Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Hack for hire
Mirian A.  Queue 17 (4): 41-60, 2019. Type: Article
Date Reviewed: Jan 29 2020

Email accounts usually include large amounts of sensitive information, including passwords for other accounts, financial information, contacts’ information, business exchanges, and so on. Consequently, they make a valuable target for hackers. This has resulted in an emergent market for “hack-for-hire services,” which provide targeted attacks for a rather small fee.

A recent project was set up to study how hack-for-hire services attack victims and how effective they are. This article is a summary of this project; there is also a longer paper [1]. The researchers discovered 27 email hacking services, purchased these services, and then used them for eight months. Next they asked the hack-for-hire services to break into a set of fictitious victims; that is, they created a type of honeypot, with “buyer” and “victim” personas, and a monitoring framework to observe the behavior of the attacks.

Although only five of the 27 hired services actually tried to break into the victim accounts, and only three were successful, the researchers were able to reach some valuable conclusions. Some of the attacks were quite sophisticated, bypassing SMS two-factor authentication (2FA), a common authentication protocol, via phishing.

The authors recommend the use of universal 2nd factor (U2F) security keys because they cannot be broken by phishing. While this market is not yet a significant threat, it might become more effective in the future; thus their recommendations can be considered a serious warning.

The article is clear and valuable for those interested in the modus operandi of Internet attacks.

Reviewer:  E. B. Fernandez Review #: CR146861 (2006-0143)
1) Mirian, A. DeBlasio, J. Savage, S., Voelker, G. M., Thomas, K. Hack for hire: exploring the emerging market for account hijacking. In The World Wide Web Conference (WWW 2019) ACM, 2019, 1279–1289.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Abuse And Crime Involving Computers (K.4.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Abuse And Crime Involving Computers": Date
Skype & Type: keyboard eavesdropping in voice-over-IP
Cecconello S., Compagno A., Conti M., Lain D., Tsudik G.  ACM Transactions on Privacy and Security 22(4): 1-34, 2019. Type: Article
Aug 24 2021
 Deception in the digital age: exploiting and defending human targets through computer-mediated communications
Malin C., Gudaitis T., Holt T., Kilger M.,  ACADEMIC PRESS, Cambridge, MA, 2017. 284 pp. Type: Book (978-0-124116-30-6), Reviews: (4 of 4)
Sep 14 2018
Deception in the digital age: exploiting and defending human targets through computer-mediated communications
Malin C., Gudaitis T., Holt T., Kilger M.,  ACADEMIC PRESS, Cambridge, MA, 2017. 284 pp. Type: Book (978-0-124116-30-6), Reviews: (3 of 4)
Jul 16 2018
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2021 ThinkLoud, Inc.
Terms of Use
| Privacy Policy