The trickery of hackers

Hacking is a very asymetrical endeavour – the hacker can get big rewards for a little effort. The hackers tickery will include ways to get a unwitting victim to click on a link or to get past usual defences. As I have mentioned before, the trickery of hackers only needs to find a small weakness, for them to get through defences.

Spam and unsolicited commercial email

For many years, spam filters were looking for word patterns to block nasty emails. The unsolicited commercial emails would be trying to sell something, and so filters would look for key words and phrases that were common in junk mail. For example, there were many emails trying to sell Viagra. The hackers could send hundreds of millions of emails for little effort, and if they just got a few sales, it was a good return for them. So, spam filters would look for the word “Viagra” and dump those emails. So the hackers added new tricks of “V1agra”, so the filter definitions were updated by the anti-spam software. Then the hackers would put in small characters, or white characters in the word. Each time, the IT department and anti-spam software would catch up and try and find the key words to block.

Then the hackers would put in HTML code to break up the word, in a way that humans can’t tell. Bear with me for a brief technology lesson in HTML: HTML allows for future capabilities to enhance the featureset of HTML – so if there is an unknown tag, it gets ignored. Normal HTML uses a tag like <b> to make text bold, but if the tag is different, such as <bzq>, then if the HTML renderer does not understand what the tag is trying to do, the tag is ignored. </HTML lesson over>. So, the hackers would put in text like <qj>V<8db>i<m6>ag<zz>ra – which would be displayed as Viagra for a human, but not found by the anti-spam filters – until the patterns were updated.

Then, the hackers would send words as images, which very quickly got blocked – which was because there was also a way for the hackers to deliver malware directly, and to track if the email was opened or displayed. All of these measures, the anti-malware companies have to respond to block, in a constant game of catch-up.

In terms of email, the anti-spam systems also identify the source mail server that is sending the junk mail. The sender server’s IP address can be blocked from connecting, so the hackers will try and relay the mail through a compromised intermediary – which the anti-spam companies will add to their block list.

Tricky links

The hackers trickery includes their desire for you to click on links. This can be simple measures like putting in a reputable company name in their web link – like “citibank.fauw.cc”, where it is actually the hacker’s server at fauw.cc and the inclusion of the word citibank will trick the user in to thinking it is a valid link. Many people on the Internet do not really know how DNS names work, and so could be tricked by this.

The hackers go a bit further to trick unsuspecting consumers – with capitalisation, language, or fonts. A link such as SUPPORT@MlCROSOFT.COM may look valid, but the i in Microsoft is actually a lower case L. It can also be very confusing for the following;

• сentraIbаnk.com – the second “a” is actually “а” from the Cyrillic alphabet, as is the “с” (letter “Es”)
• facebοоķ.com – neither “o” is English/Latin – one is Greek (“Omicron”), the other Ukrainian (Cyrillic), and the “k” has a Cedilla
• mιcrosօfť.com – the “i” is Greek Iota, and the “t” has a Caron, and the “o” is Armenian
• ıĸea.com – this uses small capitals and non-Latin characters

Urgency and loss of service

The most frequently used trickery is to imply that there is a limited time to complete an action, or that you will lose services if you don’t immediately act. This is a common tactic to stop people pausing to think too much – and instead to click on a link, or provide information to the hacker.

Urgent messages demand the recipient to respond or react – with a threat that if they don’t then their account will be cancelled, data will be removed, or the world will explode. This is a way to stop people asking for advice or help, and to enourage poor consideration.