Snapchat
Snapchat

Whilst the Western world has been taking it easy this last week or so, the cybercriminal side of the Internet has been very busy - steadily hacking into various online services in its collective quest for user credentials and allied data.

Two of the highest profile hacks carried out over the Christmas and New Year break were of the Snapchat photo messaging service and the social media forums of Skype, the online communications service now owned by Microsoft.

Snapchat is a photo messaging application/service designed to allow photos and allied data to be sent to a controlled list of recipients, then displayed for up to 10 seconds, after which the data files are deleted from Snapchat's servers and hidden on the user's device.

According to Sarb Sembhi an analyst and Director of Consulting with Incoming Thought , whilst these two system hacks - as well as many other smaller online incursions which also took place over the break - may appear unimportant in the great scheme of things, it is all about the Big Data that cybercriminals are collating.

In this week's Snapchat hack, a hacker calling himself `Lightcontact' publicly posted a database containing 4.6m user names and phone numbers on Reddit, as well as on a Web site called SnapchatDB.info. Although the site was taken down, the data is now reportedly available on various BitTorrent feeds, and can be interrogated using services such as GS Lookup and Snapcheck to allow users of Snapchat to verify if their own data was leaked.

In the Skype social media hack, meanwhile, the Syrian Electronic Army - a hacktivist collective claiming to support Syrian President Bashar al-Assad - said yesterday that it had cracked into the user forums of Skype. The collective also posted the contact information of Steve Ballmer, Microsoft's retiring chief executive, on its Twitter account along with the message, "You can thank Microsoft for monitoring your accounts/emails using this details. #SEA"

Although now deleted, the message appears to refer to widely publicised assertions by Edward Snowden, an ex-NSA analyst, that Skype is part of the NSA's ongoing programme to monitor inter- and intra- CSP (communications service provider) data/telecoms feeds in the US and internationally.

Sembhi told SCMagazineUK.com that, whilst some newswires have downplayed the hacks - including the Snapchat incursion - as minor, the reality is that all of these data breaches and system hacks are very important, as they give cybercriminals access to more and more information on Internet users, allowing them to create their own `Big Data' resources.

"It's been said there are six degrees of separation between people. I would argue that the actual separation between Internet users of today is closer to three or four degrees, as the data on most databases can be cross-referenced with the information on others.  And the more services are hacked, the greater the size and depth of information that cybercriminals can gain access about individual people," he explained.

Graham Cluley, a security analyst and veteran observer of the IT security business since the 1980s, said that the Snapchat hack in particular raises questions about the service operator's competence.

"In the past there have been concerns about whether photos are properly protected by the app, and truly erased, so this is just the latest in a series of worries that privacy and security isn't built into Snapchat's DNA," he said.

"Obviously people who use Snapchat may be keen to retain their anonymity - and if their phone numbers proved so easy to access that will worry some of those who were using the controversial photo sharing service for seedy purposes," he added.