On the internet, just like nobody knows you are a dog, nobody knows you're not really a famous hacker—and famous hackers can make a lot of money.
Those two ingredients, mixed with the fact that the public has become painfully aware of the damaging consequences of stuff like ransomware and, to a lesser degree, denial of service (DDoS) attacks that take down apps or websites and cost several hundred dollars in maintenance costs, have created a new kind of online threat: the fake hacker.
Earlier this week, the security firm CloudFlare outed a group of hackers, or an individual, who was pretending to be the infamous hacking gang Armada Collective. This imposter was apparently making money off of empty threats of crippling DDoS attacks.
"While the actual members of the original Armada Collective appear locked up in a European jail, with little more than some bitcoin addresses and an email account some enterprising individuals are drafting off the group's original name, sowing fear, and collecting hundreds of thousands of extorted dollars," CloudFlare's founder Matthew Prince wrote in a blog post.
With his blog post, Prince hoped that companies and individuals who received the hackers' threats would know better and simply not pay. If his blog post got enough attention, Prince hoped, it would sink old posts about the feared, and real, Armada Collective.
SecuriTayApril 25, 2016
That strategy seems to have worked, but now, whoever was behind the new fake Armada Collective has just started pretending to be another infamous hacking group, the Lizard Squad.
In the last few days, hundreds of organizations have received email threats from someone calling themselves Lizard Squad and demanding a ransom in order to avoid a crippling DDoS attack, according to both Prince and another DDoS mitigation firm Radware.
"We are the Lizard Squad and we have chosen your website/network as target for our next DDoS attack. Please perform a google search for 'Lizard Squad DDoS' to have a look at some of our previous 'work,'" reads the email, shared with Motherboard by Radware's Daniel Smith. "We are willing to refrain from attacking your servers for a small fee. The current fee is 5 Bitcoins."
There you go. Somebody burns your fake identity? Just make a new one. The good news is that it took just a couple of days for CloudFlare and Radware to figure this out, thanks to the fake hackers reusing the same language in the email and some of the same email addresses. And so far, none of the targets appear to have paid, Prince told me.
The problem with these kind of attacks is that they're ridiculously easy. All one needs is an email address and a bitcoin address, and, as Prince explained, neither of those leave very a significant trail that could lead to an arrest. In other words, this is almost a perfect crime.
In this day and age, you can make money just by pretending to be a hacker.
The bad news for the imposters is that there aren't really that many infamous DDoS hacking groups, so at some point they'll run out of names. But it's kind of amazing that in this day and age, you can make money just by pretending to be a hacker. That's how popular hackers and ransoms have become.
"Attackers now know that the general population is uneducated and fears both [DDoS for Ransom and Ransomware]," Smith told me.
The best counter to this trend, for Prince, is simply better education.
"We just have to get information out there when attackers are real attackers versus when they're just blowing hot air," he said.
Hopefully that's enough to tell the real hackers from the fake ones. The dogs, on the other hand…