As millions of people around the world pause to remember the heart-wrenching moments of Sept. 11, 2001, hundreds of hackers, spammers and cyber-criminals are launching their own 9/11 assaults – on computers, web sites and social networks worldwide. And next week may bring on the largest wave of 9/11 hacks and scams ever.
“Because of the advancement of hacking and spamming technology over the past decade, plus the significance of the anniversary and increased media coverage, Sept. 11 this year may prove hectic on the malware front,” said Catalin Cosoi, head of online threats lab at Bitdefender, an award-winning provider of innovative Internet security solutions.
According to early Bitdefender observations and past scams around Sept. 11, the first wave of attacks comes in the form of quickly erected web sites studded with terms such as “bin Laden alive”, “in depth details about the terrorist attack”, “police investigation results” and “towers going down” to attract the curious and the mourners. These sites are often spiked with links that, if clicked, spread malicious software to the unsuspecting, potentially stealing private details, damaging software, or luring the user into a fraud scam.
When the terrorist attacks hit the World Trade Center and Pentagon in 2001, the online world was a much less sophisticated place. Since then, new tools have increased the complexity of spam, scams and malware, new groups such as Anonymous have publicly promoted hacking as a civil disobedience tool, and the criminal world is seeing opportunities for profit that may eventually exceed drug trafficking and other rackets. The online world is a much more dangerous place now.
“This date marks another opportunity for scammers to spread their malicious software, defraud people and circulate their spam messages,” Cosoi said. “It means that people who are solemnly commemorating the tragedy must also keep a lookout for scammers when online.”
Online scams that capitalize on terrorist attacks, of course, aren’t limited to 9/11. Anniversaries of the London bombings of July, 2005 have also been hit by fake donation requests, spamming of viruses disguised as supposed video of the attacks and e-mails that seek to defraud users by informing them they have a distant relative who died in the bombings and stand to inherit his savings if they pay “administrative fees.”
Another common fraud capitalizing on the solemnity and sorrow of the 9/11 anniversary is the charity scam. Crooks prove particularly detail-oriented when impersonating trusted, well-known charity organizations and their fraudulent web sites and e-mails are often difficult to differentiate from the real thing. The close copies of correspondence and sites from real charities often persuade internet surfers to deposit money that will never reach the deserving.
Scammers are also already seeking to take advantage of people looking for memorabilia from the world-changing attacks – a growing market on the 10th anniversary. Fake collector items such as shards of metal from the tower structure or even commemorative coins advertised as silver collected at the attack scene are already advertised by digital deceivers on disposable web sites.