Login
Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.
In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that they openly operated hundreds of web sites selling tools designed to trick people into giving up usernames and passwords, or deploying malicious software on their PCs.
Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com. “Antibot” refers to functionality that attempts to evade automated detection techniques, keeping a phish deployed as long as possible. Image: DomainTools.
The core brand of The Manipulaters has long been a shared cybercriminal identity named “Saim Raza,” who for the past decade has peddled a popular spamming and phishing service variously called “Fudtools,” “Fudpage,” “Fudsender,” “FudCo,” etc. The term “FUD” in those names stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.
A September 2021 story here checked in on The Manipulaters, and found that Saim Raza and company were prospering under their FudCo brands, which they secretly managed from a front company called We Code Solutions.
That piece worked backwards from all of the known Saim Raza email addresses to identify Facebook profiles for multiple We Code Solutions employees, many of whom could be seen celebrating company anniversaries gathered around a giant cake with the words “FudCo” painted in icing.
Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions. The first was in the weeks following the Sept. 2021 piece, when one of Saim Raza’s known email addresses — bluebtcus@gmail.com — pleaded to have the story taken down.
“Hello, we already leave that fud etc before year,” the Saim Raza identity wrote. “Why you post us? Why you destroy our lifes? We never harm anyone. Please remove it.”
Not wishing to be manipulated by a phishing gang, KrebsOnSecurity ignored those entreaties. But on Jan. 14, 2024, KrebsOnSecurity heard from the same bluebtcus@gmail.com address, apropos of nothing.
“Please remove this article,” Sam Raza wrote, linking to the 2021 profile. “Please already my police register case on me. I already leave everything.”
Asked to elaborate on the police investigation, Saim Raza said they were freshly released from jail.
“I was there many days,” the reply explained. “Now back after bail. Now I want to start my new work.”
Exactly what that “new work” might entail, Saim Raza wouldn’t say. But a new report from researchers at DomainTools.com finds that several computers associated with The Manipulaters have been massively hacked by malicious data- and password-snarfing malware for quite some time.
DomainTools says the malware infections on Manipulaters PCs exposed “vast swaths of account-related data along with an outline of the group’s membership, operations, and position in the broader underground economy.”
“Curiously, the large subset of identified Manipulaters customers appear to be compromised by the same stealer malware,” DomainTools wrote. “All observed customer malware infections began after the initial compromise of Manipulaters PCs, which raises a number of questions regarding the origin of those infections.”
A number of questions, indeed. The core Manipulaters product these days is a spam delivery service called HeartSender, whose homepage openly advertises phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me, to name a few.
A screenshot of the homepage of HeartSender 4 displays an IP address tied to fudtoolshop@gmail.com. Image: DomainTools.
HeartSender customers can interact with the subscription service via the website, but the product appears to be far more effective and user-friendly if one downloads HeartSender as a Windows executable program. Whether that HeartSender program was somehow compromised and used to infect the service’s customers is unknown.
However, DomainTools also found the hosted version of HeartSender service leaks an extraordinary amount of user information that probably is not intended to be publicly accessible. Apparently, the HeartSender web interface has several webpages that are accessible to unauthenticated users, exposing customer credentials along with support requests to HeartSender developers.
“Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement,” DomainTools wrote. “The data table “User Feedbacks” (sic) exposes what appear to be customer authentication tokens, user identifiers, and even a customer support request that exposes root-level SMTP credentials–all visible by an unauthenticated user on a Manipulaters-controlled domain. Given the risk for abuse, this domain will not be published.”
This is hardly the first time The Manipulaters have shot themselves in the foot. In 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com — the same one tied to so many of the company’s past and current business operations. That domain was quickly scooped up by Scylla Intel, a cyber intelligence firm that focuses on connecting cybercriminals to their real-life identities.
Currently, The Manipulaters seem focused on building out and supporting HeartSender, which specializes in spam and email-to-SMS spamming services.
“The Manipulaters’ newfound interest in email-to-SMS spam could be in response to the massive increase in smishing activity impersonating the USPS,” DomainTools wrote. “Proofs posted on HeartSender’s Telegram channel contain numerous references to postal service impersonation, including proving delivery of USPS-themed phishing lures and the sale of a USPS phishing kit.”
Reached via email, the Saim Raza identity declined to respond to questions about the DomainTools findings.
“First [of] all we never work on virus or compromised computer etc,” Raza replied. “If you want to write like that fake go ahead. Second I leave country already. If someone bind anything with exe file and spread on internet its not my fault.”
Asked why they left Pakistan, Saim Raza said the authorities there just wanted to shake them down.
“After your article our police put FIR on my [identity],” Saim Raza explained. “FIR” in this case stands for “First Information Report,” which is the initial complaint in the criminal justice system of Pakistan.
“They only get money from me nothing else,” Saim Raza continued. “Now some officers ask for money again again. Brother, there is no good law in Pakistan just they need money.”
Saim Raza has a history of being slippery with the truth, so who knows whether The Manipulaters and/or its leaders have in fact fled Pakistan (it may be more of an extended vacation abroad). With any luck, these guys will soon venture into a more Western-friendly, “good law” nation and receive a warm welcome by the local authorities.
What’s blockchain technology? The term gets bandied about often enough, but it doesn’t always get the explanation it deserves.
Understanding the basics of blockchain can help you understand several of the big changes that are taking place online. It’s the foundational technology that underpins cryptocurrency and NFTs (non-fungible tokens), yet it has several other emerging applications as well.
