Security Experts:

Imperva's Latest Report Looks Inside Hacker Forums

Security firm Imperva has published its hacker intelligence report for October, which is the company’s second report focusing on the activity of one of the Web’s largest hacking forums. In addition to training resources, such as tutorials and scripts, Imperva also detected a market for social networking fraud.

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, Imperva’s CTO.

Not surprising, hot topics being discussed included DDoS and SQL Injection attacks. According to Imperva's analysis, DDoS (19%) and SQL injection (19%) were the most frequently discussed attack methods. Training was another hot topic, as education accounted for nearly a third of the discussions. Of the total conversations analyzed, roughly 28% were related to beginner hacking and hacker training, while another five percent related to hacking tutorials.

When it comes to sales and marketing, the forum had a booming economy focuses on social media fraud. There were several accounts buying and selling ‘Likes’ on Facebook for posts and pages, as well as followers on Twitter. The services separated themselves from the competition by pitching accounts that “look real” or have “legit bios.”

For example, one account was offering 200,000 Twitter followers for as little as $140 via PayPal, which were a mix of “real and fake accounts, all with avatars!”

Other services were offing Facebook “Likes,” where as little as $4 would earn 100 of them; or $100 would earn 5,000. Again, the seller noted that all accounts that liked the page or post would look “real and legit.”

“Consumers and enterprises that use social media need to better recognize the security risks posed by these platforms. While privacy concerns often get most of the headlines, security should be just as much of a concern. Hackers have developed a profitable industry, using services and tools to hijack accounts, dupe users, and spread malware,” the report notes.

The full Hacker Intelligence report is available here in PDF format. 

RelatedHere's What $50 Can Get You In The Cybercrime Underground

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.