Hackers rely on a variety of tools to force access to your online accounts. Below is a selection of the best in this field.
Password theft and trafficking – as we know – is one of the pillars of the activity of cybercriminals. According to security researchers at Digital Shadows, More than 24 billion pairs of username and password It was stolen this way for the past six years before it ended up on hacker forums and other illegal stores.
But how do hackers manage to recover all these passwords? What techniques do they use? According to the Digital Shadows report, email phishing clearly remains the proprietary method for accessing Internet users’ secret codes. But there are also more specialized and less known tools that hackers use to achieve their ends.
Redline, the data broom
Since phishing may not always work or be appropriate, hackers can use malicious code to steal passwords stored on the system. One of the most used programs in this case is Redline Information Stealer. It costs around $200 and spreads fairly easily. Hackers often send them via booby-trapped messages, in the form of an Excel extension (XLL).
Once installed on the PC, it will search for it from top to bottom. It will specifically scrape data stored in web browsers, where it can specifically retrieve cookies or passwords. Redline is also able to detect the presence of certain processes, such as antivirus processes. This makes it possible to create relatively complex attack strategies. If he succeeds, he wins the jackpot. Because compared to phishing, malware makes it possible to recover many IDs at once.
OpenBullet, the credential stuffing specialist
A hacker with a set of identifiers will try to make the most of this asset. How ? By applying these identifiers to other websites. Everyone knows, in fact, that many Internet users use the same password on several sites. Of course, there is no doubt about doing it manually. According to Digital Shadows, the most popular program for automating this task is OpenBullet. It is often used with a proxy service, so that the IP address can change with each connection attempt. This allows hackers to remain confidential, avoiding an online service that is blocking them.
Open Bullet is freely available on GitHub, and was originally created by security researchers to facilitate penetration testing. In order to work well, the user must nevertheless select “configurations” that allow the program to properly manage the authentication process. Concretely, the tool should know where to put the username and password and be able to detect a successful connection. But do not panic: these configurations are sold on hacker forums. So pirates don’t have to break their heads.
HashCat, the fingerprint cutter
When hackers gain access to user databases, they generally don’t retrieve their plaintext passwords, but only their encrypted fingerprints (“hash”). This is a one-way mathematical transformation that allows validation of the password entry without the need to manipulate the actual password. In theory, no online service should store plain text passwords, it should only store encrypted fingerprints.
By definition, there is no simple way to find a password from its hash. The only way to do this is to calculate the hashes of several passwords and compare them to the password you are looking for. They are often long and tedious, which is why hackers use software, in this case HashCat.
Its advantage is that it allows you to select calculation strategies to move forward faster. One can, for example, load one or more “dictionaries”, that is, large groups of frequently used passwords. Hackers can also define the “masks” of these dictionaries, i.e. password generation patterns. Example: a word that begins with a capital letter and ends with a number and a special letter. This is one of the most used patterns by internet users. But it is possible to program more complex patterns. The goal is to avoid as much computation as possible by brute force, stupidity, saucy and very slow.
digital shadows
#programs #hackers #steal #passwords