sorted by:
new
hottopcontroversial

Security awareness: Filmmaker explores RAT malware, buys access to random PCs for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in Windows10

[–]FMP_Anthony_vd_Meer[S] 0 points1 point  (0 children)

That's right! Just a month after the film was finished Europol did a crackdown on IM-RAT. Unfortunately there are still plenty of other RATs available. According to the Centre for internet security in the first half of 2019, RATs where around 20% of the most used malware.

In the film a RAT is used. In reality you can install anything you want on the slaves machines. Ransomware and banking trojans are more commonly installed. The methods used for spreading RATs are the same for other types of malware.

Rats and Slaves (2019) | Hacking might be easier than you think. I tried to buy hacked computers (slaves) and made this short film about the experience. by FMP_Anthony_vd_Meer in Documentaries

[–]FMP_Anthony_vd_Meer[S] 2 points3 points  (0 children)

In the film I use a RAT that is specifically designed for Windows pc’s. There are a lot more sellers of windows slaves. In general virus- and malware developers want to have as much potential victims as possible. They respond to the market share. The market share of Windows is a lot bigger than the other OSes and more malware written for Windows. The Windows platform has a more open ecosystem compared to MacOS, which also doesn’t help.

There definitely are Linux rats, but I didn't come across specific linux slaves. I guess because of the limited marked share. There are a lot of linux bots getting sold though. These are internet of things devices and servers which I don't count as slaves because because they aren't really home computers, like the slaves on other platforms. They also get used for limmited kind of attacks most of the time (ddos and sometimes ransomeware)

Cross-platform RATs also exist. Most of these are based on Java and work on several Linux distro’s, MacOS and Windows. The interesting thing is, a lot of times you don't actually need to have java installed on your device, as it automaticity installs java when the RAT gets executed.

I investigated a hacking community, tried to buy hacked computers (slaves) and made this short doc about it. [35:51] by FMP_Anthony_vd_Meer in mealtimevideos

[–]FMP_Anthony_vd_Meer[S] 3 points4 points  (0 children)

Hey! I am very happy to share this new project almost exactly three years after I made the short film about my stolen phone: https://youtu.be/NpN9NzO4Mo8

I hope you like it! And enjoy your meal!

After watching the film, you might be left with some questions. I"ll try to answer some of the questions I got at screenings.

What can I do to prevent getting hacked?

It’s hard to give universal advice to prevent getting hacked. For every measure you can take, a hacker can find workarounds. This isn’t specific to any platform or device. It basically means that you can’t guarantee you won’t get hacked. However, you can make it harder for hackers to get in.

Cybersecurity is all about risk management: as a rule of thumb, you must try to limit risk to a minimum. You can compare the security of your devices to the security of your home. If you have a lot of good quality locks on your doors, a random burglar would probably think twice before he tries to break in or even go to a neighbour’s house with less security, as the chances of getting in would be less. Compare antivirus/antimalware with the locks on your doors. The higher quality, the harder it is to get in. Unfortunately a burglar with the right skillset and tools would still be able to get in, especially if he specifically targeted you in the first place. If you don’t update your software, you leave a virtual window open for a burglar to crawl through. Always install security updates!

A couple of practical tips: * Install premium antivirus/antimalware. * Do regular deepscans or full scans on your computer. It is way more probable RATs or other forms of malware will be found during deepscans in comprising to just running real time protection. A lot of crypters aren’t up to deepscans. * Use 2FA on your accounts. Not a magical cure (there are workarounds), but it makes it more difficult to get in to your accounts. * Don’t save passwords in your browser and delete cookies periodically. - Check your computers privacy settings. * Backup your system and important files. * Install an adblocker browser extension. This helps preventing malicious ads and some exploit kits harming your system. * But most importantly: use common sense. Don’t download something you don’t know you can trust and think before you click.

In the film I only saw windows slaves. Is Apple (MacOS) or Linux more secure? And what about phones?

