lswcap
Reports have emerged that EA (Electronic Arts) has been hacked and its source code has been stolen. It turned out that the hacker who carried out this attack had purchased EA Slack account login information for 10,000 won from an underground site called Genesis Market.
On June 10, it became known that EA, known as the Battlefield series and FIFA series, was hacked and numerous source codes and internal tools were leaked. Reportedly, the hacker responsible for the incident used a $10 cookie to log into an EA Slack account and trick an IT support person into breaking into the company’s internal network. The hacker is said to have purchased the cookie from an invitation-type underground site called Genesis Market.
Cookies are small files in which your computer stores various pieces of information. Information entered by the user on the website and login information may be stored on the device as cookies. In addition, advertising companies unrelated to the website the user visited may use cookies on their website so that the website can track user behavior outside of their own site. This is a third-party cookie, and there are concerns about its use from an individual’s point of view.
According to reports, the Genesis Market allows hackers to create a clone of the browser that is being attacked through cookies or device fingerprints. An official from Netacea, a cybersecurity company that conducted an investigation into the Genesis Market, said that there are cases where hackers can bypass two-factor authentication if there is data purchased from the Genesis Market. This explains that the users who log in using the Genesis market data look like normal users, but this kind of data hardly distinguishes between hackers and victims.
Also, the hackers who attacked EA didn’t just buy a single cookie, they bought exclusive rights to a bot acting as part of the botnet. Bots, a type of malware, are usually used by law enforcement agencies to obscure the whereabouts of hackers or for purposes such as DDoS attacks. Meanwhile, in Genesis Market, bots are used to obtain cookie information related to web services and are sold in units of 5,000 cookies and bots. Web services include Facebook, Apple, Netflix, GitHub, Steam, Instagram, Adobe, Amazon, Google, Tumblr, Twitter, Dropbox, PayPal, LinkedIn, Slack, Spotify, Reddit, Pinterest, etc. have.
The hacker who attacked EA said that it was URL filtering the targeted web service in the Genesis Market. In fact, if you search for Slack-related bots in the Genesis Market, there are more than 3,500. In addition, the total number of bots sold in the Genesis Market is 400,000.
A hacker who purchases the bot will be able to access the website because it can obtain the login information contained in the cookie, such as an email address and password. In addition, by using the Genesis Market browser plug-in and login information, it is possible to imitate the victim in more detail. What’s more, if the bot is still active, the data will continue to flow without having to buy a new bot, as information is being collected. Basically, if you buy early, you’ll get a discount, which will eventually give you information worth hundreds of dollars for 70 cents.
One of the groups behind the Genesis Market is said to have originally used the malware on its own to sell the information it had gathered and later allowed it to be sold to others as well. The research team says that the Genesis Market plugin can be reverse-engineered to monitor attacks through plugins, but on the other hand, it is difficult to detect attacks that do not use plugins. Related information can be found here.
Add comment