in the background
  • increased data usage – some spy programs broadcast information directly using extra data, leading to increase in monthly usage
  • receiving coded text messages – text messages containing random characters can sometimes result from communication attempts between your device and another

Some of these symptoms can be of course caused by overuse, bad connection or interference, but if they appear suddenly and constantly, they could be a manifestation of spyware on the cell phone. While cell-phone spy programs are versatile and complex tools for privacy invasion, most people are not aware of what they can actually do. A list of common features based on the most popular spy[61] applications[62] include:

  • spy on calls, SMS, MMS
  • spy on emails and instant messaging
  • spy on passwords
  • track GPS location in real time
  • monitor internet use: social networks, downloads, etc.
  • access contacts and calendar
  • stealth camera – using the phone’s camera to take a secret picture that is sent to your account
  • geo-fencing – finding out when the user has entered or went outside a specific area

 

Websites selling equipment for privacy invasion

To see how easy it is for individuals to acquire surveillance devices online, here are some examples of websites which sell equipment for privacy invasion:

For Physical Security

  1. http://www.brickhousesecurity.com/category/hidden+cameras.do
  2. http://www.safetybasement.com/Spy-Listening-Recording-Devices-s/389.htm
  3. http://www.spygadgets.com/hidden-cameras/
  4. http://www.pimall.com/nais/neweyeglasscam.html
  5. http://www.spytecinc.com/

For Cyber Security

  1. http://www.mspy.com/
  2. http://www.mobile-spy.com/purchase.html
  3. http://www.flexispy.com/
  4. http://www.spytech-web.com

 

Ease of Hiring a Hacker

There is an overwhelming number of spying tools out there. Although, their use can be amplified by professional hackers, who are easy to find and hire online.

The ease of hacking can be showcased by the fact that if someone searched for “hiring hackers” on Google, the first page of the search results usually displays at least 4, sometimes 5 niche websites selling professional hacking services, 3 or 4 articles explaining the process of hiring a hacker online for personal “projects” and maybe one referring to various trends on the cyber security market, involving hackers. The same goes for similar keywords like “hackers for hire”, “professional hacker”, “hire a hacker”.

Even more remarkably, searching for “hacking services”, the first page shows no less than 8 niche websites for contracting professional hackers with the remaining 2 results being articles about the new “hacking as a service” trend.

Some examples of websites that offer hacking services:

  • neighborhoodhacker.com
  • hackerslist.com
  • cryptohackers.com
  • hacker1337.com
  • hirethehacker.com
  • centralhacker.com
  • hackerforhire.com
  • ihackers.com.co

An entire market seems to have emerged, one that was once functioning in a grey area, but now out in the open. There is nothing different between these kind of websites and other freelancing platforms, offering services online other than the specific focus on the hacking capabilities of their contractors.

Some of these service providers act as a team, allowing the client to place a request that will be resolved anonymously[21].

Others make it more personal, allowing anyone to place announcements for hacking jobs and enable pre-approved hackers to enter the bid for receiving the assignment, get personal reviews and build visibility on the market. Some platforms offer additional services, including personal assistance with the project, other market themselves as only working with Certified Ethical Hackers[22] as opposed to malicious hackers.

Their most commonly offered services are marketed as security services[23]: from recovering passwords from computers, mobile devices, E-mail accounts, Facebook and more, to hacking online accounts like Gmail, Yahoo!, Hotmail, AOL, to Social Media & Cyber Stalking Investigations, Online Fraud Investigation, Mobile Security or Cyber Bullying. Others market their services straightforward, ensuring discreetness[24] and fast results.

