Imperva uncovers murky world of hacker forums

Hacker forums act as a training ground and social network for would-be and established cyber criminals where everything from social engineering to SQL injection is under discussion, according to a new report from Imperva.

The security vendor monitored one of the largest known hacker forums, which has around 250,000 members, over a four year period from 2007-2010.

It found, perhaps unsurprisingly, that conversations about hacking had grown on average 157 per cent, reflecting the undoubted increase in hacking activity in the wild during the period.

More interestingly, the most discussed topic from June 2010 to 2011 was DDoS attacks, with 22 per cent of discussions, followed by SQL injections with 19 per cent.

Now, although both techniques have been used frequently by infamous hacking groups Anonymous and LulzSec, there's no evidence to suggest their activities have in any way ramped up interest in the two attack types.

Imperva director of security strategy, Rob Rachwald, said he was surprised that DDoS was such a popular topic of conversation on the forum, but that many of the information being shared related to how to evade anti-DDoS mechanisms and make the attacks more reliable.

This info tallies with evidence from Akamai, which told V3 last month that the number of DDoS attacks has rocketed over the past year or so, with cyber criminal using increasingly sophisticated methods of launching attacks.

Imperva also found that a quarter of discussions from June 2010 to June 2011 focused on "beginning" hacking, highlighting the role such forums play in recruiting and training hackers. Rachwald described the forum as a social network for hackers "which puts LinkedIn to shame".

Social engineering is also a big growth area for members of the forum, increasing from zero to six per cent of all discussions in just a year.

Highlighting the importance of user-education and preparedness, the would-be hackers discussed in great detail how to dupe users of various types, including those on Facebook, explained Rachwald.

Others even discussed how to dupe women into sending nude photos of themselves which they could then sell on to porn sites.