secallahanat September 14,2017 It's interesting to get a first-hand look at spearfishing in progress. I've heard the term before, but I never really had a complete understanding. With spearfishing, hackers attempt to gain access to sensitive information, especially financial information, by sending emails from someone you know (or think you know). It was beneficial to see the process they go through to gain access to this sensitive information.
ahmadh456at September 14,2017 Watching these type of videos makes you realize how easy it can be to steal someones data. I would assume that majority of people that use these tools to steal other people's data are either spies of some sort or are criminals that sell the data on the darknet. These criminals may not consider themselves criminals but they are no different than a robber coming into your house and going through your whole house to steal what they're looking for. Except the difference is that you may not know your data is being stolen while it is happening, even if you're on your computer. This video was uploaded to Youtube about 4 years ago and is using Windows XP, imagine how advanced these applications have become since then.
yatasoyat September 16,2017 Phishing and other social engineering methods are how a lot of hacks originate. The use of social engineering techniques can give the attacker information that they could benefit from in order to successfully carry out an attack or take over a system, which is something that they were doing in this video. Pulling sensitive information from a victim's system can then be sold or held on to for ransom.
multarncat September 16,2017 The first thing that surprises me is the sloppiness of the DOTA. Why go through the trouble of registering an email address from a U.S. IP address, then use a Chinese phone number that can be traced to a specific exchange? Another fact that surprises me is the fact that Google doesn’t flag these attempts as potentially malicious. I would think that using a U.S. IP and Chinese phone number would flag or halt the registration process. Google should also block users who access from known-bad IPs.
From a user standpoint, avoiding these attacks are fairly easy. The source IP ranges are already well known. If users would employ a decent software-based Firewall/IDS, it would block a significant volume of these activities. All of the command and control activity were originating from known malicious IPs. Decent firewalls/IDS software will monitor both incoming and outgoing connections and block connections to known-bad IPs. Many products are moving towards reputation-based rules for blocking/permitting both outgoing and incoming connections. This is a step in the right direction.
tparry2at September 19,2017 I thought this video was very fascinating. This is my first look into cyber security and computer forensics, so the ability to see this theft and transfer of files, and how easy it occurred was amazing. The fishing email account was also very interesting as well. I have never been exposed to this end of forensics.