Dark Web Service Claims To Be Able To Track Any Cellphone & Read Text Messages; ‘Home Is Where The Hack Is’
Ali Raza has an article on the June 14, 2017 edition of HackRead.com, warns that “a service on the Dark Web,” is advertising that it can track any cellphone, and read the texts of these targeted cellphones — for a fee of $500. According to Ms. Raza, the targeting includes text messages; and, the company claims to be able to follow and hack into cellphones who’s service is unable to other people.
According to Ms, Raza, “this service can be accessed at zkkc7e5rwvs4bpxm.onion, to those who use the Tor network. It’s called the ‘Interconnector,’ and besides the $500-worth full access, it also offers deals for smaller fees. “For example,” Ms. Reza notes, “you can [or the company will, it is not clear], intercept texts [from/to the targeted cellphone] for $250; or, get a report about this particular cellphone for $150,”.[or maybe not all texts, just ones that might contain a key word/s].
“Some wealthier users may even pay the ultimate price of $5,500, and get direct access to the Signaling System Number 7 (SS7) network port,”which would basically allow you to set up your own telecom service,” Ms. Reza wrote; or, perhaps trick the targeted cell phone user into thinking they are on a certain telecom network — when in fact their device has basically been hijacked and is really being hosted by their adversary.– if I am understanding this correctly. Whatever the case, all the more reason to use encryption and/or shielding — if you have privacy concerns/issues.
Home Is Where The Hack Is: “Why ‘Smart’ Light Bulbs May Be The Next Hacker Target;” The Internet Of Things (IoT) Or…..The Internet Of Threats?
David Kennedy, CEO, and Founder of the cyber security firm, TrustedSec, was interviewed on CNBC’s Squawk Box this morning after he has been pretty vocal lately in warning that as homeowners increasingly design or modify their homes to be more ‘smart,’ and interconnected, the chances of being hacked by cyber criminals and others goes up exponentially. And the number of ways that a home network can be breached, or compromised, is not surprisingly — growing in scale, scope, and sophistication.
Despite the growing threat that cyber hackers pose, the move to build and design a ‘smart home,’ and increase our digital footprint with the IoT, more and more homeowners appear to be oblivious to the cyber threat, or hope with the law of large numbers, that ‘it won’t happen to them.’ Smart home design with a heavy emphasis on being compatible with, or in sync with the IoT, was up 64 percent, year-over-year (2015-2016) according to CNBC; and, the number of U.S. homes being built with that kind of digital layout, is in the multiple millions and growing. But…..so are the digital vulnerabilities.
Mr. Kennedy talked about how your home network and mobile devices can be hacked via smart light bulbs, and even the toilet. In the November 6, 2016 edition of the New York Times, John Markoff had an article, “Why Light Bulbs May Be The Next Hacker Target,” about a research paper that had just been published (see attached) warning that they “had uncovered a flaw in wireless technology that is often included in smart home devices like lights, switches, locks, thermostats, and many of the components of the much-ballyhooed “smart home” of the future.”
“The researchers focused on the Philips Hue smart light bulb; and, found that the wireless flaw [they discovered], could allow a hacker to take control of the light bulbs,” according to researchers at the Weizman Institute of Science near Tel Aviv, Israel; and, the Dalhousie University in Halifax, Canada.
“That may not sound like a big deal,” Mr. Markoff wrote. “But imagine,” he adds, “thousands, or even hundreds of thousands of Internet-connected devices in close proximity. Malware created by hackers could spread like a pathogen [a digital pandemic] among the devices by compromising just one of them.” Actually, I can think of a lot worse, sick and twisted hacks and how this vulnerability/flaw might be exploited but, I’d rather not give the darker angels any ideas. But, some of the more simple operations, could include turning on the lights in a certain part of the building, which may also set off the alarm. Meanwhile, the thieves, hackers, corporate espionage thieves, and so on, are hidden in the roof, etc. waiting for security and the police to respond to the alarm — set off by the lights. The police and security find nothing. The thieves purposely do this two more times; and, the third time, security disables the alarm and the police quit responding. Unless the targeted company has people on stand-by in case of an emergency — who are designated to physically come into the building in a situation like this — well, you can connect the dots. Or, an intelligence entity could use this kind of hack and technique to prompt the adversary to show themselves, or find out if anyone is in the building, or will respond if the lights are turned on. There are lots of other scenarios, some scary, and potentially catastrophic. So, I digress.
