This week saw the release of Imperva's latest 'hacker forum analysis' report which drew statistics from its monitoring of discussions from the dark corner of the internet.
Collecting information from a number of forums, Imperva claimed that one has almost 220,000 registered members, although many user accounts are dormant. Imperva monitors hacker forums "to understand many of the technical aspects of hacking" as they are used by hackers for training, communications, collaboration, recruitment, commerce and even social interaction.
It said: “Forums contain tutorials to help curious neophytes mature their skills. Chat rooms are filled with technical subjects ranging from advice on attack planning and solicitations for help with specific campaigns. Commercially, forums are a marketplace for selling of stolen data and attack software. Most surprisingly, forums build a sense of community where members can engage in discussions on religion, philosophy and relationships.”
I ran through the reports' key findings with Rob Rachwald, Imperva's director of security strategy. Among the most discussed topics were distributed denial-of-service (DDoS) attacks (22 per cent of discussions); SQL injections (19 per cent); and spam (16 per cent). Ruchwald said: “Look at the types of attacks: DDoS followed by SQL and XSS; these last two are about data theft to steal something from a database – all of these topics show a similar mindset.”
He added that generally, DDoS is not a sophisticated method of attack, as it is a case of whether you "punch in the face or in the gut".
“The discussions are on how to do a DDoS, how a strategic attack works and how to increase the Gbps. The discussions show how to innovate and make an attack stronger,” he said.
Another key finding revealed the amount of discussion on mobile platforms; in 2010, more than half of the 2,000 discussions were on the Apple iPhone, with only around 300 discussions on the BlackBerry, Android and Nokia platforms.
Rachwald said these mainly focus on the future growth of hacking in mobile devices, with the iPhone central to this discussion. He said: “On the positive side, look at it from the perspective of the IT security guy who knows what to secure. This gives some number that shows what is going on within the underworld.”
Another key finding was on the level of training in hacking. Statistics showed that 25 per cent of all discussions were on "beginner hacking". Rachwald said: “A person can go to a site and learn skills by watching a video and, over time, they will boast about what they can do and build a reputation based on that. Some will then recruit you and from that we see how these forums give birth to groups like Anonymous or LulzSec.”
Imperva also found that 22 per cent of discussions were on hacking tools and programs, 21 per cent on website and forum hacking, and eight per cent on botnets and zombies.
Concluding, Rachwald told me that by definition, hackers are early adopters and there is value in the way that they use forums and their standing in them.
As with any job, you need training to be able to perform a trade, and with black-hat hacking, it is not a case of heading to your local Job Centre and selecting 'cyber criminal' as a career option. These forums exist, are real and are alive with discussion. Statistics such as these can only help those on the other side to remain a step ahead.