|Photo: Phil Muncaster|
|Photo: IDG Connect|
The media narrative around Chinese cyber-attacks follows a well-worn path which will no doubt be familiar to most of you. It’s all about shadowy, government-sponsored operatives stealing foreign state secrets and sensitive IP for the geopolitical and economic benefit of Team China. Less well understood, however, is the cybercrime underground as we know it in the West – populated by financially motivated gangs in it for their own benefit.
Trend Micro has been at the forefront of research in this field and its latest report will be more than a little concerning for information security professionals in western firms. It paints a picture of a Chinese-language cyber black market rapidly expanding to include more foreign targets.
When search engines go bad
Chinese cybercriminals have always been at the forefront of innovation and the report shows that the past year has been no different. One interesting new appearance on the underground sites of the non-indexed ‘Deep Web’ is search engines for leaked data. Some, like SheYun, are free of charge and actually make money by offering a privacy protection feature for victims.
“Usually, SheYun's users want leaked data including rich info about users, such as: usernames, passwords, email addresses, phone numbers and so on. SheYun offers a full-text search for such data. Criminals can search for possible victims from SheYun to develop further attacks, including targeted attacks and massive attacks,” report author Lion Gu told me by email.
“SheYun only charges the users who want to remove records from search results of certain keywords. That costs 100 yuan [£10] per keyword. This is important: the money comes from people wanting to suppress leaked data, not those trying to access it.”
Other black-market search engines like PassBase and TuoMiMa charge users a minimal 68 yuan (£7) per year to access their “database of dumps”. The idea is that with such data, cybercriminals will be able to amass the digital identities of those whose personal information has been compromised. This could then be used to craft a convincing spear phishing email – potentially leading to rich pickings if the organisation a victim works in hasn’t put effective security measures in place. The data could also be used to send out mass email/SMS spam messages, or even to attempt identity fraud on an individual basis.
Source: IDG Connect