In all, gaining a sense of how blockchain technology works will give you a further sense as to how it may eventually shape the way you go about your day.
Blockchain technology holds great potential because of the unique, decentralized way it handles data—which marks the first step in understanding how it works.
An easy way to visualize how a blockchain works is with an old-fashioned ledger. Each ledger entry is a link in a “chain.” Within each chain is a unique identifier known as a hash and a block of data associated with it. Over time, chains get added, which updates the hash as new blocks of data are added to the chain.
A simplified example of a blockchain storing recipe instructions. The Previous Hash and Stuff (data) fields generate the Hash field. This Hash becomes part of the next record.
Yet one of the most important aspects of blockchain technology is this—it’s decentralized. Dozens, hundreds, thousands, or more participants in the blockchain track and validate the transactions associated with it.
Each blockchain entry gets validated through consensus, where individual participants on a blockchain network must all “agree” that the data in each entry is correct. Participants in the blockchain network can arrive at consensus through several models, yet commonly they use cryptographic calculations to validate an update to the chain.
In this way, blockchain technology removes the need for a central authority to oversee a transaction, such as a bank. Put simply, blockchain gets rid of the go-between. And it makes transactions more anonymous as a result.
Participants in a blockchain network receive a small amount of cryptocurrency per transaction as a reward for their efforts. Enter the notion of crypto mining, where some miners set up large-scale farms of powerful, specialized computers that participate in blockchain networks.
Blockchains come in public and private forms. Public is just as it sounds, where anyone can participate in the blockchain. They can read, write, or validate data in the blockchain. Private blockchains are invite-only in nature and can establish rules about who can alter the blockchain.
Many blockchain ledger entries record financial transactions associated with cryptocurrency. However, ledger entries can contain any type of data. One can just as easily store documents, images, log files, or other items in a blockchain. Even decentralized programs, also known as smart contracts, can be stored.
In all, there’s much more to blockchain technology than just cryptocurrency.
First and foremost, blockchain technology is at the heart of cryptocurrency. Wherever cryptocurrency is bought, spent, or exchanged, the blockchain is there to facilitate the transaction. However, we can point to several new and emerging applications as well, including:
Blockchain technology offers several benefits, yet it has its downsides as well.
Decentralization removes the need for third parties in transactions because the blockchain provides the verification and oversight for the transaction to go through. In the case of financial transactions, that removes the need for banks. In the sale of property, that removes the need for a title company.
However, if there is a conflict or issue between the parties, they have no central authority to manage its resolution. (See this story written by a BBC journalist about his quest to recover stolen crypto funds.)
Additionally, decentralization can afford parties anonymity, which can cover up illegal activities—thus making cryptocurrency is the coin of the realm for scammers and murky marketplaces on the dark web.
Blockchain technology is open, meaning that theoretically anyone with a specially equipped device can generate revenue as a miner in the blockchain economy. Yet the reality is that much of the technology is in the hands of the few. For starters, these mining devices are expensive. Secondly, it takes hundreds of these devices to mine effectively, which points to the advent of the industrial-sized mining farms mentioned above.
To put it all into perspective, one study estimated that “(t)he top 10% of [Bitcoin] miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity.”
Additionally, all that computing power comes at an additional cost—energy. It takes electricity to run those huge mining farms, and it takes yet more electricity to keep them cool. As a result, crypto mining can generate an outsized carbon footprint if the electricity is generated with fossil fuels.
Image and data courtesy of Digiconomist
Of note, the second-largest cryptocurrency, Ethereum has made great strides on the energy consumption front. It updated the way the cryptocurrency arrives at consensus in its blockchain and uses far less energy as a result. Estimates show that Ethereum’s carbon footprint decreased by about 99.992% from 11,016,000 to 870 metric tons of CO2.
As far as technology goes, we still live in the relatively early days of blockchain. And while much of its popular focus revolves around its role in cryptocurrencies like Bitcoin, the technology offers more than that. Of course, it remains to be seen which of its applications will take root.
Blockchain has its own barriers, though, particularly when it comes to security. Like any other connected technology, it finds itself the target of hacks and attacks. Billions of dollars in cryptocurrency have been stolen from individual users and exchanges over the years.
The security issue isn’t necessarily with the blockchain itself. That’s highly difficult to hack thanks to encryption and the decentralized nature of the blockchain. Instead, the networks they are on are subject to attack—such as interception attacks where bad actors extract information or cryptocurrency. Other attacks involve flooding the blockchain network with false identities that ultimately crash the system. And yet more exploit weaknesses in the security protocols used by platforms like cryptocurrency exchanges.
Then there’s the tried-and-true phishing attack, where scammers dupe victims into handing over their personal encryption keys. With a key, the scammer can empty digital wallets of their cryptocurrency or compromise a private blockchain network and that data in it.
Clearly, the future remains speculative as people and organizations explore the uses of blockchain technology. Without question, security will play a major role in its adoption.
Unless you’re dabbling in cryptocurrency yourself, blockchain will likely remain a behind-the-scenes technology. At least for the time being.
Yet it can still shape your day in some way. It might help bring fresher produce to your market. It might secure smart utilities and smart infrastructure in your city. And it might give your auto manufacturer a powerful tool for identifying and recalling a faulty part in your car.
Although barriers of security, energy consumption, and equity remain, it stands a good chance that blockchain technology will continue to change our lives. And understanding how it works can help you better understand those changes.
The post Blockchain Basics: What’s Blockchain Technology and How Might It Change Our Lives? appeared first on McAfee Blog.
FreshRSS 