New report looks at hacking trends, warns that security firms are looking in all the wrong places

computer hackersImperva, a Web security firm, took a look at the most discussed hacking techniques during the month of October and analyzed one of the largest hacker forums and other smaller outlets. According to the research, there’s cause for concern given that security services aren’t focused enough on many of the new trends in hacking that Imperva has uncovered.

Both newbies and elite hackers are thriving in online communities that revolve around teaching and talking about hacking the Web. At the same time, security professionals are looking for these perpetrators in all the wrong places. “There’s a mismatch between what hackers are doing and what security professionals are doing,” Rob Rachwald, Director of Security Strategy at Imperva tells us.

What Imperva found was an increase in conversations about SQL injections, which tied DDoS as the most discussed topics in these hacker forums. Rachwald says the company scraped 19 forums, and that the largest hacker forum that Imperva scraped keywords from hosts 250,000 users. We asked him what site it was, although he declined to name names — but judging from the screenshots published in the report, and thanks to some personal lurking on the forum, we’re certain that the site is Hackforums.net.

You can compare the screen shot provided below with the forum’s website for yourself:

hackforums

SQL injections specifically are an alarming trend that few security professionals are recognizing. “Ironically, of the $25 billion spent on software security, we believe this means less than five percent of security budgets is allocated to products that cannot even recognize SQL injection attacks – let alone stop them,” the report states. DDoS is not surprisingly a popular method as it’s a relatively elementary tactic popularized by none other than Anonymous. On a mass scale, it has been extremely effective as each “hacker” can simply press a button on downloaded software to send a denial-of-service attack to take down Websites. 

On the other hand require, SQL injections require knowledge of SQL code not intended to be run that a hacker can input to retrieve pieces of data from a website. But despite the complexity of the technique, there’s been a noticeable increase in the conversation around them, which Imperva picked up on. So where does this sudden interest come from? “Anonymous has brought hacking to the forefront of people’s minds and it’s potent,” Rachwald explains. He adds that there are people with a lot of time on their hands to learn the ropes.

There also financial motivation. If you’ve visited a hacking site in the past like Hackforums.net, the forum is a hub for conducting transactions from hacked Twitter accounts, to AMAs and Q&As by hackers, and even tutorials for beginners. Of course there are also plenty of hackers looking for their next job, offering to hack email, IM, social media, and other Web accounts. Not everyone is like Anonymous: Some are in it to make a living, not just for the lulz. 

SQL injections take this a step further by giving hackers unprecedented access to the very private data, like bank accounts and social security numbers. “Data has value in black markets. There’s a financial system in place that supports the theft of data,” says Rachwald, meaning that the community is focusing on making money from their hacking exploits. There are many forum topics on “Making Money,” where threads are populated by users exchanging ideas on how to make their next quick buck. Rachwald points out the latest highly publicized SQL injection attack in South Carolina that exposed the Social Security numbers of the attack’s victims. 

SQL injections aren’t the only trending topics of discussion in hacker oriented forums. Social networks are becoming increasing vulnerable to attacks, while “E-whoring,” or “the practice of selling pornographic content, while pretending to be the person, usually a female” is becoming more of nuisance. 

For instance, last year scammers were “selling” luxury cars on a website and illicitly gained credibility by adding hundreds of thousands of followers on the website’s Facebook page. Potential shoppers would assume that due to the volume of “Likes,” the company was legitimate. In reality, the scammers were purchasing likes and selling cars online that never existed in the first place.

The report should be concerning considering that learning the ropes of SQL injections, DDoS, social media scams, and hundreds of other strategies can be done by anyone with access to the Internet. It’s beyond easy to get your hands on manuals for elementary guides to SQL injections, and various other hacking strategies that these communities are more than willing to share. Unfortunately for the security side, Rachwald says, they’re investing their efforts in all the wrong places to combat the growing popularity of new and innovative hacks.

Smart Home

Hackers hijack Nest camera, issue fake warning of North Korea missile attack

A Nest security camera hijacked by hackers who used the device to issue a fake warning about an incoming North Korean nuclear missile attack heading toward Los Angeles, Chicago, and Ohio.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.
Photography

Starting your very own vlog? Here are the best cameras to buy

Any camera that shoots video can be used to vlog, but a few models stand out from the crowd thanks to superior image quality, ergonomics, and usability. When it comes to putting your life on YouTube, here are the best cameras for the job.
Social Media

Twitter extends its new timeline feature to Android users

Twitter users with an Android device can now quickly switch between an algorithm-generated timeline and one that shows the most recent tweets first. The new feature landed for iPhone users last month.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.
Social Media

Nearly 75 percent of U.S. users don’t realize Facebook tracks their interests

Did you know Facebook tracks your interests, including political and multicultural affiliations? According to a recent Pew study, 74 percent of adult users in the U.S. have no idea Facebook keeps a running list of your interests.
Mobile

It’s back! Here’s how to switch to Twitter’s reverse chronological feed

Twitter has finally brought back the reverse chronological feed, allowing you to see your feed based on the newest tweets, rather than using Twitter's algorithm that shows what it thinks you want to see. It's easy to switch.
Social Media

Nearly a million Facebook users followed these fake Russian accounts

Facebook purged two separate groups behind more than 500 fake accounts with Russian ties. One group had ties to Russian news agency Sputnik, while the other had behavior similar to the Internet Research Agency's midterm actions.
Social Media

Twitter suffers privacy scare as bug reveals tweets of protected accounts

If you set your Twitter account to private and you have an Android device, you'd better check your settings now. Twitter says it's just fixed a four-year-old bug that flipped the privacy switch to make the account public.
Social Media

Spice up your Instagram videos by adding your top tunes to the soundtrack

Have you ever taken a beautiful video, only to have it ruined by some jerk in the background yelling curse words? Here's a list of apps you can use to add your own music to Instagram posts as well as your Story.
Social Media

How to download Instagram Stories

Curious about how to save someone's Instagram Story to your phone? Lucky for you, it can be done -- but it does take a few extra steps. Here's what you need to know to save Instagram Stories on both iOS and Android.