Hacked File-Upload Accounts Prized by E-Jihadis
Hackers who sympathize with radical Islamic groups increasingly are using hijacked accounts at online file-upload and distribution services to disseminate large files, such as videos of attacks on Western forces in the Middle East, new research suggests.
Services like RapidShare, Ziddu, and MegaUpload allow users to share large files, yet each places certain restrictions on non-paying users, such as limiting the number, speed, and size of files that free users can upload and download.
But according to analysts at iDefense, a security intelligence firm owned by Verisign, hackers from various online jihadists forums have in recent months begun posting lengthy lists of hacked premium RapidShare account usernames and passwords to help fellow members avoid those limits.
The same forums have latched onto obscure programs that allow Rapidshare users to effectively circumvent file size limits by splicing up large files into smaller chunks that the programs then reassemble after the constituent parts are downloaded, iDefense reports.
Mohammad Hluchan, senior all-source threat analyst at iDefense, said the use of stolen file-trading accounts by online jihadists has generated a fair bit of chatter on more secular-oriented Arabic language forums about the morality of stealing to promote their beliefs.
This may seem like an odd discussion in forums that are used mainly to spread propaganda messages from al Qaeda leaders, as well as graphic videos of beheadings and suicide bombings.
But Hluchan said the debate over the practice hijacking paid file-sharing accounts has risen to the level of religious jurisprudence on some forums.
"Many of these jihadists, they consider themselves religiously motivated, and operate within strict, religiously defined laws," Hluchan said. "When you introduce certain tactics such as credit card theft or stealing Rapidshare accounts, it's not surprising to see a lot of members on the forums saying, 'Hey, we can't be doing this.'"
I've always wondered why these virtual jihadis don't simply share their videos on free peer-to-peer file trading services like Bittorrent and Limewire. But Hluchan said it is likely that a significant number of jihadist forum visitors do not own a computer, and instead frequently use Internet cafes.
"As a result, collectively, the jihadist community suffers from a lack of bandwidth, and it is therefore likely that for purposes of quick, easy and relatively anonymous file trading, e-jihadists will remain interested in online file-sharing services to facilitate their online activities," Hluchan said.
From my own reporting, it is clear that online file and image sharing services are tremendously popular among traditional cyber criminals as well. A source of mine has been secretly monitoring a network frequented by hackers who buy and sell stolen personal and financial data. Recently, he shared with me a large cache of images he collected that hackers were sharing with one another via RapidShare and other services, such as Sendspace and Depositfiles.ru.
Most often, the images are created by the seller of stolen goods or services. For example, in the image shown above, which was shared as a link in an instant message transmitted between two hackers not long ago, a guy selling access to a compromised Bank of America account shares a screen shot after having logged into the hacked account, which shows the date and available balance.
In other cases, criminals host images of physical goods they have for sale, such as bogus ATMs, compromised credit card readers, or -- in the case of the intercepted image below -- stacks of blank VISA credit cards ready to be imprinted with whatever card details a prospective buyer might have at his disposal.
March 25, 2009; 5:39 PM ET
Categories: From the Bunker , Web Fraud 2.0
Save & Share: Previous: Mac OS X Top Target in Browser Beatdown
Next: Conficker: Doomsday, or the World's Longest Rickroll?
Posted by: james418 | March 26, 2009 3:10 AM | Report abuse
Posted by: email@example.com | March 26, 2009 6:28 AM | Report abuse
Posted by: lostinthemiddle | March 26, 2009 9:26 AM | Report abuse
Posted by: BTKrebs | March 26, 2009 9:32 AM | Report abuse
Posted by: SOCIETY1 | March 26, 2009 12:17 PM | Report abuse
Posted by: featheredge9 | March 26, 2009 1:56 PM | Report abuse
Posted by: frodo2you | March 26, 2009 2:47 PM | Report abuse
The comments to this entry are closed.