RIO DE JANEIRO, BRAZIL – According to specialists, cyberattacks can be broken down into two categories: bulk hacking events, which are a sort of “retail” hacking, and customized hacking attacks, tailored for each target.
Tailored attacks demand creativity and technique, because the intruder is required to examine as much as possible in relation to the target to find the most effective way of attacking it and, if needed, develop new techniques to carry out the attack.
On the other hand, specialized knowledge plays a minor role in “retail” hacking: learning a formula and being bold (or foolish) in using the same approach as many times as needed to achieve results.
The attacker cannot be very selective when it comes to his targets, because he lacks the skills to adapt, and that prompts him to attack a large number of people. This is the “it’s all grist to the mill” mindset.
Direct attacks on authorities, such as Ministers of State, are often carried out by skilled hackers. Perpetrators generally perceive that it is not wise to employ an overused method against government leaders, police, or the military.
The more often a technique is used, the higher the chances that the evidence will allow tracking down the whole criminal operation.
In other words, some hackers choose their targets — which requires their methods to be adjusted — and hackers who always employ the same methods — which requires more attempts and, therefore, more targets.
Regarding the raid on the officials’ Telegram accounts that prompted Operation Spoofing, the Federal Police estimates that over 1,000 cell phones were attacked, with more than 5,000 malicious calls made by the same VoIP (Voice over Internet Protocol) provider.
Over-targeting, if proven, while repeating the same technique, is an indicator that those responsible have not truly mastered hacking skills, and are limited to the methods they knew.
This is not the profile of a hacker who assesses each victim and chooses the best strategy, as would be expected from someone prepared to attack government officials. On the contrary, this is someone unskilled, an amateur, who has found something on the internet and at most gathered a few hints to develop his method.
The risks associated with invading and attacking email boxes or digital answering machines were already known. In 2011, the British newspaper “News of the World” closed its activities after it was proven that the outlet was directly involved in the intrusion of several public personalities’ email boxes and the news. The scandal surfaced when Prince William was targeted in 2005, and new events reported in 2009 and 2011 prompted the newspaper to close its doors after 168 years in business.
In 2018, a lecture by expert Martin Vigo at the prestigious DEF CON digital security conference in Las Vegas proved that it was feasible to hack into the mailbox to circumvent the security of internet services. With the technique exposed at this famous security conference, it was only a matter of time before this method got into the hands of ordinary criminals and was applied en masse. It was unexpected that this would happen in Brazil (which was not part of Vigo’s research), and that the targets would be public officials.
However, Vigo was not the first to have this notion. There are step-by-step guides and tutorials on the Internet, teaching how to apply the technique specifically to access Telegram — some of these materials date from 2016.
Unfortunately, many have ignored the warning. Now, the attack in Brazil will force everyone to do their homework — both VoIP providers, who will have to prevent call source abuse (the “Spoofing” which named the Federal Police operation) and telephone operators, who need to reassess their mailbox service security.
Vigo had exposed the flaws in the mailbox services security in order to alert large internet companies to the risks of sending access codes through telephone calls.