One of the most transparent websites that provides such services to whomever might be interested is hackerslist.com. Assignments are publicly visible and anyone can get an image of what people are willing to pay for and what are the costs for such services:

  • most of the requests are for hacking social media account costs between $300 and $2000, depending on the “package”
  • hacking instant messaging accounts – $600 to $1500
  • cleaning driving record – received bids between $100 and $1000
  • removing negative Google article – received bids between $500 and $2000
  • changing university grade – received bids between $500 and $2000, while high-school grade change received bids $100 – $500
  • pre-engagement screening is also a popular service ranging from $100 to $600
  • accessing video surveillance system is a rather inexpensive service – $100 – $1000

These kind of services and availability make it all too easy to find and pay hackers to carry out cyber attacks and open up a whole new range of possibilities for anyone with an interest in unavailable information.

 

Can free (or under $50) software (or service) be bought for spying online? If so what does it do? And why is it worrying?

Online monitoring of individuals, devices or places is now easier to attain and harder to detect than ever, with free or inexpensive monitoring software readily available for download and use. One of the first type of computer use monitoring programs is the key logger, which records key strokes and turns them into a log which is accessible online. Key loggers were initially developed to record passwords, but evolved into complex computer surveillance tools[31], featuring options like black listed words and real-time notifications. Some key loggers are free to download and use.

Other popular spying software apps can turn a computer’s webcam into a remote surveillance system and link it to your cell phone for live video-streaming. Motion detection, instant alerts, desktop capturing, remote controlling, even automatic license plate recognition are just a few of the features such systems offer. One of the most option-rich spy camera applications is also free[32], while others cost just a few dollars[33].

The cell phone surveillance market is maybe the most dynamic, offering tens of options for stealth phone monitoring, from instant access to phone calls or text messages, to simply turning the device into a full-feature covert surveillance tool. Common capabilities provided by such software include: audio and video recording, taking pictures or turning the camera on remotely, location tracking, monitor emails and social networking, recording passwords and many others. Most of the available programs cost up to $50 for a 3 months license. Some examples are:

  1. http://maxxspy.com/select-plan-and-price.aspx?lang=en-US
  2. http://www.mobile-spy.com/purchase.html
  3. http://www.mspy.com/buynow.html
  4. http://www.prospybubble.com/
  5. However, there seem to be free as alternatives available:
  6. https://mobile-tracker-free.com/
  7. http://cell-trackers.com/

 

SOURCES

[17] Source: http://monitoring-software-review.toptenreviews.com/

[18] Source: http://www.bestphonespy.com/

[19] Source: https://spycellphone.mobi/flexispy/stealth-camera

[20] Source: http://www.highstermobile.com/

[50] Source: http://www.slideshare.net/fullscreen/wearesocialsg/digital-social-mobile-in-2015/6

[51] Source: http://www.phishing.org/phishing-techniques/

[52] Source: http://www.phishing.org/scams/email-phishing/

[53] Source: http://securityaffairs.co/wordpress/30020/cyber-crime/manual-phishing-attacks.html

[54] Source: http://us.norton.com/spear-phishing-scam-not-sport/article

[55] Source: http://news.netcraft.com/archives/2013/05/07/live-chat-used-in-phishing-attack.html

[56] Source: http://tech.firstpost.com/news-analysis/new-phishing-scam-exploits-heartbleed-fear-to-con-users-222657.html

[57] Source: http://www.computerworld.com/article/2490169/security0/phishing-campaign-touts-fake–heartbleed-removal–tool.html

[58] Source: http://spyzrus.net/how-to-tell-if-your-cell-phone-is-being-tracked-tapped-monitored-by-spy-software/

[59] Source: http://spyrambly.com/6-surefire-signs-your-phone-is-bugged

[60] Source: http://www.makeuseof.com/tag/6-signs-cell-phone-tapped/

[61] Source: http://www.top10spysoftware.com/

[62] Source: http://www.bestphonespy.com/

[21] Source: http://cryptohackers.com/services.html

[22] Source: http://neighborhoodhacker.com/about-us/certified-ethical-hackers/

[23] Source: http://neighborhoodhacker.com/services

[24] Source: http://www.hacker1337.com/website-hacking-service.html

[31] Source: http://phrozenblog.com/?p=140

[32] Source: http://www.ispyconnect.com/features.aspx

[33] Source: http://icamsource.software.informer.com/