Text Bombed

image

This afternoon a “hacker” decided to text bomb my phone with about 1000 text messages asking me to paypal him $100 to stop.

A couple of things:

  1. I don’t negotiate with terrorists. (I always wanted to say that.). 
  2. Part of the text bomb gave me information on how it was happening.

After getting a couple of messages I noticed they were all coming from onlinetextmessage.com.  After looking at their web page I noticed that you could block messages from their site to your phone.

Once I blocked the attack I was interested in how they did it and started to do a little bit of research. 

I am about to give you a link to a script that can do bad things. Please dont do bad things.

With a few well placed Google searches (onlinetextmessage.com sms bomb) I found this pastebin with a two year old perl script in it. I am “researching” here so I had to test out the script myself (against my own phone) and surprisingly it works really well. 

After looking at a couple of other online SMS sending website it appears the reason that onlinetextmessage.com is vulnerable to this abuse is because they dont ask for a capatcha before sending the message.  This would seem to be a pretty easy addition to their code to stop this from happening.  I have sent them a nice email asking this to make these changes. I doubt I ever hear from them.

I helped a local company pay off hackers.

From time to time I get called by small organizations, law firms and companies in my local area to do some consulting on security issues.  Yesterday afternoon <redacted organization> called me and told me they were getting this pop up on one of their computers:

image

That pop-up is known as CryptoLocker and once your machine is infected with CryptoLocker it will then begin to scan all physical or mapped network drives on your computer for common picture and office files and when it finds these types of files it encrypts them with a basically unbreakable encryption and gives you 72 hours to send them $300 or they will destroy the key to unlock your files.

I had a hard time figuring out what to suggest <redacted organization> do.  They only backed up their files on Friday evenings and so they were looking at loosing 3 full days worth of work if they didn’t pay.

After a lot of back and fourth they decided that it was worth a $300 gamble to try to pay off the hackers knowing that it might not work.  So they went down to WalMart and bought a Green Dot MoneyPak loaded with $300 and followed the somewhat complicated instructions to transfer the money.

<redacted organization>’s IT guy called me this morning when he got back into the office and said their files had been decrypted successfully and they removed the infected machine from the network. 

I think this is a turning point in Security.  There were some steps that <redacted organization> could have done to protect themselves better:

  • Better Share Managment
  • Better E-Mail Filtering
  • Better AV
  • Better Backup Schedule
  • Security Awareness Training

Overall <redacted organization> is just a normal small company though.  They try to be security aware but they dont have the time or resources to do everything the way they should and in the end it made sense for them to pay $300 to recover their files.

If I had to guess Cryptolocker is just the start of a wave of malware that holds your files hostage until you pay.  I dont like it but I doubt this is the last company I help pay off hackers.

I will be talking part in this Dell Security Think Tank on the 17th of September.

Everyone is a target on the internet. You are either a primary objective or a target of opportunity.

Site Footer