Everyone is making money from analytics. Even cyber-criminals.
No, this isn’t a joke. RSA says it has uncovered evidence that fraudsters are busy improving the quality of their hacking using Web analytics.
That’s right, it was only a matter of time, but it finally happened: hackers are using analytics to get a clearer picture of how effective their phishing sites are. Who can blame them? Just like every “as-a-service” provider out there, people in the “fraud-as-a-service” business need good market insight in this difficult economic climate.
“We were analyzing an attack against one of our Latin American customers, one of the big banks down there,” said Daniel Cohen, head of knowledge delivery at RSA, “and analyzing the kit, we saw the that fraudster had planted a little bit of JavaScript that does the Web analytics. He was using a not-so-known Web analytics platform, but it is very similar to Google.”
Upon further investigation, it emerged that the criminals are using analytics tools for a variety of reasons, Cohen said.
The first one is so they can keep each other honest. If you’re going to buy a spam campaign from someone, you’ll want to see results, naturally. (“Almost like a marketing executive, I guess, would measure the success of a marketing campaign,” Cohen said.)
The second reason is so they can more efficiently serve… er, rip-off, their clients. Plenty of mobile users falling for your scam? Lots of suckers running Safari? Optimize your phishing to target them.
Finally, Web analytics can make you a more effective hacker. Knowing when to access a target’s bank account, from what IP geolocation, with the right browser—it’s all part of the science of pulling off a successful attack. Newbie hackers without the means to exploit the information they gathered would pass it on to veteran crooks who could actually use the stolen credentials, Cohen said.
Such creativity. Such passion. Guys, this is impressive. But can’t you just find a legally acceptable way to exhibit your talents?
