December 12th, 2006
Online email accounts held hostage for blackmail
Websense is reporting that a new form of cyber-extortion has emerged in recent days that exploits the promiscuous nature of cyber-cafes and PC-terminals. By stealing email credentials from unsuspecting shared-terminal users, the attackers steal all the victim's emails and contacts and then sends a single message in the email account basically asking for ransom in a note written in Spanish. The ransom note translates to "If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"
This sort of attack illustrates the dangerous using browser based applications even when SSL is properly implemented because of the effectiveness of key-loggers. Many browser based remote access solutions (referred to as a form of SSLVPN) attempt to scan for the existence of key-loggers, rootkits, and malware though this can only detect known threats with known signatures. Other more clever implementations will attempt to use an OTP (One Time Password) sent to the user via text message on their cell phones so that a stolen password is worthless within a minute.
While these security measures reduce the risks, the danger of the untrusted PC-terminal remains. Ultimately there is nothing to prevent a PC-terminal from recording the entire screen session if the attacker is determined. Users and IT departments need to ultimately weigh the convenience of not having to carry a personal laptop or other personal digital communication device with the risk of using a public PC-terminal.
Even when using a personal laptop with public hotspots, be mindful of how easy it is to attack your user credentials with lack of or improperly implemented SSL. Cyber criminals will only become more cunning and aggressive in the new digital age.
George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.