Of note, “they [the hackers] wouldn’t have to have direct access to the devices to infect them: The researchers were able to spread infection in a network inside a network inside a building by driving a car 229 feet away,” or about 76 yards, Mr. Markoff wrote. “The new risk comes from a little-known radio protocol called ZigBee. Created in the 1990s, ZigBee is a wireless standard widely used in [popular] home consumer home devices. While it is supposed to be secure, it hasn’t been held up to the scrutiny of other security methods used around the Internet.”
“The researchers found that the ZigBee standard can be used to create a so-called computer worm to spread malicious software among Internet-connected devices,” Mr. Markoff noted. “So, what could hackers do with the compromised devices?,” he asked. I eluded to some of the options that the hackers have; and, some that are better left unsaid. One possible technique, the hackers “could also set an LED light into a strobe pattern that could trigger epileptic seizures; or, just make people uncomfortable. That may “sound far-fetched; but, that possibility has already been proved by the researchers,” Mr. Markoff wrote at the time. Mr. Markoff goes on to describe how the researchers were able to infect thousands of devices in a dramatically short period of time. According to Mr. Markoff, Philips fixed the vulnerability late last year; and, recommended to customers that they install a software patch through a smartphone application — but, wrote that “the company played down the significance of the problem.”
It has been written many, many times, by me and certainly thousands of others. Anything connected to the Internet, and especially, the IoT, can be hacked. The more devices one has interconnected in their home, business, whatever, the more digital vulnerabilities one creates. And, these darker angels of our nature don’t even have to be inside our home to do so. There are drones that are capable of stealing our key digital/personal information — by looking inside an open window from far enough away, or somehow concealed — that we might not notice it. And, as the first article noted, there are those on the Dark Web, who will do this for a fee; and, purportedly hand the desired information over to us. A LOT of bad can come from this. Cyber thieves can, and do, hack into our mobile phones, I-Pads, etc. at our work, a friends house, etc. and then once our device is compromised, the malicious worm lays dormant, and hides, until we take that infected mobile device home and connect it to our IoT, or ‘smart home.’ The ‘smart home’ makes everything much more convenient, saving us time, and effort; and, allows us to devote more time to our loved ones and other things that interest us. But, as with most things in life — this enhanced convenience comes with a price. There is no digital ‘free lunch.’
Disconnecting from the IoT, or living Off-The-Grid, is not practical, nor desirable for the vast majority of us. To do so, would be way too costly — personally, physically, mentally, and ultimately very detrimental to our quality of life. But, one must always understand and appreciate that entry and connectivity to the digital universe comes with a price. Never, ever assume that your devices are ‘clean,’ and have not been compromised. Try and use compartments, so that a breach of one device does not grant universal access to our IoT or ‘smart phone.’ Use encryption where you can, change your passwords frequently, use two-step authentication and so on. What most call, best cyber hygiene practices. If you make it too cumbersome for the cyber thieves, there are way too many other softer targets that they will move on to. And, never let a cyber geek tell you that your device or network has been purified. There is no such cyber tool out there today that can, with 100 percent accuracy, tell you that your network or device no longer has a stay-behind, or a Trojan Horse digital time bomb waiting to be activated. As my old boss, Donald Rumsfeld liked to say, “the absence of evidence, does not equate to evidence of absence.” Just because you cannot see it, doesn’t mean it isn’t there. Industrial grade, stealth malware has been available and for sale for at least three years now. The best cyber thieves……also haven’t been caught yet. And, finally — it is almost always the second digital mouse — that always gets the cheese. V/R, RCP.