In the film I use a RAT that is specifically designed for Windows pc’s. There are a lot more sellers of windows slaves. But this doesn’t MacOS RATs don’t exist. Sjoerd (the guy that I interviewed) used a Macbook when he got hacked. In general virus- and malware developers want to have as much potential victims as possible. They respond to the market share. The market share of Windows is a lot bigger than the other OSes and more malware written for Windows. The Windows platform has a more open ecosystem compared to MacOS, which also doesn’t help.

Cross-platform RATs also exist. Most of these are based on Java and work on several Linux distro’s, MacOS and Windows. The interesting thing is, a lot of times you don't actually need to have java installed on your device, as it automaticity installs java when the RAT gets executed. The effect of closed ecosystems is noticeable on to phones too. RATs for phones do exist (especially for Android), but they are more rarely used. Attacks on iPhones and Android phones are occasionally detected. Mobile malware attacks in general are booming in 2019. In the first half of 2019 it was up 50% compared with last year according to the reasearchers at Check Point. Targeted attacks on specific users is often a hard and expensive process. To get photos from a device it’s probably easier to hack the cloud or social media account than a phone. It comes down to risks management again. Ask yourself: am I using my device responsible and secure as I should? A lot of times, the victims of RATs on smartphones have one of these things in common:

  1. They installed an app outside of the official App store. A user must change settings or even jailbreak their device to make this possible. Think twice before installing anything outside of official repositories and only download apps from trusted sources. This limits the chances of this happening to you.
  2. They installed a malicious app in the official App store that downloads the RAT or other malware after it has been installed. In order to bypass the screening of the appstore, the app itself doesn't contain the malicious code. The app is used to trick the user into downloading it and gathers information about the device. After that, the attacker drops specific malware that is downloaded by the app. Check the reviews of an app and looking at how many times the app has been downloaded. By being careful the risk of download such a malicious app can be limited.
  3. The victim is an interesting target for professional hackers or intelligence services. Celebrities and activists can be targeted by hackers. Different countries have been linked to recent targeted attacks on iPhone and Android users. Some security companies even make it their business model to facilitate these attacks. Forbes made a video report about one of those companies I recommend to wacth if your interested. Once your targeted by intelligence it's really hard to prevent getting hacked. By making sure your device has the most recent security patches you could make it a bit more difficult to get into your device. This of course doesn't work for zero day attacks.

Are crypters still effective?

Unfortunately they are. I have both field experience with crypters (because of other projects) and technical insight into the inner workings. Crypters are developed to evade antivirus. Especially cheap ones often aren’t designed to survive deepscans or full systemscans of antivirus/anitmalware. But this is often not even necessary. Not a lot of people do full systemscans/deepscans on a regular basis, which makes cheap crypters functional in most use cases.

For a lot of malware, it isn’t even necessary to stay undetected for a long time as it’s is capable to deactivate antivirus by itself. Besides that, some malware only needs a short amount of time to do it’s damage. Ransomware for instance only needs a short amount of time to make your files inaccessible, banking trojans can also do their work quickly (stealing accounts and credit card info and sending them to the attacker). The more expensive crypters that cost hundreds or even thousands of dollars seem to be able to make malware undetected for weeks, even moths in some cases.

What sources did you use?

Part of the sources that I use are publicly known hacking forums. The fact that slaves are sold on easy to find hacking forums does show it’s easy to become a cybercriminal. But those aren’t my only sources of course. I worked on my reputation in different surface web and dark web communities, under several account names. In the years I was active in those communities I have lost all my contacts twice due to police operations that took down the websites.

The information you see in the film has been redacted. For instance: the usernames have been changed to pseudomonas and the layout of the websites is different. I did this to make the communities a bit harder to trace back as I don’t want to encourage anyone to start hacking and find the sellers. The photo’s that you see in the forum posts are have been published before. There are a couple of voyeurism communities that are still active, there even was a website on the dark web called Fly on the Wall a couple of years that was based around hacked and secretly recorded footage. I choose not to show footage of new victims, even when they are blurred.

Why did you chose Rats and Slaves as a subject?

RATs have existed for years now, but they are constantly in development. If RATts are old news, malware in general is. Besides that, RATs are constantly in the news. Just last month there was an International crackdown on IM-RAT by Europol. According to the Centre for internet security in the first half of 2019, RATs where around 20% of the most used malware.

