Echo Boom hackers: A dangerous game

On Thursday morning, at this year's RSA Conference in San Francisco, Chris Boyd of Facetime and I will present a talk called "How to Adapt to the Echo Generation's Social-Media Hacking Game." The following is a preview of that talk, presented in three parts. Yesterday, we saw who the Echo Generation are. Today, we're looking at how they use online social media for hacks. Tomorrow, we'll see how Chris uses features of social networks and Web 2.0 to shut these kids down.

For the last few years, Chris Boyd, director of malware research at Facetime Security Labs, has been researching how the Echo Boomers use the Internet and how a certain subset of that generation has gotten into computer hacking. Yesterday, we looked at the generation in particular, trends and the possible motivations behind some of these kids. Today, we'll look at what these kids are doing online.

Boyd sees a lot of forum posts from 11- and 12-year-olds, bragging about their own phishing kits and botnet kits, but mostly game mods. He says a lot of the programs on the sites themselves are fake, a mere lure to get people to check out the site. Once there, there are usually music CDs with stolen music creation software. Boyd says one kid was even selling T-shirts with his (online) name on them. The forums used to promote these sites are interesting too; often, they're run by teenagers.

Dubious hosts
Boyd says it's common for him to see 11- or 12-year-old kids running their own reseller Web-hosting accounts. The sites typically feature completely fake data, providing no contact details on the Web site. And yet people are signing up for these things. "This growing trend for young kids running reseller accounts--those seem to be on the increase, from what I see."

They get word of mouth from the older kids, the places to go, the places to host your site. And the Echo Boom hackers tend to gravitate toward specific Web hosts that they know people will have trouble getting taken down. Some aren't very smart, and they'll host all over the place. A lot of those sites can be taken down quite easily. "One thing I have seen is that a lot these kids that run their own forums will attempt to phish their own forum members, which is quite bizarre."

If you're not phished, then you run the risk of "crapflooding." Crapflodding is the practice of disrupting discussions on forums with nonsensical postings, such as repeating you are hacker god over and over. It takes a little bit of knowledge, since many sites have Captcha systems designed to prevent automated scripts.

Helgib
Although most aren't, some of these kids are making quite a bit of cash. One example is the Helgib kid, based in Iceland. According to Boyd, he was selling his own music and videos, and he had his own store that is happily advertised in his MySpace profile. Helgib was quite shameless, too, Boyd says, noting that the boy's photographs were all over the place.

Boyd says Helgib managed to stay in business for a while because he found a safe harbor with an incredibly dubious Web host based in the United States. Every time Boyd got Helgib's site shut down, it would just come back to life elsewhere.

Helgib is fascinated with Helgib. On YouTube, his profile read, "I'm a computer nerd, programmer, musician, and a famous hacker." At one point, Boyd says, Helgib tried to write his personal details onto the Wikipedia entry for famous hackers. Boyd, despite being challenged, thought it was all quite humorous.

YoGangasta revealed

(Credit: FaceTime Security Labs)

The fall of YoGangsta50
Last summer, Boyd found another example on YouTube. The video (no longer available) promotes a mod called Hood Life for the popular game Grand Theft Auto. The malicious content didn't involve the actual YouTube video itself; it's the URL at the end that's the problem. The site contained a malicious file, and if you linked to it, the file would download onto your desktop.

Boyd, an avid gamer, was livid that 54 people did, or had the potential to, download the malicious file after viewing the video, and in his blog, he railed against the inferior graphics and the overall shoddy work. But there are armies of fanboys who are completely obsessed with these characters, who spend at lot of time crawling, crawling up to them, trying to get in favor with them. There's a definite structure at work.

Boyd likens what is going on online to real-world street gangs, in which you have older boys enlisting the younger ones to do their dirty work. If the younger kids get caught, so be it; they're juveniles and most likely will be set free. Meanwhile, the older kids are free to recruit others.

Hackerboy a.k.a. "Balloon boy"

(Credit: FaceTime Security Labs)

The strange double life of Hackerboy
Then there's the secret double life of a notorious teenage hacker. By day, he's "Hackerboy," but, as Boyd discovered, he's also "balloon boy" in an embarrassing YouTube video. Boyd says he stumbled across this post from a guy who claimed to be a "leet" hacker, a "h4xor god." He's so good that he posted screenshots of his anonymous ownership of a few school networks. Not so anonymous, is he? Not too bright, Boyd says.

The boy, Hackerboy, even bothered to put a photo of himself on the forum profile page with the supposedly anonymous hacks. So Boyd wondered what other profile pages this kid might have. And that's when he found the YouTube video of HackerBoy sucking helium out of a balloon and running around his local town square being, well, a very silly little kid.

Boyd says Hackerboy tried to delete the video from YouTube but, Boyd writes in his blog, "I already had it open and have decided never to close the page down. In this way, my laptop will serve as an eternal monument of shame and lulz for all time."

