Hacker forums function as a kind of combination training academy, social network and central bazaar for attackers looking for new tools, methods and techniques. They’re also often patrolled by law enforcement agents and security researchers, but it’s rare that any of the information that those people gather ever makes it into the hands of the public. One security company is now laying out some of the details of a year-long observation of a large hacker forum.
As it turns out, hackers in many ways are just like most people, with the small distinction that they steal things for a living. Researchers at Imperva began looking at one specific forum in June 2010, and focused in large part on what kinds of discussions the members were having. They found that many of the would-be attackers are not only interested in finding new tools and techniques, but also sometimes enjoy discussing religion, books and philosophy.
But when it comes to specific attacks, much of the discussion focuses on the techniques that have been among the more popular methods in recent years, especially DDoS and SQL injection. They found that 22 percent of the discussions on attack techniques by members of this unnamed forum were about DDoS attacks, while another 19 percent were about SQL injection. Both of those methods have been in widespread use for a long time now, and they also can be executed by people without a lot of technical skills.
DDoS attacks in particular often are the first forays by new attackers as they get into the scene, and there are a lot of simple point-and-shoot tools available for these people to experiment with. Even with these tools readily available, a lot of the discussions on hacking methods also center on learning how to get started, the researchers found. The Imperva study is by no means a a comprehensive survey of hacker forums, but just a snapshot of one specific forum at a point in time.
“Hackers devote most of their time, 25%, towards discussing beginning hacking. The strongest category with nearly 25% of discussions was on hacking tutorials. This means there’s a strong, steady interest in content to learn hacking, ensuring a steady supply of new talent. Other hacks, such as botnets and zombies, were prominent but website hacking more than tripled the next highest topic,” the study found.
In addition to discussions about specific techniques and tools, the forum that the researchers studied also includes quite a bit of educational content for members looking to learn. There are sections on learning skills such as social engineering, SQL injection and how to cover your tracks once you’ve compromised a machine.
As nice as all of the education and sharing on the forum is, the main reason for being for many of these sites is to help attackers who are looking to buy or sell pilfered goods find one another. The Imperva researchers found that in the forum they observed, credit card numbers, many of which include dates of birth and other information, were selling for short money. For U.S. numbers, the prices ranged from $2 for Visa up to $6 for Discover. The prices were slightly higher for numbers from countries in the European Union, going as high as $8 for American Express and Discover.