Terminating bugs in your system is expensive in more than one way. With over 3B active Internet users, websites are more vulnerable than ever, as well as ransomware and malvertising. Not only is awareness and prevention techniques getting better, but cybercriminals are too (for instance, read about malicious ads or Dridex as new ways of operating).
There are features within an app that can be implemented and improved to dazzle users and exceed their expectations. Then there are those that are just expected to work. The features that you only notice when they don’t work, like tap water or electricity. Or mobile security.
The Dark Web offers everything from “Immortality guides” by “Junk scientists” to more serious scams like hacked bank accounts or a lifetime of Netflix, prepaid with stolen credit cards.
In early 2015, the word got out that a hacker/vendor under the name Courvoisier was selling user accounts on the black market Alpha Bay, so that login credentials, and credit card details, could be accessed and various services used for free. “Courvoisier” further expanded his business by selling tutorials on how to use the stolen details, and another vendor, ThinkingForward, was promoting a similar offer.
Any big or small corporation could get scammed: during the same period, companies including Netflix and Amazon, also hit the hacker jackpot. Account information was priced from a range of less than a buck to almost thirty dollars. All purchases would include logins and passwords, but for Amazon, the damage was bigger than that.
Obtained from an Amazon campaign, buyers could get a hold of personal information including banking details and addresses, and the feedback was “overwhelmingly positive”. Courvoisier claimed to have sold all but 14 accounts, when IBT reported this in late March.
Unfortunately, the story extends beyond Courvoisier. Rumors about an activist hacker group by the name Gator League was circling the web in late 2014. To give a brief background, Gator League hacked the British GCHQ’s surveillance agency (announcing the DDoS attack on a Twitter account, which is now suspended), as well as North Korea, causing Internet outages for 9.5 hours. After that, Gator League claimed to hack Netflix, giving out 25k user accounts as christmas gifts to their fans.
Around six months later, in June 2015, the NFIB identified Action Fraud reports on purchased accounts for Spotify, Sky Go, Hulu, and of course – Netflix. In this case, vendors were offering cheap subscriptions on eBay to unaware buyers, who didn’t realize it until they’d been blocked or their names had been swapped. The information is presumed to have been obtained from stolen identities, phishing, smishing, malware or code generating programs. “Purchasers unwittingly become the hackers”, the article states.
Another way of exploiting the system has been found by Danish full-stack dev Andrei Neculaesei. In short, a Uniform Resource Identifier (URI) scheme called tel makes phone numbers appear as links on mobile devices. The problem is that many native mobile apps, such as Facebook Messenger or Google+, doesn’t alert when launching a call, like regular calling usually does by default. Basically, this implies that calls can be made without the user really knowing.
Whether it’s someone hacking into your WhatsApp account because you left your phone unattended, a broken heart caused by Tinder spam bots, or greater attacks causing frictions between countries, ATOs (account takeovers) are painful and costly, not only for the users but for the companies and their brands too.
As stated before, phone numbers are “the one unifier across all of our mobile communication” and a good source of information about the users. As mobile usage is increasing and the security problems with it, mobile also becomes the solution: A great way to secure your app is to verify your users, and keep the unwanted ones away.
We’ve got a new tutorial for you! Our resident petrol head Christian Jensen has been on a steep learning curve, hanging out at racetracks and coming up with a really cool way to use SMS to manage signups and… read more
Since 1957, when a five-year-old boy with perfect pitch first phreaked AT&T switches and invented phreaking, phones have been a target for different types of fraud that costs customers and phone companies billions of dollars. However, if you’re using the… read more