Spoofing is a technique used by hackers to impersonate someone in digital media and distribute viruses or intercept legitimate information, such as bank details and personal messages. The widely used feature in Brazil as a social engineering method in WhatsApp theft scams, where the criminal takes over someone's account to send messages on her behalf asking for money for their contacts.
Doubts about this type of attack came to light on Tuesday (23), moments after the Federal Police launched the Spoofing operation to dismantle a criminal organization accused of cyber crimes in the cities of So Paulo, Araraquara and Ribeiro Preto. According to TV Globo's investigation, PF's action is part of the investigation that investigates the alleged breach of the cell phone of the Minister of Justice, Srgio Moro. Messages exchanged by the former judge at Telegram have been published by The Intercept Brazil and other vehicles since June 9, but the investigation has not yet established a relationship between the journalistic website and the alleged hackers. Understand what spoofing means and how to protect yourself.
Telegram Conversation Leak? Understand Messenger Privacy
Spoofing operation of the Federal Police arrests hackers accused of hacking Sergio Moro's cell Photo: Reproduction / Fabio Rodrigues Pozzebom (Brazil Agency File)
The term comes from spoof, which means deceiving in English. Spoofing is every technique used by hackers to trick people or networks through some kind of impersonation of the victim or the devices she owns. In some cases, spoofing can only be used to release a locked app at the user's real location or to "cheat" a mobile phone game called GPS spoofing. At the onset of the Pokmon Go fever, users launched this feature to circumvent the rules of the game.
The most common types of spoofing related to cybercrime are: email, website, Caller ID, IP and SMS. Understand the key features of each type.
- Email Spoofing: This is when a hacker creates a fake email in an attempt to mimic someone's real address. The goal is to exchange messages with the victim's contacts without making them realize that they are not talking to the legitimate user. This type of attack is often simple to detect because it can be identified by looking closely at the sender's email address.
- Caller ID Spoofing: This mode of attack involves the imitation of a telephone line. In such cases, a hacker can make calls using any chip and make the victim's number appear on the caller ID on the recipient's smartphone.
- SMS Spoofing: This type of spoofing involves hiding the phone line that sends a message. The technique is not necessarily crime-related: online torpedo services from the operators themselves use this device so that a message sent from the computer reaches the recipient's cell phone displaying the correct sender's line number. On the other hand, a hacker can use this spoofing mode to impersonate a bank and request sensitive information per message.
- Website Spoofing: This type of scam involves creating a fake page to fool victims and attract clicks. Typically, such attacks are related to counterfeit banking sites or online stores in order to encourage consumers to enter their credit card details, for example. Counterfeiting does not affect the original site. Commonly, it is accompanied by email spoofing or some other social engineering trick to encourage users to visit the fake site.
- IP spoofing: This kind of digital spoofing involves hiding the place of origin of a particular IP to trick systems and commit cyber crimes. In DDoS attacks, a hacker uses IP spoofing to prevent a server he wants to take down from automatically blocking requests. Recently, a programmer used a similar technique to reveal a security flaw in Instagram – he won a Facebook prize for the discovery.
Telegram, just like any online service, can be spoofed. Photo: Marvin Costa / dnetc
Spoofing commonly confused with another type of scam, Phishing. Although they are similar in the way of deceiving the victim, each has a specific purpose. Phishing usually takes on the appearance of a well-known organization, such as banks, and asks the victim to hand over confidential information, such as passwords and card numbers. In Spoofing's case, the attacker steals the victim's identity and impersonates her in order to get information.
Telegram, like any online service, can be spoofed as an attack tool. In 2016, Italian digital security firm InTheCyber released a video demonstrating the use of caller ID spoofing to log in to the victim's account on another mobile phone. The method involves imitating the victim's telephone line to obtain the confirmation code sent by the application. Telegram offers, until today, the option of receiving the authentication code by means of a link.
The trick involves requesting the Telegram code via SMS, waiting for the expiration time and requesting a phone call with the code. With a cell phone in hand imitating the victim's caller ID, the criminal can call the carrier's voicemail and listen to the code sent by Telegram that was recorded as a voice message. Not to arouse suspicion, the victim's cell phone must be offline during the procedure.
If the technique was used to gain access to Srgio Moro's Telegram, your cell phone would not necessarily have to have been hacked. After all, spoofing would allow you to log in to the minister's account on another smartphone or computer and thus give access to the message history. Moro, as well as attorney Deltan Dallagnol and other members of the Lava Jato, say they have had their phones hacked. The Federal Police did not disclose further information about the operation, as the investigation is still ongoing.
Protection against spoofing varies by type. In most cases, you can avoid problems by paying close attention to email addresses with tempting offers, as well as phone numbers that send SMS with suspicious links. The same goes for website spoofing: It is important to look at the details of banking sites and stores to make sure that this is the legitimate page.
In cases involving phone line spoofing, two-step verification protection layers can be created to maintain application security. By creating extra passwords for WhatsApp and Telegram, a potential attacker will not be able to access your message history even if they can get the confirmation code sent by the company via SMS or call.