How to Session Hijack and Phishing

“Carolina Dieckmann, a famous Brazilian actress, recently became the victim of cyber attacks that allowed cybercriminals to steal personal property – nude pictures of her- from her computer. Many pictures or maybe all of them got leaked to the Internet. (…)” [1]

Real Life Hacking Scenarios

Summary

These are the headlines of a few websites early this month of May, 2012. The popular Brazilian actress was hacked a while ago, and the cybercriminals contacted her agent to try to negotiate a price for the pictures obtained. Carolina never responded to the criminals because she didn’t think it would be possible for anyone to find the pictures, since according to her: “the pictures didn’t exist”. Well, a few days later her agent receives an email containing two nude pictures and a final warning about the negotiation… but at that point it was too late. The pictures began spreading…

Case-Scenario Analysis

The first interesting point to this case, in my opinion, is the fact that she decided to ignore the cybercriminals when they offered to negotiate for the pictures. She probably assumed they were scammers and rightfully so. This of course, leads to the realization that the attack was seamless, that is, unnoticeable. It happened without the target realizing it, be it by lack of knowledge in computers or simply naiveness. This information will help us later in identifying which attack vector was used for obtaining the pitures. By the time the victim realized, it had already happened and there wasn’t much else to do. It’s obvious that if she fed the criminals money, they would just keep asking for more over and over again… until finally making the pictures public anyway. In this regard, unfortunately, there wasn’t anything to prevent it… as the cybercriminals involved had already shared the files according to the national journal. [2]

Let’s see how these attacks were conducted…

Session Hijacking

Session Hijacking In computer science, session hijacking is the exploitation of a valid computer session sometimes also called a session key to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft). [3]

Phishing

Understanding Phishing Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. [4]

Protect Yourself

Protecting your computer and network If the network in question is a SOHO (small / home office) wireless network, there are some settings that would certainly help in preventing from such threats mentioned earlier.

  1. Consider using Wi-Fi Protected Access (WPA/WPA-2) as your encryption of choice on your router’s security settings.
  2. It is also a good idea to create an Access Control List (ACL) of only allowed clients to the network (so that only the people you allow can connect to the network).
  3. Purchasing equipment or setting up a honeypot are some other peculiar alternatives, usually not recommended for such small networks, I’ll just leave the mention here if anyone is interested.

For further details, download the full report! [ DOWNLOAD ]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s