Why should hackers rely on finding a zero-day or unpatched vulnerability? The most common way they break into accounts or networks is by stealing credentials. What’s more they’re easy to obtain.

How are credentials stolen?

Given our addiction to being ‘always connected’, it’s no surprise that WiFi based attacks are a fertile source of stolen credentials.

There’s a number of avenues open to hackers exploiting our love of free WiFi:

  1. Man-in-the-middle. Here the hacker intercepts the communication between two participants: user and website. They redirect the user to a fake version of the site to steal their credentials.
  2. Evil Twin. A variation on the man-in-the-middle where a fake access point is set up with the same name as the genuine hotspot to trap customers and give hackers access to their credentials. Unfortunately, SSIDs are not regulated!
  3. Side-jacking. Hackers obtain information using packet-sniffing. Using the unencrypted cookies from the authenticating website, they hijack any private account the user is logged into.
  4. Credential Replay. Hackers steal authenticated information and retransmit it later to trick the receiver into granting them access.

As multi-system operators (MSOs) deploy city-wide hotspot networks to share the increasing burden of demand, the attack surface grows. Modern modems have 2 WiFi networks: one for private, the other public.

Why are stolen credentials valuable?

Nearly everything we do online requires credentials. Credentials open the digital door. Whether you’re the rightful owner or not. Using stolen credentials gives hackers much more flexibility and they’re less likely to be discovered. Given, that most people don’t change their credentials regularly and often re-use them across multiple accounts; it’s easy to see why stolen credentials are highly sought after.

Verizon’s 2017 Data Breach Report highlighted that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.  With account generator sites offering cheap access to numerous stolen credentials, it’s no wonder this percentage is so high.

Examples of Account Generator sites

(HackGive also provides a YouTube video of its ‘service’)

What can be done?

As an MSO, it’s about getting to grips with the intelligence problem. The first step is understanding how your subscriber’s credentials are being compromised. Such intelligence will arm your security and development teams to further harden your outside facing systems as well as educating your customer base of password security.

The next step, if you decide to prosecute, is validating that the account credentials for sale in the DarkNet are legitimate. Once validated, evidence is then gathered to support civil or criminal proceedings

It sounds simple until you add the DarkNet anonymity into the equation. Monitoring, detecting and investigating such activity in the DarkNet require specialized expertise. Many Clearnet tools and techniques are not transferable.

A different approach is needed in the shadowy depths of the DarkNet. Not everyone has these capabilities. And this is one of the reasons why MSOs look to Irdeto to help protect their brand and revenue streams against ever increasing reach of online piracy.