How one good hacker hacked 100 bad hackers
There is a long and ongoing debate within the info security community online and off as to the viability and ethics of hacking back. If your organization is under attack from a threat actor, should you hack back and take the fight to them? This is not a debate I will get into here other than to say breaking the law is breaking the law, whichever direction you approach it from. However, when a hacker, in this case a security researcher and penetration tester, managed to infiltrate a notorious criminal marketplace on the dark web, I guess you could say not was more a case of pre-emptive hacking than retaliatory. Indeed, is dropping a honeypot into the heart of enemy territory hacking or just an example of balls of steel defensive maneuvering? Here’s what happened.
Good Hacker Recounts Exactly How He Hacked 100 Bad Hackers—Buckle Up
Robert Maynard Pirsig, the American philosopher and author of Zen and the Art of Motorcycle Maintenance, once said that “boredom always precedes a period of great creativity.” And it was these words, this quote, that security researcher, penetration tester and all-round good hacker Cristian Cornea, used to kick off his account of how he hacked 100 hackers in a riveting post on Medium.
It all started when Cornea came up with the idea of a honeypot that would draw in wannabe ransomware hackers that use the cybercriminal BreachForums marketplace on the dark web. What better way of pulling off such an audacious sting than to build a ransomware builder: a tool that brought together all the resources someone would need to create and deploy a ransomware attack? A tool that took shape as the Jinn Ransomware Builder and quickly rose to a top three placing in the software category on BreachForums.
Instead of delivering the kind of operational resources expected of such a piece of software, command and control callbacks, encryption, decryption and even useful multi-language support options along with a promise of zero detection, Jinn was a clever scam from start to finish.
The Hacker Honeypot That Attracted 100 Bad Hackers
“Jinn Ransomware Builder is actually a honeypot,” Cornea said, “but some of the features presented above are real.” The command and control callbacks were both hardcoded and backdoored, for example, enabling the Jinn code to “initiate a remote connection and open a process with the “CmD.eXE” executable that is being hosted on that server.”
Then there was that multi-language support, which, in reality, was “just a prompt,” according to Cornea, that had been included purely to make the features list of the supposed ransomware builder spicier. You could say much the same about the AES encryption & decryption functionality, which actually helped hide the hardcoded backdoor right there in plain sight.
Don’t Sleepwalk Your Way Into Becoming A Bad Hacker
Cornea published a disclaimer that all of the stated activities were carried out in a simulated environment and no illegal hacking attempts were performed. Wisely, Cornea said he strictly discouraged anyone else from executing such actions themselves. Remember, there’s a fine line between being a good hacker and stumbling into the legal definition of a bad one. Which is precisely why the debate around hacking back that I mentioned at the beginning of this article exists.