But the fall of Balloon wasn't yet complete. Boyd went on to write, "Take one Balloon boy. Throw in a pinch of hacked sites, a smattering of photographs, and a dash of complete stupidity. Bring to the boil, then throw in a dozen or so e-mails from a number of people located in various parts of the globe to his school," and the kid is suddenly offline.

Boyd suspects that the kid did get busted and will soon erase all evidence of himself from the various forums and sites. At the least the YouTube video is finally gone.

Real-world gaming connection
In one of his investigations, Boyd found an example where the online world reached out to the real world. In this case, a scam involving World of Warcraft operated like this: In the real world, to access a multiplayer game, you need to purchase a time card. The scammers would go into electronics stores, where the time cards weren't sealed, and insert a fake beta trail card.

He said that in the United Kingdom, they're sealed with plastic wrap but that certain stores in the United States do not seal them. He said they'd wait until the shop clerks weren't looking, then slip the fake cards into the time cards.

When you get home, the card would fall out and invite you to sign up for a free 15-day trial for World of Warcraft or whatever. On the site, you type in all your login details for your real account, credit card, and phone numbers. And you've just been phished.

Boyd says he was able to warn Electronics Boutique in the U.S. that this activity was going on. He doesn't know if any action was taken, but when he went back to the scammer's forum page, the topic no longer existed; it had been pulled down.

Dangerous game
There are also sites where kids are asked to "show your latest hack." One kid, says Boyd, had a Trojan horse sitting on a desktop somewhere in the world and could see what the desktop owner was looking at on his screen. It so happened that the owner was viewing child pornography. So the kid, says Boyd, thinking this is cool, takes a screenshot of it and posts it on the "show us your" forum for all to see.

Boyd said, "The kid's probably thinking ha, ha, we got a pedophile looking at child porn," but now he's put child porn on all the desktops that are viewing the "show us your" forum--which isn't very smart, should law enforcement look at the browser cache or hard drive of any of those viewers' desktops. Then again, some of these pedophile sites are run by people Boyd says you really don't want to be tangling with. "You start having these dialogues with complete psychopaths, and you don't really know who they are or what they're capable of."

Boyd says that if he had a site full of illegal material and found that it was suddenly splashed across some hacker forum, he'd be tempted to start looking in the real world for them. "They could pretend to be the same age of the kids," Boyd says. "There's a whole wealth of weird and creepy scenarios that could come out of such a thing."

Tomorrow, we'll look at how Chris uses features of social networks and Web 2.0 to shut these kids down.

Click here for more stories on RSA 2008.

[Archus]

Wait a minute. You've got it wrong.

I refuse to see the term hacker bandered about in this way. I'm a hacker. Hackers don't do this stupid stuff. We know the risks (Yes, I'm and Echo Gen too.) and we take very careful measure to use our knowledge of these things in ways that won't get us looked at by the feds.

What you are portraying here is a classic "cracker" activity. Crackers are generally the underbelly of hacking. Using their oft new found knowledge to do bar tricks and impress friends. By calling them hackers your story almost legitimizes them. The hacker community doesn't own these people or their acts. What they do, and the blatant way they do it is distasteful.

As an old school hacker I would rather you know my handle, which should ALWAYS be different from your virtual life, and never intersect your real life, than for you to know my face. The hackers I know wouldn't be caught dead posting their pic, video, e-mail, or anything else tying our deed to us. That's just arrogant.

Please understand that I know this activity goes on, but it has nothing to do with real hackers. BTW, the real elite no longer spell with numbers and symbols. Unless they still live with their mothers. Most of us have real jobs now. We just hack for fun and notoriety.

[sanenazok]

What is this?

What's this article about, exactly? We're supposed to be surprised that kids running around on the Internet are doing stupid stuff? OMG a bunch of 12 year olds are violating TOS of some websites by making their own webpages and forums, what's the world coming to! Better yet, kids are calling themselves hackers. Wow who cares! Let them do whatever they want, it's their parents fault. BTW, why would any adult visit a website hosted/run by/posted to by 12 year olds? To have discussions on a 12 yr old level? Isn't that what calling marketing dept. is for?

Looking at some of the comments to C|Net forums I guess I often deal with 12 yr olds here, but at least this is supposed to be moderated by adults.

[limefan913]

Admittedly...

It is rather sad seeing others with the skill they have in my age group wasting their talent. I know a number who are just throwing away any ability they have. Personally I have worked at building a persona that accurately reflects my real life to an extent, but then again I shied away from the modding/cracking/"hacking" scene, even though I could have done it.

One thing this series fails to mention is that, while some from the so called "Echo Boom" (What kind of name is that, seriously. I'm feeling rather insulted) are wasting skills on stupid feats, many of us are honing web design skills, as well as systems management and other basic network management skills.

The average teenage MySpace user can spit out HTML that will at least display formatting, and I know a number who have learned CSS and HTML 4.01 Strict just from template designing.

Oh, by the way, I blame 4chan.

[krosavcheg]

I've seen you before

you are absolutely right. also I liked you in this youtube video. http://youtube.com/watch?v=3fkYmO2B-sM