• Choose a category
• All
• Classic-Fiction

Create new groups with hot topics, generating traffic to these new artificial groups.

Invite new members, either through mass-sent or targeted-search messages, to participate in the artificial groups.

Hook some form of exploitation mechanism to the visitors.

The following applications are available for purchase using the anonymous payment system known as WebMoney:

ID grabber–I

Iterates through valid IDs, finding new user IDs that become active on the system through scenarios or custom search parameters.

Price: 44 WebMoney dollars

Automated registration

Automatically registers multiple account in the social network with custom profiles with granular detail capability, starts services, uploads random photos, fills out the “user’s” interests, and connects them to random places of work and study.

Price: 55 WebMoney dollars

Automated searcher

Searches for specific accounts, inviting them to the automated, custom-created groups.

Price: 50 WebMoney dollars

Automated group creator

Creates groups by interest, by location, by age, and so on.

Price: 44 WebMoney Dollars

Buying/integrating XSS exploit

Creates a cross-site scripting exploit for the social network and embeds it into the newly created pages.

Price: 100–1,000 WebMoney dollars

Once the user is trapped inside this virtual circle of automated “friends,” it is very hard not to follow through and not to accept friendship from at least one of the zombies peacefully trying to make contact under the guise of someone you might have worked with years ago.

Bringing down a social network from the inside

So aside from exploiting the users, stealing their private data, and trust and relationship mapping to other legitimate users, what else could be on the attacker’s mind?

How about a reverse denial of service on the server itself?

If one account in Vkontakte.ru can have a maximum of 2,500 “friends” in his social network, and the attacker is able to create an unlimited number of accounts by utilizing proxies and linking them to other users or to each other, what would it take to create an automated script to initiate massive traffic among those zombied accounts without the use of any external entity or owning a powerful external botnet?

The answer is not much, really. Depending on what logic is being put behind the attack, only one remote login with the proper command initiation can trigger a chain reaction that can bring down the network from the inside.

The problem is not isolated to Russian social networking sites; it’s just that the local underground is currently more interested in testing where things may go until the path is verified for making some form of guaranteed profit.

Also, it’s much easier to converse in your own language and within your own culture, and use social engineering techniques for exploitation. However, all of that can be overcome if there is enough money to be made.

Chapter 7. Follow the Money

Cyberspace as a domain for modern warfare creates a lot of complexities that don’t exist in other types of conflicts. You cannot visually identify the enemy, nor be sure what his nationality is. The one thing that you can count on is that someone has to pay for the necessities of virtual combat. Therefore, one sound strategy in any cyber investigation is to follow the money trail created by the necessary logistics of organizing a cyber attack—domain registration, hosting services, acquisition of software, bandwidth, and so on.

False Identities

One of the main reasons why malicious activities can prosper online is due to lax verification of domain registration data, also known as WHOIS information. Starting with Internet Corporation for Assigned Names and Numbers (ICANN) and continuing with hosting companies and accredited domain registrars of all sizes, verification is not universally enforced.

Fortunately, one of the forensic methods that can crack false identity data is the global trend toward social computing. In