Is Anything Really Free Online?
Let’s start off with a short scenario: A teenager who sits in front of his computer plays games, chats with friends, does your typical teenager stuff. But he misses something, and that is what this blog post covers.
Now, imagine the same kid wanting something for his own personal needs, software, a movie, a song… the list goes on. The first thing he does is check out the reviews or maybe compare it with others, and then ends up buying the best option for him.
OMG!! What he finds is that it costs a lot. So he decides to take an alternative approach and get it for “Free” from some of the places - torrents, hubs, content sharing websites - that many people use to get whatever they want for FREE. Yes, he’s heard that maybe that’s not a good idea, but, who cares, he doesn’t have a lot of money right now. Just download and forget. Wait, do any of us even think why would someone buy software for $1000 and then share it across the entire world through internet for free? Out of the kindness of their heart? Doubtful.
That’s what 80% of the entire population on planet earth does, the other 20% doesn’t have internet access but if they did they’d no doubt do the exact same thing in order to save some cash. Face it, each one of us has done this at some point in our lives.
Oh, the Dangers of Free Internet Stuff
Imagine downloading a piece of software, say an Operating System, from a Torrent client and that piece of software comes with a small piece of code named “Crack” or “Loader” or “Keygen.” Now you have a small readme file which gives you all the steps as to how this Crack would work for you. Follow the instructions and Voila! You successfully cracked the software without any need for a computer programming degree. Do this enough times and eventually you forget how much cracked software is actually running on your system.
But it’s true, no one will ever believe that the cracked patch, loader, keygen or anything the bad guys design, contains a code to send your data to a remote computer including keylogs, browsing data, passwords, or, even worse, turns your system into a bot which can later be used for some big surprises.
70% of the world’s craziest hacks have been crafted using simple tricks like this by manipulating the user and providing free stuff on the internet. A lot of people think, “If this is the case, how come my “Antivirus” doesn’t catch such malicious files?” Yes, your antivirus can, but most of the time they pretty decently mention it in the Readme file itself that these can trigger antivirus so kindly turn them off temporarily – again a brilliant way to trick with the user's brain. Moreover, these codes have no signatures similar to the earlier ones so it becomes a bit difficult for an antivirus to catch hold of this malicious piece of code and also, most of the time the antivirus installed is also the cracked one.
So now we come back to the question I asked at the beginning of this post: Why would someone invest 1000s of dollars into buying software and give it away for free? Most of the time these are State-sponsored hackers or a bunch of black hats planning for something big, whether its a “Cyber War” or a revenge or sharing personal data on the black market, the list goes on…
How the Bad Guys Do It
It all starts with buying popular software which is costly to buy and which the hackers know plenty of other people won’t want to or be able to afford it. So, now that the hackers have targeted a large amount of people they further crack the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software.
Now they embed the malicious code within another sub-routine which installs the Crack onto the user system as soon as he launches the program. Your system is compromised and by the time you even realize it it’s too late and all of your information has been stolen. Private data is now on the web or for sale on some black market (TOR networks, IRC, GHDB, etc.)
Software cracking is gone to an entirely new level now; a lot of terrorist groups have also adopted this technique to trick the user and compromise systems for their own ends.
The problem stems from the fact that we feel a false sense of security when online. People have been shopping online for long and no longer feel there are any real threats. This is especially true for young people who make online choices without really thinking things through first – they are the perfect victims.
In a Nutshell !!
These types of attacks are not very famous and hence have not caught fire in the Cyberworld yet. A lot of users fall prey to such “Free” stuff that ultimately becomes more or less a habit which is very difficult to get rid of. Don’t be duped by such schemes. The word “Free” doesn’t exist, not even online.
“Stay Secure, Stay Safe”
About the author
Amrit Poojari is a security engineer working with Paladion Networks.