Spooky Spoofing

Trinity Web

Spoofing means pretending to be someone or something you’re not, whether in the virtual or physical world, but at this time, it’s mostly done through electronic means, using software and other techniques, such as human based social engineering. It is broadly used by BlackHat hackers and Script Kiddies, in order to conceal their own identities an pass responsibility onto unknowing victims. The combination of spoofing and popular usage of VPNs (Virtual Private Networks), creates a difficult environment in capturing the true identification of malicious attackers. However, they are not impossible to discover, given proper defenses and knowledge are implemented within all generations of our population. Companies from diverse sectors have made fortunes from vulnerabilities that where easily foreseeable, and therefore prevented. I personally witnessed so many consumers in various commercial electronics shops, being anywhere from sadly misinformed (due to lack of knowledge personnel just can’t or won’t admit to), or being deliberately deceived, just for the purposes of making a sale. Deplorable actions, towards unknowing consumers, but that’s only my humble opinion.

There are many kinds of spoofing, but the most common types are the following:

  • IP Spoofing or IP Address Spoofing: Internet Protocol Address spoofing, is the formulation of Internet Protocol packets and is done for the purpose of concealing the true address of an attacker, by impersonating the identity and address of another computer system. In the physical world, it would be the equivalent of a person purposely using the wrong address or a P.O. box, in order to carry out a scam, without being easily detected.
  • MAC Spoofing: No, MAC here, doesn’t mean an Apple product. MAC is the Media Access Control address for a Network Interface Card (NIC) or Networked device, which is factory assigned. It can be compared to the VIN number a car manufacturer assigns to a vehicle. The practice of disguising a MAC address for another, is known as MAC spoofing. Fundamentally, MAC spoofing entails changing a computer’s identity, for any (usually nefarious) reason, and it is relatively easy to do, with proper software. Altering an assigned MAC address, can allow bypassing of ACLs (Access Control Lists) on servers or routers, by either obscuring a system, or allowing it to mimic another network interface device. MAC spoofing is done for legitimate and illicit purposes alike.
  • Website Spoofing: Spoofed websites, usually adopt the design of the target website by copying the source code, and most often use URL spoofing, in order to have a similar address as the target site. Website spoofing is basically the creation of a fake website, intending to mislead audiences that the site was designed by an authoritative entity. Unsuspected users, will give up their credentials, thinking they are visiting a legitimate site. Oftentimes, the end user will find that the “Login” button, leads them in an empty page.
  • URL Spoofing or URL Redirect: The Uniform Resource Locator redirection, is a commonly used technique. It is a more sophisticated attack, that results in an attacker creating a “shadow copy” of the World Wide Web on a target machine, and having all of the victim’s traffic go through the attacker’s system, allowing the hacker to obtain the victim’s sensitive information. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website. Website and URL spoofing are most often used together.
  • Certificate Spoofing: Computer, Server and Domain Certificates are essential to the security of any system. Unfortunately, most end users are completely unaware of them and their significance, and usually ignore warnings that may come from browsers, servers or anti spyware programs. Certificates are used for authentication and non-repudiation. Falsification of certificates are commonly used to prevent the victim’s plausible denial with a transaction or event, especially of financial nature.
  • DNS Spoofing or DNS Cache Poisoning: Type of security hacking, in which false Domain Name System info is brought into the DNS resolver, making the name server restore false IP addresses. This concludes in traffic being directed to the attacker’s system (or any system). In addition to Website and URL spoofing, to perform a cache poisoning attack, the attacker exploits flaws in the Domain Name System server software. Servers, should accurately validate DNS responses, to ensure that they are from a reliable source, otherwise the server could end up recording incorrect data entries and serve them to other users that make the same request. This attack can be utilized to divert users from a legitimate site to a malicious one.
  • Caller ID Spoofing: The practice of causing the telephone network to indicate falsely to the receiver of a call, that the originating caller is placing the call from a location that is different from than the true originating station. For instance, a Caller ID, might display a phone number different from that of the telephone from which the call was actually placed. This is commonly used in situations where the motivation is considered malicious, either for the purpose of fraud, or simply giving false impressions to the receiver. Telephone networks provide Caller ID information, which may include the caller’s name and number, with each call. However, some technologies, especially VoIP (Voice over IP) networks, as well as certain applications and sites, allow callers to falsify Caller ID information with fake names and numbers. In addition to Caller Spoofing, there is phone number replication, that makes it feasible for an attacker to see and respond to text messaging and calls belonging to another. Famous scam happening right now with this method is Customer Support Call Centers, like Microsoft and Apple, not to mention credit card companies and consumer agencies.
  • Email Spoofing: The creation or editing and sending email messages, using a real or forged sender address. If the address is real, it means the person owning that email account has been compromised, and attackers are using that email address as their own, unknowing to the victim. If the address is forged, it means the real sender is concealing his identity behind a legitimate source. The sending address can be similar, because the core email protocols do not have any mechanism for authentication. It is very common for spam and phishing emails to use such methods, in order to mislead the recipient about the origin of the message.

Spoofing of any kind is largely used by hackers to compile attacks, without being discovered quickly and easily. However, it is also used by Information Security professionals and Penetration Testers, in order to find and patch any holes that may be present in sectors that collect and keep sensitive data. In your next visit to my writings, we will be discussing the types of hackers and how they are not all bad…it is largely a misconception. Even police have to use the same methods as criminals do, in order to catch the bad guys.

Leave a comment