en
Back to the list

Secret Services Might Be Behind The Hacking Of 40,000 Private Accounts

12 December 2018 11:05, UTC
Oleg Koldayev

More than 40,000 user accounts of electronic services of state organizations and state services from 30 countries of the world have been compromised by hackers. Personal data has been stolen from the users' computers and money has been from the crypto-wallets. And, perhaps, as a result of hackers’ actions, someone could lose their freedom.

According to Group-IB, the company specializing in information security, people in Italy (52%), Saudi Arabia (22%), and Portugal (5%) have suffered the most from cyber-attacks. The greatest interest among hackers was caused by the resources of the Italian Ministry of Defense, the Israel Defense Forces, the Norwegian Migration Service, websites of state services in Switzerland, Poland, Hungary, etc. The attackers stole users’ logins and passwords, personal registration details, information about legally significant actions committed by people for a certain period of time. Cybersecurity experts believe that now these data can be sold on hacker forums or used to steal money and for other illegal actions with electronic profiles.

In most cases, thieves used the usual fishing scheme, when a potential victim opened a letter with an infected archive or an executive file. Of the malicious software, Pony Formgrabber, Qbot, and AZORult Trojans were used most often. The latter, in addition to the theft of personal data, is often used to hack crypto-wallets. It may happen that citizens have lost their savings in addition to the loss of their personal information.

As practice shows, the most primitive criminal schemes continue to work. The main action of fraudsters is the playing to human curiosity and carelessness.

For example, the AZORult virus may be disguised as an archive or downloader of a package of free programs, audio, video, and text files. At the same time, the malware not only copies the data but also allows you to remotely control all actions from the infected computer. In other words, if a person wrote a certain text of the letter on a vulnerable gadget, then the recipient could get a completely different one, for example, with the threat of a terrorist act.

Taking into account a large number of attacks on users from law enforcement agencies, Group-IB experts in their report focus on the fact that account hacking can be carried out not only by ordinary hackers but also by representatives of the intelligence services of other states.

“The data of the compromised records were transferred to the CERT of the affected states,” the official representative of Group-IB commented on the information. “We can say with confidence that the Pony Formgrabber, Qbot, and AZORult operators are responsible for the collection of records, but the results of their activities can fall into the hands of both cybercriminals and pro-government hackers who specialize in espionage.”

Simply put, a person who opens a malicious letter takes the risk not only of getting into the lists for sending spam or of losing cryptocurrency but, unwittingly, of becoming a source of leakage of official secrets. The consequences of such a progression of events are not difficult to predict: it will be extremely difficult to prove one’s innocence in the case of prosecution since the program can not only be implemented but also deleted without direct access to the computer. In this case, a clean computer will fall into the hands of the investigators, with no signs of hacking. Paying for carelessness will be a jail.

The relations between a man and a man, a man and a state in the virtual space become more complicated every year. And it is high time to get used to the fact that the actions of hackers are no longer just hooliganism, the entertainment of bored teenagers, or even a profit-motivated crime. This is often a policy. Therefore, when opening another e-mail, you must be aware that the higher the stakes in the game of states are, the higher the cost of private curiosity can be.