Tech Bitch

We’re all being warned to protect our data at all costs following news that the Cult of the Dead Cow hacking group has released Goolag Scan, a hacking utility overlay for Google. Lock up your daughters and head for the hills …

Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers. What Goolag Scan does is to allow even a novice to scan Google for interesting and normally hidden Web-based data, using more than 1500 customised Google search routines. Data which can be revealed by the Windows-based application reportedly includes passwords on application servers, credit card numbers and allied databases held on Web-accessible portals, company e-mail records and audit logs, and a variety of other company confidential information.

Companies protect their Web-based and Internet gateway - accessible data using ID and password systems - but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages. While some security sources have played down the importance of Goolag Scan’s development, it shows the increasing sophistication of hackers and really proves the point that geeks can’t get laid - othwise they’d have much better things to be doing with their time!

Advanced hackers can now pass on their abilities to novice or newbie hackers using quite complex applications. The bad news (depends on how you look at it I suppose) is that the altruistic nature of the non-criminal hacking community is such that these applications are being offered for free.

A database containing more than 8700 harvested FTP account credentials, including username, password and server address has been uncovered. These stolen credentials enable criminals to compromise servers and automatically inject crimeware to infect users visiting them. We’re all gonna die!

Among those stolen accounts are those of Fortune-level global companies in a wide range of industries including manufacturing, telecom, media, online retail, IT, as well as government agencies. The stolen FTP accounts include some of the world’s top 100 domains as ranked by Alexa.com.

The plot thickens. Details have emerged of the workings of an insidious new application, especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world. A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server.

This information enables cunning cybercriminals to devise cost for the compromised FTP credentials for resale to other cybercriminals or to adjust the attack on more prominent sites. The trading application also allows the cybercriminal to manage FTP credential information to automatically inject IFRAME tags to Web pages on the compromised server.

Software-as-a-Service has been evolving for sometime, but until now, it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant ‘solution’ to their ‘problem’ of gaining access to FTP credentials and thus infecting both the legitimate Web sites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button.