02 Nov Hacking in Winter Wonderland
30 Dec Gaming the Security
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Gruezi (Swiss for "hello") from the Hashdays conference, together with my colleagues Marta Janus and Marco Preuss, held in beautiful Lucerne in Switzerland . The event is hosted by DEFCON Switzerland, which was founded in 2008. Their mission is to educate in IT security skills and know-how. According to them, the best way to show how to prevent systems from becoming unsecure or getting hacked is to introduce and demosntrate current attack techniques. Additional fact: this is the third edition of the conference and it's sold out for the first time. This already proves the high quality of the event. Honestly, this is easily one the best conferences I attended so far. The quality of both the content and the delivering has been outstanding so far. I can recommend anyone interested in IT security taking part in it.
The long and eagerly awaited closed beta run of Diablo 3 has finally begun and Blizzard has sent out the first set of invitations to registered gamers all over the world. In order to have a chance to be among the lucky ones who can play it, you have to have a Battle.Net account and opt in for the closed beta run in the first place.
We have seen huge amounts of fraud mails in the area of gaming in the past, scaring the potential victims with disabling gaming accounts due to allegedly suspicous acitivities or security issues, luring with free bonus items and – you guessed it – invitations for a closed beta of a long awaited game or add-on of an existing – popular – game. The scheme works the same way in almost all cases: the recipient gets lured to click a given link and to type in the login credentials on the landing page – which is a replica of the original webpage of the targeted game. As a consequence, your beloved and well cared for account gets stolen!
Airport kiosks have achieved a wide distribution nowadays. They offer the convenience of having access to all sorts of travel related information, IP-telephony as well as to the Internet while on the road. Which is a good thing!
However, when I travelled back from BlackHat and DefCon 19 and checked in at the Mc Carran airport in Las Vegas, one of these machines caught my eye. It showed a website I know pretty well – Facebook! But it wasn't the Login screen - as it should be - but the profile page of a member. Someone had forgotten to logout of his or her account. Anyone in this airport would now have full access to all data and - of course - be able to write status messages on the profile page of the account owner and all people in the friendlist – which could harm this person‘s reputation. Which is a bad thing!
When I was checking Facebook this morning, I spotted some friends posting the same message all over their friends' walls. Well, another likejacking scam I assumed. So I did what I usually do when this happens, I wrote them a quick note telling them to clean up their Facebook apps and delete the wall posts. Nothing spectacular so far, as this happens on quite a regular basis. But wait...
Something's different this time: the whole scam is delivered in German! A really rare occurrence, but something which I expect to happen more often in future. “Why?” I hear you ask. Well, here's my theory:
About 70% of all Facebook users are based outside the US which means more than 350 million people, according to official Facebook statistics. These users don't speak English as their native language for the most part. For cybercriminals, this means that they miss the larger part of their target audience. Since most people in the world understand English, previous scams of this type worked out quite well, but they were also easy to spot outside the US and the UK, because it’s quite odd when people start writing messages in English when they usually don't. At the same time, likejacking scams have become better known among users of social networks. For these reasons the people behind the scams are doing what they started doing with spam years ago: they are localizing the content in different languages to broaden the target audience. While the messages in those days were heavily flawed in terms of language and design, the process with today’s social networks has been perfected much faster, as this example proves:
Modern game consoles are not only dedicated to gaming anymore, they rather offer a great variety of entertainment and many methods to support the whole gaming experience by offering platforms to meet other gamers from around the globe, share thoughts via private messages and status updates, a fully fledged browser to surf the web, media server capabilities and even online stores to buy games and additional game content via credit cards and gift coupons, which can be bought at shops if you're not having a credit card.
Does that remind you of something? Indeed, it's actually pretty similar to a social network - and it can also be connected to Facebook & Co. to keep your friends updated what trophies or achievements you just won.
In terms of security the vendors of these consoles did a pretty good job, all inner systems got hardened and signed installers made sure you can't install anything you want - which may annoy some people but keeps the system secure. But now it seems like the game has changed for the PS3. While it was possible to jailbreak the system with specially crafted USB sticks before, the first soft-mods are now available. The reason behind this? Four years after the release of the PS3 the master key was now found out by a group of modders. Many gamers now take their chance to individualize their system by installing a home-brew environment that allows to roll out programs unapproved by Sony.
So what are the consequences? First of all, many people will jailbreak the PS3 just for the sake of it, because it's considered fashionable as it is with the iPhone, as my colleague Costin points out in a recent issue of Lab Matters. Unfortunately most people are unaware that this might open the floodgates for malicious or unwanted software. Parallels to the Ikee worm on iPhones are inevitable. This worm spread itself only via jailbreaked iPhones - making apparent how many devices are actually jailbroken and how dangerous this can be. And now home-brew software variants for the Playstation 3 have been released and are spreading through the web over different sources. Who knows what's behind those offers? The original intention of the programs might be benign, but who knows if the installer package has been compromised and re-offered for downloading?
As pointed out before, buying games and related content from the online shop via credit card is popular and potentially dangerous if homebrew software is installed,as the software could carry out a man-in-the-middle attack or redirect to phishing sites. Alternatively, installed games or the respective game scores could be blocked and thus the software would act as ransomware or send out spam via the internal message system... There are many malicious possibilities that the bad guys can utilize for financial profit!
Are these scenarios realistic? -Unfortunately yes
Is it going to happen? -I hope not...
Every company has its basis, the community, which greatly helps to improve the products by giving feedback and input. Kaspersky Lab can count itself lucky to have very diligent people which honorary moderate our official Kaspersky Lab forums, test our beta versions to find bugs before new products hit the market and create community projects.
This week we finally met some of our friends in person since they visited our German office in Ingolstadt to exchange ideas and discuss possibilities to improve our cooperation. Colleagues from retail support, the localization and testing team as well as virus analysts attended the meeting from our side.
We learned about community projects and what role Kaspersky Lab could play in it to support the undertakings. We discussed our products and my colleague Stefan Ortloff demonstrated how to reverse malware.
Looks like Moscow, but it isn't. Winter has now officially started off in Germany.
Overall, this was a very fruitful event. Thank you all for visiting us despite the adverse weather conditions. And an additional BIG thank you to all the active people in the community, your help is greatly appreciated!
This was the first meeting of this kind in Germany, but certainly not the last!
In the last two weeks thousands of Facebook users fell for a so-called likejacking scam. A link on Facebook invites you to see for example the 101 hottest women in the world and leads you to an external website. No matter where you click on the webpage, a message saying that you "like" the link will be automatically displayed on your Facebook wall and in the news section for your friends, waiting for your friends to be clicked again and again ... and again. Sex stills sells!
It’s the same every year: as soon as Valentine's Day gets close, all the spammers concentrate on this event to spread unsolicited mails – sometimes with malicious little gifts.
An alltime favorite gift when it comes to Valentine's Day: flowers! This spam offers great savings when you buy flowers, but tries to trick you into a subscription, where you’ll get charged $9.95 every month via your credit card. Make sure you don't fall for it!