Falling Into The Black Hole

Posted February 16th, 2012 at 1:18 am (UTC-4)

An Old Hack Technique Gets A New Twist

Doug Bernard | Washington DC

Hackers may not always be the most innovative group. But as a rule, they are sneaky.

That’s exactly how the latest hack target, Cryptome.org, summed up the recent hit on its website: “sneaky.”

One version of a black hole (Creative Commons: Gallery of Space Time Travel)

A well known anti-secrecy site, Cryptome tends more to be a repository of information that others have obtained using various computer hacks, rather than the victim of a hack itself. But this week thousands of visitors who thought they were visiting the Cryptome website instead found themselves redirected to malicious websites. At the root of the attack is a rapidly growing technique that some are calling “malvertising.”

It works like this. A hacker creates a legitimate-looking ad that has malware hidden deep inside. Now a Trojan horse, that ad is submitted to the large online advertising networks, which then distributes the harmless-looking ad to specific websites. When a visitor clicks on the bad ad, they launch the attack and their computer is compromised.

In and of itself, this is hardly a new technique. However, the Cryptome attack is just the most recent in a growing string of attacks using something called the Blackhole Exploit Kit.  This can get a little geeky, so we’ll try and keep it basic.

Created by Russian hackers, Blackhole is essentially a bag of bad computer code, all designed to target vulnerabilities in a target computer’s operating system. A recent report from M86 Security notes the Blackhole Exploit Kit has become the tool of choice for many hackers, in part because of its “capability to update frequently and rapidly to take advantage of application vulnerabilities.” Driving the point home, a Sophos Corporation analysis of 2012 Internet security trends says these redirect ploys account for 67% of all computer hacks, with Blackhole accounting for a full 31% all by itself.

What was new in the Cryptome hack was security analysts are calling “drive-by” technology. In other words, a visitor to a website with an infected Blackhole ad no longer has to click on the ad; just viewing the page can be enough to inject malware onto your computer. Additionally, as Fahmida Rashid of eWeek.com reports, the Cryptome attack “specifically avoided targeting IP addresses from Google to prevent the search engine from blacklisting the site.” Meaning users were unlikely to know they were under attack until it was too late, and the bad bug was created to avoid being targeted by the world’s largest search engine.

In a word: sneaky.

Cyber security analyst Brian Krebs has a good piece exploring how users of Blackhole malware specifically profit from their misdeeds, while writers at the Imperva Corp’s “Security Blog” have a highly detailed dissection of Blackhole and how it works. Neither are light reading, so we’ll skip to the point: no matter how careful you are on the Internet, it’s becoming harder not to fall into a black hole.

4 responses to “Falling Into The Black Hole”

  1. Yiddish says:

    A website hosted in the United States since 1996 by independent scholars and architects, the site would be evicted from its hosting company.

  2. RudiKelle says:

    Obvious Q. – did i get one here? …

  3. If you ever fell into one, you would get squashed like a rubber band. You would not write a letter to your family about it.

Leave a Reply

Your email address will not be published. Required fields are marked *

What’s Digital Frontiers?

What’s Digital Frontiers?

The Internet, mobile phones, tablet computers and other digital devices are transforming our lives in fundamental and often unpredictable ways. “Digital Frontiers” investigates how real world concepts like privacy, identity, security and freedom are evolving in the virtual world.

Find us on twitter


February 2012
« Jan   Mar »