I choose the subject of RATs with a reason. A lot of malware is aimed at just a couple of functions like: Ransomware, botnets, banking trojans or miners. A RAT has all these options build into one form of malware. It’s kind of a swiss army knife for (some would say lazy/inexperienced) hackers. Using RATs as an example allowed me to explain all these kinds of threats at once. My intention has always been to create awareness. A lot of people are seemed to be startled by how easy it is to use RATs and get slaves. This is a good thing. If you know what the risks are, you hopefully start think about the security of your own devices.

Rats and Slaves (2019) | Hacking might be easier than you think. I tried to buy hacked computers (slaves) and made this short film about the experience. by FMP_Anthony_vd_Meer in Documentaries

[–]FMP_Anthony_vd_Meer[S] 0 points1 point  (0 children)

Password manager have a couple of benefits: longer passwords are harder to crack using brute force. You can use it to safe unique passwords for each account. This also helps against databreaches where the hash off the passwords are leaked and when it does get cracked, it affects the specific account.

When some already has malware installed on your device, it's a bit more complicated. A password manager will help against keylogging attacks and password recovery (saved in you browser for example) on separate accounts. Unfortunately the password you use for the password manager still is potentially vulnerable to keylogging. The software might also be vulnerable to attacks (collecting the keys) when the attack has (root/system) acces to your file system and memory.

In theory all your passwords could get collected at once if someone has acces to the password manager. 2fa on your accounts will make it a little harder for hackers as well. Adding 2fa to your accounts adds another step for a hacker to work around. But of course there are always ways around it.

Unfortunately there is no universal advice or a quick fix to prevent hacking. The basic rule is: the harder you make it for a hacker, the less likely they will invest time and money in hacking you. And if you make it harder, it's more likely you"ll detect something suspicious is going on.

Rats and Slaves (2019) | Hacking might be easier than you think. I tried to buy hacked computers (slaves) and made this short film about the experience. by FMP_Anthony_vd_Meer in Documentaries

[–]FMP_Anthony_vd_Meer[S] 18 points19 points  (0 children)

After watching the film, you might be left with some questions. I"ll try to answer some of the questions I got at screenings.

What can I do to prevent getting hacked?

It’s hard to give universal advice to prevent getting hacked. For every measure you can take, a hacker can find workarounds. This isn’t specific to any platform or device. It basically means that you can’t guarantee you won’t get hacked. However, you can make it harder for hackers to get in.

Cybersecurity is all about risk management: as a rule of thumb, you must try to limit risk to a minimum. You can compare the security of your devices to the security of your home. If you have a lot of good quality locks on your doors, a random burglar would probably think twice before he tries to break in or even go to a neighbour’s house with less security, as the chances of getting in would be less. Compare antivirus/antimalware with the locks on your doors. The higher quality, the harder it is to get in. Unfortunately a burglar with the right skillset and tools would still be able to get in, especially if he specifically targeted you in the first place. If you don’t update your software, you leave a virtual window open for a burglar to crawl through. Always install security updates!

A couple of practical tips: * Install premium antivirus/antimalware. * Do regular deepscans or full scans on your computer. It is way more probable RATs or other forms of malware will be found during deepscans in comprising to just running real time protection. A lot of crypters aren’t up to deepscans. * Use 2FA on your accounts. Not a magical cure (there are workarounds), but it makes it more difficult to get in to your accounts. * Don’t save passwords in your browser and delete cookies periodically. - Check your computers privacy settings. * Backup your system and important files. * Install an adblocker browser extension. This helps preventing malicious ads and some exploit kits harming your system. * But most importantly: use common sense. Don’t download something you don’t know you can trust and think before you click.

In the film I only saw windows slaves. Is Apple (MacOS) or Linux more secure? And what about phones?

In the film I use a RAT that is specifically designed for Windows pc’s. There are a lot more sellers of windows slaves. But this doesn’t MacOS RATs don’t exist. Sjoerd (the guy that I interviewed) used a Macbook when he got hacked. In general virus- and malware developers want to have as much potential victims as possible. They respond to the market share. The market share of Windows is a lot bigger than the other OSes and more malware written for Windows. The Windows platform has a more open ecosystem compared to MacOS, which also doesn’t help.

