It all started two years ago, when many antivirus companies tried to outdo each other with reports on catching a new malware with full-fledged functionality aimed at taking away cash from users of different online banking systems while fitting just in 19968 bytes of code.
Despite the fact that Russia (surprise!) is not among the leaders in computer infectioning by this method (three leaders are traditionally USA, Germany and the UK), we suppose it will be still useful to find out what makes many users in different corners of the world click on attachments in messages from unknown senders. Off we go!
Let us try to consider an implementation of any cryptographic algorithm from top downwards. At the first stage a cryptographic algorithm is written in the form of mathematic operators. Here the algorithm is in the environment where only mathematical laws are valid; therefore, researchers verify only the mathematical resistance of the algorithm, or its cryptoresistance. We have a low interest in this step because mathematical operations should be converted into a code. At the code operation stage the critical information about the cipher operation can ooze through holes in the implementation. Buffer overflow, incorrect memory operations, non-documented capabilities and other features of the program environment enable an intruder to find a secret encryption key without using complicated mathematical manipulations. Many researchers stop at this step forgetting that there is at least one more step. Data reflect the real physical state of logical elements rather than an abstract notion whereas computations are physical processes which convert logical elements from one state to another. Consequently, the program execution is a conversion of physical signals, and from this point of view the result of operation of an algorithm is determined by physical laws. Hence the implementation of a cryptographic algorithm can be considered in the mathematical, program and physical environments.
An identification, user detection or, simply, web-tracking, all that means a computation and an installation of a special identificator for each browser visiting a certain site. By and large, initially, it was not designed as a ‘ global evil’ and, as everything else has another ‘ side of a coin’, in other words it was made up to provide a benefit, for example, to allow website owners to distinguish real users from bots, or to give them a possibility to save user’s preferences and use them during the further visits. However, at the same time this option catch promo’s fancy. As you know, cookies are the most popular way to detect users. And they have been being used in advertising since 90s.
Most expert reviews mean physical access to the device, and the expert has two tasks to achieve: retrieve as much information and data as possible and leave as little evidence of such retrieval (artifacts) as possible. The second task is especially important when the results of such forensics are to be presented in court: too many artifacts may impede a follow-up expertize, which is, in turn, may compromise the results of the initial one. In many cases it is impossible to avoid such artifacts; one of attempts to solve this problem is a detailed record of each artifact created on various stages of the investigation.
OSINT (Open source intelligence) is a discipline of American Intelligence Service responsible for search, collection, and choice of information from publicly available sources. Social networks are among the largest public information suppliers, because almost all of us have an account (sometimes more than one) in one or more social networks. Here we share the news, private photos, preferences (e.g., when you “like” something or start following some community), friend lists. And we do it of our own free will without thinking of possible consequences. In several articles, we already analyzed the ways of getting the interesting data out from the social networks. Usually it had to be done manually, but for better results, it’s more reasonable to use specific utilities. There are several open source utilities enabling to get user information out of the social networks.
The phone infection process has nothing unusual compared to the scheme that is already known for Android-based devices. A malicious APK file gets into the phone under the guise of the game called ‘Sex Xonix’, which supposedly gives you an opportunity to look at some naked women. Obviously, there is no way of stumbling upon such ‘treasure’ on Android Market. So it dwells on all sorts of second-class websites with questionable content, which attracts those who ‘like it hot’.