Selling Fake Followers to Fake People: The Perfect Cybercrime

Discussion in 'BlackHat Lounge' started by Asif WILSON Khan, Nov 16, 2016.

  1. Asif WILSON Khan

    Asif WILSON Khan OG Blue Tick Exec VIP Jr. VIP

    Nov 10, 2012
    Likes Received:
    Fun Lovin' Criminal
    Home Page:
    The perfect cybercrime: selling fake followers to fake people
    By Sally Adee

    Has your router been hijacked?
    Tetra Images/Getty

    Hackers are recruiting the internet of things into a botnet. But this time they’re not trying to take down the internet. They’re just using them to make fake social media accounts – which they can then sell to online narcissists to make an easy buck.

    Masarah-Cynthia Paquet-Clouston, a criminologist with the University of Montreal, and Olivier Bilodeau, a cybersecurity researcher at Montreal-based company GoSecure, have uncovered a large botnet that recruits everyday devices such as connected toasters, fridges or even your grandmother’s router to help commit social media fraud. They think that this stealthy, lucrative scheme is a glimpse into the future of low-level cybercrime.

    Bilodeau had been tracking the Linux/Moose malware, which infects routers and other smart devices to turn them into a botnet, for a few years when it went dormant.

    He suspected the malware was still out there and evolving, so he teamed up with Paquet-Clouston to lure the new variant into a trap. They created a honeypot – a virtual device disguised to look like a poorly secured router. When the malware tried to infect the device, they gained access to the botnet so they could study the scheme. The researchers presented their work at the Black Hat Europe security conference in London on Friday.

    Botnets may be best known for spam, ad fraud or distributed denial of service (DDoS) attacks like the one that brought down many major websites last month. But the Linux/Moose botnet has a different job – directing traffic to social media sites.

    The botnet operator uses the internet of things to cover their tracks so that social media accounts they create aren’t immediately flagged as bogus. “Usually when a social network sees thousands of users coming from a single IP address, it’s a red flag for fake accounts,” Paquet-Clouston explains.

    Once the botnet has grandma’s router under its control, it uses the device as a proxy to make it look like its traffic is coming from that router’s “clean” IP address when it visits a social media site to make a new account.

    Zombie followers
    Armed with their empire of fake accounts, the botnet operator– whose identity is not known – advertises followers for sale on platforms including Instagram and Twitter.

    These zombie followers are available to buy in packs of 1000 (for $2.95) to 50,000 ($249.95). The accounts tend to be fairly basic, with zero posts and perhaps one follower. Their profile photos are often a plant or an animal, says Paquet-Clouston.

    The behaviour of the Linux/Moose followers is just sophisticated enough to evade immediate detection by social networks’ fake account filters. “We watched these fake followers logging into their fake accounts, checking their fake inbox, looking at recipients of likes,” she says.

    Who buys such followers? The researchers found that customers include shady online companies, a few bricks-and-mortar businesses such as restaurants in Kuwait and Bali and, most often, self-promoting individuals.

    “We saw a lot of web developers, body builders and aspiring celebrities,” says Paquet-Clouston. “The kind of people who post pictures on their social media accounts of half-naked models drinking champagne on a yacht.”

    Crunching the numbers, Paquet-Clouston and Bilodeau concluded that the botnet operator makes between $200,000 and $400,000 every month – and for minimal effort. “He’ll have to spend about a month constructing it, but then after that it’s just maintenance,” says Bilodeau. “And I guess customer service.”

    Digital slaves
    Internet of things devices are often unsecured, making them an easier target than computers. And as the Linux/Moose botnet makes minimal demands of its digital slaves, its attack can easily go unnoticed.

    “Grandma is never aware that her router has been hijacked, provided her internet connection is fast enough,” says Bilodeau. “It’s not slowing down her PC. And if she does something as simple as shutting down her router and restarting the malware is gone. But pretty soon it will come knocking at the same unsecured door again.”

    The low-level and relatively victimless nature of the crime also helps the operators fly under the radar and avoid getting caught.

    “They can just call themselves social marketers, and then they could even file taxes,” says Masarah. The botnet operators advertise their fake followers in the open and accept real credit cards. “No normal accountant would be aware that they’re doing anything illegal.”

    But Evan Blair, co-founder of ZeroFox in Baltimore, Maryland, says this kind of attack still represents a real threat. “They’re a different kind of botnet – not a watered down one,” he says. “Fake followers can operate independently, take commands, promote and push malicious content. All these accounts accept remote commands from people who control them.”

    The rapidly growing field of social media fraud, he says, includes everything from phishing schemes – where attackers trick people into giving up sensitive information – to identity theft. Bots can also add fake support to political messages, for instance spamming #Hillary or, more often, #Trump comments on social media.

    “All the political campaigns buy fake followers,” says Blair. “A tonne of them.”

    The seller of the Moose/Linux botnet, in keeping with their low-key, low-effort approach, didn’t offer a commenting option for his fake accounts – “but [they] could easily have done,” says Paquet-Clouston.


    Further Reading:
    • Thanks Thanks x 6
  2. dee_emm_tee

    dee_emm_tee Junior Member

    Oct 6, 2016
    Likes Received:
    I'm slightly turned on by this
  3. Joseph Lich

    Joseph Lich BANNED BANNED

    Nov 25, 2015
    Likes Received:
    Phishing activities are no good.
    "Fake" support to political, it's a double-edged sword.
  4. Whotf am I

    Whotf am I Registered Member

    Oct 30, 2016
    Likes Received:
    Hey Mr. Asif .... Can you pm ?
  5. Reaver

    Reaver Jr. VIP Jr. VIP

    Aug 6, 2015
    Likes Received:
    They make six figures appealing to people's vanity.

    If the way they went about it weren't so shady I'd applaud them.

    And why is a toaster hooked up to the Internet?
  6. forethan

    forethan Regular Member

    Oct 5, 2012
    Likes Received:
    Pretty cool! We will see that more and more.
    If i had this knowledge whereas selling fake followers i will create one personas per ip(like a unique proxy),secure the victim machine(so only me can use it like a proxy) and follow some nice tutorial on bhw.
    But it's very hard to acquire this knowledge.
    And i don't want to buy some shitty private proxies so i learn lol!!!
  7. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Dec 30, 2007
    Likes Received:
    Yup everything will be waaaaay much fun when internet of things start spreading even more. :)