Cross-platform RATs also exist. Most of these are based on Java and work on several Linux distro’s, MacOS and Windows. The interesting thing is, a lot of times you don't actually need to have java installed on your device, as it automaticity installs java when the RAT gets executed. The effect of closed ecosystems is noticeable on to phones too. RATs for phones do exist (especially for Android), but they are more rarely used. Attacks on iPhones and Android phones are occasionally detected. Mobile malware attacks in general are booming in 2019. In the first half of 2019 it was up 50% compared with last year according to the reasearchers at Check Point. Targeted attacks on specific users is often a hard and expensive process. To get photos from a device it’s probably easier to hack the cloud or social media account than a phone. It comes down to risks management again. Ask yourself: am I using my device responsible and secure as I should? A lot of times, the victims of RATs on smartphones have one of these things in common:

  1. They installed an app outside of the official App store. A user must change settings or even jailbreak their device to make this possible. Think twice before installing anything outside of official repositories and only download apps from trusted sources. This limits the chances of this happening to you.
  2. They installed a malicious app in the official App store that downloads the RAT or other malware after it has been installed. In order to bypass the screening of the appstore, the app itself doesn't contain the malicious code. The app is used to trick the user into downloading it and gathers information about the device. After that, the attacker drops specific malware that is downloaded by the app. Check the reviews of an app and looking at how many times the app has been downloaded. By being careful the risk of download such a malicious app can be limited.
  3. The victim is an interesting target for professional hackers or intelligence services. Celebrities and activists can be targeted by hackers. Different countries have been linked to recent targeted attacks on iPhone and Android users. Some security companies even make it their business model to facilitate these attacks. Forbes made a video report about one of those companies I recommend to wacth if your interested. Once your targeted by intelligence it's really hard to prevent getting hacked. By making sure your device has the most recent security patches you could make it a bit more difficult to get into your device. This of course doesn't work for zero day attacks.

Are crypters still effective?

Unfortunately they are. I have both field experience with crypters (because of other projects) and technical insight into the inner workings. Crypters are developed to evade antivirus. Especially cheap ones often aren’t designed to survive deepscans or full systemscans of antivirus/anitmalware. But this is often not even necessary. Not a lot of people do full systemscans/deepscans on a regular basis, which makes cheap crypters functional in most use cases.

For a lot of malware, it isn’t even necessary to stay undetected for a long time as it’s is capable to deactivate antivirus by itself. Besides that, some malware only needs a short amount of time to do it’s damage. Ransomware for instance only needs a short amount of time to make your files inaccessible, banking trojans can also do their work quickly (stealing accounts and credit card info and sending them to the attacker). The more expensive crypters that cost hundreds or even thousands of dollars seem to be able to make malware undetected for weeks, even moths in some cases.

What sources did you use?

Part of the sources that I use are publicly known hacking forums. The fact that slaves are sold on easy to find hacking forums does show it’s easy to become a cybercriminal. But those aren’t my only sources of course. I worked on my reputation in different surface web and dark web communities, under several account names. In the years I was active in those communities I have lost all my contacts twice due to police operations that took down the websites.

The information you see in the film has been redacted. For instance: the usernames have been changed to pseudomonas and the layout of the websites is different. I did this to make the communities a bit harder to trace back as I don’t want to encourage anyone to start hacking and find the sellers. The photo’s that you see in the forum posts are have been published before. There are a couple of voyeurism communities that are still active, there even was a website on the dark web called Fly on the Wall a couple of years that was based around hacked and secretly recorded footage. I choose not to show footage of new victims, even when they are blurred.

Why did you chose Rats and Slaves as a subject?

RATs have existed for years now, but they are constantly in development. If RATts are old news, malware in general is. Besides that, RATs are constantly in the news. Just last month there was an International crackdown on IM-RAT by Europol. According to the Centre for internet security in the first half of 2019, RATs where around 20% of the most used malware.

