“Legitimate” Website Steals Governmental Credentials

Cyberthief-scWhen purchasing online software programs, it is important to do your research. Case in point? The now defunct commercial keylog developers at hawkeyeproducts.com.

Rodel Mendrez, a researcher for Trustwave, became suspicious of the company after catching a poorly-constructed email in his spam trappers. Cached copies revealed a website offering superior keystroke monitoring, that also had the ability to recover and/or “steal” forgotten passwords, and could be shared with other computers on the network (via USB or peer-to-peer)… all for only $35.

The developer website was marketed to attract finance, logistics and even governmental customers. It boasted glowing “customer” reviews and top-notch customer service,) but still left Mendrez feeling skeptical.

Through reverse engineering, the researcher uncovered buried Gmail credentials. Using the Gmail username and password he had decoded, Mendrez realized that the hackers were sending their victims’ stolen information (including browser, email, and FTP credentials in addition to such system data as firewalls installed, operating system information, and IP addresses) to legitimate yet compromised email addresses.  The syphoned data was then automatically forwarded from the compromised email inbox to the criminals’ actual email address.

Mendrez believes it is possible, and even probable, that the attackers used the compromised emails because they were aware of the vulnerabilities in their software code. He has since contacted the the owners of the hijacked email accounts, and has advised them to update/change their credentials.

In June 2015, the intelligence firm, iSIGHT partners, released a statement confirming that HawkEye had successfully pilfered credentials from the retail, science, foreign trade and scientific industries they had targeted in nearly 20 countries, including the US, Britain, Australia and India.

This case, along with the countless others we have reported in our blog, only reaffirms the fact that your business needs to stay on top of its cybersecurity. Make sure your passwords are secure and updated on a regular basis. It is also important to educate your employees and to keep them up to date on the latest scams and viruses. Also, be sure to update your systems as soon as the patches become available.

For more tips, and to stay current on trending cyberthreats, follow this blog or contact us with any questions you might have.

image_pdfimage_print