Network News

X My Profile
View More Activity

Web Fraud 2.0: Cloaking Connections

These days, nearly every aspect of the underground online economy that supports commercial crime operations has been automated. Online forums and criminal social networking sites have long offered aspiring newbies tips on getting started. But a slew of extremely popular Web sites increasingly are making it possible for newcomers to begin reaping profits from their activities through point-and-click Web interfaces that even the most novice hackers can navigate.

What follows today and throughout the rest of the week is a look at some trends and tools Security Fix observed being used by cyber crooks, as a result of several months of lurking on some of the more popular (and in some cases invite-only) cyber criminal forums.

Even the greenest cyber crook knows you never use your own Internet connection to conduct business. In the past, masking your true Internet address online meant configuring your browser to use multiple "open proxies," connections belonging to hacked or misconfigured systems that will happily forward any Web traffic.

But why bother with that manual, labor intensive process, when you can download a tiny program and subscribe to a service that handles it for you? That's the idea behind services like infecter.net, 5socks.net and anyproxy.net. Subscribers pay for a certain number of proxies weekly or monthly, and can even download a tiny program that automates the process of switching from one proxy to the next, whenever the customer wants to appear to be coming from a new or different Internet address.

xsoxedit.jpg

Have a look at the screen shots I took of perhaps the slickest, most user-friendly proxy-changing tool for sale in the underground at the moment: XSOX. $50 USD buys you a month's worth of "unlimited" proxies (more accurately, access to roughly 500-600 hacked PCs). But don't count on paying with American Express. XSOX's operators only accept Webmoney, a virtual currency most popular in Russia and Eastern Europe. Furthermore, you will unlikely be able to get the service started without reaching the owner on instant message, and for that you'll need a firm grasp of the Russian language.

This type of service is especially appealing to criminals looking to fleece bank accounts at institutions that conduct rudimentary Internet address checks to ensure that the person accessing an account is indeed logged on from the legitimate customer's geographic region, as opposed to say, Odessa, Ukraine.

With XSOX, if your victim lives in Indianapolis, no problem. Just scroll down the list of available proxies, or sort by state and country, and double click the Internet address in Indianapolis. After that, every Web site you visit thinks you're coming from Indianapolis, regardless of the true Internet address you are using to access the XSOX service.

By Brian Krebs  |  August 19, 2008; 10:01 AM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Q&A With FBI's Cyber Division Chief
Next: Web Fraud 2.0: Validating Your Stolen Goods

Comments

Even your average teenager nowadays knows about proxies. They're how we all circumvented the school's filters to get to MySpace and Facebook in high school. It can't be a big step to go "hmm the school can't see where I'm going...and oh damn, they can't see where I'm coming from either! Win!"

Posted by: Mackenzie | August 19, 2008 10:54 AM | Report abuse

Brian: Fascinating research you've conducted! Yet all these tools, services and support can be a double-edged sword for the cyber-criminal. The crook can never have a full grasp of the audit trails (discoverable bread crumbs) that a tool or service is creating about his caper, or whether his "trading partners" are in fact law enforcement or stool pigeons. In the digital age, bad behavior is infinitely dangerous. --Ben http://hack-igations.blogspot.com/2007/12/people-in-authority-sometimes-abuse.html

Posted by: Benjamin Wright | August 19, 2008 11:01 AM | Report abuse

Um, Firefox has had extension which support using open proxies for years - e. g. http://foxyproxy.mozdev.org/

And lists of open proxies have been floating around the net for years as well. Buying them hasn't been any big issue, either...

Posted by: Hal | August 19, 2008 4:46 PM | Report abuse

@Hal -- I didn't get into all the ins and outs of that XSOX tool, but it essentially allows users to sockisfy anything on Windows, any application, any program, anything that interacts wtih the Web, not just the browser.

Posted by: Bk | August 19, 2008 6:24 PM | Report abuse

@Bk -- There are several freeware's that do this as well, the trouble is then, finding a working and reliable/stable proxy, which several sites offer through online money

Posted by: Infexion | August 21, 2008 2:15 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company