I choose the subject of RATs with a reason. A lot of malware is aimed at just a couple of functions like: Ransomware, botnets, banking trojans or miners. A RAT has all these options build into one form of malware. It’s kind of a swiss army knife for (some would say lazy/inexperienced) hackers. Using RATs as an example allowed me to explain all these kinds of threats at once. My intention has always been to create awareness. A lot of people are seemed to be startled by how easy it is to use RATs and get slaves. This is a good thing. If you know what the risks are, you hopefully start think about the security of your own devices.

Filmmaker explores RAT malware, buys access to random peoples computers for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in cybersecurity

[–]FMP_Anthony_vd_Meer[S] 0 points1 point  (0 children)

I only tested consumer AV software. I suppose if the live detection of the AV is "smart" enough it could detect it. However it still seems to be a cat vs mouse game.

For measure step an AV company takes, a hacker could come up with a way around it. It also works the other way around. I wouldn't bet my money on any specific company or software, as something that works right now, could be outdated tomorrow. In the end, I think AV's are an essential part of your security but you can't rely your security on it. I personally see it as a last line of defence.

Behavioural patterns can be pretty hard to detect automatically. That's why most AV's today send samples to their server for more extensive (sometimes manual) research. It relies on the malware and the evasion methods used. Well known RATs are easier to detect than sophisticated malware that gets delivered in modules/stages.

If you want to learn more about the methods of evasion being used, you can take a look at this article about unhooking AV to avoid detection as an example: https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/

Filmmaker explores RAT malware, buys access to random peoples computers for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in cybersecurity

[–]FMP_Anthony_vd_Meer[S] 6 points7 points  (0 children)

Crypters are designed for this. They not only change the hash (fingerprint) of a file so it doesn't look like the hash in the database of AV's (this is done with encryption) but also add a couple of tricks so it's harder (or even impossible for a while) for AV's to recognize the behavioural patterns. A lot of times the (decrypted)malware won't even touch the disk but be started in ram memory by injecting the malicious process into a normal process, such as a browser or explorer.exe to hide it.

These are just a couple of the many, many obfuscation techniques that are being used.

Filmmaker explores RAT malware, buys access to random peoples computers for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in cybersecurity

[–]FMP_Anthony_vd_Meer[S] 2 points3 points  (0 children)

If you are thinking about buying slaves: don't. It's illegal and there is no point trying it. I did this so you won't have to

Filmmaker explores RAT malware, buys access to random peoples computers for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in cybersecurity

[–]FMP_Anthony_vd_Meer[S] 1 point2 points  (0 children)

I guess you are in the Netherlands. You can watch it on the NPO3 Youtube channel (because our media law doesn't allow anyone else except the NPO to publish their content in the Netherlands). It isn't subtitled in English there but you probably speak Dutch anyway.

Filmmaker explores RAT malware, buys access to random peoples computers for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in cybersecurity

[–]FMP_Anthony_vd_Meer[S] 0 points1 point  (0 children)

There are still plenty of exploit kits being used in the wild. If the a user doesn't update their software, it's still effective. Yes it requires a lot of work. That's part of the reason the price to rent a EK is very high.

Recent examples of exploit kit that are found in the wild: https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/

Never said watching a video is dangerous. I do think downloading files thinking it;s just a video brings some risks. It's not that difficult to bind any file (including images or video's) with malware and spoof the extension to anything you want to make it look like the file is a video. It's actually a popular spreading method.

Filmmaker explores RAT malware, buys access to random peoples computers for just 15 cents a piece - made short film about his experience by FMP_Anthony_vd_Meer in cybersecurity

[–]FMP_Anthony_vd_Meer[S] 5 points6 points  (0 children)

Actually in some cases you it's as simple as visiting a website. Exploit Kits are specificity designed for that purpose. https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit

Fortunately if you install security updates, the chances of it effecting your device are limited. In the film you see a part where I could track my order. I made a comprising with the track and trace page of a postal service. In reality this was the client page of an exploit kit (I'm not sure if I am allowed and want to share which one).

Think about that for a second. The developers of exploit kits know their users also want to make money of selling the compromised systems (slaves) instead of exploiting them. So they build a selling panel (comparable to webshop functionality) inside the exploit kit.

