Online ID Theft

Saturday, June 23rd, 2012

As a follow up to the “Security Online” post recently, I thought it would be a good idea to highlight some of the methods that hackers and ID thieves can use to obtain your personal information. The result of online ID theft is the same as offline ID theft, with the victim’s identity being used for criminal purposes. However as mentioned in the “Security Online” article recent statistics show online ID theft is decreasing due to the concerted efforts of ISPs, government legislation, and increased awareness of people while browsing the Internet.

However you should still be aware of the following methods that can be used to trick you into revealing personal details.

  • Social engineering
  • Phishing
  • Spear phishing
  • Pharming
  • Web spoofing
  • Botnets
  • Malware (spyware and keyloggers)

Social engineering takes advantage of certain attributes in human nature, such as playing on our fears, that affect the decisions that we make. It can be used to trick people into revealing personal information such as a fake email from a company that the individual trusts, informing them that urgent action needs to be taken.  It may also include a warning about adverse consequences if no action is taken to rectify the situation.

Phishing is a form of social engineering in which personal information is obtained from an individual by deception. Phishing relies on the victim clicking on a link, the result of which can have several consequences. It may then attempt to trick the victim into parting with some valuable information such as passwords and bank account details. It can also lead the victim into downloading malware such as keylogging software, and it may result in alterations to the DNS server software known as pharming.

A more specialised form of phishing is spear phishing which targets an individual by pretending to be an email from someone that they know. It is presumed that the fraudster would already have some knowledge about the victim in order to carry out this sort of attack.

Pharming is similar to phishing in that they both use the same false websites to get information from people. However they differ in that pharming does not rely on users clicking on a link in an email but instead redirects users to the fake site, even though the user may think that they have typed in the correct web address of their bank for instance.

One way of redirecting the websites traffic is by altering entries in the desktop host file which has its own local name to IP address mapping. Once the file has been changed the user will be redirected to the false site.

Another pharming method exploits the vulnerabilities in local network routers. Often broadband routers, bought for home networks, are set up using the default user name and password which are not changed. By using JavaScript and Java applets the hackers can then obtain the IP address and change the routers firmware, which than allows the preferred DNS servers to be manipulated. The user can then be directed to a compromised DNS server.

Web spoofing works by tricking your web browser into connecting to a web server that is controlled by a hacker.  The victim would appear to be connected to the World Wide Web when they are in fact connected to a hacker’s machine.

The hacker’s web server sits between the World Wide Web and the victim’s machine and they can see all of the victim’s activities. The hacker can see passwords and bank account details and is also able to interfere with data being sent to and from the victim’s machine. The hacker’s server rewrites the URLs so that they appear legitimate to the victim, making the deception very difficult to spot.

Malicious software or ‘malware’ is a term that is generally used to refer to any software that is designed to gain access or to damage a computer system including a single desktop PC, server or a computer network. The term ‘computer virus’ is often used in error to refer to all types of malware, rather than referring specifically to a true virus.

Types of malware include viruses, worms, Trojan horses, rootkits, and spyware. However Trojan horses are also commonly used to infect a computer with various types of spyware and keyloggers which are used for online ID theft.

Using malware, whole networks of infected computers can be created called botnets. The unsuspecting user can download the ‘bot’ via a virus or worm, and once infected their computer can become part of a large network of tens of thousands of infected machines. However smaller botnets of maybe only a thousand bots are increasingly used as they are harder to detect.

The malware can also be hidden by a technique known as ‘rootkitting’. Some rootkits are known to actively hide specific files, as well as registry and port data. While other rootkits disable tools that are meant to identify malware, such as anti-virus software, task manager. Because rootkits are activated before the operating system has booted up it makes them difficult to detect.

The botnets can then be used for phishing attacks, denial of service attacks (DOS), installing spyware, and spamming. The bot may then also be used for Id theft as a means for spreading phishing attacks, and spyware.

Spyware is malware that is usually installed on an individual’s PC without their knowledge. It can then be used to collect information about the person such as web browsing habits, and list websites that have been visited. It can also be used to redirect the web browser to compromised sites, and install additional software.

Keystroke logging or ‘keylogging’ is used to log the keys that are struck on a keyboard usually without the users’ knowledge. Keylogging can be done at a very low level on the computer. Keyloggers can run under the operating system or even at the kernel level, making them very difficult to detect. The data that they collect can then be passed on by uploading to a website, emailing the data, or by allowing remote access to the machine and the keylogging information stored on it.

Besides being tricked into revealing personal data by malicious software users can also be responsible for giving away personal details by their own lack of responsibility and caution when they are using social networking sites such as Facebook, Bebo and MySpace. User profiles can reveal a lot of information that can be used by a fraudster, as well as other criminals.


Tags: , , , , , ,