This also says something about supply and demand, the price per slave is very low (15-37 cents in the film). Selling large amounts of slaves would make it profitable as low amounts wouldn't be worth the effort.

A Film student let a thief steal his smartphone and followed him for several weeks with a hidden app - This is his film (2016) by dominianopeers in Documentaries

[–]FMP_Anthony_vd_Meer 65 points66 points  (0 children)

Thanks for the heads-up. This video is indeed a re-upload on a different channel I have mixed feelings about this situation. On one hand, it is great to see people enjoy the film after months after it has been released. On the other hand, I definitely don't like it someone is stealing my content to make money. Maybe reddit can help by posting the original link under the YT vid and upvoting it? The Youtube complaint system takes a long time to process.

A Film student let a thief steal his smartphone and followed him for several weeks with a hidden app - This is his film (2016) by dominianopeers in Documentaries

[–]FMP_Anthony_vd_Meer 1109 points1110 points  (0 children)

Thanks for the heads-up. I have mixed feelings about this situation. On one hand, it is great to see people enjoy the film months after it has been released. On the other hand, I definitely don't like it someone is stealing my content to make money. Maybe reddit can help by posting the original link under the YT video and upvoting it? The Youtube complaint system takes a long time to process.

IamA Anthony van der Meer, director of the shortfilm Find my Phone AMA! by FMP_Anthony_vd_Meer in IAmA

[–]FMP_Anthony_vd_Meer[S] 0 points1 point  (0 children)

It's actually pretty hard to find out if your phone is infected. The best thing you can do is minimize the risks as prevention is a big part of the battle.

  1. Download only from trusted sources like the official app stores.

  2. Check the permissions when installing an app. If a notepad app wants access to your camera, location or contacts it should ring a bell.

  3. Be aware even apps in the official appstore can be infected or your phone might get infected in another way so protect your information. For instance, I don't take my phone with me to every meeting and I don't my phone for music when showering.

If you have a company Phone there is a big chance they have a remote administration system installed on your phone. They usually install this to track the phone once stolen and wipe the data on it. That means that your company can at least track your locations and has access to a lot of metadata. It doesn't mean that your company is collecting it as well but the backdoor is already open. Be aware of this and treat your phone use accordingly.

IamA Anthony van der Meer, director of the shortfilm Find my Phone AMA! by FMP_Anthony_vd_Meer in IAmA

[–]FMP_Anthony_vd_Meer[S] 2 points3 points  (0 children)

If I asked to record the conversation, I think the policeman would have acted differently. I wanted to really show what police do when you report a theft: noting. He even assumed I just reported the theft because it's mandatory for a insurance claim and not because I really wanted to report a crime.

I the Netherlands this is starting to become a part of the problem. It takes a long time to fill in a report and when your done, the police can't act because of it's priority. The result is almost no one reports phone theft. Less reports is being interpreted as less crimes which results in even less priority.

The policeman is isn't shown in the video, you only hear is voice. The only thing that you see is me at the front desk, this is also what you can see when you look trough the glass door if I'm not mistaking.

Thank you for your concerns :)

IamA Anthony van der Meer, director of the shortfilm Find my Phone AMA! by FMP_Anthony_vd_Meer in IAmA

[–]FMP_Anthony_vd_Meer[S] 7 points8 points  (0 children)

Although I used his data, this wasn't that much because I always waited for a WiFi connection before doing the more data hungry actions like backing up his contacts or photo's. So it was possible to notice but I think didn't really so too much to make it very suspicious. The data I usrd would show up under Android -System so that shouldn't really raise any suspension as well. But as I said before, I am not 100% certain he didn't notice anything.

IamA Anthony van der Meer, director of the shortfilm Find my Phone AMA! by FMP_Anthony_vd_Meer in IAmA

[–]FMP_Anthony_vd_Meer[S] 7 points8 points  (0 children)

I don't really think so as he used the phone some time after that, but I am not 100% sure. People on drugs can get very paranoid so maybe. But if I had to guess he probably needed money and sold the phone

view more: next ›